Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop wifi shows connection but browsers won't download


  • Please log in to reply

#1
givemefood

givemefood

    Member

  • Member
  • PipPip
  • 26 posts

The laptop connects to wifi but none of the browsers are able to download anything. They keep displaying "unable to download". I did some research and found that this is related to a virus. It's possible because I was dabbling with torrent files from the internet.

Based on other threads I ran OTL by Oldtimer and this is the log text:

 

Can someone please help??

_____________________________________________________

 

OTL logfile created on: 12/10/2014 10:09:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\IBM_ADMIN\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.89 Gb Total Physical Memory | 3.37 Gb Available Physical Memory | 42.73% Memory free
15.77 Gb Paging File | 11.07 Gb Available in Paging File | 70.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 8.98 Gb Free Space | 1.93% Space Free | Partition Type: NTFS
 
Computer Name: IBM-2F08I7T981U | User Name: rameshanthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/10 21:22:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\IBM_ADMIN\Downloads\OTL.exe
PRC - [2014/11/25 01:39:27 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/11/14 11:18:57 | 000,381,680 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\C4ebreg\isamtray.exe
PRC - [2014/11/14 11:18:43 | 000,576,240 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\C4ebreg\c4ebreg.exe
PRC - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/20 18:45:38 | 000,144,368 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
PRC - [2013/08/01 12:39:12 | 000,192,104 | ---- | M] (IBM Corp) -- c:\notes\SUService.exe
PRC - [2013/08/01 12:36:44 | 004,456,040 | ---- | M] (IBM) -- c:\notes\nsd.exe
PRC - [2013/05/03 16:19:34 | 005,387,640 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
PRC - [2013/05/03 16:19:34 | 001,486,200 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
PRC - [2012/09/07 13:09:18 | 000,184,088 | ---- | M] (IBM Corp.) -- c:\sdwork\issimsvc.exe
PRC - [2012/07/21 15:05:20 | 001,588,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
PRC - [2012/07/21 15:05:14 | 003,935,944 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
PRC - [2012/05/16 14:05:42 | 000,100,792 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
PRC - [2012/05/16 14:05:24 | 008,192,440 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe
PRC - [2012/05/16 14:05:16 | 009,063,352 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
PRC - [2012/05/16 13:36:14 | 000,046,080 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe
PRC - [2012/01/30 08:48:19 | 011,296,768 | ---- | M] (IBM) -- C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\soffice.bin
PRC - [2011/10/20 12:11:24 | 000,412,736 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2011/10/20 12:11:04 | 000,474,176 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\Access Connections.exe
PRC - [2011/10/20 12:09:32 | 000,363,584 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2011/10/20 12:09:26 | 000,195,648 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
PRC - [2011/10/20 12:09:20 | 000,433,216 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
PRC - [2011/10/20 12:09:18 | 000,269,376 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2011/10/20 12:09:16 | 000,134,208 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2011/08/12 23:18:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/12 05:20:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/11 19:04:14 | 000,328,552 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/07/25 23:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011/07/22 12:21:34 | 000,060,264 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/07/22 12:21:32 | 000,042,344 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2011/07/22 12:21:18 | 000,041,832 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011/07/12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/03/24 03:48:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/02/25 01:02:00 | 000,039,408 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
PRC - [2011/02/09 17:36:58 | 000,457,200 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
PRC - [2011/01/12 18:22:58 | 000,518,640 | ---- | M] () -- C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/11/18 16:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010/10/12 16:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 16:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/09/09 12:40:38 | 000,079,200 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe
PRC - [2010/09/09 12:40:24 | 000,476,000 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe
PRC - [2010/09/09 12:40:02 | 000,349,536 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe
PRC - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/25 01:39:25 | 014,910,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
MOD - [2014/11/25 01:39:24 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
MOD - [2014/11/25 01:39:20 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
MOD - [2014/11/25 01:39:18 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
MOD - [2014/11/25 01:39:17 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
MOD - [2014/10/21 20:13:51 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b20319dfb7dd671d2de2f383cd2551ce\WindowsFormsIntegration.ni.dll
MOD - [2014/10/21 20:10:35 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b22741531a2850c807656d0298a96bd\PresentationFramework.Aero.ni.dll
MOD - [2014/10/21 20:09:44 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1f539baa94516139240877cb6afd72c2\PresentationFramework.ni.dll
MOD - [2014/10/21 20:09:21 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/10/21 20:09:09 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/21 20:09:06 | 012,236,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3d4f835b8078dacc8d5da623e2c3f0ee\PresentationCore.ni.dll
MOD - [2014/10/21 20:08:48 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll
MOD - [2014/10/21 20:08:39 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/10/21 20:08:31 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/10/21 20:08:23 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/09/18 11:05:19 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/09/17 11:54:45 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\eab470ea118ad56a2a287fbc9b4eb814\System.Xaml.ni.dll
MOD - [2014/09/17 07:36:25 | 017,999,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3a80d309a42932484b46e1ce5b1a26fb\PresentationFramework.ni.dll
MOD - [2014/09/17 07:36:12 | 011,451,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\52a6dbea295b050d39eac633f4f45699\PresentationCore.ni.dll
MOD - [2014/09/17 07:36:08 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\eb5ed59617b97ec2ac332e367285fefc\PresentationFramework.Aero.ni.dll
MOD - [2014/09/17 07:36:05 | 013,140,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bc9c68dd8cfcf134e5f385a8ce73a05f\System.Windows.Forms.ni.dll
MOD - [2014/09/17 07:36:01 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b4c5db3d869e939a848ca08ac7cf3e88\System.Core.ni.dll
MOD - [2014/09/17 07:35:54 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\311df96b9394d130b24653d51163142e\WindowsBase.ni.dll
MOD - [2014/09/17 07:35:52 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a421135e2f2680ad100d485476a520f4\System.Drawing.ni.dll
MOD - [2014/09/17 07:35:49 | 009,086,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\0c9b60c066b18195e4b293e0d0802f60\System.ni.dll
MOD - [2014/09/17 07:35:44 | 014,416,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\64a3cdb7bc50e751c0bfb210625265d9\mscorlib.ni.dll
MOD - [2014/02/12 19:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 19:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/04/15 17:56:16 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012/01/30 08:48:19 | 000,967,168 | ---- | M] () -- C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\libxml2.dll
MOD - [2012/01/30 08:48:16 | 000,163,840 | ---- | M] () -- C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.system.win32_3.0.0.20110822-1305\basis\program\libxslt.dll
MOD - [2012/01/30 08:48:12 | 000,139,264 | ---- | M] () -- C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.base.win32_3.0.0.20110822-1305\basis\program\nsldap32v50.dll
MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/10/20 10:12:28 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
MOD - [2011/01/20 21:44:32 | 000,394,224 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2011/01/12 18:22:58 | 000,518,640 | ---- | M] () -- C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/10/15 13:37:16 | 000,707,888 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV:64bit: - [2014/07/25 08:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2012/01/27 07:50:49 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011/10/17 15:48:24 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/08/08 07:39:18 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 21:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 20:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/07/22 12:21:34 | 000,060,264 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2011/07/22 12:21:18 | 000,041,832 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/07/12 16:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2011/07/12 16:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2011/06/03 12:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/03/29 19:15:36 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/12/17 08:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/12/08 13:23:47 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/14 11:18:43 | 000,576,240 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files (x86)\C4ebreg\c4ebreg.exe -- (ISAMSvc)
SRV - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/16 09:15:53 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/20 18:45:44 | 002,377,984 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe -- (SmcService)
SRV - [2013/10/20 18:45:44 | 000,334,736 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe -- (SNAC)
SRV - [2013/10/20 18:45:38 | 000,144,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2013/08/01 12:39:12 | 000,192,104 | ---- | M] (IBM Corp) [Auto | Running] -- c:\notes\SUService.exe -- (LNSUSvc)
SRV - [2013/08/01 12:36:44 | 004,456,040 | ---- | M] (IBM) [Auto | Running] -- c:\notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2013/05/03 16:19:34 | 005,387,640 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)
SRV - [2012/09/25 16:03:16 | 013,387,128 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe -- (Intelligent Response Agent)
SRV - [2012/09/07 13:09:18 | 000,184,088 | ---- | M] (IBM Corp.) [Auto | Running] -- c:\sdwork\issimsvc.exe -- (ISSIMon)
SRV - [2012/07/21 15:05:20 | 001,588,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service)
SRV - [2012/02/09 15:30:04 | 000,745,472 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\IBM\Tivoli\Remote Control\Target\trc_base.exe -- (TRCTARGET)
SRV - [2012/01/27 07:48:07 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2011/10/20 12:09:18 | 000,269,376 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2011/10/20 12:09:16 | 000,134,208 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2011/08/12 23:18:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/12 05:20:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/07/25 23:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/03/24 03:48:00 | 000,477,032 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2011/03/24 03:48:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/03/02 08:09:42 | 000,354,288 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2011/03/02 08:09:06 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2011/02/25 01:02:00 | 000,039,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2011/02/09 17:36:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2010/11/18 16:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010/09/09 12:40:38 | 000,079,200 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe -- (NetLogSvc)
SRV - [2010/09/09 12:40:24 | 000,476,000 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe -- (netcfgsvr)
SRV - [2010/09/09 12:40:02 | 000,349,536 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe -- (NetClientSvc)
SRV - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/10 20:13:40 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/08/21 12:30:50 | 000,727,592 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2014/08/21 12:30:50 | 000,601,360 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2014/08/21 12:30:50 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2014/07/10 14:09:30 | 000,389,240 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2014/07/10 14:09:30 | 000,150,256 | ---- | M] (BitDefender LLC) [File_System | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys -- (gzflt)
DRV:64bit: - [2014/07/10 14:08:36 | 000,102,992 | ---- | M] (BitDefender LLC) [Kernel | System | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2014/02/27 07:53:51 | 000,155,352 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SysPlant.sys -- (SysPlant)
DRV:64bit: - [2014/02/26 14:10:26 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/11/22 12:43:12 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53)
DRV:64bit: - [2013/10/20 18:45:46 | 001,147,480 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013/10/20 18:45:46 | 000,797,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/10/20 18:45:46 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/10/20 18:45:46 | 000,437,336 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\symnets.sys -- (SYMNETS)
DRV:64bit: - [2013/10/20 18:45:46 | 000,224,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/10/20 18:45:46 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys -- (ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE})
DRV:64bit: - [2013/10/20 18:45:46 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/10/20 18:45:44 | 000,092,456 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Teefer.sys -- (Teefer2)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/21 15:05:34 | 000,015,848 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\PGPwdefs.sys -- (Pgpwdefs)
DRV:64bit: - [2012/07/21 15:05:32 | 000,372,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PGPwded.sys -- (PGPwded)
DRV:64bit: - [2012/07/21 15:05:30 | 000,051,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PGPsdk.sys -- (PGPsdkDriver)
DRV:64bit: - [2012/07/21 15:05:22 | 000,273,848 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PGPdisk.sys -- (PGPdisk)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/27 07:51:10 | 001,423,408 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/01/27 07:50:59 | 000,118,016 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LenovoRd.sys -- (LenovoRd)
DRV:64bit: - [2012/01/27 07:50:57 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2012/01/27 07:50:57 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2012/01/27 07:50:57 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2012/01/27 07:50:57 | 000,054,784 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2012/01/27 07:50:56 | 000,067,072 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2012/01/27 07:50:56 | 000,061,952 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2012/01/27 07:50:51 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2012/01/27 07:50:51 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2012/01/27 07:50:50 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iastor)
DRV:64bit: - [2012/01/27 07:50:49 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/01/27 07:50:49 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2012/01/27 07:50:49 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2012/01/27 07:50:44 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2012/01/27 07:50:33 | 000,419,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV:64bit: - [2012/01/27 07:50:33 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2012/01/27 07:50:33 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2012/01/27 07:50:32 | 000,411,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV:64bit: - [2012/01/27 07:50:32 | 000,101,416 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\l36wgps64.sys -- (l36wgps)
DRV:64bit: - [2012/01/27 07:48:09 | 000,091,648 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2012/01/27 07:48:09 | 000,029,696 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2012/01/27 07:48:08 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012/01/27 07:48:08 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012/01/27 07:48:08 | 000,022,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwupgrade.sys -- (huawei_update)
DRV:64bit: - [2012/01/27 07:48:08 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2012/01/27 07:48:07 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012/01/27 07:48:07 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2012/01/27 07:48:06 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2012/01/27 07:48:05 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2012/01/27 07:48:05 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2012/01/27 07:48:05 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2011/10/17 16:24:50 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/10/17 16:24:44 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/10/17 16:24:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/10/03 15:46:40 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/09/26 02:40:28 | 012,309,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/12 23:18:00 | 000,027,240 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/04 15:45:24 | 000,341,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/08/03 17:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/06/15 12:50:44 | 000,348,944 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ifM60x64.sys -- (IFCoEMP)
DRV:64bit: - [2011/03/29 19:13:40 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011/03/29 19:11:48 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011/03/24 03:48:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2011/03/24 03:48:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 01:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2011/02/09 01:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2011/02/09 01:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:07:04 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 04:57:43 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/09/09 15:24:04 | 000,190,464 | ---- | M] (AT&T) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\agnfilt.sys -- (agnfilt)
DRV:64bit: - [2010/09/07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/07/14 11:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/06/29 18:22:50 | 000,014,848 | ---- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avpnnic.sys -- (avpnnic)
DRV:64bit: - [2010/03/23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/11/16 06:27:48 | 000,041,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma2)
DRV:64bit: - [2009/11/16 06:27:46 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd160x64.sys -- (ioatdma1)
DRV:64bit: - [2009/11/16 06:27:44 | 000,046,792 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ioatdma.sys -- (ioatdma)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:35:02 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1k60x64.sys -- (e1kexpress)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007/02/19 00:56:38 | 000,027,136 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2014/11/18 18:13:19 | 000,637,656 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20141210.012\IDSviA64.sys -- (IDSVia64)
DRV - [2014/10/03 23:06:12 | 001,586,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20141119.011\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/09/24 13:05:23 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141210.002\ex64.sys -- (NAVEX15)
DRV - [2014/09/24 13:05:23 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141210.002\eng64.sys -- (NAVENG)
DRV - [2014/09/09 04:17:05 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/09/09 04:17:05 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/07/29 14:42:52 | 000,025,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\ProgramData\MANDIANT\MANDIANT Intelligent Response Agent\mktools.sys -- (Mandiant_Tools)
DRV - [2013/10/20 18:45:44 | 000,034,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys -- (SyDvCtrl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002/07/17 23:00:00 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\PMEMNT.SYS -- (PMEM)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C ED 65 D5 DD 17 CB 01  [binary data]
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1000\..\SearchScopes,DefaultScope = {2602979F-3C33-4DC4-897A-BAA62A38788B}
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1000\..\SearchScopes\{2602979F-3C33-4DC4-897A-BAA62A38788B}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;<local>;*.local
 
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C ED 65 D5 DD 17 CB 01  [binary data]
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1002\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1002\..\SearchScopes,DefaultScope = {2602979F-3C33-4DC4-897A-BAA62A38788B}
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1002\..\SearchScopes\{2602979F-3C33-4DC4-897A-BAA62A38788B}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-598280094-1804934353-2193003435-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "w3.ibm.com"
FF - prefs.js..extensions.enabledAddons: %7B9EB34849-81D3-4841-939D-666D522B889A%7D:1.5.7.158
FF - prefs.js..extensions.enabledAddons: %7Bbb6bc1bb-f824-4702-90cd-35e2fb24f25d%7D:1.5.1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:2.04.20110724.1ibm
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.25
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@IBM.com/Java60: C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@IBM.com/Java,version=1.6.0: C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
FF - HKLM\Software\MozillaPlugins\@IBM.com/JavaPlugin: C:\Program Files (x86)\IBM\Java60\jre\bin\plugin2\npjp2.dll (IBM)
FF - HKLM\Software\MozillaPlugins\@IBM.com/WDPlugin,version=1: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/17 12:03:56 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\IBM_ADMIN\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@IBM.com/WDPlugin,version=1: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/17 12:03:56 | 000,000,000 | ---D | M]
FF - HKCU\Software\MozillaPlugins\LWAPlugin15.8: C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF [2014/02/27 08:00:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/06/11 14:14:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/17 12:03:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/06/11 14:14:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/17 12:03:56 | 000,000,000 | ---D | M]
 
[2013/07/29 09:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Extensions
[2012/07/26 18:36:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/07/29 09:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Extensions\[email protected]
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions
[2012/07/25 19:54:59 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2013/03/31 09:08:11 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012/01/30 08:34:56 | 000,000,000 | ---D | M] (IBM Add To Notes Address Book BluePages Plugin) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (IBM CCK) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]
[2013/10/01 11:50:04 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+) - IBM Edition) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]
[2012/01/30 08:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\defaults
[2012/01/30 08:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\plugins
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\chrome
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\components
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\defaults
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\modules
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\searchplugins
[2014/12/02 15:16:28 | 000,319,610 | ---- | M] () (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\firefox\profiles\2ziq4yrx.default\extensions\[email protected]\lucifox-0.9.9-fx+sm.xpi
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (IBM Add To Notes Address Book BluePages Plugin) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (IBM CCK) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (IE Tab + (IBM Edition)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/16 09:15:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\plugins
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\chrome
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\modules
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\searchplugins
[2010/10/12 15:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 17:15:48 | 000,013,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll
[2010/10/12 15:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 15:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/10/12 15:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010/10/12 15:32:02 | 000,255,416 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll
[2010/10/12 15:35:16 | 000,031,672 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll
[2010/10/12 15:34:52 | 000,040,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll
[2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2010/08/02 12:01:32 | 000,122,880 | ---- | M] (IBM ) -- C:\Program Files (x86)\mozilla firefox\plugins\npcpsweb.dll
[2010/10/12 17:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2006/10/26 19:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL
[2007/03/22 20:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL
[2014/09/12 04:43:10 | 000,227,728 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2014/06/11 14:13:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2014/06/11 14:13:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2014/06/11 14:13:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2014/06/11 14:13:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2014/06/11 14:14:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2012/06/28 15:30:44 | 000,299,696 | ---- | M] (IBM ) -- C:\Program Files (x86)\mozilla firefox\plugins\npwdplugin821.dll
[2010/07/14 11:42:58 | 000,898,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll
[2010/10/12 15:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/01/27 17:11:48 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2012/01/27 17:11:48 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbnookjgoaaelhciadikaadnkgmiamei\3.4.5_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\edppjepaddkecolndfomijbbccbepinm\1.2.6_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjnkapjmjfpipfcccnjbjcbgdnahpjp\2.0.263_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin\1.4.2_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj\0.9.5_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/07/31 13:24:36 | 000,001,062 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 10.245.32.132 ri3vw350.msd.ihost.com
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O1 - Hosts: 127.0.0.1 na1r.services.adobe.com
O1 - Hosts: 127.0.0.1 hlrcv.stage.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com 
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\IBM\Java60\jre\bin\ssv.dll (IBM)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll (IBM)
O2 - BHO: (Plugin Class) - {56CD20F0-7C09-11D5-A768-0050042307CE} - c:\Program Files (x86)\SAP\SAP Tutor\free_PlayerIE.dll (SAP AG)
O2 - BHO: (Symantec Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [C4EBReg] C:\Program Files (x86)\C4ebreg\c4ebreg.exe (IBM Corp.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Isamtray] C:\Program Files (x86)\C4ebreg\isamtray.exe (IBM Corp.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [Yahoo Messenger]  File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-598280094-1804934353-2193003435-1000..\Run: [GoogleChromeAutoLaunch_47692A8BDE1D0898868E82D17210B48D] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-598280094-1804934353-2193003435-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-598280094-1804934353-2193003435-1000..\Run: [NetSP - restore settings on power failure] C:\Program Files (x86)\AT&T Network Client\NetSP.exe (AT&T)
O4 - HKU\S-1-5-21-598280094-1804934353-2193003435-1000..\Run: [NotesSODCPreLoad] C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\preload.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-598280094-1804934353-2193003435-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-598280094-1804934353-2193003435-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-598280094-1804934353-2193003435-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-21-598280094-1804934353-2193003435-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-598280094-1804934353-2193003435-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Open Text\SOCKS Client\HumSOCKS.dll (Open Text Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Open Text\SOCKS Client\HumSOCKS.dll (Open Text Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-598280094-1804934353-2193003435-1000\..Trusted Domains: ibm.com ([w3-03] https in Trusted sites)
O15 - HKU\S-1-5-21-598280094-1804934353-2193003435-1002\..Trusted Domains: ibm.com ([w3-03] https in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http:// (Java Plug-in 11.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http:// (Java Plug-in 11.25.2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E734BF43-7194-4E3A-832F-307606DDF665} https://cs.conferenc...ts/WDPLUGIN.CAB (Unyte Conferencing Plugin)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9B3B138-37B1-4DDB-8F6D-E3DE308AB852}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC2CF689-6241-4B37-B9AA-C711A5084DE0}: NameServer = 9.0.130.50,9.0.128.50
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2e7ece1b-d45b-11e1-8135-0021ccbb6bff}\Shell - "" = AutoRun
O33 - MountPoints2\{2e7ece1b-d45b-11e1-8135-0021ccbb6bff}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 180 Days ==========
 
[2014/12/10 20:13:24 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/10 20:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/12/10 20:12:52 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/12/10 20:12:52 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/12/10 20:12:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/11/27 08:16:17 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Lavasoft
[2014/11/26 23:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2014/11/26 23:33:05 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\LavasoftStatistics
[2014/11/26 23:33:02 | 002,084,072 | ---- | C] (Bitdefender) -- C:\Windows\SysNative\bdnc.dll
[2014/11/26 23:32:58 | 001,061,776 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\bdsmtpp.dll
[2014/11/26 23:32:58 | 000,209,984 | ---- | C] (BitDefender) -- C:\Windows\SysNative\BdFirewallSDK.dll
[2014/11/26 23:32:58 | 000,195,016 | ---- | C] (BitDefender) -- C:\Windows\SysNative\httproxy.dll
[2014/11/26 23:32:58 | 000,155,912 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\bdpop3p.dll
[2014/11/26 23:32:58 | 000,122,928 | ---- | C] (BitDefender) -- C:\Windows\SysNative\OEMbdpredir.dll
[2014/11/26 23:32:58 | 000,096,160 | ---- | C] (BitDefender) -- C:\Windows\SysNative\bdpredir.dll
[2014/11/26 23:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2014/11/26 23:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2014/11/26 23:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
[2014/11/26 23:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/11/17 11:14:36 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2014/11/17 11:14:36 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2014/11/17 11:12:47 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2014/11/17 11:12:47 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2014/11/17 11:12:32 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2014/11/17 11:12:32 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2014/11/17 11:12:31 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/11/17 11:12:31 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/11/17 11:12:30 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/11/17 11:12:30 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/11/17 11:08:52 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/11/17 11:08:52 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/11/17 11:08:52 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/11/17 11:08:52 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/11/17 11:08:51 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/11/17 11:07:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/11/17 11:07:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/11/17 11:05:24 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/11/17 11:02:59 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/11/17 11:02:59 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/11/17 11:01:10 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014/11/14 11:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/11/11 10:46:26 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\PandoraRecovery
[2014/11/11 10:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
[2014/11/11 10:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pandora Recovery
[2014/11/03 12:32:41 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Lands End
[2014/11/02 10:19:16 | 000,000,000 | R--D | C] -- C:\Users\IBM_ADMIN\Dropbox
[2014/11/02 10:18:42 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/11/02 10:17:42 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox
[2014/10/27 20:10:58 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Boeing
[2014/10/21 03:06:12 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/10/21 03:06:12 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/10/21 03:06:12 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/10/21 03:06:12 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/10/21 03:06:12 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/10/21 03:06:12 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/10/21 02:59:17 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/10/21 02:59:17 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/10/21 02:59:03 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/10/21 02:59:03 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/10/21 02:59:02 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/10/21 02:59:02 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/10/21 02:59:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/10/21 02:59:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/10/21 02:58:59 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/10/21 02:58:59 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/10/21 02:58:59 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/10/21 02:58:59 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/10/21 02:58:59 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/10/21 02:58:59 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/10/21 02:58:59 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/10/21 02:58:59 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/10/21 02:58:58 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/10/21 02:58:58 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/10/21 02:58:57 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/10/21 02:58:57 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/10/21 02:58:57 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/10/21 02:58:57 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/10/21 02:58:57 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/10/21 02:58:57 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/10/21 02:58:56 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/10/21 02:58:56 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/10/21 02:58:55 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/10/21 02:58:55 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/10/21 02:58:55 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/10/21 02:58:55 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/10/21 02:58:55 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/10/21 02:58:55 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/10/21 02:58:51 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/10/21 02:58:50 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/10/21 02:58:50 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/10/13 16:18:19 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Medibank
[2014/09/28 10:16:03 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\TeamViewer
[2014/09/19 11:29:26 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Local\WebEx
[2014/08/29 16:50:20 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/25 14:53:47 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Grainger
[2014/08/22 14:16:39 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/08/22 14:16:27 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/08/22 14:16:27 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/08/22 14:16:27 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/08/22 14:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/22 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/08/21 18:36:47 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/08/21 18:36:46 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/08/21 12:30:50 | 000,727,592 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2014/08/21 12:30:50 | 000,601,360 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2014/08/21 12:30:50 | 000,261,056 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2014/08/19 12:16:29 | 000,000,000 | -HSD | C] -- C:\Users\IBM_ADMIN\AppData\Local\EmieUserList
[2014/08/19 12:16:29 | 000,000,000 | -HSD | C] -- C:\Users\IBM_ADMIN\AppData\Local\EmieSiteList
[2014/08/19 09:59:16 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2014/08/19 09:45:13 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/08/19 09:45:07 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/08/19 09:45:07 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/08/19 09:45:07 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/08/19 09:45:07 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/08/19 09:45:07 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/08/19 09:45:07 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/08/19 09:45:07 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/08/19 09:45:07 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/08/19 09:45:07 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/08/19 09:45:07 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/08/19 09:45:07 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/08/19 09:45:07 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/08/19 09:45:07 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/08/19 09:45:07 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/08/19 09:45:07 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/08/19 09:45:07 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/08/19 09:45:07 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/08/19 09:45:07 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/08/19 09:45:07 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/08/19 09:45:07 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/08/19 09:45:07 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/08/19 09:45:07 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/08/19 09:45:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/08/19 09:45:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/08/19 09:45:07 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/08/19 09:45:07 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/08/19 09:45:07 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/08/19 09:45:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/08/19 09:45:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/08/19 09:45:07 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/08/19 09:45:07 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/08/19 09:45:07 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/08/19 09:45:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/08/19 09:45:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/08/19 09:45:07 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/08/19 09:45:07 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/08/19 09:45:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/08/19 09:45:07 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/08/19 09:45:06 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/08/19 09:45:06 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/08/19 09:45:06 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/08/19 09:45:06 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/08/19 09:45:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/08/19 09:45:06 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/08/19 09:43:42 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/08/19 09:43:42 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/08/19 09:43:42 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/08/19 09:43:42 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2014/08/19 09:43:42 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2014/08/19 09:43:42 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2014/08/19 09:43:42 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2014/08/19 09:43:00 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2014/08/19 09:41:36 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/19 09:41:36 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/19 09:41:35 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/08/19 09:41:35 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/08/19 09:41:35 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2014/08/19 09:41:35 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2014/08/19 09:41:35 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/08/19 09:41:35 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2014/08/19 09:41:35 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2014/08/19 09:41:35 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2014/08/19 09:41:35 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2014/08/19 09:41:35 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/08/19 09:41:35 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/08/19 09:41:35 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2014/08/19 09:41:35 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2014/08/19 09:41:35 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2014/08/19 09:41:35 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2014/08/19 09:41:35 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2014/08/19 09:41:35 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2014/08/19 09:41:35 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2014/08/19 09:41:35 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2014/08/19 09:41:35 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/19 09:41:35 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/19 09:41:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/19 09:41:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/19 09:41:35 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/19 09:41:35 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/19 09:38:59 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2014/08/19 09:38:59 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2014/08/18 08:31:42 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/08/18 08:31:42 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/08/18 08:31:42 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2014/08/18 08:31:42 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2014/08/18 08:31:42 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/08/18 08:31:37 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/08/18 08:24:01 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/08/18 08:00:28 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2014/08/18 08:00:28 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2014/08/18 08:00:28 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2014/08/18 08:00:28 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2014/08/18 08:00:28 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014/08/18 08:00:28 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014/08/18 08:00:12 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/08/18 08:00:12 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/08/04 09:09:17 | 000,000,000 | -HSD | C] -- C:\Users\IBM_ADMIN\Documents\cache
[2014/07/31 12:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2014/07/31 12:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/07/31 12:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/07/31 12:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/07/30 14:43:30 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Allison
[2014/07/29 14:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MANDIANT
[2014/07/29 14:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MANDIANT
[2014/07/21 16:15:51 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\AdobeMuse
[2014/07/21 16:12:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Muse
[2014/07/21 16:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/07/16 13:33:10 | 000,000,000 | ---D | C] -- C:\ibmbeta
[2014/07/14 07:58:41 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/07/14 07:58:41 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/07/14 07:50:24 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/07/14 07:50:24 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/07/10 14:09:30 | 000,389,240 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\Trufos.sys
[2014/06/22 10:14:35 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Local\Adobe
[2014/06/22 10:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/06/22 10:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014/06/20 10:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
[2014/06/20 10:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2014/06/20 10:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2014/06/16 22:06:55 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/06/16 21:57:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/16 21:57:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/06/16 21:56:19 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/06/16 21:56:19 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[1 C:\Users\IBM_ADMIN\*.tmp files -> C:\Users\IBM_ADMIN\*.tmp -> ]
 
========== Files - Modified Within 180 Days ==========
 
[2014/12/10 22:02:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/10 21:35:03 | 000,000,594 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-598280094-1804934353-2193003435-1000.job
[2014/12/10 21:19:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/10 20:13:40 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/10 20:12:55 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/10 20:11:08 | 000,027,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/10 20:11:08 | 000,027,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/10 20:04:15 | 000,778,950 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/10 20:04:15 | 000,660,374 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/10 20:04:15 | 000,121,270 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/10 20:01:06 | 000,002,305 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/12/10 19:57:27 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/10 19:56:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/10 19:55:35 | 2055,655,423 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/09 11:00:28 | 000,041,148 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\WileyPCR_FormSigned.jpg
[2014/12/08 13:23:47 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/12/08 13:23:47 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/12/06 08:31:04 | 000,079,013 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\SakhiFashions_Order.jpg
[2014/12/04 14:24:16 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
[2014/11/30 15:19:08 | 000,198,568 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\REBATE MCA-10008 US New.pdf
[2014/11/26 23:32:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/11/25 18:21:43 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/24 12:18:57 | 000,042,525 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\B3LE3_-CAAEwHoN.jpg-large
[2014/11/21 11:09:00 | 000,821,273 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\Lil Roy Restaurant Certificate.pdf
[2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/11/18 07:29:12 | 000,546,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/18 07:16:30 | 000,587,244 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\grendle308-screenplay-hell_swallowed_whole.pdf
[2014/11/18 07:16:14 | 000,183,648 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\BobGrieve-screenplay-hot_air_3rd_draft.pdf
[2014/11/14 11:18:33 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/11/12 09:10:03 | 000,080,624 | ---- | M] (IBM Corp.) -- C:\Windows\isamunin.exe
[2014/11/11 10:46:23 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2014/11/04 14:40:20 | 000,062,964 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\saltwater_fishing_guide.pdf
[2014/11/02 10:19:17 | 000,001,005 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\Dropbox.lnk
[2014/10/24 20:57:59 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/10/24 20:32:37 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/10/17 21:05:23 | 000,861,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014/10/13 21:12:57 | 001,460,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/10/13 21:09:31 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2014/10/13 21:07:31 | 000,681,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2014/10/13 20:47:30 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2014/10/13 20:46:02 | 000,681,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2014/10/02 21:12:00 | 000,500,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/10/02 21:11:54 | 000,284,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/10/02 21:11:51 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/10/02 21:11:51 | 000,296,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/10/02 20:44:42 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/09/19 04:42:47 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/09/11 10:15:58 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/08/22 21:07:00 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/22 14:16:21 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/08/22 14:16:21 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/08/22 14:16:21 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/08/21 12:30:50 | 000,727,592 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2014/08/21 12:30:50 | 000,601,360 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2014/08/21 12:30:50 | 000,261,056 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2014/08/21 01:40:32 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/08/21 01:23:10 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/08/19 09:45:13 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/08/19 09:45:07 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/08/19 09:45:07 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/08/19 09:45:07 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/08/19 09:45:07 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/08/19 09:45:07 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/08/19 09:45:07 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/08/19 09:45:07 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/08/19 09:45:07 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/08/19 09:45:07 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/08/19 09:45:07 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/08/19 09:45:07 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/08/19 09:45:07 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/08/19 09:45:07 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/08/19 09:45:07 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/08/19 09:45:07 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/08/19 09:45:07 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/08/19 09:45:07 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/08/19 09:45:07 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/08/19 09:45:07 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/08/19 09:45:07 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/08/19 09:45:07 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/08/19 09:45:07 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/08/19 09:45:07 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/08/19 09:45:07 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/08/19 09:45:07 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/08/19 09:45:07 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/08/19 09:45:07 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/08/19 09:45:07 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/08/19 09:45:07 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/08/19 09:45:07 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/08/19 09:45:07 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/08/19 09:45:07 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/08/19 09:45:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/08/19 09:45:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/08/19 09:45:07 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/08/19 09:45:07 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/08/19 09:45:07 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/08/19 09:45:07 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/08/19 09:45:07 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/08/19 09:45:07 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/08/19 09:45:06 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/08/19 09:45:06 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/08/19 09:45:06 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/08/19 09:45:06 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/08/19 09:45:06 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/08/19 09:45:06 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/08/19 09:43:42 | 005,549,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/08/19 09:43:42 | 003,969,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/08/19 09:43:42 | 003,914,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/08/19 09:43:42 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2014/08/19 09:43:42 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2014/08/19 09:43:42 | 000,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2014/08/19 09:43:42 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2014/08/19 09:43:00 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2014/08/19 09:41:36 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/19 09:41:36 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/19 09:41:35 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/08/19 09:41:35 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/08/19 09:41:35 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2014/08/19 09:41:35 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2014/08/19 09:41:35 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/08/19 09:41:35 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2014/08/19 09:41:35 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2014/08/19 09:41:35 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2014/08/19 09:41:35 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2014/08/19 09:41:35 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/08/19 09:41:35 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/08/19 09:41:35 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2014/08/19 09:41:35 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2014/08/19 09:41:35 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2014/08/19 09:41:35 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2014/08/19 09:41:35 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2014/08/19 09:41:35 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2014/08/19 09:41:35 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2014/08/19 09:41:35 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2014/08/19 09:41:35 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/19 09:41:35 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/19 09:41:35 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/19 09:41:35 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/19 09:41:35 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/19 09:38:59 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2014/08/19 09:38:59 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2014/08/12 14:37:26 | 048,997,564 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\IMG_3036.MOV
[2014/08/11 21:02:49 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2014/08/11 20:36:37 | 000,701,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2014/07/31 12:47:14 | 000,001,518 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2014/07/25 09:01:41 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/07/25 08:30:30 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/07/25 08:28:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/07/25 08:28:27 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/07/25 08:25:45 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/07/25 08:10:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/07/25 08:03:50 | 000,598,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/07/25 08:00:51 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/07/25 08:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/07/25 07:59:28 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/07/25 07:47:25 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/07/25 07:40:12 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/07/25 07:34:49 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/07/25 07:33:08 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/07/25 07:30:32 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/07/25 07:28:15 | 005,824,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/07/25 07:28:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/07/25 07:19:18 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/07/25 07:17:33 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/07/25 07:17:26 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/07/25 07:12:35 | 000,438,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/07/25 07:10:53 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/07/25 07:10:15 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/07/25 07:08:47 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/07/25 06:47:50 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/07/25 06:43:16 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/07/25 06:42:31 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/07/25 06:39:29 | 002,087,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/07/25 06:39:25 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/07/25 06:36:30 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/07/25 06:34:04 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/07/25 06:07:49 | 002,001,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/07/25 06:07:10 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/07/25 05:17:47 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/07/25 05:09:19 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/07/13 21:02:45 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/07/10 14:09:34 | 002,084,072 | ---- | M] (Bitdefender) -- C:\Windows\SysNative\bdnc.dll
[2014/07/10 14:09:30 | 000,389,240 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\Trufos.sys
[2014/07/10 14:08:36 | 000,195,016 | ---- | M] (BitDefender) -- C:\Windows\SysNative\httproxy.dll
[2014/07/10 14:08:36 | 000,155,912 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\bdpop3p.dll
[2014/07/10 14:08:36 | 000,122,928 | ---- | M] (BitDefender) -- C:\Windows\SysNative\OEMbdpredir.dll
[2014/07/10 14:08:34 | 001,061,776 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\bdsmtpp.dll
[2014/07/10 14:08:34 | 000,209,984 | ---- | M] (BitDefender) -- C:\Windows\SysNative\BdFirewallSDK.dll
[2014/07/10 14:08:34 | 000,156,936 | ---- | M] () -- C:\Windows\SysNative\bdfwcore.dll
[2014/07/10 14:08:34 | 000,096,160 | ---- | M] (BitDefender) -- C:\Windows\SysNative\bdpredir.dll
[2014/06/30 17:24:50 | 000,008,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014/06/30 17:14:53 | 000,008,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014/06/22 10:31:02 | 000,193,182 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\Rajendran2014 NFFBAR.pdf
[2014/06/22 10:30:58 | 000,193,183 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\Regina_2014 NFFBAR.pdf
[2014/06/20 10:10:39 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2014/06/20 10:09:35 | 000,002,653 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2014/06/18 17:23:33 | 001,943,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/06/18 17:23:33 | 000,156,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/06/18 17:23:33 | 000,073,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/06/18 17:23:32 | 001,131,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/06/18 17:23:32 | 000,156,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/06/18 17:23:32 | 000,081,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/06/17 21:18:30 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/06/17 20:51:32 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[1 C:\Users\IBM_ADMIN\*.tmp files -> C:\Users\IBM_ADMIN\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/09 11:00:27 | 000,041,148 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\WileyPCR_FormSigned.jpg
[2014/12/06 08:30:47 | 000,079,013 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\SakhiFashions_Order.jpg
[2014/11/30 15:19:05 | 000,198,568 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\REBATE MCA-10008 US New.pdf
[2014/11/26 23:32:58 | 000,156,936 | ---- | C] () -- C:\Windows\SysNative\bdfwcore.dll
[2014/11/26 23:32:47 | 000,002,305 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/11/26 23:32:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/11/24 12:18:57 | 000,042,525 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\B3LE3_-CAAEwHoN.jpg-large
[2014/11/21 11:08:57 | 000,821,273 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\Lil Roy Restaurant Certificate.pdf
[2014/11/18 07:16:30 | 000,587,244 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\grendle308-screenplay-hell_swallowed_whole.pdf
[2014/11/18 07:16:13 | 000,183,648 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\BobGrieve-screenplay-hot_air_3rd_draft.pdf
[2014/11/11 10:46:23 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2014/11/04 14:40:19 | 000,062,964 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\saltwater_fishing_guide.pdf
[2014/11/02 10:19:16 | 000,001,005 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\Dropbox.lnk
[2014/09/02 07:30:24 | 048,997,564 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\IMG_3036.MOV
[2014/08/19 09:45:07 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/08/19 09:45:07 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/07/31 12:57:02 | 000,001,040 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
[2014/07/31 12:47:14 | 000,001,530 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2014/07/31 12:47:13 | 000,001,518 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2014/07/21 16:12:17 | 000,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Muse.lnk
[2014/06/22 10:29:34 | 000,193,183 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\Regina_2014 NFFBAR.pdf
[2014/06/22 10:20:47 | 000,193,182 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\Rajendran2014 NFFBAR.pdf
[2014/06/22 10:12:17 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/06/20 10:09:35 | 000,002,653 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2014/06/20 10:09:12 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2014/01/16 12:30:04 | 000,004,096 | -H-- | C] () -- C:\Users\IBM_ADMIN\AppData\Local\keyfile3.drm
[2013/09/29 19:46:43 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2013/03/13 16:51:24 | 000,677,328 | ---- | C] () -- C:\Windows\SysWow64\amsrb932.dll
[2012/07/23 11:54:35 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.311018984119889580931149468956
[2012/01/30 08:44:03 | 000,061,305 | ---- | C] () -- C:\Users\IBM_ADMIN\install.xml
[2010/09/09 12:23:52 | 000,271,686 | ---- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010/07/02 18:50:13 | 000,000,566 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2011/11/17 01:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\IBM_ADMIN\AppData\Local\{771f188e-2a64-877f-cad7-e1fc1822be65}\@
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\IBM_ADMIN\AppData\Local\{771f188e-2a64-877f-cad7-e1fc1822be65}\L
[2012/08/07 12:07:48 | 000,000,000 | -HSD | M] -- C:\Users\IBM_ADMIN\AppData\Local\{771f188e-2a64-877f-cad7-e1fc1822be65}\U
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\IBM_ADMIN\AppData\Local\{771f188e-2a64-877f-cad7-e1fc1822be65}\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< End of report >
 

  • 0

Advertisements


#2
givemefood

givemefood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Anyone out on this site who can help? Please?


  • 0

#3
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Bad idea to answer your own post.  Makes it hard to find as we look for posts with 0 replies.

 

You have 3 anti-viruses.  Symantec, BitDefender and Ad-Aware. You need to pick one and remove the others as they will fight each other.

 

You have a version of the Zero Access infection.

 

========== ZeroAccess Check ==========
 
[2011/11/17 01:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\IBM_ADMIN\AppData\Local\{771f188e-2a64-877f-cad7-e1fc1822be65}\@
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\IBM_ADMIN\AppData\Local\{771f188e-2a64-877f-cad7-e1fc1822be65}\L
[2012/08/07 12:07:48 | 000,000,000 | -HSD | M] -- C:\Users\IBM_ADMIN\AppData\Local\{771f188e-2a64-877f-cad7-e1fc1822be65}\U
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\IBM_ADMIN\AppData\Local\{771f188e-2a64-877f-cad7-e1fc1822be65}\n.
 
 

 

 

 

Copy the text in the code box by highlighting and Ctrl + c
 
:files
C:\Users\IBM_ADMIN\AppData\Local\{771f188e-2a64-877f-cad7-e1fc1822be65}
copy \windows\notepad.exe \Users\IBM_ADMIN\AppData\Local\{771f188e-2a64-877f-cad7-e1fc1822be65} /c
 
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]
 
 
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. 
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\12122014-some number.log so look there if you don't see it.
 
Then after the reboot, run OTL, Quick Scan again and post the log.
 
 
 
 
 

 

 


  • 0

#4
givemefood

givemefood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Thank you RSkinner. I ran the "Fix" and this is the resulting log:

 

______________________________________________________________________________________

 

OTL logfile created on: 12/12/2014 10:54:55 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\IBM_ADMIN\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.89 Gb Total Physical Memory | 4.75 Gb Available Physical Memory | 60.23% Memory free
15.77 Gb Paging File | 12.50 Gb Available in Paging File | 79.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 12.41 Gb Free Space | 2.66% Space Free | Partition Type: NTFS
 
Computer Name: IBM-2F08I7T981U | User Name: rameshanthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/10 21:22:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\IBM_ADMIN\Downloads\OTL.exe
PRC - [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/14 11:18:57 | 000,381,680 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\C4ebreg\isamtray.exe
PRC - [2014/11/14 11:18:43 | 000,576,240 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\C4ebreg\c4ebreg.exe
PRC - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/20 18:45:38 | 000,144,368 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
PRC - [2013/08/01 12:39:12 | 000,192,104 | ---- | M] (IBM Corp) -- c:\notes\SUService.exe
PRC - [2013/08/01 12:36:44 | 004,456,040 | ---- | M] (IBM) -- c:\notes\nsd.exe
PRC - [2013/05/03 16:19:34 | 005,387,640 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
PRC - [2013/05/03 16:19:34 | 001,486,200 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
PRC - [2012/09/07 13:09:18 | 000,184,088 | ---- | M] (IBM Corp.) -- c:\sdwork\issimsvc.exe
PRC - [2012/07/21 15:05:20 | 001,588,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
PRC - [2012/07/21 15:05:14 | 003,935,944 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
PRC - [2012/05/16 14:05:42 | 000,100,792 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
PRC - [2012/05/16 14:05:24 | 008,192,440 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe
PRC - [2012/05/16 14:05:16 | 009,063,352 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
PRC - [2012/05/16 13:36:14 | 000,046,080 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe
PRC - [2012/01/30 08:48:19 | 011,296,768 | ---- | M] (IBM) -- C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\soffice.bin
PRC - [2011/10/20 12:11:24 | 000,412,736 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2011/10/20 12:09:32 | 000,363,584 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2011/10/20 12:09:26 | 000,195,648 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
PRC - [2011/10/20 12:09:20 | 000,433,216 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
PRC - [2011/10/20 12:09:18 | 000,269,376 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2011/10/20 12:09:16 | 000,134,208 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2011/08/12 23:18:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/12 05:20:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/11 19:04:14 | 000,328,552 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/07/25 23:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011/07/22 12:21:34 | 000,060,264 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/07/22 12:21:32 | 000,042,344 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2011/07/22 12:21:18 | 000,041,832 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011/07/12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/03/24 03:48:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/02/25 01:02:00 | 000,039,408 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
PRC - [2011/02/09 17:36:58 | 000,457,200 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
PRC - [2010/11/20 07:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/11/18 16:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010/10/12 16:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 16:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/09/09 12:40:38 | 000,079,200 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe
PRC - [2010/09/09 12:40:24 | 000,476,000 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe
PRC - [2010/09/09 12:40:02 | 000,349,536 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe
PRC - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/05 20:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/05 20:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/05 20:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/05 20:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/09/17 11:54:45 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\eab470ea118ad56a2a287fbc9b4eb814\System.Xaml.ni.dll
MOD - [2014/09/17 07:36:25 | 017,999,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3a80d309a42932484b46e1ce5b1a26fb\PresentationFramework.ni.dll
MOD - [2014/09/17 07:36:12 | 011,451,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\52a6dbea295b050d39eac633f4f45699\PresentationCore.ni.dll
MOD - [2014/09/17 07:36:08 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\eb5ed59617b97ec2ac332e367285fefc\PresentationFramework.Aero.ni.dll
MOD - [2014/09/17 07:36:05 | 013,140,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bc9c68dd8cfcf134e5f385a8ce73a05f\System.Windows.Forms.ni.dll
MOD - [2014/09/17 07:36:01 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b4c5db3d869e939a848ca08ac7cf3e88\System.Core.ni.dll
MOD - [2014/09/17 07:35:54 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\311df96b9394d130b24653d51163142e\WindowsBase.ni.dll
MOD - [2014/09/17 07:35:52 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a421135e2f2680ad100d485476a520f4\System.Drawing.ni.dll
MOD - [2014/09/17 07:35:49 | 009,086,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\0c9b60c066b18195e4b293e0d0802f60\System.ni.dll
MOD - [2014/09/17 07:35:44 | 014,416,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\64a3cdb7bc50e751c0bfb210625265d9\mscorlib.ni.dll
MOD - [2014/02/12 19:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 19:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/01/30 08:48:19 | 000,967,168 | ---- | M] () -- C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\libxml2.dll
MOD - [2012/01/30 08:48:16 | 000,163,840 | ---- | M] () -- C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.system.win32_3.0.0.20110822-1305\basis\program\libxslt.dll
MOD - [2012/01/30 08:48:12 | 000,139,264 | ---- | M] () -- C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.base.win32_3.0.0.20110822-1305\basis\program\nsldap32v50.dll
MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/10/20 10:12:28 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/10/15 13:37:16 | 000,707,888 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV:64bit: - [2014/07/25 08:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2012/01/27 07:50:49 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011/10/17 15:48:24 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/08/08 07:39:18 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 21:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 20:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/07/22 12:21:34 | 000,060,264 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2011/07/22 12:21:18 | 000,041,832 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/07/12 16:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2011/07/12 16:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2011/06/03 12:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/03/29 19:15:36 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/12/17 08:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/12/08 13:23:47 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/14 11:18:43 | 000,576,240 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files (x86)\C4ebreg\c4ebreg.exe -- (ISAMSvc)
SRV - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/16 09:15:53 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/20 18:45:44 | 002,377,984 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe -- (SmcService)
SRV - [2013/10/20 18:45:44 | 000,334,736 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe -- (SNAC)
SRV - [2013/10/20 18:45:38 | 000,144,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2013/08/01 12:39:12 | 000,192,104 | ---- | M] (IBM Corp) [Auto | Running] -- c:\notes\SUService.exe -- (LNSUSvc)
SRV - [2013/08/01 12:36:44 | 004,456,040 | ---- | M] (IBM) [Auto | Running] -- c:\notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2013/05/03 16:19:34 | 005,387,640 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)
SRV - [2012/09/25 16:03:16 | 013,387,128 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe -- (Intelligent Response Agent)
SRV - [2012/09/07 13:09:18 | 000,184,088 | ---- | M] (IBM Corp.) [Auto | Running] -- c:\sdwork\issimsvc.exe -- (ISSIMon)
SRV - [2012/07/21 15:05:20 | 001,588,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service)
SRV - [2012/02/09 15:30:04 | 000,745,472 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\IBM\Tivoli\Remote Control\Target\trc_base.exe -- (TRCTARGET)
SRV - [2012/01/27 07:48:07 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2011/10/20 12:09:18 | 000,269,376 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2011/10/20 12:09:16 | 000,134,208 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2011/08/12 23:18:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/12 05:20:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/07/25 23:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/03/24 03:48:00 | 000,477,032 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2011/03/24 03:48:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/03/02 08:09:42 | 000,354,288 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2011/03/02 08:09:06 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2011/02/25 01:02:00 | 000,039,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2011/02/09 17:36:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2010/11/20 07:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/11/18 16:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010/09/09 12:40:38 | 000,079,200 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe -- (NetLogSvc)
SRV - [2010/09/09 12:40:24 | 000,476,000 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe -- (netcfgsvr)
SRV - [2010/09/09 12:40:02 | 000,349,536 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe -- (NetClientSvc)
SRV - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/12 10:40:51 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/08/21 12:30:50 | 000,727,592 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2014/08/21 12:30:50 | 000,601,360 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2014/08/21 12:30:50 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2014/07/10 14:09:30 | 000,389,240 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2014/07/10 14:09:30 | 000,150,256 | ---- | M] (BitDefender LLC) [File_System | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys -- (gzflt)
DRV:64bit: - [2014/07/10 14:08:36 | 000,102,992 | ---- | M] (BitDefender LLC) [Kernel | System | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2014/02/27 07:53:51 | 000,155,352 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SysPlant.sys -- (SysPlant)
DRV:64bit: - [2014/02/26 14:10:26 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/11/22 12:43:12 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53)
DRV:64bit: - [2013/10/20 18:45:46 | 001,147,480 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013/10/20 18:45:46 | 000,797,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/10/20 18:45:46 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/10/20 18:45:46 | 000,437,336 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\symnets.sys -- (SYMNETS)
DRV:64bit: - [2013/10/20 18:45:46 | 000,224,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/10/20 18:45:46 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys -- (ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE})
DRV:64bit: - [2013/10/20 18:45:46 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/10/20 18:45:44 | 000,092,456 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Teefer.sys -- (Teefer2)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/21 15:05:34 | 000,015,848 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\PGPwdefs.sys -- (Pgpwdefs)
DRV:64bit: - [2012/07/21 15:05:32 | 000,372,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PGPwded.sys -- (PGPwded)
DRV:64bit: - [2012/07/21 15:05:30 | 000,051,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PGPsdk.sys -- (PGPsdkDriver)
DRV:64bit: - [2012/07/21 15:05:22 | 000,273,848 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PGPdisk.sys -- (PGPdisk)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/27 07:51:10 | 001,423,408 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/01/27 07:50:59 | 000,118,016 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LenovoRd.sys -- (LenovoRd)
DRV:64bit: - [2012/01/27 07:50:57 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2012/01/27 07:50:57 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2012/01/27 07:50:57 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2012/01/27 07:50:57 | 000,054,784 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2012/01/27 07:50:56 | 000,067,072 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2012/01/27 07:50:56 | 000,061,952 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2012/01/27 07:50:51 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2012/01/27 07:50:51 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2012/01/27 07:50:50 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iastor)
DRV:64bit: - [2012/01/27 07:50:49 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/01/27 07:50:49 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2012/01/27 07:50:49 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2012/01/27 07:50:44 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2012/01/27 07:50:33 | 000,419,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV:64bit: - [2012/01/27 07:50:33 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2012/01/27 07:50:33 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2012/01/27 07:50:32 | 000,411,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV:64bit: - [2012/01/27 07:50:32 | 000,101,416 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\l36wgps64.sys -- (l36wgps)
DRV:64bit: - [2012/01/27 07:48:09 | 000,091,648 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2012/01/27 07:48:09 | 000,029,696 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2012/01/27 07:48:08 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012/01/27 07:48:08 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012/01/27 07:48:08 | 000,022,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwupgrade.sys -- (huawei_update)
DRV:64bit: - [2012/01/27 07:48:08 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2012/01/27 07:48:07 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012/01/27 07:48:07 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2012/01/27 07:48:06 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2012/01/27 07:48:05 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2012/01/27 07:48:05 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2012/01/27 07:48:05 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2011/10/17 16:24:50 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/10/17 16:24:44 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/10/17 16:24:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/10/03 15:46:40 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/09/26 02:40:28 | 012,309,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/12 23:18:00 | 000,027,240 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/04 15:45:24 | 000,341,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/08/03 17:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/06/15 12:50:44 | 000,348,944 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ifM60x64.sys -- (IFCoEMP)
DRV:64bit: - [2011/03/29 19:13:40 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011/03/29 19:11:48 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011/03/24 03:48:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2011/03/24 03:48:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 01:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2011/02/09 01:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2011/02/09 01:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:07:04 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 04:57:43 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/09/09 15:24:04 | 000,190,464 | ---- | M] (AT&T) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\agnfilt.sys -- (agnfilt)
DRV:64bit: - [2010/09/07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/07/14 11:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/06/29 18:22:50 | 000,014,848 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avpnnic.sys -- (avpnnic)
DRV:64bit: - [2010/03/23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/11/16 06:27:48 | 000,041,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma2)
DRV:64bit: - [2009/11/16 06:27:46 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd160x64.sys -- (ioatdma1)
DRV:64bit: - [2009/11/16 06:27:44 | 000,046,792 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ioatdma.sys -- (ioatdma)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:35:02 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1k60x64.sys -- (e1kexpress)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007/02/19 00:56:38 | 000,027,136 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2014/12/11 06:01:56 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/12/11 06:01:55 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/11/18 18:13:19 | 000,637,656 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20141211.011\IDSviA64.sys -- (IDSVia64)
DRV - [2014/10/03 23:06:12 | 001,586,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20141119.011\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/09/24 13:05:23 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141211.018\ex64.sys -- (NAVEX15)
DRV - [2014/09/24 13:05:23 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141211.018\eng64.sys -- (NAVENG)
DRV - [2014/07/29 14:42:52 | 000,025,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\ProgramData\MANDIANT\MANDIANT Intelligent Response Agent\mktools.sys -- (Mandiant_Tools)
DRV - [2013/10/20 18:45:44 | 000,034,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys -- (SyDvCtrl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002/07/17 23:00:00 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\PMEMNT.SYS -- (PMEM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C ED 65 D5 DD 17 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {2602979F-3C33-4DC4-897A-BAA62A38788B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{2602979F-3C33-4DC4-897A-BAA62A38788B}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;<local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "w3.ibm.com"
FF - prefs.js..extensions.enabledAddons: %7B9EB34849-81D3-4841-939D-666D522B889A%7D:1.5.7.158
FF - prefs.js..extensions.enabledAddons: %7Bbb6bc1bb-f824-4702-90cd-35e2fb24f25d%7D:1.5.1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:2.04.20110724.1ibm
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@IBM.com/Java60: C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@IBM.com/Java,version=1.6.0: C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
FF - HKLM\Software\MozillaPlugins\@IBM.com/JavaPlugin: C:\Program Files (x86)\IBM\Java60\jre\bin\plugin2\npjp2.dll (IBM)
FF - HKLM\Software\MozillaPlugins\@IBM.com/WDPlugin,version=1: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/17 12:03:56 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\IBM_ADMIN\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@IBM.com/WDPlugin,version=1: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/17 12:03:56 | 000,000,000 | ---D | M]
FF - HKCU\Software\MozillaPlugins\LWAPlugin15.8: C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/06/11 14:14:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/17 12:03:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/06/11 14:14:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/17 12:03:56 | 000,000,000 | ---D | M]
 
[2013/07/29 09:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Extensions
[2013/07/29 09:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Extensions\[email protected]
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions
[2012/07/25 19:54:59 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2013/03/31 09:08:11 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012/01/30 08:34:56 | 000,000,000 | ---D | M] (IBM Add To Notes Address Book BluePages Plugin) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (IBM CCK) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]
[2013/10/01 11:50:04 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+) - IBM Edition) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]
[2012/01/30 08:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\defaults
[2012/01/30 08:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\plugins
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\chrome
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\components
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\defaults
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\modules
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\searchplugins
[2014/12/02 15:16:28 | 000,319,610 | ---- | M] () (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\firefox\profiles\2ziq4yrx.default\extensions\[email protected]\lucifox-0.9.9-fx+sm.xpi
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (IBM Add To Notes Address Book BluePages Plugin) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (IBM CCK) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (IE Tab + (IBM Edition)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/16 09:15:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\plugins
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\chrome
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\modules
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\searchplugins
[2010/10/12 15:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 15:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 15:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/10/12 15:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010/08/02 12:01:32 | 000,122,880 | ---- | M] (IBM ) -- C:\Program Files (x86)\mozilla firefox\plugins\npcpsweb.dll
[2010/10/12 17:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2012/06/28 15:30:44 | 000,299,696 | ---- | M] (IBM ) -- C:\Program Files (x86)\mozilla firefox\plugins\npwdplugin821.dll
[2010/10/12 15:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbnookjgoaaelhciadikaadnkgmiamei\3.4.5_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\edppjepaddkecolndfomijbbccbepinm\1.2.6_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjnkapjmjfpipfcccnjbjcbgdnahpjp\2.0.264_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin\1.4.3_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj\0.9.5_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/07/31 13:24:36 | 000,001,062 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 10.245.32.132 ri3vw350.msd.ihost.com
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O1 - Hosts: 127.0.0.1 na1r.services.adobe.com
O1 - Hosts: 127.0.0.1 hlrcv.stage.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com 
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\IBM\Java60\jre\bin\ssv.dll (IBM)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll (IBM)
O2 - BHO: (Plugin Class) - {56CD20F0-7C09-11D5-A768-0050042307CE} - c:\Program Files (x86)\SAP\SAP Tutor\free_PlayerIE.dll (SAP AG)
O2 - BHO: (Symantec Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [C4EBReg] C:\Program Files (x86)\C4ebreg\c4ebreg.exe (IBM Corp.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Isamtray] C:\Program Files (x86)\C4ebreg\isamtray.exe (IBM Corp.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe (Sonic Solutions)
O4 - HKLM..\Run: [Yahoo Messenger]  File not found
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_47692A8BDE1D0898868E82D17210B48D] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files (x86)\AT&T Network Client\NetSP.exe (AT&T)
O4 - HKCU..\Run: [NotesSODCPreLoad] C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\preload.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Open Text\SOCKS Client\HumSOCKS.dll (Open Text Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Open Text\SOCKS Client\HumSOCKS.dll (Open Text Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ibm.com ([w3-03] https in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http:// (Java Plug-in 11.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http:// (Java Plug-in 11.25.2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E734BF43-7194-4E3A-832F-307606DDF665} https://cs.conferenc...ts/WDPLUGIN.CAB (Unyte Conferencing Plugin)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9B3B138-37B1-4DDB-8F6D-E3DE308AB852}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC2CF689-6241-4B37-B9AA-C711A5084DE0}: NameServer = 9.0.130.50,9.0.128.50
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2e7ece1b-d45b-11e1-8135-0021ccbb6bff}\Shell - "" = AutoRun
O33 - MountPoints2\{2e7ece1b-d45b-11e1-8135-0021ccbb6bff}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 180 Days ==========
 
[2014/12/12 10:55:10 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\smkits
[2014/12/12 10:44:03 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Users\IBM_ADMIN\AppData\Local\{771f188e-2a64-877f-cad7-e1fc1822be65}
[2014/12/12 10:44:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/12/10 20:13:24 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/10 20:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/12/10 20:12:52 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/12/10 20:12:52 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/12/10 20:12:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/11/27 08:16:17 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Lavasoft
[2014/11/26 23:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2014/11/26 23:33:05 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\LavasoftStatistics
[2014/11/26 23:33:02 | 002,084,072 | ---- | C] (Bitdefender) -- C:\Windows\SysNative\bdnc.dll
[2014/11/26 23:32:58 | 001,061,776 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\bdsmtpp.dll
[2014/11/26 23:32:58 | 000,209,984 | ---- | C] (BitDefender) -- C:\Windows\SysNative\BdFirewallSDK.dll
[2014/11/26 23:32:58 | 000,195,016 | ---- | C] (BitDefender) -- C:\Windows\SysNative\httproxy.dll
[2014/11/26 23:32:58 | 000,155,912 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\bdpop3p.dll
[2014/11/26 23:32:58 | 000,122,928 | ---- | C] (BitDefender) -- C:\Windows\SysNative\OEMbdpredir.dll
[2014/11/26 23:32:58 | 000,096,160 | ---- | C] (BitDefender) -- C:\Windows\SysNative\bdpredir.dll
[2014/11/26 23:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2014/11/26 23:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2014/11/26 23:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
[2014/11/26 23:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/11/17 11:14:36 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2014/11/17 11:14:36 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2014/11/17 11:12:47 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2014/11/17 11:12:47 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2014/11/17 11:12:32 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2014/11/17 11:12:32 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2014/11/17 11:12:31 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/11/17 11:12:31 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/11/17 11:12:30 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/11/17 11:12:30 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/11/17 11:08:52 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/11/17 11:08:52 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/11/17 11:08:52 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/11/17 11:08:52 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/11/17 11:08:51 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/11/17 11:07:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/11/17 11:07:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/11/17 11:05:24 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/11/17 11:02:59 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/11/17 11:02:59 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/11/17 11:01:10 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014/11/14 11:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/11/11 10:46:26 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\PandoraRecovery
[2014/11/11 10:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
[2014/11/11 10:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pandora Recovery
[2014/11/03 12:32:41 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Lands End
[2014/11/02 10:19:16 | 000,000,000 | R--D | C] -- C:\Users\IBM_ADMIN\Dropbox
[2014/11/02 10:18:42 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/11/02 10:17:42 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox
[2014/10/27 20:10:58 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Boeing
[2014/10/21 03:06:12 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/10/21 03:06:12 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/10/21 03:06:12 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/10/21 03:06:12 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/10/21 03:06:12 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/10/21 03:06:12 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/10/21 02:59:17 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/10/21 02:59:17 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/10/21 02:59:03 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/10/21 02:59:03 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/10/21 02:59:02 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/10/21 02:59:02 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/10/21 02:59:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/10/21 02:59:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/10/21 02:58:59 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/10/21 02:58:59 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/10/21 02:58:59 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/10/21 02:58:59 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/10/21 02:58:59 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/10/21 02:58:59 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/10/21 02:58:59 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/10/21 02:58:59 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/10/21 02:58:58 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/10/21 02:58:58 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/10/21 02:58:57 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/10/21 02:58:57 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/10/21 02:58:57 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/10/21 02:58:57 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/10/21 02:58:57 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/10/21 02:58:57 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/10/21 02:58:56 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/10/21 02:58:56 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/10/21 02:58:55 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/10/21 02:58:55 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/10/21 02:58:55 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/10/21 02:58:55 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/10/21 02:58:55 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/10/21 02:58:55 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/10/21 02:58:51 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/10/21 02:58:50 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/10/21 02:58:50 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/10/13 16:18:19 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Medibank
[2014/09/28 10:16:03 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\TeamViewer
[2014/09/19 11:29:26 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Local\WebEx
[2014/08/29 16:50:20 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/25 14:53:47 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Grainger
[2014/08/22 14:16:39 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/08/22 14:16:27 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/08/22 14:16:27 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/08/22 14:16:27 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/08/22 14:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/22 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/08/21 18:36:47 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/08/21 18:36:46 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/08/21 12:30:50 | 000,727,592 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2014/08/21 12:30:50 | 000,601,360 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2014/08/21 12:30:50 | 000,261,056 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2014/08/19 12:16:29 | 000,000,000 | -HSD | C] -- C:\Users\IBM_ADMIN\AppData\Local\EmieUserList
[2014/08/19 12:16:29 | 000,000,000 | -HSD | C] -- C:\Users\IBM_ADMIN\AppData\Local\EmieSiteList
[2014/08/19 09:59:16 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2014/08/19 09:45:13 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/08/19 09:45:07 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/08/19 09:45:07 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/08/19 09:45:07 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/08/19 09:45:07 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/08/19 09:45:07 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/08/19 09:45:07 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/08/19 09:45:07 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/08/19 09:45:07 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/08/19 09:45:07 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/08/19 09:45:07 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/08/19 09:45:07 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/08/19 09:45:07 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/08/19 09:45:07 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/08/19 09:45:07 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/08/19 09:45:07 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/08/19 09:45:07 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/08/19 09:45:07 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/08/19 09:45:07 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/08/19 09:45:07 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/08/19 09:45:07 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/08/19 09:45:07 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/08/19 09:45:07 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/08/19 09:45:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/08/19 09:45:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/08/19 09:45:07 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/08/19 09:45:07 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/08/19 09:45:07 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/08/19 09:45:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/08/19 09:45:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/08/19 09:45:07 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/08/19 09:45:07 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/08/19 09:45:07 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/08/19 09:45:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/08/19 09:45:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/08/19 09:45:07 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/08/19 09:45:07 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/08/19 09:45:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/08/19 09:45:07 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/08/19 09:45:06 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/08/19 09:45:06 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/08/19 09:45:06 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/08/19 09:45:06 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/08/19 09:45:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/08/19 09:45:06 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/08/19 09:43:42 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/08/19 09:43:42 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/08/19 09:43:42 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/08/19 09:43:42 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2014/08/19 09:43:42 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2014/08/19 09:43:42 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2014/08/19 09:43:42 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2014/08/19 09:43:00 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2014/08/19 09:41:36 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/19 09:41:36 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/19 09:41:35 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/08/19 09:41:35 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/08/19 09:41:35 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2014/08/19 09:41:35 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2014/08/19 09:41:35 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/08/19 09:41:35 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2014/08/19 09:41:35 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2014/08/19 09:41:35 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2014/08/19 09:41:35 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2014/08/19 09:41:35 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/08/19 09:41:35 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/08/19 09:41:35 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2014/08/19 09:41:35 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2014/08/19 09:41:35 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2014/08/19 09:41:35 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2014/08/19 09:41:35 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2014/08/19 09:41:35 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2014/08/19 09:41:35 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2014/08/19 09:41:35 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2014/08/19 09:41:35 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/19 09:41:35 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/19 09:41:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/19 09:41:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/19 09:41:35 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/19 09:41:35 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/19 09:38:59 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2014/08/19 09:38:59 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2014/08/18 08:31:42 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/08/18 08:31:42 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/08/18 08:31:42 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2014/08/18 08:31:42 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2014/08/18 08:31:42 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/08/18 08:31:37 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/08/18 08:24:01 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/08/18 08:00:28 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2014/08/18 08:00:28 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2014/08/18 08:00:28 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2014/08/18 08:00:28 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2014/08/18 08:00:28 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014/08/18 08:00:28 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014/08/18 08:00:12 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/08/18 08:00:12 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/08/04 09:09:17 | 000,000,000 | -HSD | C] -- C:\Users\IBM_ADMIN\Documents\cache
[2014/07/31 12:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2014/07/31 12:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/07/31 12:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/07/31 12:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/07/30 14:43:30 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Allison
[2014/07/29 14:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MANDIANT
[2014/07/29 14:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MANDIANT
[2014/07/21 16:15:51 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\AdobeMuse
[2014/07/21 16:12:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Muse
[2014/07/21 16:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/07/16 13:33:10 | 000,000,000 | ---D | C] -- C:\ibmbeta
[2014/07/14 07:58:41 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/07/14 07:58:41 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/07/14 07:50:24 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/07/14 07:50:24 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/07/10 14:09:30 | 000,389,240 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\Trufos.sys
[2014/06/22 10:14:35 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Local\Adobe
[2014/06/22 10:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/06/22 10:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014/06/20 10:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
[2014/06/20 10:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2014/06/20 10:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2014/06/16 22:06:55 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/06/16 21:57:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/16 21:57:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/06/16 21:56:19 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/06/16 21:56:19 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[1 C:\Users\IBM_ADMIN\*.tmp files -> C:\Users\IBM_ADMIN\*.tmp -> ]
 
========== Files - Modified Within 180 Days ==========
 
[2014/12/12 10:59:21 | 000,027,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/12 10:59:21 | 000,027,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/12 10:55:04 | 000,778,950 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/12 10:55:04 | 000,660,374 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/12 10:55:04 | 000,121,270 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/12 10:51:23 | 000,002,305 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/12/12 10:48:44 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/12 10:47:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/12 10:46:56 | 2055,655,423 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/12 10:40:51 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/12 10:21:15 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/11 12:35:05 | 000,000,594 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-598280094-1804934353-2193003435-1000.job
[2014/12/11 12:19:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/11 12:02:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/10 20:12:55 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/09 11:00:28 | 000,041,148 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\WileyPCR_FormSigned.jpg
[2014/12/08 13:23:47 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/12/08 13:23:47 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/12/06 08:31:04 | 000,079,013 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\SakhiFashions_Order.jpg
[2014/12/04 14:24:16 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
[2014/11/30 15:19:08 | 000,198,568 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\REBATE MCA-10008 US New.pdf
[2014/11/26 23:32:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/11/24 12:18:57 | 000,042,525 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\B3LE3_-CAAEwHoN.jpg-large
[2014/11/21 11:09:00 | 000,821,273 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\Lil Roy Restaurant Certificate.pdf
[2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/11/18 07:29:12 | 000,546,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/18 07:16:30 | 000,587,244 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\grendle308-screenplay-hell_swallowed_whole.pdf
[2014/11/18 07:16:14 | 000,183,648 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\BobGrieve-screenplay-hot_air_3rd_draft.pdf
[2014/11/14 11:18:33 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/11/12 09:10:03 | 000,080,624 | ---- | M] (IBM Corp.) -- C:\Windows\isamunin.exe
[2014/11/11 10:46:23 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2014/11/04 14:40:20 | 000,062,964 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\saltwater_fishing_guide.pdf
[2014/11/02 10:19:17 | 000,001,005 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\Dropbox.lnk
[2014/10/24 20:57:59 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/10/24 20:32:37 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/10/17 21:05:23 | 000,861,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014/10/13 21:12:57 | 001,460,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/10/13 21:09:31 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2014/10/13 21:07:31 | 000,681,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2014/10/13 20:47:30 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2014/10/13 20:46:02 | 000,681,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2014/10/02 21:12:00 | 000,500,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/10/02 21:11:54 | 000,284,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/10/02 21:11:51 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/10/02 21:11:51 | 000,296,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/10/02 20:44:42 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/09/19 04:42:47 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/09/11 10:15:58 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/08/22 21:07:00 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/22 14:16:21 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/08/22 14:16:21 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/08/22 14:16:21 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/08/21 12:30:50 | 000,727,592 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2014/08/21 12:30:50 | 000,601,360 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2014/08/21 12:30:50 | 000,261,056 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2014/08/21 01:40:32 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/08/21 01:23:10 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/08/19 09:45:13 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/08/19 09:45:07 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/08/19 09:45:07 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/08/19 09:45:07 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/08/19 09:45:07 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/08/19 09:45:07 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/08/19 09:45:07 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/08/19 09:45:07 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/08/19 09:45:07 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/08/19 09:45:07 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/08/19 09:45:07 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/08/19 09:45:07 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/08/19 09:45:07 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/08/19 09:45:07 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/08/19 09:45:07 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/08/19 09:45:07 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/08/19 09:45:07 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/08/19 09:45:07 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/08/19 09:45:07 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/08/19 09:45:07 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/08/19 09:45:07 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/08/19 09:45:07 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/08/19 09:45:07 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/08/19 09:45:07 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/08/19 09:45:07 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/08/19 09:45:07 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/08/19 09:45:07 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/08/19 09:45:07 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/08/19 09:45:07 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/08/19 09:45:07 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/08/19 09:45:07 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/08/19 09:45:07 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/08/19 09:45:07 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/08/19 09:45:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/08/19 09:45:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/08/19 09:45:07 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/08/19 09:45:07 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/08/19 09:45:07 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/08/19 09:45:07 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/08/19 09:45:07 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/08/19 09:45:07 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/08/19 09:45:06 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/08/19 09:45:06 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/08/19 09:45:06 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/08/19 09:45:06 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/08/19 09:45:06 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/08/19 09:45:06 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/08/19 09:43:42 | 005,549,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/08/19 09:43:42 | 003,969,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/08/19 09:43:42 | 003,914,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/08/19 09:43:42 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2014/08/19 09:43:42 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2014/08/19 09:43:42 | 000,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2014/08/19 09:43:42 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2014/08/19 09:43:00 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2014/08/19 09:41:36 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/19 09:41:36 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/19 09:41:35 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/08/19 09:41:35 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/08/19 09:41:35 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2014/08/19 09:41:35 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2014/08/19 09:41:35 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/08/19 09:41:35 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2014/08/19 09:41:35 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2014/08/19 09:41:35 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2014/08/19 09:41:35 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2014/08/19 09:41:35 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/08/19 09:41:35 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/08/19 09:41:35 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2014/08/19 09:41:35 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2014/08/19 09:41:35 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2014/08/19 09:41:35 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2014/08/19 09:41:35 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2014/08/19 09:41:35 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2014/08/19 09:41:35 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2014/08/19 09:41:35 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2014/08/19 09:41:35 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/19 09:41:35 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/19 09:41:35 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/19 09:41:35 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/19 09:41:35 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/19 09:38:59 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2014/08/19 09:38:59 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2014/08/12 14:37:26 | 048,997,564 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\IMG_3036.MOV
[2014/08/11 21:02:49 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2014/08/11 20:36:37 | 000,701,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2014/07/31 12:47:14 | 000,001,518 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2014/07/25 09:01:41 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/07/25 08:30:30 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/07/25 08:28:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/07/25 08:28:27 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/07/25 08:25:45 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/07/25 08:10:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/07/25 08:03:50 | 000,598,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/07/25 08:00:51 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/07/25 08:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/07/25 07:59:28 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/07/25 07:47:25 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/07/25 07:40:12 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/07/25 07:34:49 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/07/25 07:33:08 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/07/25 07:30:32 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/07/25 07:28:15 | 005,824,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/07/25 07:28:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/07/25 07:19:18 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/07/25 07:17:33 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/07/25 07:17:26 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/07/25 07:12:35 | 000,438,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/07/25 07:10:53 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/07/25 07:10:15 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/07/25 07:08:47 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/07/25 06:47:50 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/07/25 06:43:16 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/07/25 06:42:31 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/07/25 06:39:29 | 002,087,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/07/25 06:39:25 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/07/25 06:36:30 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/07/25 06:34:04 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/07/25 06:07:49 | 002,001,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/07/25 06:07:10 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/07/25 05:17:47 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/07/25 05:09:19 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/07/13 21:02:45 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/07/10 14:09:34 | 002,084,072 | ---- | M] (Bitdefender) -- C:\Windows\SysNative\bdnc.dll
[2014/07/10 14:09:30 | 000,389,240 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\Trufos.sys
[2014/07/10 14:08:36 | 000,195,016 | ---- | M] (BitDefender) -- C:\Windows\SysNative\httproxy.dll
[2014/07/10 14:08:36 | 000,155,912 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\bdpop3p.dll
[2014/07/10 14:08:36 | 000,122,928 | ---- | M] (BitDefender) -- C:\Windows\SysNative\OEMbdpredir.dll
[2014/07/10 14:08:34 | 001,061,776 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\bdsmtpp.dll
[2014/07/10 14:08:34 | 000,209,984 | ---- | M] (BitDefender) -- C:\Windows\SysNative\BdFirewallSDK.dll
[2014/07/10 14:08:34 | 000,156,936 | ---- | M] () -- C:\Windows\SysNative\bdfwcore.dll
[2014/07/10 14:08:34 | 000,096,160 | ---- | M] (BitDefender) -- C:\Windows\SysNative\bdpredir.dll
[2014/06/30 17:24:50 | 000,008,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014/06/30 17:14:53 | 000,008,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014/06/22 10:31:02 | 000,193,182 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\Rajendran2014 NFFBAR.pdf
[2014/06/22 10:30:58 | 000,193,183 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\Regina_2014 NFFBAR.pdf
[2014/06/20 10:10:39 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2014/06/20 10:09:35 | 000,002,653 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2014/06/18 17:23:33 | 001,943,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/06/18 17:23:33 | 000,156,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/06/18 17:23:33 | 000,073,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/06/18 17:23:32 | 001,131,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/06/18 17:23:32 | 000,156,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/06/18 17:23:32 | 000,081,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/06/17 21:18:30 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/06/17 20:51:32 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[1 C:\Users\IBM_ADMIN\*.tmp files -> C:\Users\IBM_ADMIN\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/09 11:00:27 | 000,041,148 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\WileyPCR_FormSigned.jpg
[2014/12/06 08:30:47 | 000,079,013 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\SakhiFashions_Order.jpg
[2014/11/30 15:19:05 | 000,198,568 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\REBATE MCA-10008 US New.pdf
[2014/11/26 23:32:58 | 000,156,936 | ---- | C] () -- C:\Windows\SysNative\bdfwcore.dll
[2014/11/26 23:32:47 | 000,002,305 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/11/26 23:32:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/11/24 12:18:57 | 000,042,525 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\B3LE3_-CAAEwHoN.jpg-large
[2014/11/21 11:08:57 | 000,821,273 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\Lil Roy Restaurant Certificate.pdf
[2014/11/18 07:16:30 | 000,587,244 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\grendle308-screenplay-hell_swallowed_whole.pdf
[2014/11/18 07:16:13 | 000,183,648 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\BobGrieve-screenplay-hot_air_3rd_draft.pdf
[2014/11/11 10:46:23 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2014/11/04 14:40:19 | 000,062,964 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\saltwater_fishing_guide.pdf
[2014/11/02 10:19:16 | 000,001,005 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\Dropbox.lnk
[2014/09/02 07:30:24 | 048,997,564 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\IMG_3036.MOV
[2014/08/19 09:45:07 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/08/19 09:45:07 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/07/31 12:57:02 | 000,001,040 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
[2014/07/31 12:47:14 | 000,001,530 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2014/07/31 12:47:13 | 000,001,518 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2014/07/21 16:12:17 | 000,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Muse.lnk
[2014/06/22 10:29:34 | 000,193,183 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\Regina_2014 NFFBAR.pdf
[2014/06/22 10:20:47 | 000,193,182 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\Rajendran2014 NFFBAR.pdf
[2014/06/22 10:12:17 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/06/20 10:09:35 | 000,002,653 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2014/06/20 10:09:12 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2014/01/16 12:30:04 | 000,004,096 | -H-- | C] () -- C:\Users\IBM_ADMIN\AppData\Local\keyfile3.drm
[2013/09/29 19:46:43 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2013/03/13 16:51:24 | 000,677,328 | ---- | C] () -- C:\Windows\SysWow64\amsrb932.dll
[2012/07/23 11:54:35 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.311018984119889580931149468956
[2012/01/30 08:44:03 | 000,061,305 | ---- | C] () -- C:\Users\IBM_ADMIN\install.xml
[2010/09/09 12:23:52 | 000,271,686 | ---- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010/07/02 18:50:13 | 000,000,566 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\IBM_ADMIN\AppData\Local\{771f188e-2a64-877f-cad7-e1fc1822be65}\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >

  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Copy the next two lines:

 

reg delete HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32

reg delete HKEY_CURRENT_USER\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32

 

Start, All Programs, Accessories then right click on Command Prompt and Run As Admin.  This should open a black window.  Right click and Paste or Edit then Paste and the copied lines should appear.  Hit Enter.

 

Reboot and run another OTL scan as before.  Can you now download stuff or do you still get the same error?

 

If you can download then:

 

 

 
Download aswMBR.exe  to your desktop.
Double click aswMBR.exe 
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and  click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
 
ComboFix
 
:!: It must be saved to your desktop, do not run it from your browser:!:
 
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html
 
 
Download and Save this file --  to your Desktop -- from either of these two sources:
 
Double click on ComboFix to start the program.  
 
 
 
    * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
    
    
    * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  
 
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
 
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
 
 
Download TDSSKiller:

 
Click on the TDSSKiller.zip button then check the box to agree to the terms and then Download.  The EXE file isn't working today so you will have to save the zip then right click on it and Extract All to the desktop.
 
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
If TDSSKiller alerts you that the system needs to reboot, please consent.
 
Run TDSSKiller again but this time:
before you hit the Scan  hit  Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

  • 0

#6
givemefood

givemefood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

aswMBR log

----------------------

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-12-12 13:49:20
-----------------------------
13:49:20.780    OS Version: Windows x64 6.1.7601 Service Pack 1
13:49:20.780    Number of processors: 4 586 0x2A07
13:49:20.780    ComputerName: IBM-2F08I7T981U  UserName: rameshanthony
13:49:23.355    Initialize success
13:49:23.872    VM: initialized successfully
13:49:23.873    VM: Intel CPU supported 
13:49:42.764    VM: disk I/O iaStor.sys
13:52:23.399    AVAST engine defs: 14121201
13:52:50.472    The log file has been saved successfully to "C:\Users\IBM_ADMIN\Desktop\log_aswMBR.txt"
 
--------------------------------------------
 
Combofix.txt
---------------
 
ComboFix 14-12-10.03 - rameshanthony 12/12/2014  14:22:34.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8075.5600 [GMT -5:00]
Running from: E:\ComboFix.exe
AV: Ad-Aware Antivirus *Enabled/Updated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Ad-Aware Antivirus *Enabled/Updated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\programdata\ntuser.pol
c:\programdata\Roaming
c:\users\IBM_ADMIN\AppData\Local\assembly\tmp
c:\windows\SysWow64\NeW
c:\windows\SysWow64\NeW\IBMMenu.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-12 to 2014-12-12  )))))))))))))))))))))))))))))))
.
.
2014-12-12 16:38 . 2014-12-12 16:38 -------- d-----w- c:\program files (x86)\CheckPoint
2014-12-12 16:35 . 2014-12-12 16:35 -------- d-----w- c:\users\IBM_ADMIN\AppData\Roaming\CheckPoint
2014-12-12 15:44 . 2009-07-14 01:39 193536 ----a-w- c:\users\IBM_ADMIN\AppData\Local\{771f188e-2a64-877f-cad7-e1fc1822be65}
2014-12-12 15:44 . 2014-12-12 15:44 -------- d-----w- C:\_OTL
2014-12-11 01:13 . 2014-12-12 20:06 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-11 01:12 . 2014-11-21 11:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-11 01:12 . 2014-11-21 11:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-11 01:12 . 2014-12-11 01:12 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-11-27 13:16 . 2014-11-27 13:16 -------- d-----w- c:\users\IBM_ADMIN\AppData\Roaming\Lavasoft
2014-11-27 04:37 . 2014-11-27 04:37 -------- d-----w- c:\programdata\BitDefender
2014-11-27 04:33 . 2014-07-10 19:09 2084072 ----a-w- c:\windows\system32\bdnc.dll
2014-11-27 04:32 . 2014-07-10 19:08 195016 ----a-w- c:\windows\system32\httproxy.dll
2014-11-27 04:32 . 2014-07-10 19:08 155912 ----a-w- c:\windows\system32\bdpop3p.dll
2014-11-27 04:32 . 2014-07-10 19:08 122928 ----a-w- c:\windows\system32\OEMbdpredir.dll
2014-11-27 04:32 . 2014-07-10 19:08 96160 ----a-w- c:\windows\system32\bdpredir.dll
2014-11-27 04:32 . 2014-07-10 19:08 209984 ----a-w- c:\windows\system32\BdFirewallSDK.dll
2014-11-27 04:32 . 2014-07-10 19:08 156936 ----a-w- c:\windows\system32\bdfwcore.dll
2014-11-27 04:32 . 2014-07-10 19:08 1061776 ----a-w- c:\windows\system32\bdsmtpp.dll
2014-11-27 04:31 . 2014-11-27 04:31 -------- d-----w- c:\program files\Lavasoft
2014-11-27 04:29 . 2014-11-27 04:29 -------- d-----w- c:\program files\Common Files\Lavasoft
2014-11-27 04:28 . 2014-11-27 04:28 -------- d-----w- c:\programdata\Lavasoft
2014-11-17 16:15 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-11-17 16:14 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-17 16:14 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2014-11-17 16:08 . 2014-10-03 02:12 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-17 16:08 . 2014-10-03 02:11 284672 ----a-w- c:\windows\system32\EncDump.dll
2014-11-17 16:08 . 2014-10-03 02:11 680960 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-17 16:08 . 2014-10-03 02:11 296448 ----a-w- c:\windows\system32\AudioSes.dll
2014-11-17 16:08 . 2014-10-03 01:44 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2014-11-17 16:08 . 2014-10-03 02:11 440832 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-17 16:08 . 2014-10-03 01:44 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2014-11-17 16:08 . 2014-10-03 01:44 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
2014-11-17 16:07 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2014-11-17 16:07 . 2014-08-21 06:40 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-17 16:07 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-11-17 16:07 . 2014-08-21 06:23 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-11-17 16:02 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2014-11-17 16:02 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-11-17 16:01 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-17 16:01 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-11-14 16:24 . 2014-11-14 16:24 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-08 18:23 . 2012-07-20 21:46 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-08 18:23 . 2012-01-27 19:22 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-21 11:14 . 2012-08-13 15:32 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-14 16:18 . 2014-08-22 19:16 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-12 14:10 . 2010-07-13 23:12 80624 ----a-w- c:\windows\isamunin.exe
2014-10-27 23:28 . 2014-10-27 23:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-10-27 23:28 . 2014-10-27 23:28 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetSP - restore settings on power failure"="c:\program files (x86)\AT&T Network Client\NetSP.exe" [2010-09-09 53600]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-10-21 22869088]
"NotesSODCPreLoad"="c:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\preload.exe" [2012-01-30 40960]
"GoogleChromeAutoLaunch_47692A8BDE1D0898868E82D17210B48D"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-12-06 856904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ACWLIcon"="c:\program files (x86)\Lenovo\Access Connections\ACWLIcon.exe" [2011-10-20 195648]
"ACTray"="c:\program files (x86)\Lenovo\Access Connections\ACTray.exe" [2011-10-20 433216]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-03-24 1544040]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2011-03-02 307184]
"Desktop Disc Tool"="c:\program files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe" [2011-01-12 518640]
"C4EBReg"="c:\program files (x86)\C4ebreg\c4ebreg.exe" [2014-11-14 576240]
"Isamtray"="c:\program files (x86)\C4ebreg\isamtray.exe" [2014-11-14 381680]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-26 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AT&T Global Network Client Monitor.lnk - c:\windows\Installer\{007AAB7C-E893-48BD-9DA2-7F417CA16322}\NetGM1_89563E53ECF44E868145468A128BDC83.exe [2012-1-27 91504]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-10-17 1213216]
InfoPrint Select Notification.lnk - c:\program files\IBM\Infoprint Select\ipnotify.exe [2012-1-27 409088]
PGP Tray.lnk - c:\windows\Installer\{806D3984-9484-470A-BC63-3B7F65488B58}\Icon6560581611.exe [2013-1-18 55296]
Snagit 11.lnk - c:\program files (x86)\TechSmith\Snagit 11\Snagit32.exe [2012-5-16 9063352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 3 (0x3)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 bdfwfpf;bdfwfpf;c:\program files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys;c:\program files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k60x64.sys [x]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys;c:\windows\SYSNATIVE\DRIVERS\easytthr.sys [x]
R3 ecnssndis; Mobile Broadband Driver;c:\windows\System32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
R3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\System32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys;c:\windows\SYSNATIVE\drivers\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\drivers\ew_usbenumfilter.sys [x]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys;c:\windows\SYSNATIVE\drivers\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys;c:\windows\SYSNATIVE\drivers\ew_jubusenum.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys;c:\windows\SYSNATIVE\drivers\ew_juextctrl.sys [x]
R3 huawei_update;huawei_update;c:\windows\system32\drivers\ew_hwupgrade.sys;c:\windows\SYSNATIVE\drivers\ew_hwupgrade.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IFCoEMP;IFCoEMP;c:\windows\system32\drivers\ifM60x64.sys;c:\windows\SYSNATIVE\drivers\ifM60x64.sys [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd160x64.sys;c:\windows\SYSNATIVE\Drivers\qd160x64.sys [x]
R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd260x64.sys;c:\windows\SYSNATIVE\Drivers\qd260x64.sys [x]
R3 l36wgps; Mobile Broadband GPS Port;c:\windows\system32\drivers\l36wgps64.sys;c:\windows\SYSNATIVE\drivers\l36wgps64.sys [x]
R3 Mbm3CBus;F3507g Mobile Broadband Device (WDM);c:\windows\system32\drivers\Mbm3CBus.sys;c:\windows\SYSNATIVE\drivers\Mbm3CBus.sys [x]
R3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);c:\windows\system32\drivers\Mbm3DevMt.sys;c:\windows\SYSNATIVE\drivers\Mbm3DevMt.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 rimspci;rimspci;c:\windows\system32\drivers\rimspe64.sys;c:\windows\SYSNATIVE\drivers\rimspe64.sys [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe64.sys;c:\windows\SYSNATIVE\drivers\rixdpe64.sys [x]
R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [x]
R3 SyDvCtrl;SyDvCtrl;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [x]
R3 TRCTARGET;Tivoli Endpoint Manager for Remote Control - Target;c:\program files (x86)\IBM\Tivoli\Remote Control\Target\trc_base.exe;c:\program files (x86)\IBM\Tivoli\Remote Control\Target\trc_base.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 ioatdma;Intel® QuickData Technology device;c:\windows\System32\Drivers\ioatdma.sys;c:\windows\SYSNATIVE\Drivers\ioatdma.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys;c:\windows\SYSNATIVE\DRIVERS\Pgpwdefs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys;c:\windows\SYSNATIVE\Drivers\Sahdad64.sys [x]
S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys;c:\windows\SYSNATIVE\Drivers\Saibad64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt53.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20141119.011\BHDrvx64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20141119.011\BHDrvx64.sys [x]
S1 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE};Symantec Endpoint Protection 12.1.4013.4013.105 Settings Manager;c:\windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys;c:\windows\SYSNATIVE\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20141211.011\IDSvia64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20141211.011\IDSvia64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys;c:\windows\SYSNATIVE\Drivers\SaibVdAd64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [x]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [x]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 cpextender;Check Point SSL Network Extender;c:\program files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe;c:\program files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Intelligent Response Agent;Intelligent Response Agent;c:\program files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe;c:\program files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 LNSUSvc;Lotus Notes Smart Upgrade Service;c:\notes\SUService.exe;c:\notes\SUService.exe [x]
S2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe;c:\notes\nsd.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NetClientSvc;AT&T Global Network Client Service;c:\program files (x86)\AT&T Network Client\NetClientSvc.exe;c:\program files (x86)\AT&T Network Client\NetClientSvc.exe [x]
S2 NetLogSvc;AT&T Global Network Client Logging Service;c:\program files (x86)\AT&T Network Client\NetLogSvc.exe;c:\program files (x86)\AT&T Network Client\NetLogSvc.exe [x]
S2 PGP RDD Service;PGP RDD Service;c:\program files (x86)\PGP Corporation\PGP Desktop\RDDService.exe;c:\program files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [x]
S2 risdxc;risdxc;c:\windows\system32\drivers\risdxc64.sys;c:\windows\SYSNATIVE\drivers\risdxc64.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 gzflt;gzflt;c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys;c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [x]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys;c:\windows\SYSNATIVE\Drivers\LenovoRd.sys [x]
S3 Mandiant_Tools;Mandiant_Tools;c:\programdata\MANDIANT\MANDIANT Intelligent Response Agent\mktools.sys;c:\programdata\MANDIANT\MANDIANT Intelligent Response Agent\mktools.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys;c:\windows\SYSNATIVE\DRIVERS\vna.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-12 15:20 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-20 18:23]
.
2014-12-12 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-598280094-1804934353-2193003435-1000.job
- c:\users\IBM_ADMIN\AppData\Local\Citrix\GoToMeeting\1312\g2mupdate.exe [2014-03-07 15:01]
.
2014-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27 18:51]
.
2014-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27 18:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-07-22 42344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-14 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-14 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-14 416024]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-28 558496]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe" [2014-10-15 8925504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;<local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: ibm.com\w3-03
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{AC2CF689-6241-4B37-B9AA-C711A5084DE0}: NameServer = 9.0.130.50,9.0.128.50
DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} - hxxp://
DPF: {E734BF43-7194-4E3A-832F-307606DDF665} - hxxps://cs.conferenceservers.com/components/WDPLUGIN.CAB
FF - ProfilePath - c:\users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\
FF - prefs.js: browser.startup.homepage - w3.ibm.com
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutCtDtD0B0Azy0ByCyB0FyDtD0B0F0B0EtN0D0Tzu0CtBtDzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=173066835
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutCtDtD0B0Azy0ByCyB0FyDtD0B0F0B0EtN0D0Tzu0CtBtDzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=173066835
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutCtDtD0B0Azy0ByCyB0FyDtD0B0F0B0EtN0D0Tzu0CtBtDzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=173066835&q=
FF - user.js: extensions.funmoods.id - 100BA9B67F50BFBE
FF - user.js: extensions.funmoods.instlDay - 15547
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2219:35
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng - 
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
.
------- File Associations -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Yahoo Messenger - (no file)
SafeBoot-ccEvtMgr
SafeBoot-ccSetMgr
SafeBoot-Symantec Antivirus
SafeBoot-Symantec Antvirus
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SPBBCDrv]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\sdwork\issimsvc.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
c:\program files (x86)\AT&T Network Client\netcfgsvr.exe
c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
c:\program files (x86)\BigFix Enterprise\BES Client\BESClient.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
.
**************************************************************************
.
Completion time: 2014-12-12  15:30:46 - machine was rebooted
ComboFix-quarantined-files.txt  2014-12-12 20:30
.
Pre-Run: 11,947,470,848 bytes free
Post-Run: 25,241,444,352 bytes free
.
- - End Of File - - D7AE4AABACC31C1F2A367479589EC266
 
 
-------------------------------------------------------
tdskiller.txt
-------------
 
21:58:15.0668 0x1140  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
21:58:36.0976 0x1140  ============================================================
21:58:36.0976 0x1140  Current date / time: 2014/12/13 21:58:36.0976
21:58:36.0976 0x1140  SystemInfo:
21:58:36.0976 0x1140  
21:58:36.0976 0x1140  OS Version: 6.1.7601 ServicePack: 1.0
21:58:36.0976 0x1140  Product type: Workstation
21:58:36.0976 0x1140  ComputerName: IBM-2F08I7T981U
21:58:36.0976 0x1140  UserName: 
21:58:36.0976 0x1140  Windows directory: C:\Windows
21:58:36.0976 0x1140  System windows directory: C:\Windows
21:58:36.0976 0x1140  Running under WOW64
21:58:36.0976 0x1140  Processor architecture: Intel x64
21:58:36.0976 0x1140  Number of processors: 4
21:58:36.0976 0x1140  Page size: 0x1000
21:58:36.0976 0x1140  Boot type: Normal boot
21:58:36.0976 0x1140  ============================================================
21:58:37.0671 0x1140  KLMD registered as C:\Windows\system32\drivers\98421533.sys
21:58:38.0683 0x1140  System UUID: {3C928E77-4B6A-214C-013B-35E90FD1FAD5}
21:58:39.0935 0x1140  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:58:39.0944 0x1140  ============================================================
21:58:39.0944 0x1140  \Device\Harddisk0\DR0:
21:58:39.0944 0x1140  MBR partitions:
21:58:39.0944 0x1140  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385030
21:58:39.0944 0x1140  ============================================================
21:58:39.0952 0x1140  Initialize success
21:58:39.0952 0x1140  ============================================================
21:58:47.0348 0x2040  ============================================================
21:58:47.0348 0x2040  Scan started
21:58:47.0348 0x2040  Mode: Manual; 
21:58:47.0348 0x2040  ============================================================
21:58:47.0348 0x2040  KSN ping started
21:59:00.0608 0x2040  KSN ping finished: true
21:59:01.0124 0x2040  ================ Scan system memory ========================
21:59:01.0125 0x2040  System memory - ok
21:59:01.0125 0x2040  ================ Scan services =============================
21:59:01.0163 0x2040  1394ohci - ok
21:59:01.0166 0x2040  5U877 - ok
21:59:01.0175 0x2040  9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
21:59:01.0177 0x2040  ACPI - ok
21:59:01.0183 0x2040  AcpiPmi - ok
21:59:01.0200 0x2040  AcPrfMgrSvc - ok
21:59:01.0205 0x2040  AcSvc - ok
21:59:01.0212 0x2040  AdobeARMservice - ok
21:59:01.0225 0x2040  AdobeFlashPlayerUpdateSvc - ok
21:59:01.0227 0x2040  adp94xx - ok
21:59:01.0236 0x2040  adpahci - ok
21:59:01.0241 0x2040  adpu320 - ok
21:59:01.0243 0x2040  AeLookupSvc - ok
21:59:01.0250 0x2040  AFD - ok
21:59:01.0253 0x2040  agnfilt - ok
21:59:01.0255 0x2040  agp440 - ok
21:59:01.0257 0x2040  ALG - ok
21:59:01.0259 0x2040  aliide - ok
21:59:01.0261 0x2040  amdide - ok
21:59:01.0263 0x2040  AmdK8 - ok
21:59:01.0265 0x2040  AmdPPM - ok
21:59:01.0267 0x2040  amdsata - ok
21:59:01.0269 0x2040  amdsbs - ok
21:59:01.0271 0x2040  amdxata - ok
21:59:01.0273 0x2040  AMPPAL - ok
21:59:01.0275 0x2040  AMPPALP - ok
21:59:01.0277 0x2040  AMPPALR3 - ok
21:59:01.0279 0x2040  AppID - ok
21:59:01.0281 0x2040  AppIDSvc - ok
21:59:01.0284 0x2040  Appinfo - ok
21:59:01.0296 0x2040  Apple Mobile Device - ok
21:59:01.0307 0x2040  AppMgmt - ok
21:59:01.0309 0x2040  arc - ok
21:59:01.0311 0x2040  arcsas - ok
21:59:01.0321 0x2040  aspnet_state - ok
21:59:01.0328 0x2040  AsyncMac - ok
21:59:01.0330 0x2040  atapi - ok
21:59:01.0333 0x2040  AudioEndpointBuilder - ok
21:59:01.0335 0x2040  AudioSrv - ok
21:59:01.0362 0x2040  avc3 - ok
21:59:01.0374 0x2040  avchv - ok
21:59:01.0392 0x2040  avckf - ok
21:59:01.0398 0x2040  avpnnic - ok
21:59:01.0414 0x2040  AxInstSV - ok
21:59:01.0415 0x2040  b06bdrv - ok
21:59:01.0419 0x2040  b57nd60a - ok
21:59:01.0422 0x2040  BDESVC - ok
21:59:01.0449 0x2040  bdfwfpf - ok
21:59:01.0456 0x2040  Beep - ok
21:59:01.0475 0x2040  BESClient - ok
21:59:01.0492 0x2040  BFE - ok
21:59:01.0519 0x2040  BHDrvx64 - ok
21:59:01.0520 0x2040  BITS - ok
21:59:01.0532 0x2040  blbdrive - ok
21:59:01.0547 0x2040  Bonjour Service - ok
21:59:01.0549 0x2040  BOT4Service - ok
21:59:01.0560 0x2040  bowser - ok
21:59:01.0561 0x2040  BrFiltLo - ok
21:59:01.0562 0x2040  BrFiltUp - ok
21:59:01.0586 0x2040  BridgeMP - ok
21:59:01.0587 0x2040  Browser - ok
21:59:01.0588 0x2040  Brserid - ok
21:59:01.0589 0x2040  BrSerWdm - ok
21:59:01.0591 0x2040  BrUsbMdm - ok
21:59:01.0592 0x2040  BrUsbSer - ok
21:59:01.0594 0x2040  BTHMODEM - ok
21:59:01.0627 0x2040  bthserv - ok
21:59:01.0628 0x2040  BTHSSecurityMgr - ok
21:59:01.0639 0x2040  BTWAMPFL - ok
21:59:01.0674 0x2040  btwavdt - ok
21:59:01.0688 0x2040  btwdins - ok
21:59:01.0724 0x2040  btwrchid - ok
21:59:01.0754 0x2040  catchme - ok
21:59:01.0760 0x2040  CAXHWAZL - ok
21:59:01.0771 0x2040  ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE} - ok
21:59:01.0780 0x2040  cdfs - ok
21:59:01.0794 0x2040  cdrom - ok
21:59:01.0818 0x2040  CertPropSvc - ok
21:59:01.0819 0x2040  circlass - ok
21:59:01.0834 0x2040  CLFS - ok
21:59:01.0835 0x2040  clr_optimization_v2.0.50727_32 - ok
21:59:01.0836 0x2040  clr_optimization_v2.0.50727_64 - ok
21:59:01.0853 0x2040  clr_optimization_v4.0.30319_32 - ok
21:59:01.0854 0x2040  clr_optimization_v4.0.30319_64 - ok
21:59:01.0856 0x2040  CmBatt - ok
21:59:01.0881 0x2040  cmdide - ok
21:59:01.0884 0x2040  CNG - ok
21:59:01.0886 0x2040  CnxtHdAudService - ok
21:59:01.0887 0x2040  Compbatt - ok
21:59:01.0900 0x2040  CompositeBus - ok
21:59:01.0903 0x2040  COMSysApp - ok
21:59:01.0931 0x2040  cpextender - ok
21:59:01.0932 0x2040  crcdisk - ok
21:59:01.0937 0x2040  CryptSvc - ok
21:59:01.0940 0x2040  CSC - ok
21:59:01.0944 0x2040  CscService - ok
21:59:01.0961 0x2040  ctxusbm - ok
21:59:01.0964 0x2040  CVirtA - ok
21:59:01.0966 0x2040  CVPND - ok
21:59:01.0973 0x2040  CVPNDRVA - ok
21:59:01.0994 0x2040  CxAudMsg - ok
21:59:02.0001 0x2040  DcomLaunch - ok
21:59:02.0006 0x2040  defragsvc - ok
21:59:02.0007 0x2040  DfsC - ok
21:59:02.0011 0x2040  Dhcp - ok
21:59:02.0012 0x2040  discache - ok
21:59:02.0024 0x2040  Disk - ok
21:59:02.0025 0x2040  dmvsc - ok
21:59:02.0029 0x2040  DNE - ok
21:59:02.0036 0x2040  Dnscache - ok
21:59:02.0039 0x2040  dot3svc - ok
21:59:02.0041 0x2040  DozeSvc - ok
21:59:02.0047 0x2040  DPS - ok
21:59:02.0063 0x2040  drmkaud - ok
21:59:02.0065 0x2040  DXGKrnl - ok
21:59:02.0066 0x2040  DzHDD64 - ok
21:59:02.0077 0x2040  e1cexpress - ok
21:59:02.0086 0x2040  E1G60 - ok
21:59:02.0090 0x2040  e1kexpress - ok
21:59:02.0094 0x2040  EapHost - ok
21:59:02.0098 0x2040  easytether - ok
21:59:02.0101 0x2040  ebdrv - ok
21:59:02.0108 0x2040  ecnssndis - ok
21:59:02.0112 0x2040  ecnssndisfltr - ok
21:59:02.0133 0x2040  eeCtrl - ok
21:59:02.0136 0x2040  EFS - ok
21:59:02.0139 0x2040  ehRecvr - ok
21:59:02.0142 0x2040  ehSched - ok
21:59:02.0149 0x2040  elxstor - ok
21:59:02.0156 0x2040  EraserUtilRebootDrv - ok
21:59:02.0159 0x2040  ErrDev - ok
21:59:02.0173 0x2040  EventSystem - ok
21:59:02.0185 0x2040  EvtEng - ok
21:59:02.0191 0x2040  ew_hwusbdev - ok
21:59:02.0194 0x2040  ew_usbenumfilter - ok
21:59:02.0201 0x2040  exfat - ok
21:59:02.0204 0x2040  fastfat - ok
21:59:02.0212 0x2040  Fax - ok
21:59:02.0215 0x2040  fdc - ok
21:59:02.0218 0x2040  fdPHost - ok
21:59:02.0222 0x2040  FDResPub - ok
21:59:02.0225 0x2040  FileInfo - ok
21:59:02.0228 0x2040  Filetrace - ok
21:59:02.0231 0x2040  flpydisk - ok
21:59:02.0234 0x2040  FltMgr - ok
21:59:02.0239 0x2040  FontCache - ok
21:59:02.0241 0x2040  FontCache3.0.0.0 - ok
21:59:02.0243 0x2040  FsDepends - ok
21:59:02.0245 0x2040  Fs_Rec - ok
21:59:02.0247 0x2040  fvevol - ok
21:59:02.0258 0x2040  gagp30kx - ok
21:59:02.0259 0x2040  GEARAspiWDM - ok
21:59:02.0261 0x2040  gpsvc - ok
21:59:02.0276 0x2040  gupdate - ok
21:59:02.0280 0x2040  gupdatem - ok
21:59:02.0304 0x2040  gusvc - ok
21:59:02.0316 0x2040  gzflt - ok
21:59:02.0317 0x2040  hcw85cir - ok
21:59:02.0327 0x2040  HDAudBus - ok
21:59:02.0338 0x2040  HECIx64 - ok
21:59:02.0341 0x2040  HidBatt - ok
21:59:02.0344 0x2040  HidBth - ok
21:59:02.0354 0x2040  HidIr - ok
21:59:02.0358 0x2040  hidserv - ok
21:59:02.0370 0x2040  HidUsb - ok
21:59:02.0374 0x2040  hkmsvc - ok
21:59:02.0378 0x2040  HomeGroupListener - ok
21:59:02.0382 0x2040  HomeGroupProvider - ok
21:59:02.0385 0x2040  HpSAMD - ok
21:59:02.0387 0x2040  HsfXAudioService - ok
21:59:02.0389 0x2040  HSF_DPV - ok
21:59:02.0392 0x2040  HTTP - ok
21:59:02.0394 0x2040  huawei_cdcacm - ok
21:59:02.0396 0x2040  huawei_enumerator - ok
21:59:02.0399 0x2040  huawei_ext_ctrl - ok
21:59:02.0401 0x2040  huawei_update - ok
21:59:02.0405 0x2040  hwdatacard - ok
21:59:02.0407 0x2040  hwpolicy - ok
21:59:02.0411 0x2040  i8042prt - ok
21:59:02.0414 0x2040  iastor - ok
21:59:02.0415 0x2040  iaStorV - ok
21:59:02.0416 0x2040  IBMPMDRV - ok
21:59:02.0417 0x2040  IBMPMSVC - ok
21:59:02.0418 0x2040  idsvc - ok
21:59:02.0421 0x2040  IDSVia64 - ok
21:59:02.0428 0x2040  IEEtwCollectorService - ok
21:59:02.0429 0x2040  IFCoEMP - ok
21:59:02.0430 0x2040  igfx - ok
21:59:02.0432 0x2040  iirsp - ok
21:59:02.0433 0x2040  IKEEXT - ok
21:59:02.0442 0x2040  intelide - ok
21:59:02.0452 0x2040  Intelligent Response Agent - ok
21:59:02.0453 0x2040  intelppm - ok
21:59:02.0454 0x2040  ioatdma - ok
21:59:02.0469 0x2040  ioatdma1 - ok
21:59:02.0470 0x2040  ioatdma2 - ok
21:59:02.0472 0x2040  IPBusEnum - ok
21:59:02.0473 0x2040  IpFilterDriver - ok
21:59:02.0476 0x2040  iphlpsvc - ok
21:59:02.0477 0x2040  IPMIDRV - ok
21:59:02.0478 0x2040  IPNAT - ok
21:59:02.0489 0x2040  iPod Service - ok
21:59:02.0491 0x2040  IRENUM - ok
21:59:02.0519 0x2040  irfpqdyo - ok
21:59:02.0525 0x2040  ISAMSvc - ok
21:59:02.0526 0x2040  isapnp - ok
21:59:02.0527 0x2040  iScsiPrt - ok
21:59:02.0529 0x2040  ISSIMon - ok
21:59:02.0530 0x2040  kbdclass - ok
21:59:02.0531 0x2040  kbdhid - ok
21:59:02.0542 0x2040  KeyIso - ok
21:59:02.0543 0x2040  KSecDD - ok
21:59:02.0544 0x2040  KSecPkg - ok
21:59:02.0545 0x2040  ksthunk - ok
21:59:02.0546 0x2040  KtmRm - ok
21:59:02.0555 0x2040  l36wgps - ok
21:59:02.0562 0x2040  LanmanServer - ok
21:59:02.0567 0x2040  LanmanWorkstation - ok
21:59:02.0578 0x2040  LavasoftAdAwareService11 - ok
21:59:02.0580 0x2040  LENOVO.CAMMUTE - ok
21:59:02.0589 0x2040  LENOVO.MICMUTE - ok
21:59:02.0591 0x2040  lenovo.smi - ok
21:59:02.0593 0x2040  LENOVO.TPKNRSVC - ok
21:59:02.0594 0x2040  Lenovo.VIRTSCRLSVC - ok
21:59:02.0596 0x2040  LenovoRd - ok
21:59:02.0600 0x2040  lltdio - ok
21:59:02.0601 0x2040  lltdsvc - ok
21:59:02.0603 0x2040  lmhosts - ok
21:59:02.0605 0x2040  LNSUSvc - ok
21:59:02.0606 0x2040  Lotus Notes Diagnostics - ok
21:59:02.0614 0x2040  LSI_FC - ok
21:59:02.0615 0x2040  LSI_SAS - ok
21:59:02.0618 0x2040  LSI_SAS2 - ok
21:59:02.0620 0x2040  LSI_SCSI - ok
21:59:02.0622 0x2040  luafv - ok
21:59:02.0635 0x2040  Mandiant_Tools - ok
21:59:02.0642 0x2040  MarvinBus - ok
21:59:02.0661 0x2040  MBAMProtector - ok
21:59:02.0662 0x2040  MBAMScheduler - ok
21:59:02.0674 0x2040  MBAMService - ok
21:59:02.0698 0x2040  MBAMSwissArmy - ok
21:59:02.0709 0x2040  MBAMWebAccessControl - ok
21:59:02.0712 0x2040  Mbm3CBus - ok
21:59:02.0714 0x2040  Mbm3DevMt - ok
21:59:02.0719 0x2040  Mcx2Svc - ok
21:59:02.0723 0x2040  mdmxsdk - ok
21:59:02.0727 0x2040  megasas - ok
21:59:02.0731 0x2040  MegaSR - ok
21:59:02.0746 0x2040  MEIx64 - ok
21:59:02.0750 0x2040  Microsoft Office Groove Audit Service - ok
21:59:02.0753 0x2040  MMCSS - ok
21:59:02.0756 0x2040  Modem - ok
21:59:02.0763 0x2040  monitor - ok
21:59:02.0776 0x2040  mouclass - ok
21:59:02.0780 0x2040  mouhid - ok
21:59:02.0795 0x2040  mountmgr - ok
21:59:02.0807 0x2040  MozillaMaintenance - ok
21:59:02.0809 0x2040  mpio - ok
21:59:02.0811 0x2040  mpsdrv - ok
21:59:02.0814 0x2040  MpsSvc - ok
21:59:02.0817 0x2040  MRxDAV - ok
21:59:02.0820 0x2040  mrxsmb - ok
21:59:02.0821 0x2040  mrxsmb10 - ok
21:59:02.0823 0x2040  mrxsmb20 - ok
21:59:02.0824 0x2040  msahci - ok
21:59:02.0826 0x2040  msdsm - ok
21:59:02.0828 0x2040  MSDTC - ok
21:59:02.0832 0x2040  Msfs - ok
21:59:02.0833 0x2040  mshidkmdf - ok
21:59:02.0835 0x2040  msisadrv - ok
21:59:02.0838 0x2040  MSiSCSI - ok
21:59:02.0839 0x2040  msiserver - ok
21:59:02.0840 0x2040  MSKSSRV - ok
21:59:02.0842 0x2040  MSPCLOCK - ok
21:59:02.0843 0x2040  MSPQM - ok
21:59:02.0845 0x2040  MsRPC - ok
21:59:02.0848 0x2040  mssmbios - ok
21:59:02.0849 0x2040  MSTEE - ok
21:59:02.0851 0x2040  MTConfig - ok
21:59:02.0853 0x2040  Mup - ok
21:59:02.0855 0x2040  napagent - ok
21:59:02.0865 0x2040  NativeWifiP - ok
21:59:02.0885 0x2040  NAVENG - ok
21:59:02.0888 0x2040  NAVEX15 - ok
21:59:02.0890 0x2040  NDIS - ok
21:59:02.0892 0x2040  NdisCap - ok
21:59:02.0893 0x2040  NdisTapi - ok
21:59:02.0896 0x2040  Ndisuio - ok
21:59:02.0897 0x2040  NdisWan - ok
21:59:02.0899 0x2040  NDProxy - ok
21:59:02.0901 0x2040  NetBIOS - ok
21:59:02.0903 0x2040  NetBT - ok
21:59:02.0905 0x2040  netcfgsvr - ok
21:59:02.0907 0x2040  NetClientSvc - ok
21:59:02.0909 0x2040  Netlogon - ok
21:59:02.0911 0x2040  NetLogSvc - ok
21:59:02.0912 0x2040  Netman - ok
21:59:02.0913 0x2040  NetMsmqActivator - ok
21:59:02.0915 0x2040  NetPipeActivator - ok
21:59:02.0917 0x2040  netprofm - ok
21:59:02.0919 0x2040  NetTcpActivator - ok
21:59:02.0921 0x2040  NetTcpPortSharing - ok
21:59:02.0924 0x2040  NETwNs64 - ok
21:59:02.0933 0x2040  nfrd960 - ok
21:59:02.0936 0x2040  NlaSvc - ok
21:59:02.0938 0x2040  Npfs - ok
21:59:02.0940 0x2040  nsi - ok
21:59:02.0941 0x2040  nsiproxy - ok
21:59:02.0943 0x2040  Ntfs - ok
21:59:02.0944 0x2040  Null - ok
21:59:02.0946 0x2040  nusb3hub - ok
21:59:02.0958 0x2040  nusb3xhc - ok
21:59:02.0960 0x2040  nvlddmkm - ok
21:59:02.0961 0x2040  nvpciflt - ok
21:59:02.0963 0x2040  nvraid - ok
21:59:02.0964 0x2040  nvstor - ok
21:59:02.0967 0x2040  NVSvc - ok
21:59:02.0969 0x2040  nvUpdatusService - ok
21:59:02.0978 0x2040  nv_agp - ok
21:59:02.0987 0x2040  odserv - ok
21:59:02.0989 0x2040  ohci1394 - ok
21:59:03.0000 0x2040  ose - ok
21:59:03.0003 0x2040  p2pimsvc - ok
21:59:03.0004 0x2040  p2psvc - ok
21:59:03.0013 0x2040  Parport - ok
21:59:03.0015 0x2040  partmgr - ok
21:59:03.0017 0x2040  PcaSvc - ok
21:59:03.0018 0x2040  pci - ok
21:59:03.0019 0x2040  pciide - ok
21:59:03.0020 0x2040  pcmcia - ok
21:59:03.0021 0x2040  pcw - ok
21:59:03.0022 0x2040  PEAUTH - ok
21:59:03.0023 0x2040  PeerDistSvc - ok
21:59:03.0026 0x2040  PerfHost - ok
21:59:03.0032 0x2040  PGP RDD Service - ok
21:59:03.0044 0x2040  PGPdisk - ok
21:59:03.0052 0x2040  PGPsdkDriver - ok
21:59:03.0060 0x2040  PGPwded - ok
21:59:03.0061 0x2040  Pgpwdefs - ok
21:59:03.0063 0x2040  pla - ok
21:59:03.0064 0x2040  PlugPlay - ok
21:59:03.0066 0x2040  PMEM - ok
21:59:03.0069 0x2040  Pml Driver HPZ12 - ok
21:59:03.0071 0x2040  PNRPAutoReg - ok
21:59:03.0073 0x2040  PNRPsvc - ok
21:59:03.0075 0x2040  PolicyAgent - ok
21:59:03.0078 0x2040  Power - ok
21:59:03.0080 0x2040  Power Manager DBC Service - ok
21:59:03.0083 0x2040  PptpMiniport - ok
21:59:03.0084 0x2040  Processor - ok
21:59:03.0086 0x2040  ProfSvc - ok
21:59:03.0087 0x2040  ProtectedStorage - ok
21:59:03.0089 0x2040  psadd - ok
21:59:03.0092 0x2040  Psched - ok
21:59:03.0094 0x2040  PxHlpa64 - ok
21:59:03.0096 0x2040  ql2300 - ok
21:59:03.0097 0x2040  ql40xx - ok
21:59:03.0099 0x2040  QWAVE - ok
21:59:03.0100 0x2040  QWAVEdrv - ok
21:59:03.0101 0x2040  RasAcd - ok
21:59:03.0108 0x2040  RasAgileVpn - ok
21:59:03.0110 0x2040  RasAuto - ok
21:59:03.0112 0x2040  Rasl2tp - ok
21:59:03.0114 0x2040  RasMan - ok
21:59:03.0116 0x2040  RasPppoe - ok
21:59:03.0118 0x2040  RasSstp - ok
21:59:03.0120 0x2040  rdbss - ok
21:59:03.0121 0x2040  rdpbus - ok
21:59:03.0129 0x2040  RDPCDD - ok
21:59:03.0132 0x2040  RDPDR - ok
21:59:03.0135 0x2040  RDPENCDD - ok
21:59:03.0138 0x2040  RDPREFMP - ok
21:59:03.0139 0x2040  RDPWD - ok
21:59:03.0141 0x2040  rdyboost - ok
21:59:03.0145 0x2040  RegSrvc - ok
21:59:03.0147 0x2040  RemoteAccess - ok
21:59:03.0149 0x2040  RemoteRegistry - ok
21:59:03.0151 0x2040  rimmptsk - ok
21:59:03.0153 0x2040  rimspci - ok
21:59:03.0155 0x2040  rimsptsk - ok
21:59:03.0157 0x2040  risdxc - ok
21:59:03.0159 0x2040  rismxdp - ok
21:59:03.0161 0x2040  rixdpcie - ok
21:59:03.0162 0x2040  RoxMediaDB13 - ok
21:59:03.0163 0x2040  RoxWatch12 - ok
21:59:03.0164 0x2040  RpcEptMapper - ok
21:59:03.0166 0x2040  RpcLocator - ok
21:59:03.0167 0x2040  RpcSs - ok
21:59:03.0169 0x2040  rspndr - ok
21:59:03.0171 0x2040  s3cap - ok
21:59:03.0174 0x2040  Sahdad64 - ok
21:59:03.0176 0x2040  Saibad64 - ok
21:59:03.0184 0x2040  SaibVdAd64 - ok
21:59:03.0186 0x2040  SamSs - ok
21:59:03.0188 0x2040  SAService - ok
21:59:03.0190 0x2040  sbp2port - ok
21:59:03.0192 0x2040  SCardSvr - ok
21:59:03.0193 0x2040  scfilter - ok
21:59:03.0201 0x2040  Schedule - ok
21:59:03.0202 0x2040  SCPolicySvc - ok
21:59:03.0203 0x2040  SDRSVC - ok
21:59:03.0205 0x2040  secdrv - ok
21:59:03.0206 0x2040  seclogon - ok
21:59:03.0208 0x2040  SENS - ok
21:59:03.0211 0x2040  SensrSvc - ok
21:59:03.0229 0x2040  SepMasterService - ok
21:59:03.0244 0x2040  Serenum - ok
21:59:03.0248 0x2040  Serial - ok
21:59:03.0250 0x2040  sermouse - ok
21:59:03.0257 0x2040  SessionEnv - ok
21:59:03.0259 0x2040  sffdisk - ok
21:59:03.0260 0x2040  sffp_mmc - ok
21:59:03.0261 0x2040  sffp_sd - ok
21:59:03.0262 0x2040  sfloppy - ok
21:59:03.0264 0x2040  SharedAccess - ok
21:59:03.0265 0x2040  ShellHWDetection - ok
21:59:03.0276 0x2040  Shockprf - ok
21:59:03.0278 0x2040  SiSRaid2 - ok
21:59:03.0279 0x2040  SiSRaid4 - ok
21:59:03.0281 0x2040  Smb - ok
21:59:03.0282 0x2040  SmcService - ok
21:59:03.0286 0x2040  SNAC - ok
21:59:03.0297 0x2040  SNMPTRAP - ok
21:59:03.0301 0x2040  spldr - ok
21:59:03.0302 0x2040  Spooler - ok
21:59:03.0304 0x2040  sppsvc - ok
21:59:03.0306 0x2040  sppuinotify - ok
21:59:03.0316 0x2040  SRTSP - ok
21:59:03.0318 0x2040  SRTSPX - ok
21:59:03.0320 0x2040  srv - ok
21:59:03.0321 0x2040  srv2 - ok
21:59:03.0322 0x2040  srvnet - ok
21:59:03.0324 0x2040  SSDPSRV - ok
21:59:03.0326 0x2040  SstpSvc - ok
21:59:03.0328 0x2040  Stereo Service - ok
21:59:03.0330 0x2040  stexstor - ok
21:59:03.0332 0x2040  stisvc - ok
21:59:03.0334 0x2040  storflt - ok
21:59:03.0337 0x2040  StorSvc - ok
21:59:03.0339 0x2040  storvsc - ok
21:59:03.0342 0x2040  SUService - ok
21:59:03.0343 0x2040  swenum - ok
21:59:03.0348 0x2040  swprv - ok
21:59:03.0353 0x2040  SyDvCtrl - ok
21:59:03.0355 0x2040  SymDS - ok
21:59:03.0357 0x2040  SymEFA - ok
21:59:03.0361 0x2040  SymEvent - ok
21:59:03.0363 0x2040  SymIRON - ok
21:59:03.0364 0x2040  SYMNETS - ok
21:59:03.0374 0x2040  SynTP - ok
21:59:03.0376 0x2040  SysMain - ok
21:59:03.0377 0x2040  SysPlant - ok
21:59:03.0379 0x2040  TabletInputService - ok
21:59:03.0380 0x2040  TapiSrv - ok
21:59:03.0382 0x2040  TBS - ok
21:59:03.0383 0x2040  Tcpip - ok
21:59:03.0384 0x2040  TCPIP6 - ok
21:59:03.0387 0x2040  tcpipreg - ok
21:59:03.0391 0x2040  TDPIPE - ok
21:59:03.0394 0x2040  TDTCP - ok
21:59:03.0396 0x2040  tdx - ok
21:59:03.0398 0x2040  Teefer2 - ok
21:59:03.0400 0x2040  TermDD - ok
21:59:03.0401 0x2040  TermService - ok
21:59:03.0402 0x2040  Themes - ok
21:59:03.0404 0x2040  THREADORDER - ok
21:59:03.0405 0x2040  TPDIGIMN - ok
21:59:03.0408 0x2040  TPHDEXLGSVC - ok
21:59:03.0410 0x2040  TPHKLOAD - ok
21:59:03.0412 0x2040  TPHKSVC - ok
21:59:03.0414 0x2040  TPM - ok
21:59:03.0426 0x2040  TPPWRIF - ok
21:59:03.0430 0x2040  TRCTARGET - ok
21:59:03.0432 0x2040  TrkWks - ok
21:59:03.0442 0x2040  Trufos - ok
21:59:03.0443 0x2040  TrustedInstaller - ok
21:59:03.0445 0x2040  tssecsrv - ok
21:59:03.0448 0x2040  TsUsbFlt - ok
21:59:03.0450 0x2040  TsUsbGD - ok
21:59:03.0460 0x2040  tunnel - ok
21:59:03.0462 0x2040  uagp35 - ok
21:59:03.0463 0x2040  udfs - ok
21:59:03.0467 0x2040  UI0Detect - ok
21:59:03.0477 0x2040  uliagpkx - ok
21:59:03.0478 0x2040  umbus - ok
21:59:03.0480 0x2040  UmPass - ok
21:59:03.0481 0x2040  UmRdpService - ok
21:59:03.0483 0x2040  upnphost - ok
21:59:03.0488 0x2040  USBAAPL64 - ok
21:59:03.0508 0x2040  usbaudio - ok
21:59:03.0509 0x2040  usbccgp - ok
21:59:03.0512 0x2040  usbcir - ok
21:59:03.0514 0x2040  usbehci - ok
21:59:03.0516 0x2040  usbhub - ok
21:59:03.0518 0x2040  usbohci - ok
21:59:03.0520 0x2040  usbprint - ok
21:59:03.0525 0x2040  usbscan - ok
21:59:03.0527 0x2040  USBSTOR - ok
21:59:03.0529 0x2040  usbuhci - ok
21:59:03.0531 0x2040  UxSms - ok
21:59:03.0532 0x2040  VaultSvc - ok
21:59:03.0534 0x2040  vdrvroot - ok
21:59:03.0538 0x2040  vds - ok
21:59:03.0541 0x2040  vga - ok
21:59:03.0543 0x2040  VgaSave - ok
21:59:03.0545 0x2040  vhdmp - ok
21:59:03.0547 0x2040  viaide - ok
21:59:03.0556 0x2040  vidsflt53 - ok
21:59:03.0558 0x2040  vmbus - ok
21:59:03.0560 0x2040  VMBusHID - ok
21:59:03.0561 0x2040  VNA - ok
21:59:03.0563 0x2040  volmgr - ok
21:59:03.0564 0x2040  volmgrx - ok
21:59:03.0566 0x2040  volsnap - ok
21:59:03.0568 0x2040  vsmraid - ok
21:59:03.0570 0x2040  VSS - ok
21:59:03.0572 0x2040  vwifibus - ok
21:59:03.0583 0x2040  vwififlt - ok
21:59:03.0585 0x2040  vwifimp - ok
21:59:03.0593 0x2040  W32Time - ok
21:59:03.0597 0x2040  WacomPen - ok
21:59:03.0603 0x2040  WANARP - ok
21:59:03.0605 0x2040  Wanarpv6 - ok
21:59:03.0607 0x2040  WatAdminSvc - ok
21:59:03.0610 0x2040  wbengine - ok
21:59:03.0612 0x2040  WbioSrvc - ok
21:59:03.0615 0x2040  wcncsvc - ok
21:59:03.0617 0x2040  WcsPlugInService - ok
21:59:03.0619 0x2040  Wd - ok
21:59:03.0620 0x2040  Wdf01000 - ok
21:59:03.0621 0x2040  WdiServiceHost - ok
21:59:03.0623 0x2040  WdiSystemHost - ok
21:59:03.0625 0x2040  WebClient - ok
21:59:03.0627 0x2040  Wecsvc - ok
21:59:03.0628 0x2040  wercplsupport - ok
21:59:03.0631 0x2040  WerSvc - ok
21:59:03.0634 0x2040  WfpLwf - ok
21:59:03.0636 0x2040  WIMMount - ok
21:59:03.0638 0x2040  winachsf - ok
21:59:03.0640 0x2040  WinDefend - ok
21:59:03.0644 0x2040  WinHttpAutoProxySvc - ok
21:59:03.0646 0x2040  Winmgmt - ok
21:59:03.0649 0x2040  WinRM - ok
21:59:03.0660 0x2040  WinUsb - ok
21:59:03.0662 0x2040  Wlansvc - ok
21:59:03.0663 0x2040  WmiAcpi - ok
21:59:03.0667 0x2040  wmiApSrv - ok
21:59:03.0670 0x2040  WMPNetworkSvc - ok
21:59:03.0673 0x2040  WPCSvc - ok
21:59:03.0676 0x2040  WPDBusEnum - ok
21:59:03.0677 0x2040  ws2ifsl - ok
21:59:03.0679 0x2040  wscsvc - ok
21:59:03.0681 0x2040  WSDPrintDevice - ok
21:59:03.0687 0x2040  WSDScan - ok
21:59:03.0690 0x2040  WSearch - ok
21:59:03.0694 0x2040  wuauserv - ok
21:59:03.0697 0x2040  WudfPf - ok
21:59:03.0706 0x2040  WUDFRd - ok
21:59:03.0708 0x2040  wudfsvc - ok
21:59:03.0711 0x2040  WwanSvc - ok
21:59:03.0714 0x2040  XAudio - ok
21:59:03.0733 0x2040  ================ Scan global ===============================
21:59:03.0733 0x2040  [ Global ] - ok
21:59:03.0734 0x2040  ================ Scan MBR ==================================
21:59:03.0745 0x2040  [ 81B20D0E78E0002793B0807E85EF8F65 ] \Device\Harddisk0\DR0
21:59:03.0877 0x2040  \Device\Harddisk0\DR0 - ok
21:59:03.0877 0x2040  ================ Scan VBR ==================================
21:59:03.0878 0x2040  [ 27ABFE9677F70A162B34D2D84A71E48C ] \Device\Harddisk0\DR0\Partition1
21:59:03.0878 0x2040  \Device\Harddisk0\DR0\Partition1 - ok
21:59:03.0879 0x2040  ================ Scan generic autorun ======================
21:59:03.0879 0x2040  TpShocks - ok
21:59:03.0879 0x2040  SynTPEnh - ok
21:59:03.0879 0x2040  AcWin7Hlpr - ok
21:59:03.0879 0x2040  LENOVO.TPKNRRES - ok
21:59:03.0880 0x2040  IgfxTray - ok
21:59:03.0880 0x2040  HotKeysCmds - ok
21:59:03.0880 0x2040  Persistence - ok
21:59:03.0880 0x2040  ForteConfig - ok
21:59:03.0881 0x2040  SmartAudio - ok
21:59:03.0881 0x2040  AdobeAAMUpdater-1.0 - ok
21:59:03.0881 0x2040  AdAwareTray - ok
21:59:03.0881 0x2040  ACWLIcon - ok
21:59:03.0881 0x2040  ACTray - ok
21:59:03.0882 0x2040  PWMTRV - ok
21:59:03.0882 0x2040  Malwarebytes Anti-Malware (cleanup) - ok
21:59:03.0882 0x2040  NetSP - restore settings on power failure - ok
21:59:03.0882 0x2040  GoogleDriveSync - ok
21:59:03.0883 0x2040  NotesSODCPreLoad - ok
21:59:03.0883 0x2040  GoogleChromeAutoLaunch_47692A8BDE1D0898868E82D17210B48D - ok
21:59:03.0949 0x2040  AV detected via SS2: Ad-Aware Antivirus, C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareSecurityCenter.exe ( 11.4.6792.0 ), 0x41000 ( enabled : updated )
21:59:03.0964 0x2040  AV detected via SS2: Symantec Endpoint Protection, C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\WSCSavNotifier.exe ( 12.1.4013.4013 ), 0x71000 ( enabled : updated )
21:59:03.0965 0x2040  FW detected via SS2: Symantec Endpoint Protection, C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe ( 12.1.4013.4013 ), 0x41010 ( enabled )
21:59:03.0966 0x2040  FW detected via SS2: Ad-Aware Firewall, C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareSecurityCenter.exe ( 11.4.6792.0 ), 0x40010 ( disabled )
21:59:06.0578 0x2040  ============================================================
21:59:06.0578 0x2040  Scan finished
21:59:06.0578 0x2040  ============================================================
21:59:06.0581 0x21d0  Detected object count: 0
21:59:06.0581 0x21d0  Actual detected object count: 0
06:26:49.0016 0x1d18  ============================================================
06:26:49.0053 0x1d18  Scan started
06:26:49.0053 0x1d18  Mode: Manual; SigCheck; TDLFS; 
06:26:49.0053 0x1d18  ============================================================
06:26:49.0053 0x1d18  KSN ping started
06:27:06.0143 0x1d18  KSN ping finished: true
06:27:06.0866 0x1d18  ================ Scan system memory ========================
06:27:06.0866 0x1d18  System memory - ok
06:27:06.0867 0x1d18  ================ Scan services =============================
06:27:06.0951 0x1d18  1394ohci - ok
06:27:06.0955 0x1d18  5U877 - ok
06:27:06.0963 0x1d18  9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
06:27:06.0966 0x1d18  ACPI - ok
06:27:06.0969 0x1d18  AcpiPmi - ok
06:27:06.0979 0x1d18  AcPrfMgrSvc - ok
06:27:06.0993 0x1d18  AcSvc - ok
06:27:06.0999 0x1d18  AdobeARMservice - ok
06:27:07.0004 0x1d18  AdobeFlashPlayerUpdateSvc - ok
06:27:07.0008 0x1d18  adp94xx - ok
06:27:07.0016 0x1d18  adpahci - ok
06:27:07.0020 0x1d18  adpu320 - ok
06:27:07.0027 0x1d18  AeLookupSvc - ok
06:27:07.0031 0x1d18  AFD - ok
06:27:07.0034 0x1d18  agnfilt - ok
06:27:07.0038 0x1d18  agp440 - ok
06:27:07.0040 0x1d18  ALG - ok
06:27:07.0047 0x1d18  aliide - ok
06:27:07.0050 0x1d18  amdide - ok
06:27:07.0056 0x1d18  AmdK8 - ok
06:27:07.0059 0x1d18  AmdPPM - ok
06:27:07.0069 0x1d18  amdsata - ok
06:27:07.0092 0x1d18  amdsbs - ok
06:27:07.0102 0x1d18  amdxata - ok
06:27:07.0104 0x1d18  AMPPAL - ok
06:27:07.0107 0x1d18  AMPPALP - ok
06:27:07.0111 0x1d18  AMPPALR3 - ok
06:27:07.0123 0x1d18  AppID - ok
06:27:07.0137 0x1d18  AppIDSvc - ok
06:27:07.0156 0x1d18  Appinfo - ok
06:27:07.0192 0x1d18  Apple Mobile Device - ok
06:27:07.0197 0x1d18  AppMgmt - ok
06:27:07.0201 0x1d18  arc - ok
06:27:07.0205 0x1d18  arcsas - ok
06:27:07.0218 0x1d18  aspnet_state - ok
06:27:07.0224 0x1d18  AsyncMac - ok
06:27:07.0232 0x1d18  atapi - ok
06:27:07.0241 0x1d18  AudioEndpointBuilder - ok
06:27:07.0245 0x1d18  AudioSrv - ok
06:27:07.0275 0x1d18  avc3 - ok
06:27:07.0286 0x1d18  avchv - ok
06:27:07.0304 0x1d18  avckf - ok
06:27:07.0307 0x1d18  avpnnic - ok
06:27:07.0377 0x1d18  AxInstSV - ok
06:27:07.0382 0x1d18  b06bdrv - ok
06:27:07.0386 0x1d18  b57nd60a - ok
06:27:07.0394 0x1d18  BDESVC - ok
06:27:07.0420 0x1d18  bdfwfpf - ok
06:27:07.0427 0x1d18  Beep - ok
06:27:07.0446 0x1d18  BESClient - ok
06:27:07.0455 0x1d18  BFE - ok
06:27:07.0466 0x1d18  BHDrvx64 - ok
06:27:07.0477 0x1d18  BITS - ok
06:27:07.0487 0x1d18  blbdrive - ok
06:27:07.0501 0x1d18  Bonjour Service - ok
06:27:07.0504 0x1d18  BOT4Service - ok
06:27:07.0508 0x1d18  bowser - ok
06:27:07.0513 0x1d18  BrFiltLo - ok
06:27:07.0517 0x1d18  BrFiltUp - ok
06:27:07.0529 0x1d18  BridgeMP - ok
06:27:07.0536 0x1d18  Browser - ok
06:27:07.0545 0x1d18  Brserid - ok
06:27:07.0548 0x1d18  BrSerWdm - ok
06:27:07.0553 0x1d18  BrUsbMdm - ok
06:27:07.0557 0x1d18  BrUsbSer - ok
06:27:07.0561 0x1d18  BTHMODEM - ok
06:27:07.0565 0x1d18  bthserv - ok
06:27:07.0568 0x1d18  BTHSSecurityMgr - ok
06:27:07.0578 0x1d18  BTWAMPFL - ok
06:27:07.0604 0x1d18  btwavdt - ok
06:27:07.0607 0x1d18  btwdins - ok
06:27:07.0629 0x1d18  btwrchid - ok
06:27:07.0650 0x1d18  catchme - ok
06:27:07.0657 0x1d18  CAXHWAZL - ok
06:27:07.0668 0x1d18  ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE} - ok
06:27:07.0677 0x1d18  cdfs - ok
06:27:07.0691 0x1d18  cdrom - ok
06:27:07.0703 0x1d18  CertPropSvc - ok
06:27:07.0713 0x1d18  circlass - ok
06:27:07.0716 0x1d18  CLFS - ok
06:27:07.0720 0x1d18  clr_optimization_v2.0.50727_32 - ok
06:27:07.0724 0x1d18  clr_optimization_v2.0.50727_64 - ok
06:27:07.0733 0x1d18  clr_optimization_v4.0.30319_32 - ok
06:27:07.0737 0x1d18  clr_optimization_v4.0.30319_64 - ok
06:27:07.0741 0x1d18  CmBatt - ok
06:27:07.0753 0x1d18  cmdide - ok
06:27:07.0756 0x1d18  CNG - ok
06:27:07.0759 0x1d18  CnxtHdAudService - ok
06:27:07.0762 0x1d18  Compbatt - ok
06:27:07.0765 0x1d18  CompositeBus - ok
06:27:07.0767 0x1d18  COMSysApp - ok
06:27:07.0794 0x1d18  cpextender - ok
06:27:07.0798 0x1d18  crcdisk - ok
06:27:07.0809 0x1d18  CryptSvc - ok
06:27:07.0813 0x1d18  CSC - ok
06:27:07.0820 0x1d18  CscService - ok
06:27:07.0840 0x1d18  ctxusbm - ok
06:27:07.0844 0x1d18  CVirtA - ok
06:27:07.0846 0x1d18  CVPND - ok
06:27:07.0861 0x1d18  CVPNDRVA - ok
06:27:07.0908 0x1d18  CxAudMsg - ok
06:27:07.0929 0x1d18  DcomLaunch - ok
06:27:07.0931 0x1d18  defragsvc - ok
06:27:07.0934 0x1d18  DfsC - ok
06:27:07.0950 0x1d18  Dhcp - ok
06:27:07.0952 0x1d18  discache - ok
06:27:07.0956 0x1d18  Disk - ok
06:27:07.0959 0x1d18  dmvsc - ok
06:27:07.0962 0x1d18  DNE - ok
06:27:07.0983 0x1d18  Dnscache - ok
06:27:07.0985 0x1d18  dot3svc - ok
06:27:08.0022 0x1d18  DozeSvc - ok
06:27:08.0026 0x1d18  DPS - ok
06:27:08.0050 0x1d18  drmkaud - ok
06:27:08.0053 0x1d18  DXGKrnl - ok
06:27:08.0056 0x1d18  DzHDD64 - ok
06:27:08.0065 0x1d18  e1cexpress - ok
06:27:08.0073 0x1d18  E1G60 - ok
06:27:08.0078 0x1d18  e1kexpress - ok
06:27:08.0081 0x1d18  EapHost - ok
06:27:08.0084 0x1d18  easytether - ok
06:27:08.0087 0x1d18  ebdrv - ok
06:27:08.0095 0x1d18  ecnssndis - ok
06:27:08.0098 0x1d18  ecnssndisfltr - ok
06:27:08.0113 0x1d18  eeCtrl - ok
06:27:08.0117 0x1d18  EFS - ok
06:27:08.0120 0x1d18  ehRecvr - ok
06:27:08.0123 0x1d18  ehSched - ok
06:27:08.0128 0x1d18  elxstor - ok
06:27:08.0133 0x1d18  EraserUtilRebootDrv - ok
06:27:08.0137 0x1d18  ErrDev - ok
06:27:08.0168 0x1d18  EventSystem - ok
06:27:08.0170 0x1d18  EvtEng - ok
06:27:08.0179 0x1d18  ew_hwusbdev - ok
06:27:08.0182 0x1d18  ew_usbenumfilter - ok
06:27:08.0184 0x1d18  exfat - ok
06:27:08.0187 0x1d18  fastfat - ok
06:27:08.0192 0x1d18  Fax - ok
06:27:08.0195 0x1d18  fdc - ok
06:27:08.0198 0x1d18  fdPHost - ok
06:27:08.0201 0x1d18  FDResPub - ok
06:27:08.0204 0x1d18  FileInfo - ok
06:27:08.0207 0x1d18  Filetrace - ok
06:27:08.0209 0x1d18  flpydisk - ok
06:27:08.0212 0x1d18  FltMgr - ok
06:27:08.0215 0x1d18  FontCache - ok
06:27:08.0218 0x1d18  FontCache3.0.0.0 - ok
06:27:08.0221 0x1d18  FsDepends - ok
06:27:08.0224 0x1d18  Fs_Rec - ok
06:27:08.0233 0x1d18  fvevol - ok
06:27:08.0244 0x1d18  gagp30kx - ok
06:27:08.0248 0x1d18  GEARAspiWDM - ok
06:27:08.0251 0x1d18  gpsvc - ok
06:27:08.0264 0x1d18  gupdate - ok
06:27:08.0277 0x1d18  gupdatem - ok
06:27:08.0301 0x1d18  gusvc - ok
06:27:08.0313 0x1d18  gzflt - ok
06:27:08.0317 0x1d18  hcw85cir - ok
06:27:08.0330 0x1d18  HDAudBus - ok
06:27:08.0342 0x1d18  HECIx64 - ok
06:27:08.0344 0x1d18  HidBatt - ok
06:27:08.0347 0x1d18  HidBth - ok
06:27:08.0349 0x1d18  HidIr - ok
06:27:08.0360 0x1d18  hidserv - ok
06:27:08.0374 0x1d18  HidUsb - ok
06:27:08.0378 0x1d18  hkmsvc - ok
06:27:08.0381 0x1d18  HomeGroupListener - ok
06:27:08.0383 0x1d18  HomeGroupProvider - ok
06:27:08.0387 0x1d18  HpSAMD - ok
06:27:08.0389 0x1d18  HsfXAudioService - ok
06:27:08.0392 0x1d18  HSF_DPV - ok
06:27:08.0395 0x1d18  HTTP - ok
06:27:08.0399 0x1d18  huawei_cdcacm - ok
06:27:08.0402 0x1d18  huawei_enumerator - ok
06:27:08.0405 0x1d18  huawei_ext_ctrl - ok
06:27:08.0408 0x1d18  huawei_update - ok
06:27:08.0415 0x1d18  hwdatacard - ok
06:27:08.0418 0x1d18  hwpolicy - ok
06:27:08.0421 0x1d18  i8042prt - ok
06:27:08.0426 0x1d18  iastor - ok
06:27:08.0429 0x1d18  iaStorV - ok
06:27:08.0431 0x1d18  IBMPMDRV - ok
06:27:08.0434 0x1d18  IBMPMSVC - ok
06:27:08.0438 0x1d18  idsvc - ok
06:27:08.0442 0x1d18  IDSVia64 - ok
06:27:08.0449 0x1d18  IEEtwCollectorService - ok
06:27:08.0453 0x1d18  IFCoEMP - ok
06:27:08.0456 0x1d18  igfx - ok
06:27:08.0462 0x1d18  iirsp - ok
06:27:08.0465 0x1d18  IKEEXT - ok
06:27:08.0473 0x1d18  intelide - ok
06:27:08.0491 0x1d18  Intelligent Response Agent - ok
06:27:08.0494 0x1d18  intelppm - ok
06:27:08.0497 0x1d18  ioatdma - ok
06:27:08.0515 0x1d18  ioatdma1 - ok
06:27:08.0519 0x1d18  ioatdma2 - ok
06:27:08.0526 0x1d18  IPBusEnum - ok
06:27:08.0531 0x1d18  IpFilterDriver - ok
06:27:08.0532 0x1d18  iphlpsvc - ok
06:27:08.0535 0x1d18  IPMIDRV - ok
06:27:08.0538 0x1d18  IPNAT - ok
06:27:08.0544 0x1d18  iPod Service - ok
06:27:08.0547 0x1d18  IRENUM - ok
06:27:08.0565 0x1d18  irfpqdyo - ok
06:27:08.0572 0x1d18  ISAMSvc - ok
06:27:08.0574 0x1d18  isapnp - ok
06:27:08.0578 0x1d18  iScsiPrt - ok
06:27:08.0581 0x1d18  ISSIMon - ok
06:27:08.0593 0x1d18  kbdclass - ok
06:27:08.0595 0x1d18  kbdhid - ok
06:27:08.0599 0x1d18  KeyIso - ok
06:27:08.0603 0x1d18  KSecDD - ok
06:27:08.0606 0x1d18  KSecPkg - ok
06:27:08.0608 0x1d18  ksthunk - ok
06:27:08.0611 0x1d18  KtmRm - ok
06:27:08.0618 0x1d18  l36wgps - ok
06:27:08.0626 0x1d18  LanmanServer - ok
06:27:08.0639 0x1d18  LanmanWorkstation - ok
06:27:08.0644 0x1d18  LavasoftAdAwareService11 - ok
06:27:08.0648 0x1d18  LENOVO.CAMMUTE - ok
06:27:08.0653 0x1d18  LENOVO.MICMUTE - ok
06:27:08.0659 0x1d18  lenovo.smi - ok
06:27:08.0662 0x1d18  LENOVO.TPKNRSVC - ok
06:27:08.0665 0x1d18  Lenovo.VIRTSCRLSVC - ok
06:27:08.0668 0x1d18  LenovoRd - ok
06:27:08.0680 0x1d18  lltdio - ok
06:27:08.0684 0x1d18  lltdsvc - ok
06:27:08.0686 0x1d18  lmhosts - ok
06:27:08.0689 0x1d18  LNSUSvc - ok
06:27:08.0691 0x1d18  Lotus Notes Diagnostics - ok
06:27:08.0702 0x1d18  LSI_FC - ok
06:27:08.0705 0x1d18  LSI_SAS - ok
06:27:08.0707 0x1d18  LSI_SAS2 - ok
06:27:08.0710 0x1d18  LSI_SCSI - ok
06:27:08.0713 0x1d18  luafv - ok
06:27:08.0724 0x1d18  Mandiant_Tools - ok
06:27:08.0727 0x1d18  MarvinBus - ok
06:27:08.0749 0x1d18  MBAMProtector - ok
06:27:08.0752 0x1d18  MBAMScheduler - ok
06:27:08.0760 0x1d18  MBAMService - ok
06:27:08.0786 0x1d18  MBAMSwissArmy - ok
06:27:08.0800 0x1d18  MBAMWebAccessControl - ok
06:27:08.0804 0x1d18  Mbm3CBus - ok
06:27:08.0807 0x1d18  Mbm3DevMt - ok
06:27:08.0811 0x1d18  Mcx2Svc - ok
06:27:08.0816 0x1d18  mdmxsdk - ok
06:27:08.0819 0x1d18  megasas - ok
06:27:08.0822 0x1d18  MegaSR - ok
06:27:08.0825 0x1d18  MEIx64 - ok
06:27:08.0828 0x1d18  Microsoft Office Groove Audit Service - ok
06:27:08.0833 0x1d18  MMCSS - ok
06:27:08.0836 0x1d18  Modem - ok
06:27:08.0839 0x1d18  monitor - ok
06:27:08.0846 0x1d18  mouclass - ok
06:27:08.0849 0x1d18  mouhid - ok
06:27:08.0852 0x1d18  mountmgr - ok
06:27:08.0855 0x1d18  MozillaMaintenance - ok
06:27:08.0858 0x1d18  mpio - ok
06:27:08.0861 0x1d18  mpsdrv - ok
06:27:08.0864 0x1d18  MpsSvc - ok
06:27:08.0867 0x1d18  MRxDAV - ok
06:27:08.0869 0x1d18  mrxsmb - ok
06:27:08.0872 0x1d18  mrxsmb10 - ok
06:27:08.0875 0x1d18  mrxsmb20 - ok
06:27:08.0878 0x1d18  msahci - ok
06:27:08.0882 0x1d18  msdsm - ok
06:27:08.0885 0x1d18  MSDTC - ok
06:27:08.0890 0x1d18  Msfs - ok
06:27:08.0892 0x1d18  mshidkmdf - ok
06:27:08.0895 0x1d18  msisadrv - ok
06:27:08.0898 0x1d18  MSiSCSI - ok
06:27:08.0901 0x1d18  msiserver - ok
06:27:08.0904 0x1d18  MSKSSRV - ok
06:27:08.0907 0x1d18  MSPCLOCK - ok
06:27:08.0910 0x1d18  MSPQM - ok
06:27:08.0913 0x1d18  MsRPC - ok
06:27:08.0917 0x1d18  mssmbios - ok
06:27:08.0922 0x1d18  MSTEE - ok
06:27:08.0926 0x1d18  MTConfig - ok
06:27:08.0929 0x1d18  Mup - ok
06:27:08.0932 0x1d18  napagent - ok
06:27:08.0937 0x1d18  NativeWifiP - ok
06:27:08.0949 0x1d18  NAVENG - ok
06:27:08.0959 0x1d18  NAVEX15 - ok
06:27:08.0971 0x1d18  NDIS - ok
06:27:08.0975 0x1d18  NdisCap - ok
06:27:08.0979 0x1d18  NdisTapi - ok
06:27:08.0983 0x1d18  Ndisuio - ok
06:27:08.0987 0x1d18  NdisWan - ok
06:27:08.0991 0x1d18  NDProxy - ok
06:27:08.0995 0x1d18  NetBIOS - ok
06:27:08.0998 0x1d18  NetBT - ok
06:27:09.0004 0x1d18  netcfgsvr - ok
06:27:09.0007 0x1d18  NetClientSvc - ok
06:27:09.0010 0x1d18  Netlogon - ok
06:27:09.0013 0x1d18  NetLogSvc - ok
06:27:09.0026 0x1d18  Netman - ok
06:27:09.0029 0x1d18  NetMsmqActivator - ok
06:27:09.0032 0x1d18  NetPipeActivator - ok
06:27:09.0035 0x1d18  netprofm - ok
06:27:09.0038 0x1d18  NetTcpActivator - ok
06:27:09.0043 0x1d18  NetTcpPortSharing - ok
06:27:09.0048 0x1d18  NETwNs64 - ok
06:27:09.0051 0x1d18  nfrd960 - ok
06:27:09.0054 0x1d18  NlaSvc - ok
06:27:09.0057 0x1d18  Npfs - ok
06:27:09.0060 0x1d18  nsi - ok
06:27:09.0063 0x1d18  nsiproxy - ok
06:27:09.0068 0x1d18  Ntfs - ok
06:27:09.0073 0x1d18  Null - ok
06:27:09.0077 0x1d18  nusb3hub - ok
06:27:09.0091 0x1d18  nusb3xhc - ok
06:27:09.0094 0x1d18  nvlddmkm - ok
06:27:09.0097 0x1d18  nvpciflt - ok
06:27:09.0101 0x1d18  nvraid - ok
06:27:09.0105 0x1d18  nvstor - ok
06:27:09.0112 0x1d18  NVSvc - ok
06:27:09.0115 0x1d18  nvUpdatusService - ok
06:27:09.0119 0x1d18  nv_agp - ok
06:27:09.0132 0x1d18  odserv - ok
06:27:09.0135 0x1d18  ohci1394 - ok
06:27:09.0139 0x1d18  ose - ok
06:27:09.0151 0x1d18  p2pimsvc - ok
06:27:09.0154 0x1d18  p2psvc - ok
06:27:09.0157 0x1d18  Parport - ok
06:27:09.0161 0x1d18  partmgr - ok
06:27:09.0165 0x1d18  PcaSvc - ok
06:27:09.0168 0x1d18  pci - ok
06:27:09.0170 0x1d18  pciide - ok
06:27:09.0173 0x1d18  pcmcia - ok
06:27:09.0176 0x1d18  pcw - ok
06:27:09.0179 0x1d18  PEAUTH - ok
06:27:09.0182 0x1d18  PeerDistSvc - ok
06:27:09.0186 0x1d18  PerfHost - ok
06:27:09.0192 0x1d18  PGP RDD Service - ok
06:27:09.0196 0x1d18  PGPdisk - ok
06:27:09.0201 0x1d18  PGPsdkDriver - ok
06:27:09.0206 0x1d18  PGPwded - ok
06:27:09.0210 0x1d18  Pgpwdefs - ok
06:27:09.0213 0x1d18  pla - ok
06:27:09.0215 0x1d18  PlugPlay - ok
06:27:09.0219 0x1d18  PMEM - ok
06:27:09.0223 0x1d18  Pml Driver HPZ12 - ok
06:27:09.0226 0x1d18  PNRPAutoReg - ok
06:27:09.0228 0x1d18  PNRPsvc - ok
06:27:09.0231 0x1d18  PolicyAgent - ok
06:27:09.0235 0x1d18  Power - ok
06:27:09.0238 0x1d18  Power Manager DBC Service - ok
06:27:09.0247 0x1d18  PptpMiniport - ok
06:27:09.0250 0x1d18  Processor - ok
06:27:09.0258 0x1d18  ProfSvc - ok
06:27:09.0261 0x1d18  ProtectedStorage - ok
06:27:09.0269 0x1d18  psadd - ok
06:27:09.0271 0x1d18  Psched - ok
06:27:09.0274 0x1d18  PxHlpa64 - ok
06:27:09.0285 0x1d18  ql2300 - ok
06:27:09.0288 0x1d18  ql40xx - ok
06:27:09.0291 0x1d18  QWAVE - ok
06:27:09.0293 0x1d18  QWAVEdrv - ok
06:27:09.0296 0x1d18  RasAcd - ok
06:27:09.0299 0x1d18  RasAgileVpn - ok
06:27:09.0302 0x1d18  RasAuto - ok
06:27:09.0305 0x1d18  Rasl2tp - ok
06:27:09.0308 0x1d18  RasMan - ok
06:27:09.0312 0x1d18  RasPppoe - ok
06:27:09.0315 0x1d18  RasSstp - ok
06:27:09.0318 0x1d18  rdbss - ok
06:27:09.0322 0x1d18  rdpbus - ok
06:27:09.0327 0x1d18  RDPCDD - ok
06:27:09.0332 0x1d18  RDPDR - ok
06:27:09.0335 0x1d18  RDPENCDD - ok
06:27:09.0340 0x1d18  RDPREFMP - ok
06:27:09.0344 0x1d18  RDPWD - ok
06:27:09.0348 0x1d18  rdyboost - ok
06:27:09.0350 0x1d18  RegSrvc - ok
06:27:09.0354 0x1d18  RemoteAccess - ok
06:27:09.0357 0x1d18  RemoteRegistry - ok
06:27:09.0361 0x1d18  rimmptsk - ok
06:27:09.0365 0x1d18  rimspci - ok
06:27:09.0368 0x1d18  rimsptsk - ok
06:27:09.0371 0x1d18  risdxc - ok
06:27:09.0374 0x1d18  rismxdp - ok
06:27:09.0377 0x1d18  rixdpcie - ok
06:27:09.0382 0x1d18  RoxMediaDB13 - ok
06:27:09.0385 0x1d18  RoxWatch12 - ok
06:27:09.0389 0x1d18  RpcEptMapper - ok
06:27:09.0392 0x1d18  RpcLocator - ok
06:27:09.0396 0x1d18  RpcSs - ok
06:27:09.0399 0x1d18  rspndr - ok
06:27:09.0404 0x1d18  s3cap - ok
06:27:09.0408 0x1d18  Sahdad64 - ok
06:27:09.0413 0x1d18  Saibad64 - ok
06:27:09.0421 0x1d18  SaibVdAd64 - ok
06:27:09.0424 0x1d18  SamSs - ok
06:27:09.0427 0x1d18  SAService - ok
06:27:09.0430 0x1d18  sbp2port - ok
06:27:09.0432 0x1d18  SCardSvr - ok
06:27:09.0435 0x1d18  scfilter - ok
06:27:09.0439 0x1d18  Schedule - ok
06:27:09.0442 0x1d18  SCPolicySvc - ok
06:27:09.0446 0x1d18  SDRSVC - ok
06:27:09.0449 0x1d18  secdrv - ok
06:27:09.0452 0x1d18  seclogon - ok
06:27:09.0454 0x1d18  SENS - ok
06:27:09.0457 0x1d18  SensrSvc - ok
06:27:09.0485 0x1d18  SepMasterService - ok
06:27:09.0491 0x1d18  Serenum - ok
06:27:09.0503 0x1d18  Serial - ok
06:27:09.0506 0x1d18  sermouse - ok
06:27:09.0513 0x1d18  SessionEnv - ok
06:27:09.0515 0x1d18  sffdisk - ok
06:27:09.0518 0x1d18  sffp_mmc - ok
06:27:09.0521 0x1d18  sffp_sd - ok
06:27:09.0525 0x1d18  sfloppy - ok
06:27:09.0529 0x1d18  SharedAccess - ok
06:27:09.0532 0x1d18  ShellHWDetection - ok
06:27:09.0547 0x1d18  Shockprf - ok
06:27:09.0555 0x1d18  SiSRaid2 - ok
06:27:09.0558 0x1d18  SiSRaid4 - ok
06:27:09.0563 0x1d18  Smb - ok
06:27:09.0568 0x1d18  SmcService - ok
06:27:09.0579 0x1d18  SNAC - ok
06:27:09.0584 0x1d18  SNMPTRAP - ok
06:27:09.0589 0x1d18  spldr - ok
06:27:09.0592 0x1d18  Spooler - ok
06:27:09.0595 0x1d18  sppsvc - ok
06:27:09.0602 0x1d18  sppuinotify - ok
06:27:09.0606 0x1d18  SRTSP - ok
06:27:09.0610 0x1d18  SRTSPX - ok
06:27:09.0613 0x1d18  srv - ok
06:27:09.0616 0x1d18  srv2 - ok
06:27:09.0619 0x1d18  srvnet - ok
06:27:09.0622 0x1d18  SSDPSRV - ok
06:27:09.0626 0x1d18  SstpSvc - ok
06:27:09.0629 0x1d18  Stereo Service - ok
06:27:09.0632 0x1d18  stexstor - ok
06:27:09.0635 0x1d18  stisvc - ok
06:27:09.0641 0x1d18  storflt - ok
06:27:09.0645 0x1d18  StorSvc - ok
06:27:09.0648 0x1d18  storvsc - ok
06:27:09.0662 0x1d18  SUService - ok
06:27:09.0665 0x1d18  swenum - ok
06:27:09.0668 0x1d18  swprv - ok
06:27:09.0671 0x1d18  SyDvCtrl - ok
06:27:09.0674 0x1d18  SymDS - ok
06:27:09.0677 0x1d18  SymEFA - ok
06:27:09.0687 0x1d18  SymEvent - ok
06:27:09.0690 0x1d18  SymIRON - ok
06:27:09.0693 0x1d18  SYMNETS - ok
06:27:09.0704 0x1d18  SynTP - ok
06:27:09.0707 0x1d18  SysMain - ok
06:27:09.0710 0x1d18  SysPlant - ok
06:27:09.0713 0x1d18  TabletInputService - ok
06:27:09.0715 0x1d18  TapiSrv - ok
06:27:09.0718 0x1d18  TBS - ok
06:27:09.0721 0x1d18  Tcpip - ok
06:27:09.0726 0x1d18  TCPIP6 - ok
06:27:09.0730 0x1d18  tcpipreg - ok
06:27:09.0734 0x1d18  TDPIPE - ok
06:27:09.0738 0x1d18  TDTCP - ok
06:27:09.0742 0x1d18  tdx - ok
06:27:09.0747 0x1d18  Teefer2 - ok
06:27:09.0749 0x1d18  TermDD - ok
06:27:09.0752 0x1d18  TermService - ok
06:27:09.0755 0x1d18  Themes - ok
06:27:09.0758 0x1d18  THREADORDER - ok
06:27:09.0766 0x1d18  TPDIGIMN - ok
06:27:09.0769 0x1d18  TPHDEXLGSVC - ok
06:27:09.0772 0x1d18  TPHKLOAD - ok
06:27:09.0775 0x1d18  TPHKSVC - ok
06:27:09.0783 0x1d18  TPM - ok
06:27:09.0790 0x1d18  TPPWRIF - ok
06:27:09.0810 0x1d18  TRCTARGET - ok
06:27:09.0813 0x1d18  TrkWks - ok
06:27:09.0821 0x1d18  Trufos - ok
06:27:09.0826 0x1d18  TrustedInstaller - ok
06:27:09.0831 0x1d18  tssecsrv - ok
06:27:09.0834 0x1d18  TsUsbFlt - ok
06:27:09.0837 0x1d18  TsUsbGD - ok
06:27:09.0860 0x1d18  tunnel - ok
06:27:09.0864 0x1d18  uagp35 - ok
06:27:09.0867 0x1d18  udfs - ok
06:27:09.0873 0x1d18  UI0Detect - ok
06:27:09.0891 0x1d18  uliagpkx - ok
06:27:09.0895 0x1d18  umbus - ok
06:27:09.0899 0x1d18  UmPass - ok
06:27:09.0902 0x1d18  UmRdpService - ok
06:27:09.0905 0x1d18  upnphost - ok
06:27:09.0918 0x1d18  USBAAPL64 - ok
06:27:09.0928 0x1d18  usbaudio - ok
06:27:09.0931 0x1d18  usbccgp - ok
06:27:09.0934 0x1d18  usbcir - ok
06:27:09.0937 0x1d18  usbehci - ok
06:27:09.0949 0x1d18  usbhub - ok
06:27:09.0952 0x1d18  usbohci - ok
06:27:09.0955 0x1d18  usbprint - ok
06:27:09.0964 0x1d18  usbscan - ok
06:27:09.0968 0x1d18  USBSTOR - ok
06:27:09.0972 0x1d18  usbuhci - ok
06:27:09.0975 0x1d18  UxSms - ok
06:27:09.0978 0x1d18  VaultSvc - ok
06:27:09.0981 0x1d18  vdrvroot - ok
06:27:09.0984 0x1d18  vds - ok
06:27:09.0987 0x1d18  vga - ok
06:27:09.0990 0x1d18  VgaSave - ok
06:27:09.0993 0x1d18  vhdmp - ok
06:27:09.0996 0x1d18  viaide - ok
06:27:09.0999 0x1d18  vidsflt53 - ok
06:27:10.0002 0x1d18  vmbus - ok
06:27:10.0007 0x1d18  VMBusHID - ok
06:27:10.0011 0x1d18  VNA - ok
06:27:10.0013 0x1d18  volmgr - ok
06:27:10.0017 0x1d18  volmgrx - ok
06:27:10.0019 0x1d18  volsnap - ok
06:27:10.0023 0x1d18  vsmraid - ok
06:27:10.0026 0x1d18  VSS - ok
06:27:10.0029 0x1d18  vwifibus - ok
06:27:10.0038 0x1d18  vwififlt - ok
06:27:10.0041 0x1d18  vwifimp - ok
06:27:10.0045 0x1d18  W32Time - ok
06:27:10.0050 0x1d18  WacomPen - ok
06:27:10.0055 0x1d18  WANARP - ok
06:27:10.0059 0x1d18  Wanarpv6 - ok
06:27:10.0061 0x1d18  WatAdminSvc - ok
06:27:10.0065 0x1d18  wbengine - ok
06:27:10.0068 0x1d18  WbioSrvc - ok
06:27:10.0071 0x1d18  wcncsvc - ok
06:27:10.0075 0x1d18  WcsPlugInService - ok
06:27:10.0078 0x1d18  Wd - ok
06:27:10.0081 0x1d18  Wdf01000 - ok
06:27:10.0093 0x1d18  WdiServiceHost - ok
06:27:10.0096 0x1d18  WdiSystemHost - ok
06:27:10.0099 0x1d18  WebClient - ok
06:27:10.0102 0x1d18  Wecsvc - ok
06:27:10.0106 0x1d18  wercplsupport - ok
06:27:10.0109 0x1d18  WerSvc - ok
06:27:10.0113 0x1d18  WfpLwf - ok
06:27:10.0116 0x1d18  WIMMount - ok
06:27:10.0118 0x1d18  winachsf - ok
06:27:10.0122 0x1d18  WinDefend - ok
06:27:10.0130 0x1d18  WinHttpAutoProxySvc - ok
06:27:10.0133 0x1d18  Winmgmt - ok
06:27:10.0136 0x1d18  WinRM - ok
06:27:10.0143 0x1d18  WinUsb - ok
06:27:10.0146 0x1d18  Wlansvc - ok
06:27:10.0149 0x1d18  WmiAcpi - ok
06:27:10.0153 0x1d18  wmiApSrv - ok
06:27:10.0157 0x1d18  WMPNetworkSvc - ok
06:27:10.0159 0x1d18  WPCSvc - ok
06:27:10.0162 0x1d18  WPDBusEnum - ok
06:27:10.0166 0x1d18  ws2ifsl - ok
06:27:10.0170 0x1d18  wscsvc - ok
06:27:10.0177 0x1d18  WSDPrintDevice - ok
06:27:10.0184 0x1d18  WSDScan - ok
06:27:10.0187 0x1d18  WSearch - ok
06:27:10.0192 0x1d18  wuauserv - ok
06:27:10.0195 0x1d18  WudfPf - ok
06:27:10.0204 0x1d18  WUDFRd - ok
06:27:10.0209 0x1d18  wudfsvc - ok
06:27:10.0212 0x1d18  WwanSvc - ok
06:27:10.0215 0x1d18  XAudio - ok
06:27:10.0238 0x1d18  ================ Scan global ===============================
06:27:10.0238 0x1d18  [ Global ] - ok
06:27:10.0239 0x1d18  ================ Scan MBR ==================================
06:27:10.0250 0x1d18  [ 81B20D0E78E0002793B0807E85EF8F65 ] \Device\Harddisk0\DR0
06:27:10.0411 0x1d18  \Device\Harddisk0\DR0 - ok
06:27:10.0412 0x1d18  ================ Scan VBR ==================================
06:27:10.0414 0x1d18  [ 27ABFE9677F70A162B34D2D84A71E48C ] \Device\Harddisk0\DR0\Partition1
06:27:10.0414 0x1d18  \Device\Harddisk0\DR0\Partition1 - ok
06:27:10.0416 0x1d18  ================ Scan generic autorun ======================
06:27:10.0416 0x1d18  TpShocks - ok
06:27:10.0418 0x1d18  SynTPEnh - ok
06:27:10.0420 0x1d18  AcWin7Hlpr - ok
06:27:10.0422 0x1d18  LENOVO.TPKNRRES - ok
06:27:10.0424 0x1d18  IgfxTray - ok
06:27:10.0426 0x1d18  HotKeysCmds - ok
06:27:10.0428 0x1d18  Persistence - ok
06:27:10.0431 0x1d18  ForteConfig - ok
06:27:10.0433 0x1d18  SmartAudio - ok
06:27:10.0435 0x1d18  AdobeAAMUpdater-1.0 - ok
06:27:10.0437 0x1d18  AdAwareTray - ok
06:27:10.0439 0x1d18  ACWLIcon - ok
06:27:10.0441 0x1d18  ACTray - ok
06:27:10.0443 0x1d18  PWMTRV - ok
06:27:10.0444 0x1d18  Malwarebytes Anti-Malware (cleanup) - ok
06:27:10.0445 0x1d18  NetSP - restore settings on power failure - ok
06:27:10.0448 0x1d18  GoogleDriveSync - ok
06:27:10.0449 0x1d18  NotesSODCPreLoad - ok
06:27:10.0451 0x1d18  GoogleChromeAutoLaunch_47692A8BDE1D0898868E82D17210B48D - ok
06:27:10.0518 0x1d18  AV detected via SS2: Ad-Aware Antivirus, C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareSecurityCenter.exe ( 11.4.6792.0 ), 0x41000 ( enabled : updated )
06:27:10.0535 0x1d18  AV detected via SS2: Symantec Endpoint Protection, C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\WSCSavNotifier.exe ( 12.1.4013.4013 ), 0x71000 ( enabled : updated )
06:27:10.0537 0x1d18  FW detected via SS2: Symantec Endpoint Protection, C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe ( 12.1.4013.4013 ), 0x41010 ( enabled )
06:27:10.0537 0x1d18  FW detected via SS2: Ad-Aware Firewall, C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareSecurityCenter.exe ( 11.4.6792.0 ), 0x40010 ( disabled )
06:27:13.0099 0x1d18  ============================================================
06:27:13.0099 0x1d18  Scan finished
06:27:13.0099 0x1d18  ============================================================
06:27:13.0107 0x2244  Detected object count: 0
06:27:13.0107 0x2244  Actual detected object count: 0
 

  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Don't think you waited long enough with aswMBR.  It takes an hour or more when you let it download the avast engine. 

 

Combofix and TDSSKiller seem happy.  Are you on line now?

 

Can you run OTL again, Quickscan and post the results?  Also let's do FRST:

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 

and Process Explorer:

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 


  • 0

#8
givemefood

givemefood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Here's the OTL Scan. I have to do the remaining steps (FRST, etc.). Problem is Symantec doesn't allow me to save the file, and I'm unable to kill the symantec process. I'll need to download it on my other PC and try and run it using a flash drive:

 

OTL logfile created on: 12/14/2014 9:54:18 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\IBM_ADMIN\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.89 Gb Total Physical Memory | 3.02 Gb Available Physical Memory | 38.33% Memory free
15.77 Gb Paging File | 11.37 Gb Available in Paging File | 72.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 15.59 Gb Free Space | 3.35% Space Free | Partition Type: NTFS
 
Computer Name: IBM-2F08I7T981U | User Name: rry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/13 21:56:14 | 004,187,592 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\IBM_ADMIN\Downloads\tdsskiller.exe
PRC - [2014/12/10 21:22:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\IBM_ADMIN\Downloads\OTL.exe
PRC - [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/11/14 11:18:57 | 000,381,680 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\C4ebreg\isamtray.exe
PRC - [2014/11/14 11:18:43 | 000,576,240 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\C4ebreg\c4ebreg.exe
PRC - [2014/10/21 17:52:24 | 022,869,088 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/20 18:45:38 | 000,144,368 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
PRC - [2013/08/01 12:39:12 | 000,192,104 | ---- | M] (IBM Corp) -- c:\notes\SUService.exe
PRC - [2013/08/01 12:36:44 | 004,456,040 | ---- | M] (IBM) -- c:\notes\nsd.exe
PRC - [2013/05/03 16:19:34 | 005,387,640 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
PRC - [2013/05/03 16:19:34 | 001,486,200 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
PRC - [2012/09/07 13:09:18 | 000,184,088 | ---- | M] (IBM Corp.) -- c:\sdwork\issimsvc.exe
PRC - [2012/07/21 15:05:20 | 001,588,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
PRC - [2012/07/21 15:05:14 | 003,935,944 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
PRC - [2012/05/16 14:05:42 | 000,100,792 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
PRC - [2012/05/16 14:05:24 | 008,192,440 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe
PRC - [2012/05/16 14:05:16 | 009,063,352 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
PRC - [2012/05/16 13:36:14 | 000,046,080 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe
PRC - [2012/01/30 08:48:19 | 011,296,768 | ---- | M] (IBM) -- C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\soffice.bin
PRC - [2011/10/20 12:11:24 | 000,412,736 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2011/10/20 12:09:32 | 000,363,584 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2011/10/20 12:09:26 | 000,195,648 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
PRC - [2011/10/20 12:09:20 | 000,433,216 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
PRC - [2011/10/20 12:09:18 | 000,269,376 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2011/10/20 12:09:16 | 000,134,208 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2011/08/12 23:18:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/12 05:20:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/11 19:04:14 | 000,328,552 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/07/25 23:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011/07/22 12:21:34 | 000,060,264 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/07/22 12:21:32 | 000,042,344 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2011/07/22 12:21:18 | 000,041,832 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011/07/12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/03/24 03:48:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/02/25 01:02:00 | 000,039,408 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
PRC - [2011/02/09 17:36:58 | 000,457,200 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
PRC - [2011/01/12 18:22:58 | 000,518,640 | ---- | M] () -- C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/11/18 16:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010/10/12 16:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 16:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/09/09 12:40:38 | 000,079,200 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe
PRC - [2010/09/09 12:40:24 | 000,476,000 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe
PRC - [2010/09/09 12:40:02 | 000,349,536 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe
PRC - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/11/02 18:43:16 | 000,353,672 | ---- | M] (Check Point Software Technologies) -- C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/12 17:19:37 | 001,175,040 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\wx._core_.pyd
MOD - [2014/12/12 17:19:37 | 001,160,704 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\_ssl.pyd
MOD - [2014/12/12 17:19:37 | 001,062,400 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\wx._controls_.pyd
MOD - [2014/12/12 17:19:37 | 000,811,008 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\wx._windows_.pyd
MOD - [2014/12/12 17:19:37 | 000,805,888 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\wx._gdi_.pyd
MOD - [2014/12/12 17:19:37 | 000,735,232 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\wx._misc_.pyd
MOD - [2014/12/12 17:19:37 | 000,713,216 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\_hashlib.pyd
MOD - [2014/12/12 17:19:37 | 000,686,080 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\unicodedata.pyd
MOD - [2014/12/12 17:19:37 | 000,557,056 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\pysqlite2._sqlite.pyd
MOD - [2014/12/12 17:19:37 | 000,525,640 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\windows._lib_cacheinvalidation.pyd
MOD - [2014/12/12 17:19:37 | 000,364,544 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\pythoncom27.dll
MOD - [2014/12/12 17:19:37 | 000,320,512 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\win32com.shell.shell.pyd
MOD - [2014/12/12 17:19:37 | 000,167,936 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\win32gui.pyd
MOD - [2014/12/12 17:19:37 | 000,128,512 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\_elementtree.pyd
MOD - [2014/12/12 17:19:37 | 000,127,488 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\pyexpat.pyd
MOD - [2014/12/12 17:19:37 | 000,122,368 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\wx._wizard.pyd
MOD - [2014/12/12 17:19:37 | 000,119,808 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\win32file.pyd
MOD - [2014/12/12 17:19:37 | 000,110,080 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\pywintypes27.dll
MOD - [2014/12/12 17:19:37 | 000,108,544 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\win32security.pyd
MOD - [2014/12/12 17:19:37 | 000,098,816 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\win32api.pyd
MOD - [2014/12/12 17:19:37 | 000,087,552 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\_ctypes.pyd
MOD - [2014/12/12 17:19:37 | 000,078,336 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\wx._animate.pyd
MOD - [2014/12/12 17:19:37 | 000,070,656 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\wx._html2.pyd
MOD - [2014/12/12 17:19:37 | 000,045,568 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\_socket.pyd
MOD - [2014/12/12 17:19:37 | 000,038,912 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\win32inet.pyd
MOD - [2014/12/12 17:19:37 | 000,027,136 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\_multiprocessing.pyd
MOD - [2014/12/12 17:19:37 | 000,025,600 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\win32pdh.pyd
MOD - [2014/12/12 17:19:37 | 000,024,064 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\win32pipe.pyd
MOD - [2014/12/12 17:19:37 | 000,022,528 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\win32ts.pyd
MOD - [2014/12/12 17:19:37 | 000,018,432 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\win32event.pyd
MOD - [2014/12/12 17:19:37 | 000,017,408 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\win32profile.pyd
MOD - [2014/12/12 17:19:37 | 000,011,264 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\win32crypt.pyd
MOD - [2014/12/12 17:19:37 | 000,010,240 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\select.pyd
MOD - [2014/12/12 17:19:37 | 000,007,168 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\hashobjs_ext.pyd
MOD - [2014/12/12 17:19:36 | 000,035,840 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI59202\win32process.pyd
MOD - [2014/12/05 20:50:51 | 014,913,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
MOD - [2014/12/05 20:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/05 20:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/05 20:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/05 20:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/09/17 11:54:45 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\eab470ea118ad56a2a287fbc9b4eb814\System.Xaml.ni.dll
MOD - [2014/09/17 07:36:25 | 017,999,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3a80d309a42932484b46e1ce5b1a26fb\PresentationFramework.ni.dll
MOD - [2014/09/17 07:36:12 | 011,451,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\52a6dbea295b050d39eac633f4f45699\PresentationCore.ni.dll
MOD - [2014/09/17 07:36:08 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\eb5ed59617b97ec2ac332e367285fefc\PresentationFramework.Aero.ni.dll
MOD - [2014/09/17 07:36:05 | 013,140,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bc9c68dd8cfcf134e5f385a8ce73a05f\System.Windows.Forms.ni.dll
MOD - [2014/09/17 07:36:01 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b4c5db3d869e939a848ca08ac7cf3e88\System.Core.ni.dll
MOD - [2014/09/17 07:35:54 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\311df96b9394d130b24653d51163142e\WindowsBase.ni.dll
MOD - [2014/09/17 07:35:52 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a421135e2f2680ad100d485476a520f4\System.Drawing.ni.dll
MOD - [2014/09/17 07:35:49 | 009,086,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\0c9b60c066b18195e4b293e0d0802f60\System.ni.dll
MOD - [2014/09/17 07:35:44 | 014,416,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\64a3cdb7bc50e751c0bfb210625265d9\mscorlib.ni.dll
MOD - [2014/02/12 19:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 19:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/01/30 08:48:19 | 000,967,168 | ---- | M] () -- C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\libxml2.dll
MOD - [2012/01/30 08:48:16 | 000,163,840 | ---- | M] () -- C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.system.win32_3.0.0.20110822-1305\basis\program\libxslt.dll
MOD - [2012/01/30 08:48:12 | 000,139,264 | ---- | M] () -- C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.base.win32_3.0.0.20110822-1305\basis\program\nsldap32v50.dll
MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/10/20 10:12:28 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
MOD - [2011/01/20 21:44:32 | 000,394,224 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2011/01/12 18:22:58 | 000,518,640 | ---- | M] () -- C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/10/15 13:37:16 | 000,707,888 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV:64bit: - [2014/07/25 08:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2012/01/27 07:50:49 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011/10/17 15:48:24 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/08/08 07:39:18 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 21:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 20:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/07/22 12:21:34 | 000,060,264 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2011/07/22 12:21:18 | 000,041,832 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/07/12 16:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2011/07/12 16:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2011/06/03 12:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/03/29 19:15:36 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/12/17 08:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/12/08 13:23:47 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/14 11:18:43 | 000,576,240 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files (x86)\C4ebreg\c4ebreg.exe -- (ISAMSvc)
SRV - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/16 09:15:53 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/20 18:45:44 | 002,377,984 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe -- (SmcService)
SRV - [2013/10/20 18:45:44 | 000,334,736 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe -- (SNAC)
SRV - [2013/10/20 18:45:38 | 000,144,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2013/08/01 12:39:12 | 000,192,104 | ---- | M] (IBM Corp) [Auto | Running] -- c:\notes\SUService.exe -- (LNSUSvc)
SRV - [2013/08/01 12:36:44 | 004,456,040 | ---- | M] (IBM) [Auto | Running] -- c:\notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2013/05/03 16:19:34 | 005,387,640 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)
SRV - [2012/09/25 16:03:16 | 013,387,128 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe -- (Intelligent Response Agent)
SRV - [2012/09/07 13:09:18 | 000,184,088 | ---- | M] (IBM Corp.) [Auto | Running] -- c:\sdwork\issimsvc.exe -- (ISSIMon)
SRV - [2012/07/21 15:05:20 | 001,588,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service)
SRV - [2012/02/09 15:30:04 | 000,745,472 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\IBM\Tivoli\Remote Control\Target\trc_base.exe -- (TRCTARGET)
SRV - [2012/01/27 07:48:07 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2011/10/20 12:09:18 | 000,269,376 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2011/10/20 12:09:16 | 000,134,208 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2011/08/12 23:18:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/12 05:20:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/07/25 23:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/03/24 03:48:00 | 000,477,032 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2011/03/24 03:48:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/03/02 08:09:42 | 000,354,288 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2011/03/02 08:09:06 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2011/02/25 01:02:00 | 000,039,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2011/02/09 17:36:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2010/11/20 07:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/11/18 16:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010/09/09 12:40:38 | 000,079,200 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe -- (NetLogSvc)
SRV - [2010/09/09 12:40:24 | 000,476,000 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe -- (netcfgsvr)
SRV - [2010/09/09 12:40:02 | 000,349,536 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe -- (NetClientSvc)
SRV - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/02 18:43:16 | 000,353,672 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/14 05:26:13 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/12/13 07:03:05 | 000,079,064 | ---- | M] (Malwarebytes Corporation) [Kernel | Boot | Unknown] -- C:\Windows\SysNative\drivers\iyugieiy.sys -- (irfpqdyo)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/08/21 12:30:50 | 000,727,592 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2014/08/21 12:30:50 | 000,601,360 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2014/08/21 12:30:50 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2014/07/10 14:09:30 | 000,389,240 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2014/07/10 14:09:30 | 000,150,256 | ---- | M] (BitDefender LLC) [File_System | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys -- (gzflt)
DRV:64bit: - [2014/07/10 14:08:36 | 000,102,992 | ---- | M] (BitDefender LLC) [Kernel | System | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2014/02/27 07:53:51 | 000,155,352 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SysPlant.sys -- (SysPlant)
DRV:64bit: - [2014/02/26 14:10:26 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/11/22 12:43:12 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53)
DRV:64bit: - [2013/10/20 18:45:46 | 001,147,480 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013/10/20 18:45:46 | 000,797,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/10/20 18:45:46 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/10/20 18:45:46 | 000,437,336 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\symnets.sys -- (SYMNETS)
DRV:64bit: - [2013/10/20 18:45:46 | 000,224,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/10/20 18:45:46 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys -- (ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE})
DRV:64bit: - [2013/10/20 18:45:46 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/10/20 18:45:44 | 000,092,456 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Teefer.sys -- (Teefer2)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/21 15:05:34 | 000,015,848 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\PGPwdefs.sys -- (Pgpwdefs)
DRV:64bit: - [2012/07/21 15:05:32 | 000,372,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PGPwded.sys -- (PGPwded)
DRV:64bit: - [2012/07/21 15:05:30 | 000,051,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PGPsdk.sys -- (PGPsdkDriver)
DRV:64bit: - [2012/07/21 15:05:22 | 000,273,848 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PGPdisk.sys -- (PGPdisk)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/27 07:51:10 | 001,423,408 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/01/27 07:50:59 | 000,118,016 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LenovoRd.sys -- (LenovoRd)
DRV:64bit: - [2012/01/27 07:50:57 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2012/01/27 07:50:57 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2012/01/27 07:50:57 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2012/01/27 07:50:57 | 000,054,784 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2012/01/27 07:50:56 | 000,067,072 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2012/01/27 07:50:56 | 000,061,952 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2012/01/27 07:50:51 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2012/01/27 07:50:51 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2012/01/27 07:50:50 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iastor)
DRV:64bit: - [2012/01/27 07:50:49 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/01/27 07:50:49 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2012/01/27 07:50:49 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2012/01/27 07:50:44 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2012/01/27 07:50:33 | 000,419,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV:64bit: - [2012/01/27 07:50:33 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2012/01/27 07:50:33 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2012/01/27 07:50:32 | 000,411,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV:64bit: - [2012/01/27 07:50:32 | 000,101,416 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\l36wgps64.sys -- (l36wgps)
DRV:64bit: - [2012/01/27 07:48:09 | 000,091,648 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2012/01/27 07:48:09 | 000,029,696 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2012/01/27 07:48:08 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012/01/27 07:48:08 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012/01/27 07:48:08 | 000,022,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwupgrade.sys -- (huawei_update)
DRV:64bit: - [2012/01/27 07:48:08 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2012/01/27 07:48:07 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012/01/27 07:48:07 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2012/01/27 07:48:06 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2012/01/27 07:48:05 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2012/01/27 07:48:05 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2012/01/27 07:48:05 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2011/10/17 16:24:50 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/10/17 16:24:44 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/10/17 16:24:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/10/03 15:46:40 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/09/26 02:40:28 | 012,309,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/12 23:18:00 | 000,027,240 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/04 15:45:24 | 000,341,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/08/03 17:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/06/15 12:50:44 | 000,348,944 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ifM60x64.sys -- (IFCoEMP)
DRV:64bit: - [2011/03/29 19:13:40 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011/03/29 19:11:48 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011/03/24 03:48:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2011/03/24 03:48:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 01:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2011/02/09 01:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2011/02/09 01:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:07:04 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 04:57:43 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/09/09 15:24:04 | 000,190,464 | ---- | M] (AT&T) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\agnfilt.sys -- (agnfilt)
DRV:64bit: - [2010/09/07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/07/14 11:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/06/29 18:22:50 | 000,014,848 | ---- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avpnnic.sys -- (avpnnic)
DRV:64bit: - [2010/03/23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/11/16 06:27:48 | 000,041,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma2)
DRV:64bit: - [2009/11/16 06:27:46 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd160x64.sys -- (ioatdma1)
DRV:64bit: - [2009/11/16 06:27:44 | 000,046,792 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ioatdma.sys -- (ioatdma)
DRV:64bit: - [2009/11/02 18:43:16 | 000,161,256 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vna.sys -- (VNA)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:35:02 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1k60x64.sys -- (e1kexpress)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007/02/19 00:56:38 | 000,027,136 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2014/12/11 06:01:56 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/12/11 06:01:55 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/11/18 18:13:19 | 000,637,656 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20141212.011\IDSviA64.sys -- (IDSVia64)
DRV - [2014/10/03 23:06:12 | 001,586,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20141210.012\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/09/24 13:05:23 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141213.001\ex64.sys -- (NAVEX15)
DRV - [2014/09/24 13:05:23 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141213.001\eng64.sys -- (NAVENG)
DRV - [2014/07/29 14:42:52 | 000,025,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\ProgramData\MANDIANT\MANDIANT Intelligent Response Agent\mktools.sys -- (Mandiant_Tools)
DRV - [2013/10/20 18:45:44 | 000,034,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys -- (SyDvCtrl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002/07/17 23:00:00 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\PMEMNT.SYS -- (PMEM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C ED 65 D5 DD 17 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {2602979F-3C33-4DC4-897A-BAA62A38788B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{2602979F-3C33-4DC4-897A-BAA62A38788B}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;<local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "w3.ibm.com"
FF - prefs.js..extensions.enabledAddons: %7B9EB34849-81D3-4841-939D-666D522B889A%7D:1.5.7.158
FF - prefs.js..extensions.enabledAddons: %7Bbb6bc1bb-f824-4702-90cd-35e2fb24f25d%7D:1.5.1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:2.04.20110724.1ibm
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@IBM.com/Java60: C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@IBM.com/Java,version=1.6.0: C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
FF - HKLM\Software\MozillaPlugins\@IBM.com/JavaPlugin: C:\Program Files (x86)\IBM\Java60\jre\bin\plugin2\npjp2.dll (IBM)
FF - HKLM\Software\MozillaPlugins\@IBM.com/WDPlugin,version=1: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/17 12:03:56 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\IBM_ADMIN\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@IBM.com/WDPlugin,version=1: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/17 12:03:56 | 000,000,000 | ---D | M]
FF - HKCU\Software\MozillaPlugins\LWAPlugin15.8: C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/06/11 14:14:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/17 12:03:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/06/11 14:14:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/17 12:03:56 | 000,000,000 | ---D | M]
 
[2013/07/29 09:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Extensions
[2013/07/29 09:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Extensions\[email protected]
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions
[2012/07/25 19:54:59 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2013/03/31 09:08:11 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012/01/30 08:34:56 | 000,000,000 | ---D | M] (IBM Add To Notes Address Book BluePages Plugin) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (IBM CCK) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]
[2013/10/01 11:50:04 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+) - IBM Edition) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]
[2012/01/30 08:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\defaults
[2012/01/30 08:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\plugins
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\chrome
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\components
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\defaults
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\modules
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\searchplugins
[2014/12/02 15:16:28 | 000,319,610 | ---- | M] () (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\firefox\profiles\2ziq4yrx.default\extensions\[email protected]\lucifox-0.9.9-fx+sm.xpi
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (IBM Add To Notes Address Book BluePages Plugin) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (IBM CCK) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (IE Tab + (IBM Edition)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/16 09:15:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\plugins
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\chrome
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\modules
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\searchplugins
[2010/10/12 15:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 15:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 15:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/10/12 15:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010/08/02 12:01:32 | 000,122,880 | ---- | M] (IBM ) -- C:\Program Files (x86)\mozilla firefox\plugins\npcpsweb.dll
[2010/10/12 17:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2012/06/28 15:30:44 | 000,299,696 | ---- | M] (IBM ) -- C:\Program Files (x86)\mozilla firefox\plugins\npwdplugin821.dll
[2010/10/12 15:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbnookjgoaaelhciadikaadnkgmiamei\3.4.5_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\edppjepaddkecolndfomijbbccbepinm\1.2.6_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjnkapjmjfpipfcccnjbjcbgdnahpjp\2.0.264_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjnkapjmjfpipfcccnjbjcbgdnahpjp\2.0.265_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin\1.4.3_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj\0.9.5_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/12/12 15:06:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\IBM\Java60\jre\bin\ssv.dll (IBM)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll (IBM)
O2 - BHO: (Plugin Class) - {56CD20F0-7C09-11D5-A768-0050042307CE} - c:\Program Files (x86)\SAP\SAP Tutor\free_PlayerIE.dll (SAP AG)
O2 - BHO: (Symantec Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [C4EBReg] C:\Program Files (x86)\C4ebreg\c4ebreg.exe (IBM Corp.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Isamtray] C:\Program Files (x86)\C4ebreg\isamtray.exe (IBM Corp.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe (Sonic Solutions)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_47692A8BDE1D0898868E82D17210B48D] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files (x86)\AT&T Network Client\NetSP.exe (AT&T)
O4 - HKCU..\Run: [NotesSODCPreLoad] C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\preload.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Open Text\SOCKS Client\HumSOCKS.dll (Open Text Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Open Text\SOCKS Client\HumSOCKS.dll (Open Text Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ibm.com ([w3-03] https in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http:// (Java Plug-in 11.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http:// (Java Plug-in 11.25.2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E734BF43-7194-4E3A-832F-307606DDF665} https://cs.conferenc...ts/WDPLUGIN.CAB (Unyte Conferencing Plugin)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9B3B138-37B1-4DDB-8F6D-E3DE308AB852}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC2CF689-6241-4B37-B9AA-C711A5084DE0}: NameServer = 9.0.130.50,9.0.128.50
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 360 Days ==========
 
[2014/12/13 07:03:05 | 000,079,064 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\iyugieiy.sys
[2014/12/12 15:06:38 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/12/12 14:20:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/12/12 14:20:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/12/12 14:20:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/12/12 14:19:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/12/12 14:18:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/12/12 12:16:11 | 005,198,336 | ---- | C] (AVAST Software) -- C:\Users\IBM_ADMIN\Desktop\aswmbr.exe
[2014/12/12 11:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2014/12/12 11:35:21 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\CheckPoint
[2014/12/12 10:44:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/12/10 20:13:24 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/10 20:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/12/10 20:12:52 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/12/10 20:12:52 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/12/10 20:12:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/11/27 08:16:17 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Lavasoft
[2014/11/26 23:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2014/11/26 23:33:05 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\LavasoftStatistics
[2014/11/26 23:33:02 | 002,084,072 | ---- | C] (Bitdefender) -- C:\Windows\SysNative\bdnc.dll
[2014/11/26 23:32:58 | 001,061,776 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\bdsmtpp.dll
[2014/11/26 23:32:58 | 000,209,984 | ---- | C] (BitDefender) -- C:\Windows\SysNative\BdFirewallSDK.dll
[2014/11/26 23:32:58 | 000,195,016 | ---- | C] (BitDefender) -- C:\Windows\SysNative\httproxy.dll
[2014/11/26 23:32:58 | 000,155,912 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\bdpop3p.dll
[2014/11/26 23:32:58 | 000,122,928 | ---- | C] (BitDefender) -- C:\Windows\SysNative\OEMbdpredir.dll
[2014/11/26 23:32:58 | 000,096,160 | ---- | C] (BitDefender) -- C:\Windows\SysNative\bdpredir.dll
[2014/11/26 23:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2014/11/26 23:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2014/11/26 23:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
[2014/11/26 23:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/11/17 11:14:36 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2014/11/17 11:14:36 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2014/11/17 11:12:47 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2014/11/17 11:12:47 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2014/11/17 11:12:32 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2014/11/17 11:12:32 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2014/11/17 11:12:31 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/11/17 11:12:31 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/11/17 11:12:30 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/11/17 11:12:30 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/11/17 11:08:52 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/11/17 11:08:52 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/11/17 11:08:52 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/11/17 11:08:52 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/11/17 11:08:51 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/11/17 11:07:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/11/17 11:07:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/11/17 11:05:24 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/11/17 11:02:59 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/11/17 11:02:59 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/11/17 11:01:10 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014/11/14 11:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/11/11 10:46:26 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\PandoraRecovery
[2014/11/11 10:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
[2014/11/11 10:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pandora Recovery
[2014/11/03 12:32:41 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Lands End
[2014/11/02 10:19:16 | 000,000,000 | R--D | C] -- C:\Users\IBM_ADMIN\Dropbox
[2014/11/02 10:18:42 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/11/02 10:17:42 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox
[2014/10/27 20:10:58 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Boeing
[2014/10/21 03:06:12 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/10/21 03:06:12 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/10/21 03:06:12 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/10/21 03:06:12 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/10/21 03:06:12 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/10/21 03:06:12 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/10/21 02:59:17 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/10/21 02:59:17 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/10/21 02:59:03 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/10/21 02:59:03 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/10/21 02:59:02 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/10/21 02:59:02 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/10/21 02:59:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/10/21 02:59:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/10/21 02:58:59 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/10/21 02:58:59 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/10/21 02:58:59 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/10/21 02:58:59 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/10/21 02:58:59 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/10/21 02:58:59 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/10/21 02:58:59 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/10/21 02:58:59 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/10/21 02:58:58 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/10/21 02:58:58 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/10/21 02:58:57 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/10/21 02:58:57 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/10/21 02:58:57 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/10/21 02:58:57 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/10/21 02:58:57 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/10/21 02:58:57 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/10/21 02:58:56 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/10/21 02:58:56 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/10/21 02:58:55 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/10/21 02:58:55 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/10/21 02:58:55 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/10/21 02:58:55 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/10/21 02:58:55 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/10/21 02:58:55 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/10/21 02:58:51 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/10/21 02:58:50 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/10/21 02:58:50 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/10/13 16:18:19 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Medibank
[2014/09/28 10:16:03 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\TeamViewer
[2014/09/19 11:29:26 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Local\WebEx
[2014/08/29 16:50:20 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/25 14:53:47 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Grainger
[2014/08/22 14:16:39 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/08/22 14:16:27 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/08/22 14:16:27 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/08/22 14:16:27 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/08/22 14:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/22 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/08/21 18:36:47 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/08/21 18:36:46 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/08/21 12:30:50 | 000,727,592 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2014/08/21 12:30:50 | 000,601,360 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2014/08/21 12:30:50 | 000,261,056 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2014/08/19 12:16:29 | 000,000,000 | -HSD | C] -- C:\Users\IBM_ADMIN\AppData\Local\EmieUserList
[2014/08/19 12:16:29 | 000,000,000 | -HSD | C] -- C:\Users\IBM_ADMIN\AppData\Local\EmieSiteList
[2014/08/19 09:59:16 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2014/08/19 09:45:13 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/08/19 09:45:07 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/08/19 09:45:07 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/08/19 09:45:07 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/08/19 09:45:07 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/08/19 09:45:07 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/08/19 09:45:07 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/08/19 09:45:07 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/08/19 09:45:07 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/08/19 09:45:07 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/08/19 09:45:07 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/08/19 09:45:07 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/08/19 09:45:07 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/08/19 09:45:07 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/08/19 09:45:07 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/08/19 09:45:07 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/08/19 09:45:07 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/08/19 09:45:07 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/08/19 09:45:07 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/08/19 09:45:07 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/08/19 09:45:07 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/08/19 09:45:07 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/08/19 09:45:07 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/08/19 09:45:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/08/19 09:45:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/08/19 09:45:07 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/08/19 09:45:07 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/08/19 09:45:07 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/08/19 09:45:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/08/19 09:45:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/08/19 09:45:07 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/08/19 09:45:07 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/08/19 09:45:07 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/08/19 09:45:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/08/19 09:45:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/08/19 09:45:07 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/08/19 09:45:07 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/08/19 09:45:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/08/19 09:45:07 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/08/19 09:45:06 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/08/19 09:45:06 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/08/19 09:45:06 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/08/19 09:45:06 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/08/19 09:45:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/08/19 09:45:06 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/08/19 09:43:42 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/08/19 09:43:42 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/08/19 09:43:42 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/08/19 09:43:42 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2014/08/19 09:43:42 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2014/08/19 09:43:42 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2014/08/19 09:43:42 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2014/08/19 09:43:00 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2014/08/19 09:41:36 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/19 09:41:36 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/19 09:41:35 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/08/19 09:41:35 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/08/19 09:41:35 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2014/08/19 09:41:35 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2014/08/19 09:41:35 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/08/19 09:41:35 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2014/08/19 09:41:35 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2014/08/19 09:41:35 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2014/08/19 09:41:35 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2014/08/19 09:41:35 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/08/19 09:41:35 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/08/19 09:41:35 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2014/08/19 09:41:35 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2014/08/19 09:41:35 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2014/08/19 09:41:35 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2014/08/19 09:41:35 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2014/08/19 09:41:35 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2014/08/19 09:41:35 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2014/08/19 09:41:35 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2014/08/19 09:41:35 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/19 09:41:35 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/19 09:41:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/19 09:41:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/19 09:41:35 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/19 09:41:35 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/19 09:38:59 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2014/08/19 09:38:59 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2014/08/18 08:31:42 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/08/18 08:31:42 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/08/18 08:31:42 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2014/08/18 08:31:42 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2014/08/18 08:31:42 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/08/18 08:31:37 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/08/18 08:24:01 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/08/18 08:00:28 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2014/08/18 08:00:28 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2014/08/18 08:00:28 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2014/08/18 08:00:28 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2014/08/18 08:00:28 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014/08/18 08:00:28 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014/08/18 08:00:12 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/08/18 08:00:12 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/08/04 09:09:17 | 000,000,000 | -HSD | C] -- C:\Users\IBM_ADMIN\Documents\cache
[2014/07/31 12:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2014/07/31 12:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/07/31 12:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/07/31 12:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/07/30 14:43:30 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Allison
[2014/07/29 14:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MANDIANT
[2014/07/29 14:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MANDIANT
[2014/07/21 16:15:51 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\AdobeMuse
[2014/07/21 16:12:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Muse
[2014/07/21 16:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/07/16 13:33:10 | 000,000,000 | ---D | C] -- C:\ibmbeta
[2014/07/14 07:58:41 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/07/14 07:58:41 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/07/14 07:50:24 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/07/14 07:50:24 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/07/10 14:09:30 | 000,389,240 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\Trufos.sys
[2014/06/22 10:14:35 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Local\Adobe
[2014/06/22 10:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/06/22 10:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014/06/20 10:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
[2014/06/20 10:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2014/06/20 10:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2014/06/16 22:06:55 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/06/16 21:57:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/16 21:57:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/06/16 21:56:19 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/06/16 21:56:19 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/06/11 14:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/06/11 14:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/06/11 14:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/06/11 14:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/06/11 14:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/06/11 14:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/06/11 14:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2014/06/03 10:16:36 | 000,000,000 | ---D | C] -- C:\My Web Sites
[2014/06/03 10:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
[2014/06/03 10:16:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinHTTrack
[2014/06/02 08:40:08 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Sunoco
[2014/05/12 11:40:14 | 000,000,000 | ---D | C] -- C:\swd
[2014/04/14 08:58:47 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/14 08:58:47 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/14 08:58:47 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/14 08:58:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/14 08:58:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/14 08:58:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/14 08:58:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/14 08:58:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/14 08:58:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/14 08:58:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/04/04 09:44:34 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\E&Y
[2014/04/01 12:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAP Tutor
[2014/04/01 08:34:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2014/03/24 19:14:24 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Oracle
[2014/03/24 12:01:49 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Saba
[2014/03/24 12:01:45 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Centra
[2014/03/19 08:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Text SOCKS Client 14 x64
[2014/03/19 08:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Open Text
[2014/03/19 08:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Open Text
[2014/03/19 08:40:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Open Text
[2014/03/18 13:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\BigFix
[2014/03/14 15:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2013
[2014/03/14 15:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HRBlock2013
[2014/03/04 10:58:44 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Aramco
[2014/02/27 07:53:56 | 000,158,096 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\FwsVpn.dll
[2014/02/27 07:53:56 | 000,044,448 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\WGX64.SYS
[2014/02/27 07:53:52 | 000,361,360 | ---- | C] (Symantec Corporation) -- C:\Windows\SysWow64\sysfer.dll
[2014/02/27 07:53:52 | 000,011,152 | ---- | C] (Symantec Corporation) -- C:\Windows\SysWow64\sysferThunk.dll
[2014/02/27 07:53:51 | 000,459,152 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\sysfer.dll
[2014/02/27 07:53:51 | 000,155,352 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SysPlant.sys
[2014/02/27 07:53:51 | 000,012,176 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\sysferThunk.dll
[2014/02/26 14:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1992-12.com.symantec
[2014/02/26 14:07:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64
[2014/02/26 14:07:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP
[2014/02/26 14:07:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105
[2014/02/26 14:07:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C010FAD
[2014/02/17 10:11:09 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\SAP-Rational Connector
[2014/02/12 09:51:59 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\UltraVNC
[2014/02/12 09:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC
[2014/02/12 09:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uvnc bvba
[2014/02/10 12:51:23 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\WR Grace
[2014/02/04 19:41:22 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Pinnacle Studio
[2014/02/04 15:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pinnacle
[2014/02/04 14:59:51 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Local\Pinnacle
[2014/02/04 14:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Ultimate Collection
[2014/02/04 14:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 15
[2014/02/04 14:55:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Projects
[2014/02/04 14:53:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pegasus Imaging
[2014/02/04 14:53:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Yahoo!
[2014/02/04 14:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Studio 15
[2014/02/04 14:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Plus
[2014/02/04 14:53:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2014/02/04 14:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2014/02/04 14:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pinnacle
[2014/01/17 15:24:12 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2014/01/17 15:24:12 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2014/01/13 13:46:26 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Cepheid
[2014/01/10 13:31:11 | 000,084,288 | ---- | C] (IBM) -- C:\Windows\SysWow64\javacplIBM60.cpl
[2014/01/10 13:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TempFolder
[2014/01/10 09:58:00 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Desktop\Temp
[2014/01/09 09:10:03 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
[2014/01/06 14:23:36 | 004,558,848 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2014/01/03 11:17:15 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Southwire
[2014/01/03 10:17:04 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\IBM
[2013/12/27 09:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/12/27 09:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/12/27 09:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[1 C:\Users\IBM_ADMIN\*.tmp files -> C:\Users\IBM_ADMIN\*.tmp -> ]
 
========== Files - Modified Within 360 Days ==========
 
[2014/12/14 09:35:00 | 000,000,594 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-598280094-1804934353-2193003435-1000.job
[2014/12/14 09:19:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/14 09:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/14 05:26:13 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/13 17:19:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/13 07:03:05 | 000,079,064 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\iyugieiy.sys
[2014/12/12 17:28:16 | 000,027,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/12 17:28:16 | 000,027,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/12 17:20:41 | 000,002,305 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/12/12 17:16:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/12 17:16:26 | 2055,655,423 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/12 15:06:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/12/12 14:20:56 | 000,778,950 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/12 14:20:56 | 000,660,374 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/12 14:20:56 | 000,121,270 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/12 12:16:13 | 005,198,336 | ---- | M] (AVAST Software) -- C:\Users\IBM_ADMIN\Desktop\aswmbr.exe
[2014/12/12 11:43:11 | 000,001,832 | ---- | M] () -- C:\Users\IBM_ADMIN\AppData\Local\SLC_rameshanthony.prx
[2014/12/12 11:38:31 | 002,534,061 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\Cat.DB
[2014/12/12 10:21:15 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/10 20:12:55 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/09 11:00:28 | 000,041,148 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\WileyPCR_FormSigned.jpg
[2014/12/08 13:23:47 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/12/08 13:23:47 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/12/08 08:09:00 | 000,062,790 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\VT20141208.005
[2014/12/06 08:31:04 | 000,079,013 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\SakhiFashions_Order.jpg
[2014/12/04 14:24:16 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
[2014/11/30 15:19:08 | 000,198,568 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\REBATE MCA-10008 US New.pdf
[2014/11/26 23:32:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/11/24 12:18:57 | 000,042,525 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\B3LE3_-CAAEwHoN.jpg-large
[2014/11/21 11:09:00 | 000,821,273 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\Lil Roy Restaurant Certificate.pdf
[2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/11/18 07:29:12 | 000,546,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/18 07:16:30 | 000,587,244 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\grendle308-screenplay-hell_swallowed_whole.pdf
[2014/11/18 07:16:14 | 000,183,648 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\BobGrieve-screenplay-hot_air_3rd_draft.pdf
[2014/11/14 11:18:33 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/11/12 09:10:03 | 000,080,624 | ---- | M] (IBM Corp.) -- C:\Windows\isamunin.exe
[2014/11/11 10:46:23 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2014/11/04 14:40:20 | 000,062,964 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\saltwater_fishing_guide.pdf
[2014/11/02 10:19:17 | 000,001,005 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\Dropbox.lnk
[2014/10/24 20:57:59 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/10/24 20:32:37 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/10/17 21:05:23 | 000,861,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014/10/13 21:12:57 | 001,460,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/10/13 21:09:31 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2014/10/13 21:07:31 | 000,681,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2014/10/13 20:47:30 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2014/10/13 20:46:02 | 000,681,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2014/10/02 21:12:00 | 000,500,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/10/02 21:11:54 | 000,284,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/10/02 21:11:51 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/10/02 21:11:51 | 000,296,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/10/02 20:44:42 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/09/19 04:42:47 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/09/11 10:15:58 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/08/22 21:07:00 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/22 14:16:21 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/08/22 14:16:21 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/08/22 14:16:21 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/08/21 12:30:50 | 000,727,592 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2014/08/21 12:30:50 | 000,601,360 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2014/08/21 12:30:50 | 000,261,056 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2014/08/21 01:40:32 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/08/21 01:23:10 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/08/19 09:45:13 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/08/19 09:45:07 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/08/19 09:45:07 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/08/19 09:45:07 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/08/19 09:45:07 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/08/19 09:45:07 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/08/19 09:45:07 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/08/19 09:45:07 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/08/19 09:45:07 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/08/19 09:45:07 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/08/19 09:45:07 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/08/19 09:45:07 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/08/19 09:45:07 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/08/19 09:45:07 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/08/19 09:45:07 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/08/19 09:45:07 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/08/19 09:45:07 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/08/19 09:45:07 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/08/19 09:45:07 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/08/19 09:45:07 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/08/19 09:45:07 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/08/19 09:45:07 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/08/19 09:45:07 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/08/19 09:45:07 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/08/19 09:45:07 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/08/19 09:45:07 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/08/19 09:45:07 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/08/19 09:45:07 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/08/19 09:45:07 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/08/19 09:45:07 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/08/19 09:45:07 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/08/19 09:45:07 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/08/19 09:45:07 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/08/19 09:45:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/08/19 09:45:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/08/19 09:45:07 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/08/19 09:45:07 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/08/19 09:45:07 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/08/19 09:45:07 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/08/19 09:45:07 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/08/19 09:45:07 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/08/19 09:45:06 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/08/19 09:45:06 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/08/19 09:45:06 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/08/19 09:45:06 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/08/19 09:45:06 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/08/19 09:45:06 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/08/19 09:43:42 | 005,549,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/08/19 09:43:42 | 003,969,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/08/19 09:43:42 | 003,914,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/08/19 09:43:42 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2014/08/19 09:43:42 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2014/08/19 09:43:42 | 000,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2014/08/19 09:43:42 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2014/08/19 09:43:00 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2014/08/19 09:41:36 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/19 09:41:36 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/19 09:41:35 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/08/19 09:41:35 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/08/19 09:41:35 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2014/08/19 09:41:35 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2014/08/19 09:41:35 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/08/19 09:41:35 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2014/08/19 09:41:35 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2014/08/19 09:41:35 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2014/08/19 09:41:35 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2014/08/19 09:41:35 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/08/19 09:41:35 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/08/19 09:41:35 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2014/08/19 09:41:35 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2014/08/19 09:41:35 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2014/08/19 09:41:35 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2014/08/19 09:41:35 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2014/08/19 09:41:35 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2014/08/19 09:41:35 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2014/08/19 09:41:35 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2014/08/19 09:41:35 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/19 09:41:35 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/19 09:41:35 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/19 09:41:35 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/19 09:41:35 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/19 09:38:59 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2014/08/19 09:38:59 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2014/08/12 14:37:26 | 048,997,564 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\IMG_3036.MOV
[2014/08/11 21:02:49 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2014/08/11 20:36:37 | 000,701,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2014/07/31 12:47:14 | 000,001,518 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2014/07/25 09:01:41 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/07/25 08:30:30 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/07/25 08:28:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/07/25 08:28:27 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/07/25 08:25:45 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/07/25 08:10:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/07/25 08:03:50 | 000,598,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/07/25 08:00:51 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/07/25 08:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/07/25 07:59:28 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/07/25 07:47:25 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/07/25 07:40:12 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/07/25 07:34:49 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/07/25 07:33:08 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/07/25 07:30:32 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/07/25 07:28:15 | 005,824,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/07/25 07:28:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/07/25 07:19:18 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/07/25 07:17:33 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/07/25 07:17:26 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/07/25 07:12:35 | 000,438,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/07/25 07:10:53 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/07/25 07:10:15 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/07/25 07:08:47 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/07/25 06:47:50 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/07/25 06:43:16 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/07/25 06:42:31 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/07/25 06:39:29 | 002,087,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/07/25 06:39:25 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/07/25 06:36:30 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/07/25 06:34:04 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/07/25 06:07:49 | 002,001,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/07/25 06:07:10 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/07/25 05:17:47 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/07/25 05:09:19 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/07/13 21:02:45 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/07/10 14:09:34 | 002,084,072 | ---- | M] (Bitdefender) -- C:\Windows\SysNative\bdnc.dll
[2014/07/10 14:09:30 | 000,389,240 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\Trufos.sys
[2014/07/10 14:08:36 | 000,195,016 | ---- | M] (BitDefender) -- C:\Windows\SysNative\httproxy.dll
[2014/07/10 14:08:36 | 000,155,912 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\bdpop3p.dll
[2014/07/10 14:08:36 | 000,122,928 | ---- | M] (BitDefender) -- C:\Windows\SysNative\OEMbdpredir.dll
[2014/07/10 14:08:34 | 001,061,776 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\bdsmtpp.dll
[2014/07/10 14:08:34 | 000,209,984 | ---- | M] (BitDefender) -- C:\Windows\SysNative\BdFirewallSDK.dll
[2014/07/10 14:08:34 | 000,156,936 | ---- | M] () -- C:\Windows\SysNative\bdfwcore.dll
[2014/07/10 14:08:34 | 000,096,160 | ---- | M] (BitDefender) -- C:\Windows\SysNative\bdpredir.dll
[2014/06/30 17:24:50 | 000,008,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014/06/30 17:14:53 | 000,008,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014/06/22 10:31:02 | 000,193,182 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\Rajendran2014 NFFBAR.pdf
[2014/06/22 10:30:58 | 000,193,183 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\Regina_2014 NFFBAR.pdf
[2014/06/20 10:10:39 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2014/06/18 17:23:33 | 001,943,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/06/18 17:23:33 | 000,156,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/06/18 17:23:33 | 000,073,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/06/18 17:23:32 | 001,131,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/06/18 17:23:32 | 000,156,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/06/18 17:23:32 | 000,081,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/06/17 21:18:30 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/06/17 20:51:32 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/06/06 05:10:34 | 000,624,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/06/06 04:44:17 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/06/06 01:16:07 | 000,035,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/06/06 01:12:57 | 000,035,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/06/03 05:02:37 | 000,112,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/06/03 05:02:21 | 003,241,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/06/03 05:02:21 | 000,504,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2014/06/03 05:02:12 | 001,941,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/06/03 04:29:50 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2014/06/03 04:29:40 | 001,805,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/05/23 21:34:25 | 000,144,693 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\dennisdebon-screenplay-project_blue_book.pdf
[2014/05/12 12:55:59 | 000,106,003 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\THE BREAK IN 2011.pdf
[2014/04/24 21:34:59 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/04/11 21:19:38 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/04/11 21:19:38 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/04/11 21:19:37 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/04/04 21:47:09 | 000,288,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/03/26 09:41:39 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/03/26 09:25:14 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/03/09 16:48:52 | 000,171,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2014/03/09 16:48:51 | 001,389,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2014/03/09 16:47:43 | 000,099,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2014/03/09 16:47:42 | 000,619,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2014/03/07 12:48:39 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2014/03/04 04:44:21 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/03/04 04:44:21 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/03/04 04:44:21 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/03/04 04:44:03 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/03/04 04:44:00 | 001,163,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/03/04 04:17:19 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/03/04 04:16:54 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/03/04 04:16:18 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/03/04 03:09:30 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/03/04 03:09:29 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/02/27 07:53:57 | 000,056,720 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\snacnp.dll
[2014/02/27 07:53:57 | 000,050,576 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWow64\snacnp.dll
[2014/02/27 07:53:56 | 000,576,912 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\SymVPN.dll
[2014/02/27 07:53:56 | 000,158,096 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\FwsVpn.dll
[2014/02/27 07:53:56 | 000,044,448 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\WGX64.SYS
[2014/02/27 07:53:52 | 000,361,360 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWow64\sysfer.dll
[2014/02/27 07:53:52 | 000,011,152 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWow64\sysferThunk.dll
[2014/02/27 07:53:51 | 000,459,152 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\sysfer.dll
[2014/02/27 07:53:51 | 000,155,352 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SysPlant.sys
[2014/02/27 07:53:51 | 000,012,176 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\sysferThunk.dll
[2014/02/26 14:10:26 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/02/26 14:10:26 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/02/26 14:10:26 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/02/26 14:09:04 | 000,000,114 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\isolate.ini
[2014/02/17 08:57:10 | 000,773,166 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/01/17 15:24:12 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2014/01/17 15:24:12 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2014/01/16 12:30:04 | 000,004,096 | -H-- | M] () -- C:\Users\IBM_ADMIN\AppData\Local\keyfile3.drm
[2014/01/06 14:23:36 | 004,558,848 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2013/12/24 17:48:32 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[1 C:\Users\IBM_ADMIN\*.tmp files -> C:\Users\IBM_ADMIN\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/12 14:20:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/12/12 14:20:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/12/12 14:20:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/12/12 14:20:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/12/12 14:20:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/12/12 11:40:01 | 000,001,832 | ---- | C] () -- C:\Users\IBM_ADMIN\AppData\Local\SLC_rameshanthony.prx
[2014/12/09 11:00:27 | 000,041,148 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\WileyPCR_FormSigned.jpg
[2014/12/09 00:03:45 | 000,062,790 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\VT20141208.005
[2014/12/06 08:30:47 | 000,079,013 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\SakhiFashions_Order.jpg
[2014/11/30 15:19:05 | 000,198,568 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\REBATE MCA-10008 US New.pdf
[2014/11/26 23:32:58 | 000,156,936 | ---- | C] () -- C:\Windows\SysNative\bdfwcore.dll
[2014/11/26 23:32:47 | 000,002,305 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/11/26 23:32:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/11/24 12:18:57 | 000,042,525 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\B3LE3_-CAAEwHoN.jpg-large
[2014/11/21 11:08:57 | 000,821,273 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\Lil Roy Restaurant Certificate.pdf
[2014/11/18 07:16:30 | 000,587,244 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\grendle308-screenplay-hell_swallowed_whole.pdf
[2014/11/18 07:16:13 | 000,183,648 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\BobGrieve-screenplay-hot_air_3rd_draft.pdf
[2014/11/11 10:46:23 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2014/11/04 14:40:19 | 000,062,964 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\saltwater_fishing_guide.pdf
[2014/11/02 10:19:16 | 000,001,005 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\Dropbox.lnk
[2014/09/02 07:30:24 | 048,997,564 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\IMG_3036.MOV
[2014/08/19 09:45:07 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/08/19 09:45:07 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/07/31 12:57:02 | 000,001,040 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
[2014/07/31 12:47:14 | 000,001,530 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2014/07/31 12:47:13 | 000,001,518 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2014/07/21 16:12:17 | 000,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Muse.lnk
[2014/06/22 10:29:34 | 000,193,183 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\Regina_2014 NFFBAR.pdf
[2014/06/22 10:20:47 | 000,193,182 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\Rajendran2014 NFFBAR.pdf
[2014/06/22 10:12:17 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/06/20 10:09:12 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2014/05/23 21:34:25 | 000,144,693 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\dennisdebon-screenplay-project_blue_book.pdf
[2014/05/12 12:55:59 | 000,106,003 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\THE BREAK IN 2011.pdf
[2014/04/14 08:11:14 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/07 10:01:56 | 000,000,594 | ---- | C] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-598280094-1804934353-2193003435-1000.job
[2014/02/27 07:53:57 | 002,534,061 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\Cat.DB
[2014/02/26 14:09:04 | 000,000,114 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\isolate.ini
[2014/02/04 14:49:35 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2014/01/16 12:30:04 | 000,004,096 | -H-- | C] () -- C:\Users\IBM_ADMIN\AppData\Local\keyfile3.drm
[2013/09/29 19:46:43 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2013/03/13 16:51:24 | 000,677,328 | ---- | C] () -- C:\Windows\SysWow64\amsrb932.dll
[2012/07/23 11:54:35 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.311018984119889580931149468956
[2012/01/30 08:44:03 | 000,061,305 | ---- | C] () -- C:\Users\IBM_ADMIN\install.xml
[2010/09/09 12:23:52 | 000,271,686 | ---- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >

  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

You are still showing 3 anti-viruses.  You really need to just have one.

 

I don't see any sign of Zero Access now but sometimes it replaces some system files so let's run sfc:

 

 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
Ron

  • 0

#10
givemefood

givemefood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Ok I think I did what you asked me to do:

 

Junk.txt

-----------

2014-12-14 22:04:46, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:04:46, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2014-12-14 22:04:50, Info                  CSI    0000000c [SR] Verify complete
2014-12-14 22:04:50, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:04:50, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2014-12-14 22:04:58, Info                  CSI    00000010 [SR] Verify complete
2014-12-14 22:04:58, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:04:58, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2014-12-14 22:05:02, Info                  CSI    00000014 [SR] Verify complete
2014-12-14 22:05:02, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:05:02, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2014-12-14 22:05:06, Info                  CSI    00000018 [SR] Verify complete
2014-12-14 22:05:07, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:05:07, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2014-12-14 22:05:11, Info                  CSI    0000001c [SR] Verify complete
2014-12-14 22:05:11, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:05:11, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2014-12-14 22:05:15, Info                  CSI    00000020 [SR] Verify complete
2014-12-14 22:05:15, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:05:15, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2014-12-14 22:05:19, Info                  CSI    00000024 [SR] Verify complete
2014-12-14 22:05:19, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:05:19, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2014-12-14 22:05:26, Info                  CSI    00000028 [SR] Verify complete
2014-12-14 22:05:26, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:05:26, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2014-12-14 22:05:42, Info                  CSI    0000002c [SR] Verify complete
2014-12-14 22:05:43, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:05:43, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2014-12-14 22:05:51, Info                  CSI    00000030 [SR] Verify complete
2014-12-14 22:05:51, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:05:51, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2014-12-14 22:05:55, Info                  CSI    00000034 [SR] Verify complete
2014-12-14 22:05:55, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:05:55, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2014-12-14 22:05:59, Info                  CSI    00000038 [SR] Verify complete
2014-12-14 22:05:59, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:05:59, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2014-12-14 22:06:04, Info                  CSI    0000003c [SR] Verify complete
2014-12-14 22:06:04, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:06:04, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2014-12-14 22:06:18, Info                  CSI    00000040 [SR] Verify complete
2014-12-14 22:06:19, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:06:19, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2014-12-14 22:06:27, Info                  CSI    00000044 [SR] Verify complete
2014-12-14 22:06:27, Info                  CSI    00000045 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:06:27, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
2014-12-14 22:06:32, Info                  CSI    00000048 [SR] Verify complete
2014-12-14 22:06:33, Info                  CSI    00000049 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:06:33, Info                  CSI    0000004a [SR] Beginning Verify and Repair transaction
2014-12-14 22:06:37, Info                  CSI    0000004c [SR] Verify complete
2014-12-14 22:06:37, Info                  CSI    0000004d [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:06:37, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
2014-12-14 22:06:42, Info                  CSI    00000051 [SR] Verify complete
2014-12-14 22:06:42, Info                  CSI    00000052 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:06:42, Info                  CSI    00000053 [SR] Beginning Verify and Repair transaction
2014-12-14 22:06:47, Info                  CSI    00000058 [SR] Verify complete
2014-12-14 22:06:47, Info                  CSI    00000059 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:06:47, Info                  CSI    0000005a [SR] Beginning Verify and Repair transaction
2014-12-14 22:06:51, Info                  CSI    0000005d [SR] Verify complete
2014-12-14 22:06:51, Info                  CSI    0000005e [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:06:51, Info                  CSI    0000005f [SR] Beginning Verify and Repair transaction
2014-12-14 22:06:56, Info                  CSI    00000061 [SR] Verify complete
2014-12-14 22:06:56, Info                  CSI    00000062 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:06:56, Info                  CSI    00000063 [SR] Beginning Verify and Repair transaction
2014-12-14 22:07:03, Info                  CSI    00000084 [SR] Verify complete
2014-12-14 22:07:04, Info                  CSI    00000085 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:07:04, Info                  CSI    00000086 [SR] Beginning Verify and Repair transaction
2014-12-14 22:07:08, Info                  CSI    0000008c [SR] Verify complete
2014-12-14 22:07:09, Info                  CSI    0000008d [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:07:09, Info                  CSI    0000008e [SR] Beginning Verify and Repair transaction
2014-12-14 22:07:14, Info                  CSI    00000090 [SR] Verify complete
2014-12-14 22:07:14, Info                  CSI    00000091 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:07:14, Info                  CSI    00000092 [SR] Beginning Verify and Repair transaction
2014-12-14 22:07:19, Info                  CSI    00000094 [SR] Verify complete
2014-12-14 22:07:19, Info                  CSI    00000095 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:07:19, Info                  CSI    00000096 [SR] Beginning Verify and Repair transaction
2014-12-14 22:07:24, Info                  CSI    00000098 [SR] Verify complete
2014-12-14 22:07:24, Info                  CSI    00000099 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:07:24, Info                  CSI    0000009a [SR] Beginning Verify and Repair transaction
2014-12-14 22:07:29, Info                  CSI    0000009c [SR] Verify complete
2014-12-14 22:07:29, Info                  CSI    0000009d [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:07:29, Info                  CSI    0000009e [SR] Beginning Verify and Repair transaction
2014-12-14 22:07:34, Info                  CSI    000000a0 [SR] Verify complete
2014-12-14 22:07:34, Info                  CSI    000000a1 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:07:34, Info                  CSI    000000a2 [SR] Beginning Verify and Repair transaction
2014-12-14 22:07:42, Info                  CSI    000000a6 [SR] Verify complete
2014-12-14 22:07:42, Info                  CSI    000000a7 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:07:42, Info                  CSI    000000a8 [SR] Beginning Verify and Repair transaction
2014-12-14 22:07:51, Info                  CSI    000000c9 [SR] Verify complete
2014-12-14 22:07:51, Info                  CSI    000000ca [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:07:51, Info                  CSI    000000cb [SR] Beginning Verify and Repair transaction
2014-12-14 22:08:04, Info                  CSI    000000cd [SR] Verify complete
2014-12-14 22:08:05, Info                  CSI    000000ce [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:08:05, Info                  CSI    000000cf [SR] Beginning Verify and Repair transaction
2014-12-14 22:08:17, Info                  CSI    000000d1 [SR] Verify complete
2014-12-14 22:08:17, Info                  CSI    000000d2 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:08:17, Info                  CSI    000000d3 [SR] Beginning Verify and Repair transaction
2014-12-14 22:08:20, Info                  CSI    000000d7 [SR] Verify complete
2014-12-14 22:08:20, Info                  CSI    000000d8 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:08:20, Info                  CSI    000000d9 [SR] Beginning Verify and Repair transaction
2014-12-14 22:08:23, Info                  CSI    000000db [SR] Verify complete
2014-12-14 22:08:23, Info                  CSI    000000dc [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:08:23, Info                  CSI    000000dd [SR] Beginning Verify and Repair transaction
2014-12-14 22:08:25, Info                  CSI    000000df [SR] Verify complete
2014-12-14 22:08:25, Info                  CSI    000000e0 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:08:25, Info                  CSI    000000e1 [SR] Beginning Verify and Repair transaction
2014-12-14 22:08:32, Info                  CSI    000000e7 [SR] Verify complete
2014-12-14 22:08:32, Info                  CSI    000000e8 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:08:32, Info                  CSI    000000e9 [SR] Beginning Verify and Repair transaction
2014-12-14 22:08:38, Info                  CSI    000000f8 [SR] Verify complete
2014-12-14 22:08:38, Info                  CSI    000000f9 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:08:38, Info                  CSI    000000fa [SR] Beginning Verify and Repair transaction
2014-12-14 22:08:41, Info                  CSI    000000fc [SR] Verify complete
2014-12-14 22:08:41, Info                  CSI    000000fd [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:08:41, Info                  CSI    000000fe [SR] Beginning Verify and Repair transaction
2014-12-14 22:08:46, Info                  CSI    00000100 [SR] Verify complete
2014-12-14 22:08:46, Info                  CSI    00000101 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:08:46, Info                  CSI    00000102 [SR] Beginning Verify and Repair transaction
2014-12-14 22:08:51, Info                  CSI    00000104 [SR] Verify complete
2014-12-14 22:08:51, Info                  CSI    00000105 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:08:51, Info                  CSI    00000106 [SR] Beginning Verify and Repair transaction
2014-12-14 22:09:00, Info                  CSI    00000109 [SR] Verify complete
2014-12-14 22:09:01, Info                  CSI    0000010a [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:09:01, Info                  CSI    0000010b [SR] Beginning Verify and Repair transaction
2014-12-14 22:09:08, Info                  CSI    0000010e [SR] Verify complete
2014-12-14 22:09:08, Info                  CSI    0000010f [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:09:08, Info                  CSI    00000110 [SR] Beginning Verify and Repair transaction
2014-12-14 22:09:12, Info                  CSI    00000112 [SR] Verify complete
2014-12-14 22:09:12, Info                  CSI    00000113 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:09:12, Info                  CSI    00000114 [SR] Beginning Verify and Repair transaction
2014-12-14 22:09:15, Info                  CSI    00000116 [SR] Verify complete
2014-12-14 22:09:15, Info                  CSI    00000117 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:09:15, Info                  CSI    00000118 [SR] Beginning Verify and Repair transaction
2014-12-14 22:09:24, Info                  CSI    0000011a [SR] Verify complete
2014-12-14 22:09:24, Info                  CSI    0000011b [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:09:24, Info                  CSI    0000011c [SR] Beginning Verify and Repair transaction
2014-12-14 22:09:31, Info                  CSI    0000011e [SR] Verify complete
2014-12-14 22:09:31, Info                  CSI    0000011f [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:09:31, Info                  CSI    00000120 [SR] Beginning Verify and Repair transaction
2014-12-14 22:09:40, Info                  CSI    00000122 [SR] Verify complete
2014-12-14 22:09:40, Info                  CSI    00000123 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:09:40, Info                  CSI    00000124 [SR] Beginning Verify and Repair transaction
2014-12-14 22:09:49, Info                  CSI    0000013c [SR] Verify complete
2014-12-14 22:09:49, Info                  CSI    0000013d [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:09:49, Info                  CSI    0000013e [SR] Beginning Verify and Repair transaction
2014-12-14 22:09:55, Info                  CSI    00000140 [SR] Verify complete
2014-12-14 22:09:56, Info                  CSI    00000141 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:09:56, Info                  CSI    00000142 [SR] Beginning Verify and Repair transaction
2014-12-14 22:10:18, Info                  CSI    00000144 [SR] Verify complete
2014-12-14 22:10:18, Info                  CSI    00000145 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:10:18, Info                  CSI    00000146 [SR] Beginning Verify and Repair transaction
2014-12-14 22:10:29, Info                  CSI    00000149 [SR] Verify complete
2014-12-14 22:10:29, Info                  CSI    0000014a [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:10:29, Info                  CSI    0000014b [SR] Beginning Verify and Repair transaction
2014-12-14 22:10:45, Info                  CSI    0000014d [SR] Verify complete
2014-12-14 22:10:45, Info                  CSI    0000014e [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:10:45, Info                  CSI    0000014f [SR] Beginning Verify and Repair transaction
2014-12-14 22:10:55, Info                  CSI    00000151 [SR] Verify complete
2014-12-14 22:10:57, Info                  CSI    00000152 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:10:57, Info                  CSI    00000153 [SR] Beginning Verify and Repair transaction
2014-12-14 22:11:03, Info                  CSI    00000155 [SR] Verify complete
2014-12-14 22:11:04, Info                  CSI    00000156 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:11:04, Info                  CSI    00000157 [SR] Beginning Verify and Repair transaction
2014-12-14 22:11:11, Info                  CSI    00000159 [SR] Verify complete
2014-12-14 22:11:11, Info                  CSI    0000015a [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:11:11, Info                  CSI    0000015b [SR] Beginning Verify and Repair transaction
2014-12-14 22:11:18, Info                  CSI    0000015f [SR] Verify complete
2014-12-14 22:11:18, Info                  CSI    00000160 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:11:18, Info                  CSI    00000161 [SR] Beginning Verify and Repair transaction
2014-12-14 22:11:25, Info                  CSI    00000163 [SR] Verify complete
2014-12-14 22:11:26, Info                  CSI    00000164 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:11:26, Info                  CSI    00000165 [SR] Beginning Verify and Repair transaction
2014-12-14 22:11:40, Info                  CSI    00000167 [SR] Verify complete
2014-12-14 22:11:41, Info                  CSI    00000168 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:11:41, Info                  CSI    00000169 [SR] Beginning Verify and Repair transaction
2014-12-14 22:11:52, Info                  CSI    0000016c [SR] Verify complete
2014-12-14 22:11:52, Info                  CSI    0000016d [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:11:52, Info                  CSI    0000016e [SR] Beginning Verify and Repair transaction
2014-12-14 22:11:56, Info                  CSI    00000171 [SR] Verify complete
2014-12-14 22:11:57, Info                  CSI    00000172 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:11:57, Info                  CSI    00000173 [SR] Beginning Verify and Repair transaction
2014-12-14 22:12:03, Info                  CSI    00000175 [SR] Verify complete
2014-12-14 22:12:04, Info                  CSI    00000176 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:12:04, Info                  CSI    00000177 [SR] Beginning Verify and Repair transaction
2014-12-14 22:12:16, Info                  CSI    0000017a [SR] Verify complete
2014-12-14 22:12:16, Info                  CSI    0000017b [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:12:16, Info                  CSI    0000017c [SR] Beginning Verify and Repair transaction
2014-12-14 22:12:28, Info                  CSI    0000017e [SR] Verify complete
2014-12-14 22:12:29, Info                  CSI    0000017f [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:12:29, Info                  CSI    00000180 [SR] Beginning Verify and Repair transaction
2014-12-14 22:12:43, Info                  CSI    00000182 [SR] Verify complete
2014-12-14 22:12:43, Info                  CSI    00000183 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:12:43, Info                  CSI    00000184 [SR] Beginning Verify and Repair transaction
2014-12-14 22:13:01, Info                  CSI    00000186 [SR] Verify complete
2014-12-14 22:13:02, Info                  CSI    00000187 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:13:02, Info                  CSI    00000188 [SR] Beginning Verify and Repair transaction
2014-12-14 22:13:19, Info                  CSI    0000018b [SR] Verify complete
2014-12-14 22:13:20, Info                  CSI    0000018c [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:13:20, Info                  CSI    0000018d [SR] Beginning Verify and Repair transaction
2014-12-14 22:13:37, Info                  CSI    0000018f [SR] Verify complete
2014-12-14 22:13:39, Info                  CSI    00000190 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:13:39, Info                  CSI    00000191 [SR] Beginning Verify and Repair transaction
2014-12-14 22:13:44, Info                  CSI    00000193 [SR] Verify complete
2014-12-14 22:13:44, Info                  CSI    00000194 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:13:44, Info                  CSI    00000195 [SR] Beginning Verify and Repair transaction
2014-12-14 22:13:52, Info                  CSI    00000198 [SR] Verify complete
2014-12-14 22:13:52, Info                  CSI    00000199 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:13:52, Info                  CSI    0000019a [SR] Beginning Verify and Repair transaction
2014-12-14 22:14:01, Info                  CSI    0000019c [SR] Verify complete
2014-12-14 22:14:02, Info                  CSI    0000019d [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:14:02, Info                  CSI    0000019e [SR] Beginning Verify and Repair transaction
2014-12-14 22:14:11, Info                  CSI    000001a2 [SR] Verify complete
2014-12-14 22:14:11, Info                  CSI    000001a3 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:14:11, Info                  CSI    000001a4 [SR] Beginning Verify and Repair transaction
2014-12-14 22:14:23, Info                  CSI    000001a6 [SR] Verify complete
2014-12-14 22:14:24, Info                  CSI    000001a7 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:14:24, Info                  CSI    000001a8 [SR] Beginning Verify and Repair transaction
2014-12-14 22:14:33, Info                  CSI    000001ab [SR] Verify complete
2014-12-14 22:14:33, Info                  CSI    000001ac [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:14:33, Info                  CSI    000001ad [SR] Beginning Verify and Repair transaction
2014-12-14 22:14:40, Info                  CSI    000001af [SR] Verify complete
2014-12-14 22:14:41, Info                  CSI    000001b0 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:14:41, Info                  CSI    000001b1 [SR] Beginning Verify and Repair transaction
2014-12-14 22:14:44, Info                  CSI    000001b3 [SR] Verify complete
2014-12-14 22:14:44, Info                  CSI    000001b4 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:14:44, Info                  CSI    000001b5 [SR] Beginning Verify and Repair transaction
2014-12-14 22:14:51, Info                  CSI    000001b7 [SR] Verify complete
2014-12-14 22:14:51, Info                  CSI    000001b8 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:14:51, Info                  CSI    000001b9 [SR] Beginning Verify and Repair transaction
2014-12-14 22:15:00, Info                  CSI    000001bb [SR] Verify complete
2014-12-14 22:15:00, Info                  CSI    000001bc [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:15:00, Info                  CSI    000001bd [SR] Beginning Verify and Repair transaction
2014-12-14 22:15:11, Info                  CSI    000001bf [SR] Verify complete
2014-12-14 22:15:11, Info                  CSI    000001c0 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:15:11, Info                  CSI    000001c1 [SR] Beginning Verify and Repair transaction
2014-12-14 22:15:17, Info                  CSI    000001c3 [SR] Verify complete
2014-12-14 22:15:17, Info                  CSI    000001c4 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:15:17, Info                  CSI    000001c5 [SR] Beginning Verify and Repair transaction
2014-12-14 22:15:23, Info                  CSI    000001c7 [SR] Verify complete
2014-12-14 22:15:23, Info                  CSI    000001c8 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:15:23, Info                  CSI    000001c9 [SR] Beginning Verify and Repair transaction
2014-12-14 22:15:40, Info                  CSI    000001cb [SR] Verify complete
2014-12-14 22:15:40, Info                  CSI    000001cc [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:15:40, Info                  CSI    000001cd [SR] Beginning Verify and Repair transaction
2014-12-14 22:16:15, Info                  CSI    000001cf [SR] Verify complete
2014-12-14 22:16:15, Info                  CSI    000001d0 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:16:15, Info                  CSI    000001d1 [SR] Beginning Verify and Repair transaction
2014-12-14 22:16:25, Info                  CSI    000001d3 [SR] Verify complete
2014-12-14 22:16:26, Info                  CSI    000001d4 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:16:26, Info                  CSI    000001d5 [SR] Beginning Verify and Repair transaction
2014-12-14 22:16:38, Info                  CSI    000001d7 [SR] Verify complete
2014-12-14 22:16:38, Info                  CSI    000001d8 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:16:38, Info                  CSI    000001d9 [SR] Beginning Verify and Repair transaction
2014-12-14 22:16:41, Info                  CSI    000001db [SR] Verify complete
2014-12-14 22:16:41, Info                  CSI    000001dc [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:16:41, Info                  CSI    000001dd [SR] Beginning Verify and Repair transaction
2014-12-14 22:16:48, Info                  CSI    000001df [SR] Verify complete
2014-12-14 22:16:48, Info                  CSI    000001e0 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:16:48, Info                  CSI    000001e1 [SR] Beginning Verify and Repair transaction
2014-12-14 22:16:55, Info                  CSI    000001e3 [SR] Verify complete
2014-12-14 22:16:55, Info                  CSI    000001e4 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:16:55, Info                  CSI    000001e5 [SR] Beginning Verify and Repair transaction
2014-12-14 22:17:01, Info                  CSI    000001e7 [SR] Verify complete
2014-12-14 22:17:01, Info                  CSI    000001e8 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:17:01, Info                  CSI    000001e9 [SR] Beginning Verify and Repair transaction
2014-12-14 22:17:04, Info                  CSI    000001eb [SR] Verify complete
2014-12-14 22:17:04, Info                  CSI    000001ec [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:17:04, Info                  CSI    000001ed [SR] Beginning Verify and Repair transaction
2014-12-14 22:17:11, Info                  CSI    000001f5 [SR] Verify complete
2014-12-14 22:17:12, Info                  CSI    000001f6 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:17:12, Info                  CSI    000001f7 [SR] Beginning Verify and Repair transaction
2014-12-14 22:17:18, Info                  CSI    000001f9 [SR] Verify complete
2014-12-14 22:17:18, Info                  CSI    000001fa [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:17:18, Info                  CSI    000001fb [SR] Beginning Verify and Repair transaction
2014-12-14 22:17:24, Info                  CSI    000001fd [SR] Verify complete
2014-12-14 22:17:25, Info                  CSI    000001fe [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:17:25, Info                  CSI    000001ff [SR] Beginning Verify and Repair transaction
2014-12-14 22:17:30, Info                  CSI    00000201 [SR] Verify complete
2014-12-14 22:17:32, Info                  CSI    00000202 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:17:32, Info                  CSI    00000203 [SR] Beginning Verify and Repair transaction
2014-12-14 22:17:39, Info                  CSI    00000205 [SR] Verify complete
2014-12-14 22:17:39, Info                  CSI    00000206 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:17:39, Info                  CSI    00000207 [SR] Beginning Verify and Repair transaction
2014-12-14 22:17:48, Info                  CSI    0000020a [SR] Verify complete
2014-12-14 22:17:48, Info                  CSI    0000020b [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:17:48, Info                  CSI    0000020c [SR] Beginning Verify and Repair transaction
2014-12-14 22:17:55, Info                  CSI    0000020e [SR] Verify complete
2014-12-14 22:17:55, Info                  CSI    0000020f [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:17:55, Info                  CSI    00000210 [SR] Beginning Verify and Repair transaction
2014-12-14 22:17:59, Info                  CSI    00000212 [SR] Verify complete
2014-12-14 22:17:59, Info                  CSI    00000213 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:17:59, Info                  CSI    00000214 [SR] Beginning Verify and Repair transaction
2014-12-14 22:18:05, Info                  CSI    00000216 [SR] Verify complete
2014-12-14 22:18:05, Info                  CSI    00000217 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:18:05, Info                  CSI    00000218 [SR] Beginning Verify and Repair transaction
2014-12-14 22:18:21, Info                  CSI    0000021d [SR] Verify complete
2014-12-14 22:18:21, Info                  CSI    0000021e [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:18:21, Info                  CSI    0000021f [SR] Beginning Verify and Repair transaction
2014-12-14 22:18:44, Info                  CSI    00000224 [SR] Verify complete
2014-12-14 22:18:45, Info                  CSI    00000225 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:18:45, Info                  CSI    00000226 [SR] Beginning Verify and Repair transaction
2014-12-14 22:19:08, Info                  CSI    00000228 [SR] Verify complete
2014-12-14 22:19:08, Info                  CSI    00000229 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:19:08, Info                  CSI    0000022a [SR] Beginning Verify and Repair transaction
2014-12-14 22:19:18, Info                  CSI    00000236 [SR] Verify complete
2014-12-14 22:19:19, Info                  CSI    00000237 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:19:19, Info                  CSI    00000238 [SR] Beginning Verify and Repair transaction
2014-12-14 22:19:28, Info                  CSI    0000023e [SR] Verify complete
2014-12-14 22:19:29, Info                  CSI    0000023f [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:19:29, Info                  CSI    00000240 [SR] Beginning Verify and Repair transaction
2014-12-14 22:19:38, Info                  CSI    00000242 [SR] Verify complete
2014-12-14 22:19:39, Info                  CSI    00000243 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:19:39, Info                  CSI    00000244 [SR] Beginning Verify and Repair transaction
2014-12-14 22:19:59, Info                  CSI    00000248 [SR] Verify complete
2014-12-14 22:19:59, Info                  CSI    00000249 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:19:59, Info                  CSI    0000024a [SR] Beginning Verify and Repair transaction
2014-12-14 22:20:09, Info                  CSI    0000024c [SR] Verify complete
2014-12-14 22:20:09, Info                  CSI    0000024d [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:20:09, Info                  CSI    0000024e [SR] Beginning Verify and Repair transaction
2014-12-14 22:20:16, Info                  CSI    00000273 [SR] Verify complete
2014-12-14 22:20:17, Info                  CSI    00000274 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:20:17, Info                  CSI    00000275 [SR] Beginning Verify and Repair transaction
2014-12-14 22:20:26, Info                  CSI    00000277 [SR] Verify complete
2014-12-14 22:20:26, Info                  CSI    00000278 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:20:26, Info                  CSI    00000279 [SR] Beginning Verify and Repair transaction
2014-12-14 22:20:32, Info                  CSI    0000027b [SR] Verify complete
2014-12-14 22:20:32, Info                  CSI    0000027c [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:20:32, Info                  CSI    0000027d [SR] Beginning Verify and Repair transaction
2014-12-14 22:20:40, Info                  CSI    0000027f [SR] Verify complete
2014-12-14 22:20:40, Info                  CSI    00000280 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:20:40, Info                  CSI    00000281 [SR] Beginning Verify and Repair transaction
2014-12-14 22:20:46, Info                  CSI    0000028f [SR] Verify complete
2014-12-14 22:20:47, Info                  CSI    00000290 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:20:47, Info                  CSI    00000291 [SR] Beginning Verify and Repair transaction
2014-12-14 22:20:55, Info                  CSI    00000293 [SR] Verify complete
2014-12-14 22:20:55, Info                  CSI    00000294 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:20:55, Info                  CSI    00000295 [SR] Beginning Verify and Repair transaction
2014-12-14 22:21:02, Info                  CSI    000002a3 [SR] Verify complete
2014-12-14 22:21:03, Info                  CSI    000002a4 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:21:03, Info                  CSI    000002a5 [SR] Beginning Verify and Repair transaction
2014-12-14 22:21:06, Info                  CSI    000002a7 [SR] Verify complete
2014-12-14 22:21:06, Info                  CSI    000002a8 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:21:06, Info                  CSI    000002a9 [SR] Beginning Verify and Repair transaction
2014-12-14 22:21:12, Info                  CSI    000002ab [SR] Verify complete
2014-12-14 22:21:12, Info                  CSI    000002ac [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:21:12, Info                  CSI    000002ad [SR] Beginning Verify and Repair transaction
2014-12-14 22:21:20, Info                  CSI    000002b0 [SR] Verify complete
2014-12-14 22:21:20, Info                  CSI    000002b1 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:21:20, Info                  CSI    000002b2 [SR] Beginning Verify and Repair transaction
2014-12-14 22:21:22, Info                  CSI    000002b4 [SR] Verify complete
2014-12-14 22:21:22, Info                  CSI    000002b5 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:21:22, Info                  CSI    000002b6 [SR] Beginning Verify and Repair transaction
2014-12-14 22:21:30, Info                  CSI    000002b8 [SR] Verify complete
2014-12-14 22:21:30, Info                  CSI    000002b9 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:21:30, Info                  CSI    000002ba [SR] Beginning Verify and Repair transaction
2014-12-14 22:21:37, Info                  CSI    000002bc [SR] Verify complete
2014-12-14 22:21:37, Info                  CSI    000002bd [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:21:37, Info                  CSI    000002be [SR] Beginning Verify and Repair transaction
2014-12-14 22:21:45, Info                  CSI    000002c0 [SR] Verify complete
2014-12-14 22:21:45, Info                  CSI    000002c1 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:21:45, Info                  CSI    000002c2 [SR] Beginning Verify and Repair transaction
2014-12-14 22:21:55, Info                  CSI    000002dc [SR] Verify complete
2014-12-14 22:21:55, Info                  CSI    000002dd [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:21:55, Info                  CSI    000002de [SR] Beginning Verify and Repair transaction
2014-12-14 22:22:12, Info                  CSI    000002e0 [SR] Verify complete
2014-12-14 22:22:13, Info                  CSI    000002e1 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:22:13, Info                  CSI    000002e2 [SR] Beginning Verify and Repair transaction
2014-12-14 22:22:19, Info                  CSI    000002e4 [SR] Verify complete
2014-12-14 22:22:20, Info                  CSI    000002e5 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:22:20, Info                  CSI    000002e6 [SR] Beginning Verify and Repair transaction
2014-12-14 22:22:25, Info                  CSI    000002e8 [SR] Verify complete
2014-12-14 22:22:25, Info                  CSI    000002e9 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:22:25, Info                  CSI    000002ea [SR] Beginning Verify and Repair transaction
2014-12-14 22:22:30, Info                  CSI    000002ee [SR] Verify complete
2014-12-14 22:22:30, Info                  CSI    000002ef [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:22:30, Info                  CSI    000002f0 [SR] Beginning Verify and Repair transaction
2014-12-14 22:22:36, Info                  CSI    000002f2 [SR] Verify complete
2014-12-14 22:22:36, Info                  CSI    000002f3 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:22:36, Info                  CSI    000002f4 [SR] Beginning Verify and Repair transaction
2014-12-14 22:22:43, Info                  CSI    000002f6 [SR] Verify complete
2014-12-14 22:22:44, Info                  CSI    000002f7 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:22:44, Info                  CSI    000002f8 [SR] Beginning Verify and Repair transaction
2014-12-14 22:22:50, Info                  CSI    000002fa [SR] Verify complete
2014-12-14 22:22:50, Info                  CSI    000002fb [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:22:50, Info                  CSI    000002fc [SR] Beginning Verify and Repair transaction
2014-12-14 22:23:02, Info                  CSI    000002ff [SR] Verify complete
2014-12-14 22:23:02, Info                  CSI    00000300 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:23:02, Info                  CSI    00000301 [SR] Beginning Verify and Repair transaction
2014-12-14 22:23:08, Info                  CSI    00000303 [SR] Verify complete
2014-12-14 22:23:08, Info                  CSI    00000304 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:23:08, Info                  CSI    00000305 [SR] Beginning Verify and Repair transaction
2014-12-14 22:23:14, Info                  CSI    00000307 [SR] Verify complete
2014-12-14 22:23:15, Info                  CSI    00000308 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:23:15, Info                  CSI    00000309 [SR] Beginning Verify and Repair transaction
2014-12-14 22:23:23, Info                  CSI    0000030b [SR] Verify complete
2014-12-14 22:23:23, Info                  CSI    0000030c [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:23:23, Info                  CSI    0000030d [SR] Beginning Verify and Repair transaction
2014-12-14 22:23:30, Info                  CSI    00000310 [SR] Verify complete
2014-12-14 22:23:30, Info                  CSI    00000311 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:23:30, Info                  CSI    00000312 [SR] Beginning Verify and Repair transaction
2014-12-14 22:23:37, Info                  CSI    00000314 [SR] Verify complete
2014-12-14 22:23:37, Info                  CSI    00000315 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:23:37, Info                  CSI    00000316 [SR] Beginning Verify and Repair transaction
2014-12-14 22:23:45, Info                  CSI    00000318 [SR] Verify complete
2014-12-14 22:23:45, Info                  CSI    00000319 [SR] Verifying 100 (0x0000000000000064) components
2014-12-14 22:23:45, Info                  CSI    0000031a [SR] Beginning Verify and Repair transaction
2014-12-14 22:23:52, Info                  CSI    0000031c [SR] Verify complete
2014-12-14 22:23:52, Info                  CSI    0000031d [SR] Verifying 92 (0x000000000000005c) components
2014-12-14 22:23:52, Info                  CSI    0000031e [SR] Beginning Verify and Repair transaction
2014-12-14 22:23:58, Info                  CSI    00000320 [SR] Verify complete
2014-12-14 22:23:58, Info                  CSI    00000321 [SR] Repairing 0 components
2014-12-14 22:23:58, Info                  CSI    00000322 [SR] Beginning Verify and Repair transaction
2014-12-14 22:23:58, Info                  CSI    00000324 [SR] Repair complete
 
 
VEW - System
------------------
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 14/12/2014 11:22:54 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/12/2014 1:14:21 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  bdfwfpf
 
Log: 'System' Date/Time: 15/12/2014 1:12:49 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
 
Log: 'System' Date/Time: 15/12/2014 1:12:34 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 15/12/2014 1:12:18 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The PMEM service failed to start due to the following error:  This driver has been blocked from loading
 
Log: 'System' Date/Time: 15/12/2014 1:12:18 AM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\Windows\SysWow64\drivers\PMEMNT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Log: 'System' Date/Time: 15/12/2014 1:08:21 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/12/2014 3:01:38 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name servedby.flashtalking.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 15/12/2014 3:00:18 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.remote.wiley.com;*.wiley.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 15/12/2014 2:59:58 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.remote.wiley.com;*.wiley.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 15/12/2014 1:10:11 AM
Type: Warning Category: 0
Event: 27 Source: e1cexpress
Intel® 82579LM Gigabit Network Connection  Network link is disconnected. 
 
 
VEW - Application
-----------------------
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 14/12/2014 11:23:52 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 15/12/2014 1:13:29 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=88, authorId=0, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 15/12/2014 1:13:29 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=0, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 15/12/2014 1:13:29 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=13, authorId=0, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 15/12/2014 1:13:29 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 15/12/2014 1:13:29 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 15/12/2014 1:13:29 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 15/12/2014 1:13:29 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 15/12/2014 1:13:29 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 15/12/2014 1:13:29 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=18, authorId=8086, vendorId=0, vendorType=0
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 15/12/2014 1:08:25 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   2 user registry handles leaked from \Registry\User\S-1-5-21-598280094-1804934353-2193003435-1000:
Process 1920 (\Device\HarddiskVolume1\Program Files\Lenovo\HOTKEY\tphkload.exe) has opened key \REGISTRY\USER\S-1-5-21-598280094-1804934353-2193003435-1000
Process 840 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-598280094-1804934353-2193003435-1000
 
 

  • 0

Advertisements


#11
givemefood

givemefood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

BTW - I plan on uninstalling Ad-aware and Malwarebytes.

 

Thanks for your help.


  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Malwarebytes can stay.  It's not an anti-virus.  What about BitDefender?  Have you tried to uninstall it?  Do you need the Cisco VPN?  Is it even still on your PC?  There are a lot of errors from it. 

 

When you ran FRST did it create two logs in the same folder?  Can you post them.


  • 0

#13
givemefood

givemefood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

What is BitDefender? How do I identify and remove it? I can uninstall Cisco vpn.


  • 0

#14
givemefood

givemefood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

FRST.txt

-----------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by rry (administrator) on IBM-2F08I7T981U on 15-12-2014 07:22:28
Running from C:\Users\IBM_ADMIN\Downloads
Loaded Profiles: rryanthony & UpdatusUser (Available profiles: rryanthony & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(IBM Corp.) C:\Program Files (x86)\C4ebreg\c4ebreg.exe
(IBM Corp.) C:\sdwork\issimsvc.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(IBM Corp) C:\notes\SUService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(IBM) C:\notes\nsd.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe
(Symantec Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
(IBM) C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\soffice.bin
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
(IBM Corp.) C:\Program Files (x86)\C4ebreg\isamtray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Symantec Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
(IBM Corp.) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe
(Symantec Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPcbt64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(IBM Corp.) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetClient.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetMsg.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\AT&T Network Client\SwiApiMux.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2012-01-27] (Synaptics Incorporated)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [42344 2011-07-22] (Lenovo Group Limited)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM-x32\...\Run: [ACWLIcon] => C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe [195648 2011-10-20] (Lenovo)
HKLM-x32\...\Run: [ACTray] => C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe [433216 2011-10-20] (Lenovo)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe [307184 2011-03-02] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe [518640 2011-01-12] ()
HKLM-x32\...\Run: [C4EBReg] => C:\Program Files (x86)\C4ebreg\c4ebreg.exe [576240 2014-11-14] (IBM Corp.)
HKLM-x32\...\Run: [Isamtray] => C:\Program Files (x86)\C4ebreg\isamtray.exe [381680 2014-11-14] (IBM Corp.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM Group Policy restriction on software: xpmmsilauncher*.exe <====== ATTENTION
HKLM Group Policy restriction on software: WindowsXPMode*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\Run: [NetSP - restore settings on power failure] => C:\Program Files (x86)\AT&T Network Client\NetSP.exe [53600 2010-09-09] (AT&T)
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\Run: [NotesSODCPreLoad] => C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\preload.exe [40960 2012-01-30] ()
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\Run: [GoogleChromeAutoLaunch_47692A8BDE1D0898868E82D17210B48D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [239720 2011-08-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [200808 2011-08-12] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AT&T Global Network Client Monitor.lnk
ShortcutTarget: AT&T Global Network Client Monitor.lnk -> C:\Windows\Installer\{007AAB7C-E893-48BD-9DA2-7F417CA16322}\NetGM1_89563E53ECF44E868145468A128BDC83.exe (Acresso Software Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\InfoPrint Select Notification.lnk
ShortcutTarget: InfoPrint Select Notification.lnk -> C:\Program Files\IBM\Infoprint Select\ipnotify.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PGP Tray.lnk
ShortcutTarget: PGP Tray.lnk -> C:\Windows\Installer\{806D3984-9484-470A-BC63-3B7F65488B58}\Icon6560581611.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk
ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-598280094-1804934353-2193003435-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-598280094-1804934353-2193003435-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\IBM\Java60\jre\bin\ssv.dll (IBM)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll (IBM)
BHO-x32: Plugin Class -> {56CD20F0-7C09-11D5-A768-0050042307CE} -> c:\program files (x86)\sap\sap tutor\free_playerie.dll (SAP AG)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://
DPF: HKLM-x32 {00627E89-A19D-4A2B-938B-059CB7B1B493} C:\Users\IBM_AD~1\AppData\Local\Temp\f5tmp\f5certchk.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} http://
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\IBM_AD~1\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\IBM_AD~1\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} C:\Users\IBM_AD~1\AppData\Local\Temp\f5tmp\f5InspectionHost.cab
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\IBM_AD~1\AppData\Local\Temp\f5tmp\urxhost.cab
DPF: HKLM-x32 {E734BF43-7194-4E3A-832F-307606DDF665} https://cs.conferenc...ts/WDPLUGIN.CAB
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 08 C:\Program Files (x86)\Open Text\SOCKS Client\HumSOCKS.dll [528896] (Open Text Corporation)
Winsock: Catalog5-x64 08 C:\Program Files\Open Text\SOCKS Client\HumSOCKS.dll [727040] (Open Text Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{AC2CF689-6241-4B37-B9AA-C711A5084DE0}: [NameServer] 9.0.130.50,9.0.128.50
 
FireFox:
========
FF ProfilePath: C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default
FF Homepage: w3.ibm.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @IBM.com/Java60 -> C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @IBM.com/Java,version=1.6.0 -> C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
FF Plugin-x32: @IBM.com/JavaPlugin -> C:\Program Files (x86)\IBM\Java60\jre\bin\plugin2\npjp2.dll (IBM)
FF Plugin-x32: @IBM.com/WDPlugin,version=1 -> C:\Program Files (x86)\Mozilla Firefox\plugins ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-598280094-1804934353-2193003435-1000: @citrixonline.com/appdetectorplugin -> C:\Users\IBM_ADMIN\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-598280094-1804934353-2193003435-1000: @IBM.com/WDPlugin,version=1 -> C:\Program Files (x86)\Mozilla Firefox\plugins ()
FF Plugin HKU\S-1-5-21-598280094-1804934353-2193003435-1000: LWAPlugin15.8 -> C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF user.js: detected! => C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npcpsweb.dll (IBM )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwdplugin821.dll (IBM )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: RivalGaming  - C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2012-07-26]
FF Extension: IBM Add To Notes Address Book BluePages Plugin - C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\Extensions\[email protected] [2012-01-30]
FF Extension: IBM CCK - C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\Extensions\[email protected] [2014-12-02]
FF Extension: IE Tab 2 (FF 3.6+) - IBM Edition - C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\Extensions\[email protected] [2013-10-01]
FF Extension: WebSlingPlayer - C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2012-07-25]
FF Extension: Cookies Manager+ - C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2013-03-31]
FF Extension: F5 Networks Host Plugin - C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2014-12-14]
FF Extension: IBM Add To Notes Address Book BluePages Plugin - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013-12-16]
FF Extension: IBM CCK - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013-12-16]
FF Extension: IE Tab + (IBM Edition) - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013-12-16]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2013-12-16]
 
Chrome: 
=======
CHR Profile: C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-12]
CHR Extension: (Google Drive) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-12]
CHR Extension: (Google Search) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-12]
CHR Extension: (Vibe for Google Chrome™) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbnookjgoaaelhciadikaadnkgmiamei [2014-09-30]
CHR Extension: (Ark Browser Plugin) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\edppjepaddkecolndfomijbbccbepinm [2014-09-30]
CHR Extension: (Yesware Email Tracking) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjnkapjmjfpipfcccnjbjcbgdnahpjp [2014-10-21]
CHR Extension: (Rapportive) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2014-09-29]
CHR Extension: (Profile Visitors for Facebook) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk [2014-12-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (Google Wallet) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-12]
CHR Extension: (SEO for Chrome) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2014-12-08]
CHR Extension: (Gmail) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-12]
CHR HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2011-02-09] ()
R2 BESClient; C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe [5387640 2013-05-03] (IBM Corp.)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [39408 2011-02-25] ()
R2 cpextender; C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [353672 2009-11-02] (Check Point Software Technologies)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2011-03-24] (Lenovo.)
R2 Intelligent Response Agent; C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe [13387128 2012-09-25] ()
R2 ISAMSvc; C:\Program Files (x86)\C4ebreg\c4ebreg.exe [576240 2014-11-14] (IBM Corp.) [File not signed]
R2 ISSIMon; c:\sdwork\issimsvc.exe [184088 2012-09-07] (IBM Corp.) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 LNSUSvc; c:\notes\SUService.exe [192104 2013-08-01] (IBM Corp)
R2 Lotus Notes Diagnostics; c:\notes\nsd.exe [4456040 2013-08-01] (IBM)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 netcfgsvr; C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe [476000 2010-09-09] (AT&T)
R2 NetClientSvc; C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe [349536 2010-09-09] (AT&T)
R2 NetLogSvc; C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe [79200 2010-09-09] (AT&T)
R2 PGP RDD Service; C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [1588544 2012-07-21] (Symantec Corporation)
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1099248 2011-03-02] (Sonic Solutions)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2013-10-20] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2013-10-20] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2013-10-20] (Symantec Corporation)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
S3 TRCTARGET; C:\Program Files (x86)\IBM\Tivoli\Remote Control\Target\trc_base.exe [745472 2012-02-09] (IBM Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 agnfilt; C:\Windows\System32\DRIVERS\agnfilt.sys [190464 2010-09-09] (AT&T)
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-08-21] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2014-08-21] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-08-21] (BitDefender)
R3 avpnnic; C:\Windows\System32\DRIVERS\avpnnic.sys [14848 2010-06-29] (AT&T)
S1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2014-07-10] (BitDefender LLC)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20141210.012\BHDrvx64.sys [1586904 2014-10-03] (Symantec Corporation)
R1 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [169048 2013-10-20] (Symantec Corporation)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-10] (Intel Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2012-01-27] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2012-01-27] (Ericsson AB)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-07-10] (BitDefender LLC)
S3 huawei_update; C:\Windows\system32\drivers\ew_hwupgrade.sys [22528 2012-01-27] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20141212.011\IDSvia64.sys [637656 2014-11-18] (Symantec Corporation)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x64.sys [348944 2011-06-15] (Intel® Corporation)
R0 ioatdma; C:\Windows\System32\Drivers\ioatdma.sys [46792 2009-11-16] (Intel Corporation)
S3 ioatdma1; C:\Windows\System32\Drivers\qd160x64.sys [40144 2009-11-16] (Intel Corporation)
S3 ioatdma2; C:\Windows\System32\Drivers\qd260x64.sys [41168 2009-11-16] (Intel Corporation)
S3 l36wgps; C:\Windows\system32\drivers\l36wgps64.sys [101416 2012-01-27] (Ericsson AB)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2012-01-27] (Lenovo)
R3 Mandiant_Tools; C:\ProgramData\MANDIANT\MANDIANT Intelligent Response Agent\mktools.sys [25168 2014-07-29] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [411208 2012-01-27] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [419912 2012-01-27] (MCCI Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141214.004\ENG64.SYS [129752 2014-09-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141214.004\EX64.SYS [2137304 2014-09-24] (Symantec Corporation)
R2 PGPdisk; C:\Windows\System32\Drivers\PGPdisk.sys [273848 2012-07-21] (Symantec Corporation)
R1 PGPsdkDriver; C:\Windows\System32\Drivers\PGPsdk.sys [51856 2012-07-21] (Symantec Corporation)
R0 PGPwded; C:\Windows\System32\Drivers\PGPwded.sys [372704 2012-07-21] (Symantec Corporation)
R0 Pgpwdefs; C:\Windows\System32\DRIVERS\Pgpwdefs.sys [15848 2012-07-21] (Symantec Corporation)
S2 PMEM; C:\Windows\SysWOW64\drivers\PMEMNT.SYS [7012 2002-07-17] (Microsoft Corporation) [File not signed]
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2013-10-20] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2013-10-20] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [34800 2013-10-20] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2013-10-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2013-10-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2013-10-20] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2013-10-20] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155352 2014-02-27] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [92456 2013-10-20] (Symantec Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-11-22] (Acronis)
R3 VNA; C:\Windows\System32\DRIVERS\vna.sys [161256 2009-11-02] (Check Point Software Technologies)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-15 07:22 - 2014-12-15 07:22 - 00041014 _____ () C:\Users\IBM_ADMIN\Downloads\FRST.txt
2014-12-15 07:22 - 2014-12-15 07:22 - 00000000 ____D () C:\FRST
2014-12-15 07:21 - 2014-12-15 07:21 - 02119168 _____ (Farbar) C:\Users\IBM_ADMIN\Downloads\FRST64.exe
2014-12-15 00:21 - 2014-12-15 00:21 - 00000018 _____ () C:\Users\IBM_ADMIN\Desktop\Christmas_2014_List.txt
2014-12-14 23:54 - 2014-12-14 23:54 - 01056912 _____ () C:\Users\IBM_ADMIN\Downloads\Connecting v2.pptx
2014-12-14 23:51 - 2014-12-14 23:51 - 00000000 ____D () C:\ProgramData\F5 Networks
2014-12-14 23:51 - 2014-12-14 23:51 - 00000000 _____ () C:\Windows\f5unistall.INI
2014-12-14 23:24 - 2014-12-14 23:24 - 00003337 _____ () C:\VEW_application.txt
2014-12-14 23:23 - 2014-12-14 23:23 - 00003110 _____ () C:\VEW_system.txt
2014-12-14 23:22 - 2014-12-14 23:23 - 00003337 _____ () C:\VEW.txt
2014-12-14 22:26 - 2014-12-14 22:26 - 00061440 _____ ( ) C:\Users\IBM_ADMIN\Desktop\VEW.exe
2014-12-14 22:25 - 2014-12-14 22:25 - 00040962 _____ () C:\Users\IBM_ADMIN\Desktop\junk.txt
2014-12-14 22:10 - 2014-12-14 22:10 - 01213024 _____ () C:\Users\IBM_ADMIN\Downloads\IBM Administration v6.pptx
2014-12-14 22:08 - 2014-12-14 22:11 - 00000000 ____D () C:\Users\IBM_ADMIN\Documents\Wiley
2014-12-13 21:56 - 2014-12-13 21:56 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\IBM_ADMIN\Downloads\tdsskiller.exe
2014-12-12 15:31 - 2014-12-12 15:31 - 00041435 _____ () C:\ComboFix.txt
2014-12-12 14:20 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-12 14:20 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-12 14:20 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-12 14:20 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-12 14:20 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-12 14:20 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-12 14:20 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-12 14:20 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-12 14:19 - 2014-12-12 15:32 - 00000000 ____D () C:\Qoobox
2014-12-12 14:18 - 2014-12-12 15:22 - 00000000 ____D () C:\Windows\erdnt
2014-12-12 12:16 - 2014-12-12 12:16 - 05198336 _____ (AVAST Software) C:\Users\IBM_ADMIN\Desktop\aswmbr.exe
2014-12-12 11:40 - 2014-12-12 11:43 - 00001832 _____ () C:\Users\IBM_ADMIN\AppData\Local\SLC_rryanthony.prx
2014-12-12 11:38 - 2014-12-12 11:38 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2014-12-12 11:35 - 2014-12-12 11:35 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Roaming\CheckPoint
2014-12-12 10:44 - 2014-12-12 10:44 - 00000000 ____D () C:\_OTL
2014-12-11 14:52 - 2014-12-11 14:52 - 06290457 _____ () C:\Users\IBM_ADMIN\Downloads\Project Tm Security Strategy.zip
2014-12-10 21:41 - 2014-12-10 22:25 - 00089200 _____ () C:\Users\IBM_ADMIN\Downloads\Extras.Txt
2014-12-10 21:39 - 2014-12-14 10:08 - 00303578 _____ () C:\Users\IBM_ADMIN\Downloads\OTL.Txt
2014-12-10 21:21 - 2014-12-10 21:22 - 00602112 _____ (OldTimer Tools) C:\Users\IBM_ADMIN\Downloads\OTL.exe
2014-12-10 20:13 - 2014-12-14 22:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-10 20:12 - 2014-12-10 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-10 20:12 - 2014-12-10 20:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-10 20:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-10 20:12 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-10 20:08 - 2014-12-10 20:12 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\IBM_ADMIN\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-09 11:57 - 2014-12-09 11:57 - 01743906 _____ () C:\Users\IBM_ADMIN\Downloads\Sizing kickoff (1).pptx
2014-12-09 10:59 - 2014-12-09 10:59 - 00000040 ____H () C:\Users\IBM_ADMIN\Downloads\.picasa.ini
2014-12-09 07:27 - 2014-12-09 07:27 - 00277504 _____ () C:\Users\IBM_ADMIN\Downloads\Hosting and Cloud Services RACI.xls
2014-12-09 07:21 - 2014-12-09 07:21 - 00216092 _____ () C:\Users\IBM_ADMIN\Downloads\Post Processing Task List.xlsx
2014-12-09 07:18 - 2014-12-09 07:18 - 00190976 _____ () C:\Users\IBM_ADMIN\Downloads\Example - Infrastructure Deployment Plan Workbook.xls
2014-12-09 07:08 - 2014-12-09 07:09 - 11050496 _____ () C:\Users\IBM_ADMIN\Downloads\Sizing Results.ppt
2014-12-09 07:07 - 2014-12-09 07:08 - 01743906 _____ () C:\Users\IBM_ADMIN\Downloads\Sizing kickoff.pptx
2014-12-08 17:34 - 2014-12-08 17:34 - 03830272 _____ () C:\Users\IBM_ADMIN\Desktop\Align Technology Methods Tools Adoption Workshops 2014-10-15 (Tools Only).ppt
2014-12-08 17:29 - 2014-12-08 17:29 - 13356544 _____ () C:\Users\IBM_ADMIN\Desktop\IBM Tools for SAP 23 August 2013 VX.ppt
2014-12-08 14:41 - 2014-12-08 14:41 - 01900032 _____ () C:\Users\IBM_ADMIN\Downloads\IBM deployment accelerator overview 1-2.ppt
2014-12-08 10:44 - 2014-12-08 10:47 - 00000000 ____D () C:\Users\IBM_ADMIN\Downloads\Adobe Acrobat XI Pro 11.0.9 Multilanguage [ChingLiu]
2014-12-08 09:18 - 2014-12-08 09:18 - 00160375 _____ () C:\Users\IBM_ADMIN\Downloads\Renet (1)
2014-12-08 08:53 - 2014-12-08 08:53 - 00160375 _____ () C:\Users\IBM_ADMIN\Downloads\Renet
2014-12-04 20:39 - 2014-12-04 20:39 - 00184320 _____ () C:\Users\IBM_ADMIN\Downloads\Project Governance Model.ppt
2014-12-04 20:39 - 2014-12-04 20:39 - 00032768 _____ () C:\Users\IBM_ADMIN\Downloads\PMO Issue Tracker.xls
2014-12-04 20:30 - 2014-12-04 20:30 - 00107851 _____ () C:\Users\IBM_ADMIN\Downloads\Oracle Implementation Project Issue Escalation Process v2.pptx
2014-12-02 14:31 - 2014-12-02 14:32 - 02046375 _____ () C:\Users\IBM_ADMIN\Desktop\SOLMAN  Assesment V01.2.pptx
2014-12-02 14:06 - 2014-12-02 14:06 - 00720171 _____ () C:\Users\IBM_ADMIN\Desktop\SOLMAN Roadmap v0.2.pptx
2014-12-01 22:24 - 2014-12-01 22:24 - 00057344 _____ () C:\Users\IBM_ADMIN\Downloads\image.jpeg
2014-11-27 08:16 - 2014-11-27 08:16 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Roaming\Lavasoft
2014-11-26 23:37 - 2014-11-26 23:37 - 00000000 ____D () C:\ProgramData\BitDefender
2014-11-26 23:33 - 2014-11-26 23:33 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Roaming\LavasoftStatistics
2014-11-26 23:33 - 2014-07-10 14:09 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2014-11-26 23:32 - 2014-12-14 20:15 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-11-26 23:32 - 2014-11-26 23:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-11-26 23:32 - 2014-11-26 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-11-26 23:32 - 2014-07-10 14:08 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2014-11-26 23:32 - 2014-07-10 14:08 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2014-11-26 23:32 - 2014-07-10 14:08 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2014-11-26 23:32 - 2014-07-10 14:08 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2014-11-26 23:32 - 2014-07-10 14:08 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2014-11-26 23:32 - 2014-07-10 14:08 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2014-11-26 23:32 - 2014-07-10 14:08 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2014-11-26 23:31 - 2014-11-26 23:31 - 00000000 ____D () C:\Program Files\Lavasoft
2014-11-26 23:29 - 2014-11-26 23:29 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-11-26 23:28 - 2014-11-26 23:28 - 01753736 _____ () C:\Users\IBM_ADMIN\Downloads\Adaware_Installer.exe
2014-11-26 23:28 - 2014-11-26 23:28 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-11-24 12:29 - 2014-11-24 12:29 - 00000255 _____ () C:\Users\IBM_ADMIN\Downloads\embed_code_no_ad_630.html
2014-11-24 12:18 - 2014-11-24 12:18 - 00042525 _____ () C:\Users\IBM_ADMIN\Desktop\B3LE3_-CAAEwHoN.jpg-large
2014-11-24 11:48 - 2014-11-24 12:47 - 3754366204 _____ () C:\Users\IBM_ADMIN\Downloads\www.TamilRockers.net - Retta Vaalu (2014) [1080p HD - AVC - DD - 3.6GB - Tamil].ts
2014-11-24 07:37 - 2014-11-24 07:37 - 00000000 ____D () C:\Users\IBM_ADMIN\Downloads\IBM_Detailed_Status_Entry_1_5_3
2014-11-24 07:36 - 2014-11-24 07:36 - 02074594 _____ () C:\Users\IBM_ADMIN\Downloads\IBM_Detailed_Status_Entry_1_5_3.zip
2014-11-18 13:42 - 2014-11-18 13:42 - 00001644 _____ () C:\Users\IBM_ADMIN\Downloads\webprmpt (3).pl
2014-11-18 13:42 - 2014-11-18 13:42 - 00001644 _____ () C:\Users\IBM_ADMIN\Downloads\webprmpt (2).pl
2014-11-18 11:52 - 2014-12-12 10:32 - 00004934 _____ () C:\Users\IBM_ADMIN\Desktop\Misc Nov 2014.txt
2014-11-18 10:08 - 2014-11-18 10:09 - 00560749 _____ () C:\Users\IBM_ADMIN\Desktop\Method Refresh Training - Testing.pptx
2014-11-18 07:51 - 2014-11-18 07:51 - 00000000 ____D () C:\Users\IBM_ADMIN\Downloads\DetailStatusEntry_Training_Matls_2011
2014-11-17 21:37 - 2014-11-17 21:39 - 361225302 _____ () C:\Users\IBM_ADMIN\Downloads\BUBBLE TEAM CUT 2.mp4
2014-11-17 11:15 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-17 11:14 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-17 11:14 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-17 11:12 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-17 11:12 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-17 11:12 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-17 11:12 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-17 11:12 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-17 11:12 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-17 11:12 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-17 11:12 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-17 11:12 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-17 11:12 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-11-17 11:12 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-11-17 11:12 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-11-17 11:12 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-11-17 11:12 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-11-17 11:08 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-17 11:08 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-17 11:08 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-17 11:08 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-17 11:08 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-17 11:08 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-17 11:08 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-17 11:08 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-17 11:07 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-17 11:07 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-17 11:07 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-17 11:07 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-17 11:05 - 2014-09-19 04:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-17 11:05 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-17 11:05 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-17 11:05 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-17 11:05 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-17 11:05 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-17 11:05 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-17 11:05 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-17 11:05 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-17 11:05 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-17 11:05 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-17 11:05 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-17 11:05 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-17 11:05 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-17 11:05 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-17 11:02 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-17 11:02 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-17 11:01 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-17 11:01 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-15 07:19 - 2012-11-27 13:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-15 07:02 - 2014-04-14 08:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-15 06:35 - 2014-03-07 10:01 - 00000594 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-598280094-1804934353-2193003435-1000.job
2014-12-15 02:02 - 2010-07-13 17:52 - 00000000 ____D () C:\ProgramData\Symantec
2014-12-15 02:00 - 2014-06-22 10:14 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Local\Adobe
2014-12-15 01:07 - 2012-06-28 04:01 - 01719182 _____ () C:\Windows\WindowsUpdate.log
2014-12-14 22:01 - 2012-11-27 14:16 - 00000000 ___RD () C:\Users\IBM_ADMIN\Google Drive
2014-12-14 20:23 - 2009-07-13 23:45 - 00027696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-14 20:23 - 2009-07-13 23:45 - 00027696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 20:16 - 2012-01-30 09:41 - 00000000 ____D () C:\ProgramData\Sonic
2014-12-14 20:12 - 2012-11-27 13:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-14 20:12 - 2012-01-30 08:45 - 00054508 _____ () C:\SUService.log
2014-12-14 20:12 - 2011-03-25 16:42 - 00000000 ____D () C:\Program Files (x86)\C4ebreg
2014-12-14 20:12 - 2010-11-11 20:35 - 00000000 ____D () C:\sdwork
2014-12-14 20:11 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-14 20:10 - 2012-01-27 16:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-14 20:10 - 2011-09-29 04:03 - 00081762 _____ () C:\Windows\setupact.log
2014-12-14 20:09 - 2010-07-13 18:37 - 00503146 _____ () C:\Windows\PFRO.log
2014-12-14 20:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-12-12 15:31 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-12-12 15:07 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-12 14:41 - 2009-07-13 21:34 - 98304000 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-12-12 14:41 - 2009-07-13 21:34 - 19922944 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-12-12 14:41 - 2009-07-13 21:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-12-12 14:41 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-12-12 14:41 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-12-12 14:20 - 2009-07-14 00:13 - 00778950 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-12 12:39 - 2010-11-11 20:08 - 00000000 ____D () C:\Program Files (x86)\WST
2014-12-12 12:37 - 2012-07-22 19:45 - 00000000 ____D () C:\Users\IBM_ADMIN\Documents\SavedChats
2014-12-12 10:21 - 2013-12-12 11:26 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 10:31 - 2012-07-20 18:45 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Roaming\SAP
2014-12-11 10:31 - 2012-07-20 16:14 - 00000000 ____D () C:\Users\IBM_ADMIN\Documents\SAP
2014-12-11 10:31 - 2012-07-20 16:14 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Local\SAP
2014-12-10 22:08 - 2012-07-23 08:53 - 00000000 ____D () C:\Users\IBM_ADMIN\Documents\Personal
2014-12-10 20:12 - 2012-08-13 10:32 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-10 20:12 - 2012-08-13 10:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-08 13:23 - 2012-07-20 16:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-08 13:23 - 2012-01-27 14:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-05 16:05 - 2012-09-06 07:08 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Roaming\WDPlugin
2014-12-04 20:42 - 2012-07-26 10:34 - 00000000 ____D () C:\Users\IBM_ADMIN\Documents\Temp
2014-12-04 20:42 - 2012-07-22 19:41 - 00000000 ____D () C:\Users\IBM_ADMIN\Documents\PM&T
2014-12-04 20:34 - 2012-07-23 14:55 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Local\CrashDumps
2014-12-04 14:24 - 2012-07-26 17:27 - 00000059 _____ () C:\Windows\wpd99.drv
2014-12-04 14:24 - 2012-07-26 17:27 - 00000000 ____D () C:\ProgramData\pdf995
2014-12-03 14:30 - 2012-09-14 08:15 - 00000000 ____D () C:\ProgramData\WebEx
2014-11-24 12:24 - 2010-06-28 23:27 - 00000000 ____D () C:\Users\IBM_ADMIN
2014-11-21 06:14 - 2012-08-13 10:32 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-18 17:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-18 12:29 - 2014-04-14 08:11 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-18 07:29 - 2009-07-13 23:45 - 00546048 _____ () C:\Windows\system32\FNTCACHE.DAT
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-15 00:52
 
==================== End Of Log ============================
 
 
Addition.txt
--------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by rryanthony at 2014-12-15 07:23:35
Running from C:\Users\IBM_ADMIN\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft)
AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Muse (HKLM-x32\...\AdobeMuse) (Version: 7.0.314 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Network Client – IBM (HKLM-x32\...\{007AAB7C-E893-48BD-9DA2-7F417CA16322}) (Version: 8.2.0.3003 - AT&T)
AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 70.2014.0409.2153 - F5 Networks, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MX300 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series) (Version:  - )
Celtx (2.9.7) (HKLM-x32\...\Celtx (2.9.7)) (Version: 2.9.7 (en-US) - Greyfirst)
Check Point SSL Network Extender Service (HKLM-x32\...\{bd2dc9de-a525-48b8-8b62-f96efd6d81eb}) (Version: 7.01.0000 - CheckPoint)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.0.30 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.2 - Conexant)
CVE-2012-4792 (HKLM\...\{6631f21e-4389-4c67-9b10-cf2b559b8d4a}.sdb) (Version:  - )
CVE-2012-4792 (HKLM\...\{a1447a51-d8b1-4e93-bb19-82bd20da6fd2}.sdb) (Version:  - )
CVE-2013-3893 (HKLM\...\{55aab41f-5d5c-abdf-4568-baef76587bd7}.sdb) (Version:  - )
CVE-2014-0322 (HKLM\...\{25408f0a-987b-4ab0-a5ac-2ddb89ff22cf}.sdb) (Version:  - )
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\Dropbox) (Version: 2.10.41 - Dropbox, Inc.)
EASEUS Data Recovery Wizard Professional 5.5.1 (HKLM-x32\...\EASEUS Data Recovery Wizard Professional 5.5.1_is1) (Version:  - EASEUS)
ECL Viewer (HKLM-x32\...\SAP_ECL) (Version: 6.0 - SAP AG)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.3.120 - Final Draft, Inc.)
Final Draft 7 (HKLM-x32\...\{78D62D17-D970-42DA-B8CF-5E5576293B33}) (Version: 7.0.0.54 - Final Draft, Inc.)
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToMeeting 6.1.0.1312 (HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\GoToMeeting) (Version: 6.1.0.1312 - CitrixOnline)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
H&R Block Pennsylvania 2012 (HKLM-x32\...\{E8DD8C86-E233-4AE4-BB8A-C52D36D7756D}) (Version: 1.12.3501 - HRB Technology, LLC.)
H&R Block Pennsylvania 2013 (HKLM-x32\...\{7F62C83B-2474-498A-8F5C-E5C452DF2D15}) (Version: 1.13.4501 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.07.7803 - HRB Technology, LLC.)
IBM 32-bit Runtime Environment for Java v6 (HKLM-x32\...\InstallShield_{75E7FEE8-16B1-4B1D-82B4-9594A38EDF76}) (Version: 6 - IBM)
IBM 32-bit Runtime Environment for Java v6 (x32 Version: 6 - IBM) Hidden
IBM 64-bit Runtime Environment for Java v6 (HKLM-x32\...\InstallShield_{AEA927BE-882E-41E1-9969-B7AA74FB667C}) (Version: 6 - IBM)
IBM 64-bit Runtime Environment for Java v6 (Version: 6 - IBM) Hidden
IBM Endpoint Manager Client (HKLM-x32\...\{C7C91D55-F9E0-43AB-8006-BDF6B284B945}) (Version: 9.0.649.0 - IBM Corp.)
IBM Lotus Sametime Connect 8.5.1 (HKLM-x32\...\{D85DB905-556E-4FEC-8174-11C7746AAFD0}) (Version: 8.51.10219 - IBM)
IBM My Help (HKLM-x32\...\{DFF415AC-3883-4338-9365-DDCB74A0CFBA}) (Version: 1.5.14 - IBM)
IBM SmartCloud Meetings for IBM (HKLM-x32\...\{9C5C8B8B-D972-4901-B3A4-0987E288A0C3}) (Version: 8.5.10.40 - IBM Corporation)
IBM Solution Workbench for SAP 1.9.2 (HKLM-x32\...\IBM Solution Workbench for SAP_is1) (Version:  - IBM)
IBM Standard Asset Manager (HKLM-x32\...\IBMSAM) (Version:  - IBM Corporation)
IBM Standard Software Installer (HKLM-x32\...\ISSI) (Version:  - IBM Corporation)
IBM Tivoli Remote Control Ayúdame Premium Edition - Target (HKLM-x32\...\{E0E58ABE-8A49-4449-BC8A-EC83ABE72ACA}) (Version: 8.2.0.0104 - IBM United Kingdom Ltd.)
ICLA (HKLM-x32\...\{B8A92780-00E2-11D5-B354-00010381611A}) (Version: 1.05.0300 - IBM)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ILC (HKLM-x32\...\{CA96F3A1-F350-11D3-B354-002035C150E4}) (Version: 1.05.0300 - IBM)
InfoPrint Select (HKLM-x32\...\{66AF6743-9222-499E-8F09-7613033274E8}) (Version: 4.3.0 - InfoPrint Solutions Company)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.4 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lotus Notes 8.5.3 (HKLM-x32\...\{95246D82-99D2-4229-841E-6867C3251087}) (Version: 8.53.11258 - IBM)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MANDIANT Intelligent Response Agent (HKLM-x32\...\{19A7772F-0D3D-41A6-ABD3-AACBE3699F9B}) (Version: 2.2.1504 - MANDIANT)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{7BD1CCBE-BB22-469C-83DB-D9ED915A168C}) (Version: 15.8.8880.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{90120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM-x32\...\{90510409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.3216.5614 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Magic Screenwriter 6 (HKLM-x32\...\{DC10C616-22E5-40AD-A3EA-3E7A957ECDC7}) (Version: 6.05.89 - Write Brothers, Inc.)
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 275.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 275.93 - NVIDIA Corporation)
NVIDIA Graphics Driver 275.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.93 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.60.01 - )
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
Open Text SOCKS Client™ 14 x64 (HKLM\...\{88B0A781-AE43-40CA-B149-DEF1C82ACD9F}) (Version: 14.0.11.0 - Open Text Corporation)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )
Pdf995 (HKLM-x32\...\Pdf995) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
PGP Desktop (HKLM\...\{806D3984-9484-470A-BC63-3B7F65488B58}) (Version: 10.2.1.4869 - PGP Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pinnacle Studio 15 (HKLM-x32\...\{1362E602-9625-42D3-B57F-CDA9D26F9DA8}) (Version: 15.0.0.7593 - Pinnacle Systems)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Roxio Creator Silver 4 (HKLM-x32\...\{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}) (Version: 13.0 - Roxio)
SAP Business Explorer (HKLM-x32\...\SAPBI) (Version: 7.20 - SAP AG)
SAP GUI for Windows 7.20 (HKLM-x32\...\SAPGUI710) (Version: 7.20 Compilation 3 - SAP)
SAP Tutor Personal Player (HKLM-x32\...\SAP_TutorPersonalPlayer) (Version:  - SAP AG)
Snagit 11 (HKLM-x32\...\{F8E3C768-71F3-11E1-9DF7-70804824019B}) (Version: 11.0.1 - TechSmith Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Endpoint Protection (HKLM\...\{B53661DC-CD94-4B14-B15F-D9DDCFF72558}) (Version: 12.1.4013.4013 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.19.0 - Synaptics Incorporated)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2900 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.62.00.00 - )
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.48 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.85 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.08 - Lenovo)
UltraVnc (HKLM-x32\...\Ultravnc2_is1) (Version: 1.1.9.6 - uvnc bvba)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WebSlingPlayer ActiveX (HKLM-x32\...\{D91CBC0D-D45B-4FE7-AF44-E2BDD302CD9F}) (Version: 1.5.7158 - Sling Media)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinHTTrack Website Copier 3.47-27 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.47.27 - HTTrack)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Workstation Security Tool 2.7 (HKLM-x32\...\Workstation Security Tool_is1) (Version:  - IBM)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Local\Citrix\GoToMeeting\1312\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-12-12 15:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {165D3C29-7215-4A42-8C34-02CA67303A24} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-08] (Adobe Systems Incorporated)
Task: {39C55FD8-C6A3-44AA-80B7-21C5E41D1B7D} - System32\Tasks\Time Reminder => C:\Windows\ITSYSTEMS\Reminder\Reminder.vbs [2011-06-08] ()
Task: {3D40BE8E-BD9C-46B2-A084-69E9A1EB9B40} - System32\Tasks\AdobeAAMUpdater-1.0-IBM-2F08I7T981U-rryanthony => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {4AA86CE8-E151-4123-9369-773AD4EC6EDE} - System32\Tasks\G2MUpdateTask-S-1-5-21-598280094-1804934353-2193003435-1000 => C:\Users\IBM_ADMIN\AppData\Local\Citrix\GoToMeeting\1312\g2mupdate.exe [2014-03-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {50CCA8A7-4B9F-4F70-B6B8-244309002222} - System32\Tasks\Run My Help Delay => C:\Program Files (x86)\IBM\My Help\MyHelp.exe [2011-10-27] ()
Task: {7FD7D056-D29D-4B15-B435-FED4F707480D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27] (Google Inc.)
Task: {964653D9-FCB3-4408-B840-A216E1CEF56F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27] (Google Inc.)
Task: {CF5BE985-C9C6-4048-B5B4-9D5BBDB8B970} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-03-24] (Lenovo Group Limited)
Task: {E913EEDE-68FB-4D05-B7E8-52F5BE5DDC3D} - System32\Tasks\Run My Help => C:\Program Files (x86)\IBM\My Help\MyHelp.exe [2011-10-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-598280094-1804934353-2193003435-1000.job => C:\Users\IBM_ADMIN\AppData\Local\Citrix\GoToMeeting\1312\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-01-27 14:22 - 2010-03-15 23:14 - 00268800 _____ () C:\Windows\System32\selpms.dll
2012-01-27 14:22 - 2010-03-15 23:13 - 01132544 _____ () C:\Windows\System32\pdclntif.dll
2012-07-26 17:27 - 2012-04-26 14:51 - 00040448 _____ () C:\Windows\System32\pdf995mon64.dll
2012-01-27 14:22 - 2010-03-15 23:20 - 00039424 _____ () C:\PROGRAM FILES\IBM\INFOPRINT SELECT\pdresrc.dll
2011-02-09 17:36 - 2011-02-09 17:36 - 00457200 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2012-01-27 17:39 - 2011-03-24 03:48 - 00044544 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 02753360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareShellExtension.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\RCF.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_filesystem-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_system-vc100-mt-1_55.dll
2011-02-25 01:02 - 2011-02-25 01:02 - 00039408 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2012-09-25 16:03 - 2012-09-25 16:03 - 13387128 _____ () C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe
2014-10-15 13:37 - 2014-10-15 13:37 - 00707888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
2014-10-15 14:03 - 2014-10-15 14:03 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_thread-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_chrono-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_date_time-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 12459344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareServiceKernel.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_regex-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareActivation.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 02185560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareApplicationUpdater.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareGamingMode.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareReset.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTime.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00952152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdater.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01108808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIgnoreList.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00250696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareQuarantine.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00989016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiMalwareEngine.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiRootkitEngine.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerHistory.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01281344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScanner.dll
2014-10-15 14:04 - 2014-10-15 14:04 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_timer-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00976728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerScheduler.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01092440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtection.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIncompatibles.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00893768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiSpam.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00845136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiPhishing.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareParentalControl.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 02887504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareWebProtection.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareEmailProtection.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNetworkProtection.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePromo.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareFeedback.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareThreatWorkAlliance.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01264960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePinCode.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNotice.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAvcEngine.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01179496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtectionHistory.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\SecurityCenter.dll
2014-11-26 23:32 - 2014-07-10 14:08 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2014-11-26 23:38 - 2014-11-26 23:38 - 00766976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl
2014-11-26 23:37 - 2014-11-26 23:37 - 00556032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl
2014-11-26 23:38 - 2014-11-26 23:38 - 02575360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl
2014-11-26 23:38 - 2014-11-26 23:38 - 01306112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl
2012-01-27 07:51 - 2012-01-27 07:51 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2012-01-27 07:49 - 2012-01-27 07:49 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-01-27 17:30 - 2010-10-26 13:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-10-15 14:03 - 2014-10-15 14:03 - 08925504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
2014-10-15 14:03 - 2014-10-15 14:03 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_locale-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 02132800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\HtmlFramework.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\DllStorage.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTrayDefaultSkin.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\Localization.dll
2011-01-12 18:22 - 2011-01-12 18:22 - 00518640 _____ () C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
2011-10-20 10:12 - 2011-10-20 10:12 - 00086016 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-02-25 01:02 - 2011-02-25 01:02 - 03153904 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2011-02-25 01:02 - 2011-02-25 01:02 - 00523248 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2011-02-25 01:02 - 2011-02-25 01:02 - 00107504 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2010-03-23 12:26 - 2010-03-23 12:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2012-01-30 08:48 - 2012-01-30 08:48 - 00967168 _____ () C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\libxml2.dll
2012-01-30 08:48 - 2012-01-30 08:48 - 00163840 _____ () C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.system.win32_3.0.0.20110822-1305\basis\program\libxslt.dll
2012-01-30 08:48 - 2012-01-30 08:48 - 00139264 _____ () C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.base.win32_3.0.0.20110822-1305\basis\program\NSLDAP32V50.dll
2011-01-20 21:44 - 2011-01-20 21:44 - 00394224 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-12-14 20:16 - 2014-12-14 20:16 - 00098816 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\win32api.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00110080 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\pywintypes27.dll
2014-12-14 20:16 - 2014-12-14 20:16 - 00364544 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\pythoncom27.dll
2014-12-14 20:16 - 2014-12-14 20:16 - 00045568 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\_socket.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 01160704 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\_ssl.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00320512 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\win32com.shell.shell.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00713216 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\_hashlib.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 01175040 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\wx._core_.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00805888 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\wx._gdi_.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00811008 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\wx._windows_.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 01062400 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\wx._controls_.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00735232 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\wx._misc_.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00128512 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\_elementtree.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00127488 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\pyexpat.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00557056 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\pysqlite2._sqlite.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00087552 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\_ctypes.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00119808 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\win32file.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00108544 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\win32security.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00007168 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\hashobjs_ext.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00167936 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\win32gui.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00018432 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\win32event.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00038912 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\win32inet.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00011264 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\win32crypt.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00070656 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\wx._html2.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00027136 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\_multiprocessing.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00035840 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\win32process.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00686080 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\unicodedata.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00122368 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\wx._wizard.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00024064 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\win32pipe.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00025600 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\win32pdh.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00525640 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\windows._lib_cacheinvalidation.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00010240 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\select.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00017408 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\win32profile.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00022528 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\win32ts.pyd
2014-12-14 20:16 - 2014-12-14 20:16 - 00078336 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI68122\wx._animate.pyd
2012-01-08 08:41 - 2012-01-08 08:41 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-12-12 10:21 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 10:21 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 10:21 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 10:21 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2011-10-05 03:52 - 2011-10-05 03:52 - 00756048 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-12-12 10:21 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\IBM_ADMIN\Local Settings:s9CLc9Uqs52EW1aEg17R2W
AlternateDataStreams: C:\Users\IBM_ADMIN\AppData\Local:s9CLc9Uqs52EW1aEg17R2W
AlternateDataStreams: C:\Users\IBM_ADMIN\AppData\Local\Application Data:s9CLc9Uqs52EW1aEg17R2W
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-598280094-1804934353-2193003435-500 - Administrator - Disabled)
Guest (S-1-5-21-598280094-1804934353-2193003435-501 - Limited - Disabled)
rryanthony (S-1-5-21-598280094-1804934353-2193003435-1000 - Administrator - Enabled) => C:\Users\IBM_ADMIN
UpdatusUser (S-1-5-21-598280094-1804934353-2193003435-1002 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/15/2014 00:55:26 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (12/14/2014 08:13:29 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=88, authorId=0, vendorId=0, vendorType=0
 
Error: (12/14/2014 08:13:29 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=0, vendorId=0, vendorType=0
 
Error: (12/14/2014 08:13:29 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=13, authorId=0, vendorId=0, vendorType=0
 
Error: (12/14/2014 08:13:29 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (12/14/2014 08:13:29 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (12/14/2014 08:13:29 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (12/14/2014 08:13:29 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0
 
Error: (12/14/2014 08:13:29 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0
 
Error: (12/14/2014 08:13:29 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=18, authorId=8086, vendorId=0, vendorType=0
 
 
System errors:
=============
Error: (12/15/2014 02:01:43 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (12/14/2014 08:14:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
bdfwfpf
 
Error: (12/14/2014 08:12:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
 
Error: (12/14/2014 08:12:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/14/2014 08:12:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PMEM service failed to start due to the following error: 
%%1275
 
Error: (12/14/2014 08:12:18 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\PMEMNT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/14/2014 08:08:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
 
Microsoft Office Sessions:
=========================
Error: (09/04/2014 03:12:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 11534 seconds with 3660 seconds of active time.  This session ended with a crash.
 
Error: (09/04/2014 00:00:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 9499 seconds with 4020 seconds of active time.  This session ended with a crash.
 
Error: (02/08/2014 08:26:51 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 299501 seconds with 5520 seconds of active time.  This session ended with a crash.
 
Error: (08/06/2013 02:33:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 774 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error: (07/23/2013 09:46:39 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 381 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/09/2013 10:31:08 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1343 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/09/2013 10:08:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/09/2013 09:32:08 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/09/2013 09:31:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 197 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (07/09/2013 09:27:14 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 921 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-12 14:33:49.805
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-12 14:33:49.711
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2540M CPU @ 2.60GHz
Percentage of memory in use: 55%
Total physical RAM: 8075.23 MB
Available physical RAM: 3628.6 MB
Total Pagefile: 16148.65 MB
Available Pagefile: 11572.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.76 GB) (Free:31.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 11C838BC)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.

 

Turns out BitDefender is Ad-Aware.  Guess they are working under a license.  Uninstall Ad-Aware, Cisco VPN and then:

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

 

 

Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

 

Also run OTL Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs.  Please copy and paste both of them.



Ron
 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP