FRST.txt
------------
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by rryanthony (administrator) on IBM-2F08I7T981U on 15-12-2014 15:47:07
Running from C:\Users\IBM_ADMIN\Downloads
Loaded Profiles: rryanthony & UpdatusUser (Available profiles: rryanthony & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe
(IBM Corp.) C:\Program Files (x86)\C4ebreg\c4ebreg.exe
(IBM Corp.) C:\sdwork\issimsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(IBM Corp) C:\notes\SUService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(IBM) C:\notes\nsd.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe
(Symantec Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IBM) C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\soffice.bin
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Symantec Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
(IBM Corp.) C:\Program Files (x86)\C4ebreg\isamtray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
(Symantec Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPcbt64.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IBM Corp.) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetClient.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetMsg.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\AT&T Network Client\SwiApiMux.exe
(IBM Corp.) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2012-01-27] (Synaptics Incorporated)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [42344 2011-07-22] (Lenovo Group Limited)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ACWLIcon] => C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe [195648 2011-10-20] (Lenovo)
HKLM-x32\...\Run: [ACTray] => C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe [433216 2011-10-20] (Lenovo)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe [307184 2011-03-02] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe [518640 2011-01-12] ()
HKLM-x32\...\Run: [C4EBReg] => C:\Program Files (x86)\C4ebreg\c4ebreg.exe [576240 2014-11-14] (IBM Corp.)
HKLM-x32\...\Run: [Isamtray] => C:\Program Files (x86)\C4ebreg\isamtray.exe [381680 2014-11-14] (IBM Corp.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: xpmmsilauncher*.exe <====== ATTENTION
HKLM Group Policy restriction on software: WindowsXPMode*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\Run: [NetSP - restore settings on power failure] => C:\Program Files (x86)\AT&T Network Client\NetSP.exe [53600 2010-09-09] (AT&T)
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\Run: [NotesSODCPreLoad] => C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\preload.exe [40960 2012-01-30] ()
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\Run: [GoogleChromeAutoLaunch_47692A8BDE1D0898868E82D17210B48D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\RunOnce: [Adobe Speed Launcher] => 1418675976
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [239720 2011-08-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [200808 2011-08-12] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AT&T Global Network Client Monitor.lnk
ShortcutTarget: AT&T Global Network Client Monitor.lnk -> C:\Windows\Installer\{007AAB7C-E893-48BD-9DA2-7F417CA16322}\NetGM1_89563E53ECF44E868145468A128BDC83.exe (Acresso Software Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\InfoPrint Select Notification.lnk
ShortcutTarget: InfoPrint Select Notification.lnk -> C:\Program Files\IBM\Infoprint Select\ipnotify.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PGP Tray.lnk
ShortcutTarget: PGP Tray.lnk -> C:\Windows\Installer\{806D3984-9484-470A-BC63-3B7F65488B58}\Icon6560581611.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk
ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-598280094-1804934353-2193003435-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-598280094-1804934353-2193003435-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\IBM\Java60\jre\bin\ssv.dll (IBM)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll (IBM)
BHO-x32: Plugin Class -> {56CD20F0-7C09-11D5-A768-0050042307CE} -> c:\program files (x86)\sap\sap tutor\free_playerie.dll (SAP AG)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://
DPF: HKLM-x32 {00627E89-A19D-4A2B-938B-059CB7B1B493} C:\Users\IBM_AD~1\AppData\Local\Temp\f5tmp\f5certchk.cab
DPF: HKLM-x32 {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} http://
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\IBM_AD~1\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\IBM_AD~1\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} C:\Users\IBM_AD~1\AppData\Local\Temp\f5tmp\f5InspectionHost.cab
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\IBM_AD~1\AppData\Local\Temp\f5tmp\urxhost.cab
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 08 C:\Program Files (x86)\Open Text\SOCKS Client\HumSOCKS.dll [528896] (Open Text Corporation)
Winsock: Catalog5-x64 08 C:\Program Files\Open Text\SOCKS Client\HumSOCKS.dll [727040] (Open Text Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.128.128.128
Tcpip\..\Interfaces\{AC2CF689-6241-4B37-B9AA-C711A5084DE0}: [NameServer] 9.0.130.50,9.0.128.50
FireFox:
========
FF ProfilePath: C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default
FF Homepage: w3.ibm.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @IBM.com/Java60 -> C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @IBM.com/Java,version=1.6.0 -> C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
FF Plugin-x32: @IBM.com/JavaPlugin -> C:\Program Files (x86)\IBM\Java60\jre\bin\plugin2\npjp2.dll (IBM)
FF Plugin-x32: @IBM.com/WDPlugin,version=1 -> C:\Program Files (x86)\Mozilla Firefox\plugins ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-598280094-1804934353-2193003435-1000: @citrixonline.com/appdetectorplugin -> C:\Users\IBM_ADMIN\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-598280094-1804934353-2193003435-1000: @IBM.com/WDPlugin,version=1 -> C:\Program Files (x86)\Mozilla Firefox\plugins ()
FF Plugin HKU\S-1-5-21-598280094-1804934353-2193003435-1000: LWAPlugin15.8 -> C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF user.js: detected! => C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npcpsweb.dll (IBM )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwdplugin821.dll (IBM )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension:
RivalGaming - C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\
[email protected] [2012-07-26]
FF Extension: IBM Add To Notes Address Book BluePages Plugin - C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\Extensions\
[email protected] [2012-01-30]
FF Extension: IBM CCK - C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\Extensions\
[email protected] [2014-12-02]
FF Extension: IE Tab 2 (FF 3.6+) - IBM Edition - C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\Extensions\
[email protected] [2013-10-01]
FF Extension: WebSlingPlayer - C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2012-07-25]
FF Extension: Cookies Manager+ - C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2013-03-31]
FF Extension: F5 Networks Host Plugin - C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2014-12-14]
FF Extension: IBM Add To Notes Address Book BluePages Plugin - C:\Program Files (x86)\Mozilla Firefox\extensions\
[email protected] [2013-12-16]
FF Extension: IBM CCK - C:\Program Files (x86)\Mozilla Firefox\extensions\
[email protected] [2013-12-16]
FF Extension: IE Tab + (IBM Edition) - C:\Program Files (x86)\Mozilla Firefox\extensions\
[email protected] [2013-12-16]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2013-12-16]
Chrome:
=======
CHR Profile: C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-12]
CHR Extension: (Google Drive) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-12]
CHR Extension: (Google Search) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-12]
CHR Extension: (Vibe for Google Chrome™) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbnookjgoaaelhciadikaadnkgmiamei [2014-09-30]
CHR Extension: (Ark Browser Plugin) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\edppjepaddkecolndfomijbbccbepinm [2014-09-30]
CHR Extension: (Yesware Email Tracking) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjnkapjmjfpipfcccnjbjcbgdnahpjp [2014-10-21]
CHR Extension: (Rapportive) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2014-09-29]
CHR Extension: (Profile Visitors for Facebook) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk [2014-12-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (Google Wallet) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-12]
CHR Extension: (SEO for Chrome) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2014-12-08]
CHR Extension: (Gmail) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-12]
CHR HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2011-02-09] ()
R2 BESClient; C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe [5387640 2013-05-03] (IBM Corp.)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [39408 2011-02-25] ()
R2 cpextender; C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [353672 2009-11-02] (Check Point Software Technologies)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2011-03-24] (Lenovo.)
R2 Intelligent Response Agent; C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe [13387128 2012-09-25] ()
R2 ISAMSvc; C:\Program Files (x86)\C4ebreg\c4ebreg.exe [576240 2014-11-14] (IBM Corp.) [File not signed]
R2 ISSIMon; c:\sdwork\issimsvc.exe [184088 2012-09-07] (IBM Corp.) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 LNSUSvc; c:\notes\SUService.exe [192104 2013-08-01] (IBM Corp)
R2 Lotus Notes Diagnostics; c:\notes\nsd.exe [4456040 2013-08-01] (IBM)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 netcfgsvr; C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe [476000 2010-09-09] (AT&T)
R2 NetClientSvc; C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe [349536 2010-09-09] (AT&T)
R2 NetLogSvc; C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe [79200 2010-09-09] (AT&T)
R2 PGP RDD Service; C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [1588544 2012-07-21] (Symantec Corporation)
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1099248 2011-03-02] (Sonic Solutions)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2013-10-20] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2013-10-20] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2013-10-20] (Symantec Corporation)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
S3 TRCTARGET; C:\Program Files (x86)\IBM\Tivoli\Remote Control\Target\trc_base.exe [745472 2012-02-09] (IBM Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 agnfilt; C:\Windows\System32\DRIVERS\agnfilt.sys [190464 2010-09-09] (AT&T)
R3 avpnnic; C:\Windows\System32\DRIVERS\avpnnic.sys [14848 2010-06-29] (AT&T)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20141210.012\BHDrvx64.sys [1586904 2014-10-03] (Symantec Corporation)
R1 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [169048 2013-10-20] (Symantec Corporation)
S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-10] (Intel Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2012-01-27] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2012-01-27] (Ericsson AB)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
S3 huawei_update; C:\Windows\system32\drivers\ew_hwupgrade.sys [22528 2012-01-27] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20141212.011\IDSvia64.sys [637656 2014-11-18] (Symantec Corporation)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x64.sys [348944 2011-06-15] (Intel® Corporation)
R0 ioatdma; C:\Windows\System32\Drivers\ioatdma.sys [46792 2009-11-16] (Intel Corporation)
S3 ioatdma1; C:\Windows\System32\Drivers\qd160x64.sys [40144 2009-11-16] (Intel Corporation)
S3 ioatdma2; C:\Windows\System32\Drivers\qd260x64.sys [41168 2009-11-16] (Intel Corporation)
S3 l36wgps; C:\Windows\system32\drivers\l36wgps64.sys [101416 2012-01-27] (Ericsson AB)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2012-01-27] (Lenovo)
R3 Mandiant_Tools; C:\ProgramData\MANDIANT\MANDIANT Intelligent Response Agent\mktools.sys [25168 2014-07-29] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [411208 2012-01-27] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [419912 2012-01-27] (MCCI Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141215.002\ENG64.SYS [129752 2014-09-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141215.002\EX64.SYS [2137304 2014-09-24] (Symantec Corporation)
R2 PGPdisk; C:\Windows\System32\Drivers\PGPdisk.sys [273848 2012-07-21] (Symantec Corporation)
R1 PGPsdkDriver; C:\Windows\System32\Drivers\PGPsdk.sys [51856 2012-07-21] (Symantec Corporation)
R0 PGPwded; C:\Windows\System32\Drivers\PGPwded.sys [372704 2012-07-21] (Symantec Corporation)
R0 Pgpwdefs; C:\Windows\System32\DRIVERS\Pgpwdefs.sys [15848 2012-07-21] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2013-10-20] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2013-10-20] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [34800 2013-10-20] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2013-10-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2013-10-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2013-10-20] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2013-10-20] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155352 2014-02-27] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [92456 2013-10-20] (Symantec Corporation)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-11-22] (Acronis)
R3 VNA; C:\Windows\System32\DRIVERS\vna.sys [161256 2009-11-02] (Check Point Software Technologies)
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-15 15:47 - 2014-12-15 15:47 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Roaming\smkits
2014-12-15 15:44 - 2014-12-15 15:44 - 00003191 _____ () C:\VEW_app.txt
2014-12-15 15:43 - 2014-12-15 15:43 - 00002184 _____ () C:\Users\IBM_ADMIN\Desktop\VEW_system.txt
2014-12-15 15:24 - 2014-12-15 15:27 - 00001594 _____ () C:\Windows\VPNUnInstall.MIF
2014-12-15 07:23 - 2014-12-15 07:24 - 00049738 _____ () C:\Users\IBM_ADMIN\Downloads\Addition.txt
2014-12-15 07:22 - 2014-12-15 15:48 - 00039559 _____ () C:\Users\IBM_ADMIN\Downloads\FRST.txt
2014-12-15 07:22 - 2014-12-15 15:47 - 00000000 ____D () C:\FRST
2014-12-15 07:21 - 2014-12-15 07:21 - 02119168 _____ (Farbar) C:\Users\IBM_ADMIN\Downloads\FRST64.exe
2014-12-15 00:21 - 2014-12-15 15:31 - 00000018 _____ () C:\Users\IBM_ADMIN\Desktop\Christmas_2014_List.txt
2014-12-14 23:54 - 2014-12-14 23:54 - 01056912 _____ () C:\Users\IBM_ADMIN\Downloads\Connecting v2.pptx
2014-12-14 23:51 - 2014-12-14 23:51 - 00000000 ____D () C:\ProgramData\F5 Networks
2014-12-14 23:51 - 2014-12-14 23:51 - 00000000 _____ () C:\Windows\f5unistall.INI
2014-12-14 23:24 - 2014-12-14 23:24 - 00003337 _____ () C:\VEW_application.txt
2014-12-14 23:23 - 2014-12-14 23:23 - 00003110 _____ () C:\VEW_system.txt
2014-12-14 23:22 - 2014-12-15 15:44 - 00003191 _____ () C:\VEW.txt
2014-12-14 22:26 - 2014-12-14 22:26 - 00061440 _____ ( ) C:\Users\IBM_ADMIN\Desktop\VEW.exe
2014-12-14 22:10 - 2014-12-14 22:10 - 01213024 _____ () C:\Users\IBM_ADMIN\Downloads\IBM Administration v6.pptx
2014-12-14 22:08 - 2014-12-14 22:11 - 00000000 ____D () C:\Users\IBM_ADMIN\Documents\Wiley
2014-12-13 21:56 - 2014-12-13 21:56 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\IBM_ADMIN\Downloads\tdsskiller.exe
2014-12-12 15:31 - 2014-12-12 15:31 - 00041435 _____ () C:\ComboFix.txt
2014-12-12 14:20 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-12 14:20 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-12 14:20 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-12 14:20 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-12 14:20 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-12 14:20 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-12 14:20 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-12 14:20 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-12 14:19 - 2014-12-12 15:32 - 00000000 ____D () C:\Qoobox
2014-12-12 14:18 - 2014-12-12 15:22 - 00000000 ____D () C:\Windows\erdnt
2014-12-12 12:16 - 2014-12-12 12:16 - 05198336 _____ (AVAST Software) C:\Users\IBM_ADMIN\Desktop\aswmbr.exe
2014-12-12 11:40 - 2014-12-15 12:08 - 00001832 _____ () C:\Users\IBM_ADMIN\AppData\Local\SLC_rryanthony.prx
2014-12-12 11:38 - 2014-12-12 11:38 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2014-12-12 11:35 - 2014-12-12 11:35 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Roaming\CheckPoint
2014-12-12 10:44 - 2014-12-12 10:44 - 00000000 ____D () C:\_OTL
2014-12-11 14:52 - 2014-12-11 14:52 - 06290457 _____ () C:\Users\IBM_ADMIN\Downloads\Project Tm Security Strategy.zip
2014-12-10 21:41 - 2014-12-10 22:25 - 00089200 _____ () C:\Users\IBM_ADMIN\Downloads\Extras.Txt
2014-12-10 21:39 - 2014-12-14 10:08 - 00303578 _____ () C:\Users\IBM_ADMIN\Downloads\OTL.Txt
2014-12-10 21:21 - 2014-12-10 21:22 - 00602112 _____ (OldTimer Tools) C:\Users\IBM_ADMIN\Downloads\OTL.exe
2014-12-10 20:13 - 2014-12-14 22:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-10 20:12 - 2014-12-10 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-10 20:12 - 2014-12-10 20:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-10 20:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-10 20:12 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-10 20:08 - 2014-12-10 20:12 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\IBM_ADMIN\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-09 11:57 - 2014-12-09 11:57 - 01743906 _____ () C:\Users\IBM_ADMIN\Downloads\Sizing kickoff (1).pptx
2014-12-09 10:59 - 2014-12-09 10:59 - 00000040 ____H () C:\Users\IBM_ADMIN\Downloads\.picasa.ini
2014-12-09 07:27 - 2014-12-09 07:27 - 00277504 _____ () C:\Users\IBM_ADMIN\Downloads\Hosting and Cloud Services RACI.xls
2014-12-09 07:21 - 2014-12-09 07:21 - 00216092 _____ () C:\Users\IBM_ADMIN\Downloads\Post Processing Task List.xlsx
2014-12-09 07:18 - 2014-12-09 07:18 - 00190976 _____ () C:\Users\IBM_ADMIN\Downloads\Example - Infrastructure Deployment Plan Workbook.xls
2014-12-09 07:08 - 2014-12-09 07:09 - 11050496 _____ () C:\Users\IBM_ADMIN\Downloads\Sizing Results.ppt
2014-12-09 07:07 - 2014-12-09 07:08 - 01743906 _____ () C:\Users\IBM_ADMIN\Downloads\Sizing kickoff.pptx
2014-12-08 17:34 - 2014-12-08 17:34 - 03830272 _____ () C:\Users\IBM_ADMIN\Desktop\Align Technology Methods Tools Adoption Workshops 2014-10-15 (Tools Only).ppt
2014-12-08 17:29 - 2014-12-08 17:29 - 13356544 _____ () C:\Users\IBM_ADMIN\Desktop\IBM Tools for SAP 23 August 2013 VX.ppt
2014-12-08 14:41 - 2014-12-08 14:41 - 01900032 _____ () C:\Users\IBM_ADMIN\Downloads\IBM deployment accelerator overview 1-2.ppt
2014-12-08 10:44 - 2014-12-08 10:47 - 00000000 ____D () C:\Users\IBM_ADMIN\Downloads\Adobe Acrobat XI Pro 11.0.9 Multilanguage [ChingLiu]
2014-12-08 09:18 - 2014-12-08 09:18 - 00160375 _____ () C:\Users\IBM_ADMIN\Downloads\Renet (1)
2014-12-08 08:53 - 2014-12-08 08:53 - 00160375 _____ () C:\Users\IBM_ADMIN\Downloads\Renet
2014-12-04 20:39 - 2014-12-04 20:39 - 00184320 _____ () C:\Users\IBM_ADMIN\Downloads\Project Governance Model.ppt
2014-12-04 20:39 - 2014-12-04 20:39 - 00032768 _____ () C:\Users\IBM_ADMIN\Downloads\PMO Issue Tracker.xls
2014-12-04 20:30 - 2014-12-04 20:30 - 00107851 _____ () C:\Users\IBM_ADMIN\Downloads\Oracle Implementation Project Issue Escalation Process v2.pptx
2014-12-02 14:31 - 2014-12-02 14:32 - 02046375 _____ () C:\Users\IBM_ADMIN\Desktop\SOLMAN Assesment V01.2.pptx
2014-12-02 14:06 - 2014-12-02 14:06 - 00720171 _____ () C:\Users\IBM_ADMIN\Desktop\SOLMAN Roadmap v0.2.pptx
2014-12-01 22:24 - 2014-12-01 22:24 - 00057344 _____ () C:\Users\IBM_ADMIN\Downloads\image.jpeg
2014-11-26 23:33 - 2014-11-26 23:33 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Roaming\LavasoftStatistics
2014-11-26 23:32 - 2014-11-26 23:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-11-26 23:28 - 2014-11-26 23:28 - 01753736 _____ () C:\Users\IBM_ADMIN\Downloads\Adaware_Installer.exe
2014-11-24 12:29 - 2014-11-24 12:29 - 00000255 _____ () C:\Users\IBM_ADMIN\Downloads\embed_code_no_ad_630.html
2014-11-24 12:18 - 2014-11-24 12:18 - 00042525 _____ () C:\Users\IBM_ADMIN\Desktop\B3LE3_-CAAEwHoN.jpg-large
2014-11-24 11:48 - 2014-11-24 12:47 - 3754366204 _____ () C:\Users\IBM_ADMIN\Downloads\www.TamilRockers.net - Retta Vaalu (2014) [1080p HD - AVC - DD - 3.6GB - Tamil].ts
2014-11-24 07:37 - 2014-11-24 07:37 - 00000000 ____D () C:\Users\IBM_ADMIN\Downloads\IBM_Detailed_Status_Entry_1_5_3
2014-11-24 07:36 - 2014-11-24 07:36 - 02074594 _____ () C:\Users\IBM_ADMIN\Downloads\IBM_Detailed_Status_Entry_1_5_3.zip
2014-11-18 13:42 - 2014-11-18 13:42 - 00001644 _____ () C:\Users\IBM_ADMIN\Downloads\webprmpt (3).pl
2014-11-18 13:42 - 2014-11-18 13:42 - 00001644 _____ () C:\Users\IBM_ADMIN\Downloads\webprmpt (2).pl
2014-11-18 11:52 - 2014-12-15 15:31 - 00004187 _____ () C:\Users\IBM_ADMIN\Desktop\Misc Nov 2014.txt
2014-11-18 10:08 - 2014-11-18 10:09 - 00560749 _____ () C:\Users\IBM_ADMIN\Desktop\Method Refresh Training - Testing.pptx
2014-11-18 07:51 - 2014-11-18 07:51 - 00000000 ____D () C:\Users\IBM_ADMIN\Downloads\DetailStatusEntry_Training_Matls_2011
2014-11-17 21:37 - 2014-11-17 21:39 - 361225302 _____ () C:\Users\IBM_ADMIN\Downloads\BUBBLE TEAM CUT 2.mp4
2014-11-17 11:15 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-17 11:14 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-17 11:14 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-17 11:12 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-17 11:12 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-17 11:12 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-17 11:12 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-17 11:12 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-17 11:12 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-17 11:12 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-17 11:12 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-17 11:12 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-17 11:12 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-11-17 11:12 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-11-17 11:12 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-11-17 11:12 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-11-17 11:12 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-11-17 11:08 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-17 11:08 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-17 11:08 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-17 11:08 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-17 11:08 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-17 11:08 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-17 11:08 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-17 11:08 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-17 11:07 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-17 11:07 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-17 11:07 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-17 11:07 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-17 11:05 - 2014-09-19 04:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-17 11:05 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-17 11:05 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-17 11:05 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-17 11:05 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-17 11:05 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-17 11:05 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-17 11:05 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-17 11:05 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-17 11:05 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-17 11:05 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-17 11:05 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-17 11:05 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-17 11:05 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-17 11:05 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-17 11:02 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-17 11:02 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-17 11:01 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-17 11:01 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-15 15:45 - 2012-06-28 04:01 - 01724973 _____ () C:\Windows\WindowsUpdate.log
2014-12-15 15:38 - 2012-11-27 14:16 - 00000000 ___RD () C:\Users\IBM_ADMIN\Google Drive
2014-12-15 15:38 - 2012-01-30 09:41 - 00000000 ____D () C:\ProgramData\Sonic
2014-12-15 15:36 - 2012-11-27 13:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-15 15:36 - 2012-01-30 08:45 - 00054948 _____ () C:\SUService.log
2014-12-15 15:36 - 2011-03-25 16:42 - 00000000 ____D () C:\Program Files (x86)\C4ebreg
2014-12-15 15:36 - 2010-11-11 20:35 - 00000000 ____D () C:\sdwork
2014-12-15 15:35 - 2012-01-27 16:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-15 15:35 - 2011-09-29 04:03 - 00081818 _____ () C:\Windows\setupact.log
2014-12-15 15:35 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-15 15:34 - 2010-07-13 18:37 - 00503506 _____ () C:\Windows\PFRO.log
2014-12-15 15:32 - 2012-07-22 19:45 - 00000000 ____D () C:\Users\IBM_ADMIN\Documents\SavedChats
2014-12-15 15:19 - 2012-11-27 13:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-15 15:05 - 2010-11-11 20:08 - 00000000 ____D () C:\Program Files (x86)\WST
2014-12-15 15:02 - 2014-04-14 08:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-15 14:35 - 2014-03-07 10:01 - 00000594 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-598280094-1804934353-2193003435-1000.job
2014-12-15 13:19 - 2010-07-13 17:52 - 00000000 ____D () C:\ProgramData\Symantec
2014-12-15 08:30 - 2014-06-22 10:12 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-15 02:00 - 2014-06-22 10:14 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Local\Adobe
2014-12-14 20:23 - 2009-07-13 23:45 - 00027696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-14 20:23 - 2009-07-13 23:45 - 00027696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 20:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-12-12 15:31 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-12-12 15:07 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-12 14:41 - 2009-07-13 21:34 - 98304000 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-12-12 14:41 - 2009-07-13 21:34 - 19922944 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-12-12 14:41 - 2009-07-13 21:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-12-12 14:41 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-12-12 14:41 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-12-12 14:20 - 2009-07-14 00:13 - 00778950 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-12 10:21 - 2013-12-12 11:26 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 10:31 - 2012-07-20 18:45 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Roaming\SAP
2014-12-11 10:31 - 2012-07-20 16:14 - 00000000 ____D () C:\Users\IBM_ADMIN\Documents\SAP
2014-12-11 10:31 - 2012-07-20 16:14 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Local\SAP
2014-12-10 22:08 - 2012-07-23 08:53 - 00000000 ____D () C:\Users\IBM_ADMIN\Documents\Personal
2014-12-10 20:12 - 2012-08-13 10:32 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-10 20:12 - 2012-08-13 10:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-08 13:23 - 2012-07-20 16:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-08 13:23 - 2012-01-27 14:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-05 16:05 - 2012-09-06 07:08 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Roaming\WDPlugin
2014-12-04 20:42 - 2012-07-26 10:34 - 00000000 ____D () C:\Users\IBM_ADMIN\Documents\Temp
2014-12-04 20:42 - 2012-07-22 19:41 - 00000000 ____D () C:\Users\IBM_ADMIN\Documents\PM&T
2014-12-04 20:34 - 2012-07-23 14:55 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Local\CrashDumps
2014-12-04 14:24 - 2012-07-26 17:27 - 00000059 _____ () C:\Windows\wpd99.drv
2014-12-04 14:24 - 2012-07-26 17:27 - 00000000 ____D () C:\ProgramData\pdf995
2014-12-03 14:30 - 2012-09-14 08:15 - 00000000 ____D () C:\ProgramData\WebEx
2014-11-24 12:24 - 2010-06-28 23:27 - 00000000 ____D () C:\Users\IBM_ADMIN
2014-11-21 06:14 - 2012-08-13 10:32 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-18 17:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-18 12:29 - 2014-04-14 08:11 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-18 07:29 - 2009-07-13 23:45 - 00546048 _____ () C:\Windows\system32\FNTCACHE.DAT
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-15 00:52
==================== End Of Log ============================
Addition.txt
---------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by rryanthony at 2014-12-15 15:48:38
Running from C:\Users\IBM_ADMIN\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Muse (HKLM-x32\...\AdobeMuse) (Version: 7.0.314 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Network Client – IBM (HKLM-x32\...\{007AAB7C-E893-48BD-9DA2-7F417CA16322}) (Version: 8.2.0.3003 - AT&T)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 70.2014.0409.2153 - F5 Networks, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MX300 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series) (Version: - )
Celtx (2.9.7) (HKLM-x32\...\Celtx (2.9.7)) (Version: 2.9.7 (en-US) - Greyfirst)
Check Point SSL Network Extender Service (HKLM-x32\...\{bd2dc9de-a525-48b8-8b62-f96efd6d81eb}) (Version: 7.01.0000 - CheckPoint)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.0.30 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.2 - Conexant)
CVE-2012-4792 (HKLM\...\{6631f21e-4389-4c67-9b10-cf2b559b8d4a}.sdb) (Version: - )
CVE-2012-4792 (HKLM\...\{a1447a51-d8b1-4e93-bb19-82bd20da6fd2}.sdb) (Version: - )
CVE-2013-3893 (HKLM\...\{55aab41f-5d5c-abdf-4568-baef76587bd7}.sdb) (Version: - )
CVE-2014-0322 (HKLM\...\{25408f0a-987b-4ab0-a5ac-2ddb89ff22cf}.sdb) (Version: - )
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\Dropbox) (Version: 2.10.41 - Dropbox, Inc.)
EASEUS Data Recovery Wizard Professional 5.5.1 (HKLM-x32\...\EASEUS Data Recovery Wizard Professional 5.5.1_is1) (Version: - EASEUS)
ECL Viewer (HKLM-x32\...\SAP_ECL) (Version: 6.0 - SAP AG)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.3.120 - Final Draft, Inc.)
Final Draft 7 (HKLM-x32\...\{78D62D17-D970-42DA-B8CF-5E5576293B33}) (Version: 7.0.0.54 - Final Draft, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToMeeting 6.1.0.1312 (HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\GoToMeeting) (Version: 6.1.0.1312 - CitrixOnline)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
H&R Block Pennsylvania 2012 (HKLM-x32\...\{E8DD8C86-E233-4AE4-BB8A-C52D36D7756D}) (Version: 1.12.3501 - HRB Technology, LLC.)
H&R Block Pennsylvania 2013 (HKLM-x32\...\{7F62C83B-2474-498A-8F5C-E5C452DF2D15}) (Version: 1.13.4501 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.07.7803 - HRB Technology, LLC.)
IBM 32-bit Runtime Environment for Java v6 (HKLM-x32\...\InstallShield_{75E7FEE8-16B1-4B1D-82B4-9594A38EDF76}) (Version: 6 - IBM)
IBM 32-bit Runtime Environment for Java v6 (x32 Version: 6 - IBM) Hidden
IBM 64-bit Runtime Environment for Java v6 (HKLM-x32\...\InstallShield_{AEA927BE-882E-41E1-9969-B7AA74FB667C}) (Version: 6 - IBM)
IBM 64-bit Runtime Environment for Java v6 (Version: 6 - IBM) Hidden
IBM Endpoint Manager Client (HKLM-x32\...\{C7C91D55-F9E0-43AB-8006-BDF6B284B945}) (Version: 9.0.649.0 - IBM Corp.)
IBM Lotus Sametime Connect 8.5.1 (HKLM-x32\...\{D85DB905-556E-4FEC-8174-11C7746AAFD0}) (Version: 8.51.10219 - IBM)
IBM My Help (HKLM-x32\...\{DFF415AC-3883-4338-9365-DDCB74A0CFBA}) (Version: 1.5.14 - IBM)
IBM SmartCloud Meetings for IBM (HKLM-x32\...\{9C5C8B8B-D972-4901-B3A4-0987E288A0C3}) (Version: 8.5.10.40 - IBM Corporation)
IBM Solution Workbench for SAP 1.9.2 (HKLM-x32\...\IBM Solution Workbench for SAP_is1) (Version: - IBM)
IBM Standard Asset Manager (HKLM-x32\...\IBMSAM) (Version: - IBM Corporation)
IBM Standard Software Installer (HKLM-x32\...\ISSI) (Version: - IBM Corporation)
IBM Tivoli Remote Control Ayúdame Premium Edition - Target (HKLM-x32\...\{E0E58ABE-8A49-4449-BC8A-EC83ABE72ACA}) (Version: 8.2.0.0104 - IBM United Kingdom Ltd.)
ICLA (HKLM-x32\...\{B8A92780-00E2-11D5-B354-00010381611A}) (Version: 1.05.0300 - IBM)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ILC (HKLM-x32\...\{CA96F3A1-F350-11D3-B354-002035C150E4}) (Version: 1.05.0300 - IBM)
InfoPrint Select (HKLM-x32\...\{66AF6743-9222-499E-8F09-7613033274E8}) (Version: 4.3.0 - InfoPrint Solutions Company)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.4 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lotus Notes 8.5.3 (HKLM-x32\...\{95246D82-99D2-4229-841E-6867C3251087}) (Version: 8.53.11258 - IBM)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MANDIANT Intelligent Response Agent (HKLM-x32\...\{19A7772F-0D3D-41A6-ABD3-AACBE3699F9B}) (Version: 2.2.1504 - MANDIANT)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{7BD1CCBE-BB22-469C-83DB-D9ED915A168C}) (Version: 15.8.8880.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{90120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM-x32\...\{90510409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.3216.5614 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Magic Screenwriter 6 (HKLM-x32\...\{DC10C616-22E5-40AD-A3EA-3E7A957ECDC7}) (Version: 6.05.89 - Write Brothers, Inc.)
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 275.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 275.93 - NVIDIA Corporation)
NVIDIA Graphics Driver 275.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.93 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.60.01 - )
Open Text SOCKS Client™ 14 x64 (HKLM\...\{88B0A781-AE43-40CA-B149-DEF1C82ACD9F}) (Version: 14.0.11.0 - Open Text Corporation)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version: - )
Pdf995 (HKLM-x32\...\Pdf995) (Version: - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
PGP Desktop (HKLM\...\{806D3984-9484-470A-BC63-3B7F65488B58}) (Version: 10.2.1.4869 - PGP Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pinnacle Studio 15 (HKLM-x32\...\{1362E602-9625-42D3-B57F-CDA9D26F9DA8}) (Version: 15.0.0.7593 - Pinnacle Systems)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Roxio Creator Silver 4 (HKLM-x32\...\{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}) (Version: 13.0 - Roxio)
SAP Business Explorer (HKLM-x32\...\SAPBI) (Version: 7.20 - SAP AG)
SAP GUI for Windows 7.20 (HKLM-x32\...\SAPGUI710) (Version: 7.20 Compilation 3 - SAP)
SAP Tutor Personal Player (HKLM-x32\...\SAP_TutorPersonalPlayer) (Version: - SAP AG)
Snagit 11 (HKLM-x32\...\{F8E3C768-71F3-11E1-9DF7-70804824019B}) (Version: 11.0.1 - TechSmith Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Endpoint Protection (HKLM\...\{B53661DC-CD94-4B14-B15F-D9DDCFF72558}) (Version: 12.1.4013.4013 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.19.0 - Synaptics Incorporated)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2900 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.62.00.00 - )
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.48 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.85 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.08 - Lenovo)
UltraVnc (HKLM-x32\...\Ultravnc2_is1) (Version: 1.1.9.6 - uvnc bvba)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WebSlingPlayer ActiveX (HKLM-x32\...\{D91CBC0D-D45B-4FE7-AF44-E2BDD302CD9F}) (Version: 1.5.7158 - Sling Media)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinHTTrack Website Copier 3.47-27 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.47.27 - HTTrack)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Workstation Security Tool 2.7 (HKLM-x32\...\Workstation Security Tool_is1) (Version: - IBM)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Local\Citrix\GoToMeeting\1312\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
15-12-2014 12:38:45 AA11
15-12-2014 20:23:36 Removed Cisco Systems VPN Client 5.0.07.0290
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2014-12-12 15:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {165D3C29-7215-4A42-8C34-02CA67303A24} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-08] (Adobe Systems Incorporated)
Task: {39C55FD8-C6A3-44AA-80B7-21C5E41D1B7D} - System32\Tasks\Time Reminder => C:\Windows\ITSYSTEMS\Reminder\Reminder.vbs [2011-06-08] ()
Task: {3D40BE8E-BD9C-46B2-A084-69E9A1EB9B40} - System32\Tasks\AdobeAAMUpdater-1.0-IBM-2F08I7T981U-rryanthony => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {4AA86CE8-E151-4123-9369-773AD4EC6EDE} - System32\Tasks\G2MUpdateTask-S-1-5-21-598280094-1804934353-2193003435-1000 => C:\Users\IBM_ADMIN\AppData\Local\Citrix\GoToMeeting\1312\g2mupdate.exe [2014-03-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {50CCA8A7-4B9F-4F70-B6B8-244309002222} - System32\Tasks\Run My Help Delay => C:\Program Files (x86)\IBM\My Help\MyHelp.exe [2011-10-27] ()
Task: {7FD7D056-D29D-4B15-B435-FED4F707480D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27] (Google Inc.)
Task: {964653D9-FCB3-4408-B840-A216E1CEF56F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27] (Google Inc.)
Task: {CF5BE985-C9C6-4048-B5B4-9D5BBDB8B970} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-03-24] (Lenovo Group Limited)
Task: {E913EEDE-68FB-4D05-B7E8-52F5BE5DDC3D} - System32\Tasks\Run My Help => C:\Program Files (x86)\IBM\My Help\MyHelp.exe [2011-10-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-598280094-1804934353-2193003435-1000.job => C:\Users\IBM_ADMIN\AppData\Local\Citrix\GoToMeeting\1312\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-01-27 14:22 - 2010-03-15 23:14 - 00268800 _____ () C:\Windows\System32\selpms.dll
2012-01-27 14:22 - 2010-03-15 23:13 - 01132544 _____ () C:\Windows\System32\pdclntif.dll
2012-07-26 17:27 - 2012-04-26 14:51 - 00040448 _____ () C:\Windows\System32\pdf995mon64.dll
2012-01-27 14:22 - 2010-03-15 23:20 - 00039424 _____ () C:\PROGRAM FILES\IBM\INFOPRINT SELECT\pdresrc.dll
2011-02-09 17:36 - 2011-02-09 17:36 - 00457200 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2012-01-27 17:39 - 2011-03-24 03:48 - 00044544 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-02-25 01:02 - 2011-02-25 01:02 - 00039408 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2012-09-25 16:03 - 2012-09-25 16:03 - 13387128 _____ () C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe
2012-01-27 07:51 - 2012-01-27 07:51 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2012-01-27 07:49 - 2012-01-27 07:49 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-01-27 17:30 - 2010-10-26 13:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2011-01-12 18:22 - 2011-01-12 18:22 - 00518640 _____ () C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
2011-10-20 10:12 - 2011-10-20 10:12 - 00086016 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-02-25 01:02 - 2011-02-25 01:02 - 03153904 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2011-02-25 01:02 - 2011-02-25 01:02 - 00523248 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2011-02-25 01:02 - 2011-02-25 01:02 - 00107504 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2012-01-30 08:48 - 2012-01-30 08:48 - 00967168 _____ () C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\libxml2.dll
2012-01-30 08:48 - 2012-01-30 08:48 - 00163840 _____ () C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.system.win32_3.0.0.20110822-1305\basis\program\libxslt.dll
2012-01-30 08:48 - 2012-01-30 08:48 - 00139264 _____ () C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.base.win32_3.0.0.20110822-1305\basis\program\NSLDAP32V50.dll
2014-12-15 15:37 - 2014-12-15 15:37 - 00098816 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32api.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00110080 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\pywintypes27.dll
2014-12-15 15:37 - 2014-12-15 15:37 - 00364544 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\pythoncom27.dll
2014-12-15 15:37 - 2014-12-15 15:37 - 00045568 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\_socket.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 01160704 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\_ssl.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00320512 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32com.shell.shell.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00713216 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\_hashlib.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 01175040 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\wx._core_.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00805888 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\wx._gdi_.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00811008 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\wx._windows_.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 01062400 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\wx._controls_.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00735232 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\wx._misc_.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00128512 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\_elementtree.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00127488 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\pyexpat.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00557056 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\pysqlite2._sqlite.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00087552 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\_ctypes.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00119808 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32file.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00108544 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32security.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00007168 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\hashobjs_ext.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00167936 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32gui.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00018432 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32event.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00038912 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32inet.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00011264 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32crypt.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00070656 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\wx._html2.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00027136 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\_multiprocessing.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00035840 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32process.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00686080 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\unicodedata.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00122368 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\wx._wizard.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00024064 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32pipe.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00025600 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32pdh.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00525640 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\windows._lib_cacheinvalidation.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00010240 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\select.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00017408 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32profile.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00022528 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32ts.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00078336 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\wx._animate.pyd
2011-01-20 21:44 - 2011-01-20 21:44 - 00394224 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2012-01-08 08:41 - 2012-01-08 08:41 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-12-12 10:21 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 10:21 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 10:21 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 10:21 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2009-08-06 07:19 - 2009-08-06 07:19 - 02371584 _____ () C:\notes\ltspln50.dll
2014-01-10 13:19 - 2013-02-22 10:00 - 00184320 _____ () C:\notes\libpng15.dll
2008-06-25 11:18 - 2008-06-25 11:18 - 00098304 _____ () C:\notes\zlib1.dll
2011-09-15 16:19 - 2011-09-15 16:19 - 00081920 _____ () C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\eclipse_1118.dll
2011-09-15 16:19 - 2011-09-15 16:19 - 00110592 _____ () C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\pipeserver.dll
2014-01-10 13:39 - 2014-01-10 13:39 - 00090112 _____ () C:\notes\data\workspace\.config\org.eclipse.osgi\bundles\138\1\.cp\swtIbmWrapper.dll
2014-01-10 13:21 - 2014-01-10 13:21 - 00208896 _____ () C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.os.win32_6.2.3.20130726-0900\os\win32\x86\os.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-598280094-1804934353-2193003435-500 - Administrator - Disabled)
Guest (S-1-5-21-598280094-1804934353-2193003435-501 - Limited - Disabled)
rryanthony (S-1-5-21-598280094-1804934353-2193003435-1000 - Administrator - Enabled) => C:\Users\IBM_ADMIN
UpdatusUser (S-1-5-21-598280094-1804934353-2193003435-1002 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (12/15/2014 03:43:11 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NVIDIA Update Service Daemon service hung on starting.
Error: (12/15/2014 03:39:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Error: (12/15/2014 03:37:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
Error: (12/15/2014 03:36:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (12/15/2014 03:32:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Microsoft Office Sessions:
=========================
Error: (09/04/2014 03:12:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 11534 seconds with 3660 seconds of active time. This session ended with a crash.
Error: (09/04/2014 00:00:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 9499 seconds with 4020 seconds of active time. This session ended with a crash.
Error: (02/08/2014 08:26:51 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 299501 seconds with 5520 seconds of active time. This session ended with a crash.
Error: (08/06/2013 02:33:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 774 seconds with 300 seconds of active time. This session ended with a crash.
Error: (07/23/2013 09:46:39 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 381 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/09/2013 10:31:08 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1343 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/09/2013 10:08:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/09/2013 09:32:08 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/09/2013 09:31:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 197 seconds with 60 seconds of active time. This session ended with a crash.
Error: (07/09/2013 09:27:14 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 921 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-12-12 14:33:49.805
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-12-12 14:33:49.711
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core i5-2540M CPU @ 2.60GHz
Percentage of memory in use: 41%
Total physical RAM: 8075.23 MB
Available physical RAM: 4689.89 MB
Total Pagefile: 16148.65 MB
Available Pagefile: 12650.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.76 GB) (Free:31.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 11C838BC)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
OTL.txt
-----------
OTL logfile created on: 12/15/2014 3:52:46 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\IBM_ADMIN\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.89 Gb Total Physical Memory | 4.49 Gb Available Physical Memory | 56.91% Memory free
15.77 Gb Paging File | 12.35 Gb Available in Paging File | 78.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 31.28 Gb Free Space | 6.72% Space Free | Partition Type: NTFS
Computer Name: IBM-2F08I7T981U | User Name: rryanthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Processes (SafeList) ==========
PRC - [2014/12/10 21:22:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\IBM_ADMIN\Downloads\OTL.exe
PRC - [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/14 11:18:57 | 000,381,680 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\C4ebreg\isamtray.exe
PRC - [2014/11/14 11:18:43 | 000,576,240 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\C4ebreg\c4ebreg.exe
PRC - [2014/10/21 17:52:24 | 022,869,088 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/10/20 18:45:38 | 000,144,368 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
PRC - [2013/08/01 12:40:16 | 001,871,464 | ---- | M] (IBM Corp) -- C:\notes\nlnotes.exe
PRC - [2013/08/01 12:39:12 | 000,192,104 | ---- | M] (IBM Corp) -- c:\notes\SUService.exe
PRC - [2013/08/01 12:36:44 | 004,456,040 | ---- | M] (IBM) -- c:\notes\nsd.exe
PRC - [2013/05/03 16:19:34 | 005,387,640 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
PRC - [2013/05/03 16:19:34 | 001,486,200 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
PRC - [2012/09/07 13:09:18 | 000,184,088 | ---- | M] (IBM Corp.) -- c:\sdwork\issimsvc.exe
PRC - [2012/07/21 15:05:20 | 001,588,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
PRC - [2012/07/21 15:05:14 | 003,935,944 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
PRC - [2012/05/16 14:05:42 | 000,100,792 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
PRC - [2012/05/16 14:05:24 | 008,192,440 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe
PRC - [2012/05/16 14:05:16 | 009,063,352 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
PRC - [2012/05/16 13:36:14 | 000,046,080 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe
PRC - [2012/01/30 08:48:19 | 011,296,768 | ---- | M] (IBM) -- C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\soffice.bin
PRC - [2011/10/20 12:11:24 | 000,412,736 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2011/10/20 12:09:32 | 000,363,584 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2011/10/20 12:09:26 | 000,195,648 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
PRC - [2011/10/20 12:09:20 | 000,433,216 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
PRC - [2011/10/20 12:09:18 | 000,269,376 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2011/10/20 12:09:16 | 000,134,208 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2011/09/16 08:28:56 | 000,016,776 | ---- | M] (IBM Corp) -- C:\notes\ntaskldr.exe
PRC - [2011/09/15 16:19:14 | 000,079,232 | ---- | M] (IBM) -- C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe
PRC - [2011/08/12 23:18:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/12 05:20:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/11 19:04:14 | 000,328,552 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/07/25 23:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011/07/22 12:21:34 | 000,060,264 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/07/22 12:21:32 | 000,042,344 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2011/07/22 12:21:18 | 000,041,832 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011/07/12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/03/24 03:48:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/02/25 01:02:00 | 000,039,408 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
PRC - [2011/02/09 17:36:58 | 000,457,200 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
PRC - [2011/01/12 18:22:58 | 000,518,640 | ---- | M] () -- C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/11/18 16:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010/10/12 16:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 16:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/09/09 12:40:38 | 000,079,200 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe
PRC - [2010/09/09 12:40:38 | 000,071,520 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Network Client\NetMsg.exe
PRC - [2010/09/09 12:40:24 | 000,476,000 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe
PRC - [2010/09/09 12:40:02 | 000,349,536 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe
PRC - [2010/09/09 12:39:56 | 000,340,320 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Network Client\NetClient.exe
PRC - [2010/09/09 12:23:50 | 000,210,200 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\AT&T Network Client\SwiApiMux.exe
PRC - [2009/11/02 18:43:16 | 000,353,672 | ---- | M] (Check Point Software Technologies) -- C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
========== Modules (No Company Name) ==========
MOD - [2014/12/15 15:37:59 | 001,175,040 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\wx._core_.pyd
MOD - [2014/12/15 15:37:59 | 001,160,704 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\_ssl.pyd
MOD - [2014/12/15 15:37:59 | 001,062,400 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\wx._controls_.pyd
MOD - [2014/12/15 15:37:59 | 000,811,008 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\wx._windows_.pyd
MOD - [2014/12/15 15:37:59 | 000,805,888 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\wx._gdi_.pyd
MOD - [2014/12/15 15:37:59 | 000,735,232 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\wx._misc_.pyd
MOD - [2014/12/15 15:37:59 | 000,713,216 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\_hashlib.pyd
MOD - [2014/12/15 15:37:59 | 000,686,080 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\unicodedata.pyd
MOD - [2014/12/15 15:37:59 | 000,557,056 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\pysqlite2._sqlite.pyd
MOD - [2014/12/15 15:37:59 | 000,525,640 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\windows._lib_cacheinvalidation.pyd
MOD - [2014/12/15 15:37:59 | 000,364,544 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\pythoncom27.dll
MOD - [2014/12/15 15:37:59 | 000,320,512 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32com.shell.shell.pyd
MOD - [2014/12/15 15:37:59 | 000,167,936 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32gui.pyd
MOD - [2014/12/15 15:37:59 | 000,128,512 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\_elementtree.pyd
MOD - [2014/12/15 15:37:59 | 000,127,488 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\pyexpat.pyd
MOD - [2014/12/15 15:37:59 | 000,122,368 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\wx._wizard.pyd
MOD - [2014/12/15 15:37:59 | 000,119,808 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32file.pyd
MOD - [2014/12/15 15:37:59 | 000,110,080 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\pywintypes27.dll
MOD - [2014/12/15 15:37:59 | 000,108,544 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32security.pyd
MOD - [2014/12/15 15:37:59 | 000,098,816 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32api.pyd
MOD - [2014/12/15 15:37:59 | 000,087,552 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\_ctypes.pyd
MOD - [2014/12/15 15:37:59 | 000,078,336 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\wx._animate.pyd
MOD - [2014/12/15 15:37:59 | 000,070,656 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\wx._html2.pyd
MOD - [2014/12/15 15:37:59 | 000,045,568 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\_socket.pyd
MOD - [2014/12/15 15:37:59 | 000,038,912 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32inet.pyd
MOD - [2014/12/15 15:37:59 | 000,035,840 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32process.pyd
MOD - [2014/12/15 15:37:59 | 000,027,136 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\_multiprocessing.pyd
MOD - [2014/12/15 15:37:59 | 000,025,600 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32pdh.pyd
MOD - [2014/12/15 15:37:59 | 000,024,064 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32pipe.pyd
MOD - [2014/12/15 15:37:59 | 000,022,528 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32ts.pyd
MOD - [2014/12/15 15:37:59 | 000,018,432 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32event.pyd
MOD - [2014/12/15 15:37:59 | 000,017,408 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32profile.pyd
MOD - [2014/12/15 15:37:59 | 000,011,264 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32crypt.pyd
MOD - [2014/12/15 15:37:59 | 000,010,240 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\select.pyd
MOD - [2014/12/15 15:37:59 | 000,007,168 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\hashobjs_ext.pyd
MOD - [2014/12/05 20:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/05 20:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/05 20:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/05 20:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/09/17 11:54:45 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\eab470ea118ad56a2a287fbc9b4eb814\System.Xaml.ni.dll
MOD - [2014/09/17 07:36:25 | 017,999,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3a80d309a42932484b46e1ce5b1a26fb\PresentationFramework.ni.dll
MOD - [2014/09/17 07:36:12 | 011,451,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\52a6dbea295b050d39eac633f4f45699\PresentationCore.ni.dll
MOD - [2014/09/17 07:36:08 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\eb5ed59617b97ec2ac332e367285fefc\PresentationFramework.Aero.ni.dll
MOD - [2014/09/17 07:36:05 | 013,140,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bc9c68dd8cfcf134e5f385a8ce73a05f\System.Windows.Forms.ni.dll
MOD - [2014/09/17 07:36:01 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b4c5db3d869e939a848ca08ac7cf3e88\System.Core.ni.dll
MOD - [2014/09/17 07:35:54 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\311df96b9394d130b24653d51163142e\WindowsBase.ni.dll
MOD - [2014/09/17 07:35:52 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a421135e2f2680ad100d485476a520f4\System.Drawing.ni.dll
MOD - [2014/09/17 07:35:49 | 009,086,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\0c9b60c066b18195e4b293e0d0802f60\System.ni.dll
MOD - [2014/09/17 07:35:44 | 014,416,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\64a3cdb7bc50e751c0bfb210625265d9\mscorlib.ni.dll
MOD - [2014/02/12 19:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 19:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/10 13:40:14 | 000,075,776 | ---- | M] () -- C:\notes\data\workspace\.config\org.eclipse.osgi\bundles\824\1\.cp\os\win32\NativeNetInfo.dll
MOD - [2014/01/10 13:40:07 | 004,505,600 | ---- | M] () -- C:\notes\data\workspace\.config\org.eclipse.osgi\bundles\795\1\.cp\os\win32\x86\PhoneGridGIPS.dll
MOD - [2014/01/10 13:39:40 | 000,090,112 | ---- | M] () -- C:\notes\data\workspace\.config\org.eclipse.osgi\bundles\138\1\.cp\swtIbmWrapper.dll
MOD - [2014/01/10 13:21:37 | 000,208,896 | ---- | M] () -- C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.os.win32_6.2.3.20130726-0900\os\win32\x86\os.dll
MOD - [2014/01/10 13:21:31 | 000,061,440 | ---- | M] () -- C:\notes\framework\shared\eclipse\plugins\com.ibm.collaboration.realtime.ui.win32.win32.x86_8.5.1.20130618-0800\os\win32\x86\Win32WindowUtils2.dll
MOD - [2014/01/10 13:20:48 | 000,147,456 | ---- | M] () -- C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.xulrunner.runtime.win32.x86_6.2.3.20130726-0900\swtxpcom.dll
MOD - [2013/02/22 10:00:54 | 000,184,320 | ---- | M] () -- C:\notes\libpng15.dll
MOD - [2012/01/30 08:48:19 | 000,967,168 | ---- | M] () -- C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\libxml2.dll
MOD - [2012/01/30 08:48:16 | 000,163,840 | ---- | M] () -- C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.system.win32_3.0.0.20110822-1305\basis\program\libxslt.dll
MOD - [2012/01/30 08:48:12 | 000,139,264 | ---- | M] () -- C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.base.win32_3.0.0.20110822-1305\basis\program\nsldap32v50.dll
MOD - [2012/01/30 08:46:33 | 000,841,728 | ---- | M] () -- C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.xulrunner.runtime.win32.x86_6.2.3.20110915-1350\xulrunner\js3250.dll
MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/10/20 10:12:28 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
MOD - [2011/09/15 16:19:14 | 000,081,920 | ---- | M] () -- C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\eclipse_1118.dll
MOD - [2011/09/15 16:19:12 | 000,110,592 | ---- | M] () -- C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\pipeserver.dll
MOD - [2011/01/20 21:44:32 | 000,394,224 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2011/01/12 18:22:58 | 000,518,640 | ---- | M] () -- C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/08/06 07:19:58 | 002,371,584 | ---- | M] () -- C:\notes\ltspln50.dll
MOD - [2008/06/25 11:18:18 | 000,098,304 | ---- | M] () -- C:\notes\zlib1.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/07/25 08:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2012/01/27 07:50:49 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011/10/17 15:48:24 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/08/08 07:39:18 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 21:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 20:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/07/22 12:21:34 | 000,060,264 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2011/07/22 12:21:18 | 000,041,832 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/07/12 16:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2011/07/12 16:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2011/06/03 12:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/03/29 19:15:36 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/12/17 08:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/12/08 13:23:47 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/14 11:18:43 | 000,576,240 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files (x86)\C4ebreg\c4ebreg.exe -- (ISAMSvc)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/16 09:15:53 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/20 18:45:44 | 002,377,984 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe -- (SmcService)
SRV - [2013/10/20 18:45:44 | 000,334,736 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe -- (SNAC)
SRV - [2013/10/20 18:45:38 | 000,144,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2013/08/01 12:39:12 | 000,192,104 | ---- | M] (IBM Corp) [Auto | Running] -- c:\notes\SUService.exe -- (LNSUSvc)
SRV - [2013/08/01 12:36:44 | 004,456,040 | ---- | M] (IBM) [Auto | Running] -- c:\notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2013/05/03 16:19:34 | 005,387,640 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)
SRV - [2012/09/25 16:03:16 | 013,387,128 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe -- (Intelligent Response Agent)
SRV - [2012/09/07 13:09:18 | 000,184,088 | ---- | M] (IBM Corp.) [Auto | Running] -- c:\sdwork\issimsvc.exe -- (ISSIMon)
SRV - [2012/07/21 15:05:20 | 001,588,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service)
SRV - [2012/02/09 15:30:04 | 000,745,472 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\IBM\Tivoli\Remote Control\Target\trc_base.exe -- (TRCTARGET)
SRV - [2012/01/27 07:48:07 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2011/10/20 12:09:18 | 000,269,376 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2011/10/20 12:09:16 | 000,134,208 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2011/08/12 23:18:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/12 05:20:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/07/25 23:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/03/24 03:48:00 | 000,477,032 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2011/03/24 03:48:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/03/02 08:09:42 | 000,354,288 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2011/03/02 08:09:06 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2011/02/25 01:02:00 | 000,039,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2011/02/09 17:36:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2010/11/20 07:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/11/18 16:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010/09/09 12:40:38 | 000,079,200 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe -- (NetLogSvc)
SRV - [2010/09/09 12:40:24 | 000,476,000 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe -- (netcfgsvr)
SRV - [2010/09/09 12:40:02 | 000,349,536 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe -- (NetClientSvc)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/02 18:43:16 | 000,353,672 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/02/27 07:53:51 | 000,155,352 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SysPlant.sys -- (SysPlant)
DRV:64bit: - [2014/02/26 14:10:26 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/11/22 12:43:12 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53)
DRV:64bit: - [2013/10/20 18:45:46 | 001,147,480 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013/10/20 18:45:46 | 000,797,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/10/20 18:45:46 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/10/20 18:45:46 | 000,437,336 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\symnets.sys -- (SYMNETS)
DRV:64bit: - [2013/10/20 18:45:46 | 000,224,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/10/20 18:45:46 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys -- (ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE})
DRV:64bit: - [2013/10/20 18:45:46 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/10/20 18:45:44 | 000,092,456 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Teefer.sys -- (Teefer2)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/21 15:05:34 | 000,015,848 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\PGPwdefs.sys -- (Pgpwdefs)
DRV:64bit: - [2012/07/21 15:05:32 | 000,372,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PGPwded.sys -- (PGPwded)
DRV:64bit: - [2012/07/21 15:05:30 | 000,051,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PGPsdk.sys -- (PGPsdkDriver)
DRV:64bit: - [2012/07/21 15:05:22 | 000,273,848 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PGPdisk.sys -- (PGPdisk)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/27 07:51:10 | 001,423,408 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/01/27 07:50:59 | 000,118,016 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LenovoRd.sys -- (LenovoRd)
DRV:64bit: - [2012/01/27 07:50:57 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2012/01/27 07:50:57 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2012/01/27 07:50:57 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2012/01/27 07:50:57 | 000,054,784 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2012/01/27 07:50:56 | 000,067,072 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2012/01/27 07:50:56 | 000,061,952 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2012/01/27 07:50:51 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2012/01/27 07:50:51 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2012/01/27 07:50:50 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iastor)
DRV:64bit: - [2012/01/27 07:50:49 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/01/27 07:50:49 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2012/01/27 07:50:49 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2012/01/27 07:50:44 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2012/01/27 07:50:33 | 000,419,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV:64bit: - [2012/01/27 07:50:33 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2012/01/27 07:50:33 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2012/01/27 07:50:32 | 000,411,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV:64bit: - [2012/01/27 07:50:32 | 000,101,416 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\l36wgps64.sys -- (l36wgps)
DRV:64bit: - [2012/01/27 07:48:09 | 000,091,648 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2012/01/27 07:48:09 | 000,029,696 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2012/01/27 07:48:08 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012/01/27 07:48:08 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012/01/27 07:48:08 | 000,022,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwupgrade.sys -- (huawei_update)
DRV:64bit: - [2012/01/27 07:48:08 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2012/01/27 07:48:07 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012/01/27 07:48:07 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2012/01/27 07:48:06 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2012/01/27 07:48:05 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2012/01/27 07:48:05 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2012/01/27 07:48:05 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2011/10/17 16:24:50 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/10/17 16:24:44 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/10/17 16:24:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/10/03 15:46:40 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/09/26 02:40:28 | 012,309,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/12 23:18:00 | 000,027,240 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/04 15:45:24 | 000,341,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/08/03 17:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/06/15 12:50:44 | 000,348,944 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ifM60x64.sys -- (IFCoEMP)
DRV:64bit: - [2011/03/29 19:13:40 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011/03/29 19:11:48 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011/03/24 03:48:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2011/03/24 03:48:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 01:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2011/02/09 01:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2011/02/09 01:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:07:04 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 04:57:43 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/09/09 15:24:04 | 000,190,464 | ---- | M] (AT&T) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\agnfilt.sys -- (agnfilt)
DRV:64bit: - [2010/09/07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/07/14 11:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/06/29 18:22:50 | 000,014,848 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avpnnic.sys -- (avpnnic)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/11/16 06:27:48 | 000,041,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma2)
DRV:64bit: - [2009/11/16 06:27:46 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd160x64.sys -- (ioatdma1)
DRV:64bit: - [2009/11/16 06:27:44 | 000,046,792 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ioatdma.sys -- (ioatdma)
DRV:64bit: - [2009/11/02 18:43:16 | 000,161,256 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vna.sys -- (VNA)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:35:02 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1k60x64.sys -- (e1kexpress)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007/02/19 00:56:38 | 000,027,136 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2014/12/11 06:01:56 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/12/11 06:01:55 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/11/18 18:13:19 | 000,637,656 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20141212.011\IDSviA64.sys -- (IDSVia64)
DRV - [2014/10/03 23:06:12 | 001,586,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20141210.012\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/09/24 13:05:23 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141215.002\ex64.sys -- (NAVEX15)
DRV - [2014/09/24 13:05:23 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141215.002\eng64.sys -- (NAVENG)
DRV - [2014/07/29 14:42:52 | 000,025,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\ProgramData\MANDIANT\MANDIANT Intelligent Response Agent\mktools.sys -- (Mandiant_Tools)
DRV - [2013/10/20 18:45:44 | 000,034,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys -- (SyDvCtrl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C ED 65 D5 DD 17 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {2602979F-3C33-4DC4-897A-BAA62A38788B}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;<local>;*.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "w3.ibm.com"
FF - prefs.js..extensions.enabledAddons: %7B9EB34849-81D3-4841-939D-666D522B889A%7D:1.5.7.158
FF - prefs.js..extensions.enabledAddons: %7Bbb6bc1bb-f824-4702-90cd-35e2fb24f25d%7D:1.5.1.1
FF - prefs.js..extensions.enabledAddons: %7BDBBB3167-6E81-400f-BBFD-BD8921726F52%7D:7091.2014.0409.2153
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@IBM.com/Java60: C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@IBM.com/Java,version=1.6.0: C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
FF - HKLM\Software\MozillaPlugins\@IBM.com/JavaPlugin: C:\Program Files (x86)\IBM\Java60\jre\bin\plugin2\npjp2.dll (IBM)
FF - HKLM\Software\MozillaPlugins\@IBM.com/WDPlugin,version=1: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/15 08:30:43 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\IBM_ADMIN\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@IBM.com/WDPlugin,version=1: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/15 08:30:43 | 000,000,000 | ---D | M]
FF - HKCU\Software\MozillaPlugins\LWAPlugin15.8: C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/06/11 14:14:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/15 08:30:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/06/11 14:14:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/15 08:30:43 | 000,000,000 | ---D | M]
[2013/07/29 09:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Extensions
[2013/07/29 09:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Extensions\
[email protected]
[2014/12/14 23:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions
[2012/07/25 19:54:59 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2013/03/31 09:08:11 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2014/12/14 23:51:38 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2012/01/30 08:34:56 | 000,000,000 | ---D | M] (IBM Add To Notes Address Book BluePages Plugin) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\
[email protected]
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (IBM CCK) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\
[email protected]
[2013/10/01 11:50:04 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+) - IBM Edition) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\
[email protected]
[2012/01/30 08:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\
[email protected]\defaults
[2012/01/30 08:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\
[email protected]\plugins
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\
[email protected]\chrome
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\
[email protected]\components
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\
[email protected]\defaults
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\
[email protected]\modules
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\
[email protected]\searchplugins
[2014/12/02 15:16:28 | 000,319,610 | ---- | M] () (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\firefox\profiles\2ziq4yrx.default\extensions\
[email protected]\lucifox-0.9.9-fx+sm.xpi
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (IBM Add To Notes Address Book BluePages Plugin) -- C:\Program Files (x86)\Mozilla Firefox\extensions\
[email protected]
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (IBM CCK) -- C:\Program Files (x86)\Mozilla Firefox\extensions\
[email protected]
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (IE Tab + (IBM Edition)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\
[email protected]
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/16 09:15:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\
[email protected]\defaults
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\
[email protected]\plugins
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\
[email protected]\chrome
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\
[email protected]\components
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\
[email protected]\defaults
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\
[email protected]\modules
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\
[email protected]\searchplugins
[2010/10/12 15:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 15:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 15:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/10/12 15:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010/08/02 12:01:32 | 000,122,880 | ---- | M] (IBM ) -- C:\Program Files (x86)\mozilla firefox\plugins\npcpsweb.dll
[2010/10/12 17:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2012/06/28 15:30:44 | 000,299,696 | ---- | M] (IBM ) -- C:\Program Files (x86)\mozilla firefox\plugins\npwdplugin821.dll
[2010/10/12 15:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
========== Chrome ==========
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbnookjgoaaelhciadikaadnkgmiamei\3.4.5_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\edppjepaddkecolndfomijbbccbepinm\1.2.6_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjnkapjmjfpipfcccnjbjcbgdnahpjp\2.0.265_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin\1.4.3_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj\0.9.5_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2014/12/12 15:06:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\IBM\Java60\jre\bin\ssv.dll (IBM)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll (IBM)
O2 - BHO: (Plugin Class) - {56CD20F0-7C09-11D5-A768-0050042307CE} - c:\Program Files (x86)\SAP\SAP Tutor\free_PlayerIE.dll (SAP AG)
O2 - BHO: (Symantec Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [C4EBReg] C:\Program Files (x86)\C4ebreg\c4ebreg.exe (IBM Corp.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Isamtray] C:\Program Files (x86)\C4ebreg\isamtray.exe (IBM Corp.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe (Sonic Solutions)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_47692A8BDE1D0898868E82D17210B48D] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files (x86)\AT&T Network Client\NetSP.exe (AT&T)
O4 - HKCU..\Run: [NotesSODCPreLoad] C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\preload.exe ()
O4 - HKCU..\RunOnce: [Adobe Speed Launcher] 1418675976 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Open Text\SOCKS Client\HumSOCKS.dll (Open Text Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Open Text\SOCKS Client\HumSOCKS.dll (Open Text Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ibm.com ([w3-03] https in Trusted sites)
O15 - HKCU\..Trusted Domains: wiley.com ([naedge] http in Trusted sites)
O15 - HKCU\..Trusted Domains: wiley.com ([naedge] https in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} C:\Users\IBM_AD~1\AppData\Local\Temp\f5tmp\f5certchk.cab (F5 Networks Certificate Checker)
O16 - DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\IBM_AD~1\AppData\Local\Temp\f5tmp\f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\IBM_AD~1\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1 (F5 Networks Auto Update)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} C:\Users\IBM_AD~1\AppData\Local\Temp\f5tmp\f5InspectionHost.cab (F5 Networks Policy Agent Host Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http:// (Java Plug-in 11.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http:// (Java Plug-in 11.25.2)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\IBM_AD~1\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.128.128.128
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9B3B138-37B1-4DDB-8F6D-E3DE308AB852}: DhcpNameServer = 10.128.128.128
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC2CF689-6241-4B37-B9AA-C711A5084DE0}: NameServer = 9.0.130.50,9.0.128.50
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 360 Days ==========
[2014/12/15 15:47:27 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\smkits
[2014/12/15 07:39:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/12/15 07:22:17 | 000,000,000 | ---D | C] -- C:\FRST
[2014/12/14 23:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\F5 Networks
[2014/12/14 22:08:14 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Wiley
[2014/12/12 15:06:38 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/12/12 14:20:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/12/12 14:20:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/12/12 14:20:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/12/12 14:19:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/12/12 14:18:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/12/12 12:16:11 | 005,198,336 | ---- | C] (AVAST Software) -- C:\Users\IBM_ADMIN\Desktop\aswmbr.exe
[2014/12/12 11:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2014/12/12 11:35:21 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\CheckPoint
[2014/12/12 10:44:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/12/10 20:13:24 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/10 20:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/12/10 20:12:52 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/12/10 20:12:52 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/12/10 20:12:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/11/26 23:33:05 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\LavasoftStatistics
[2014/11/17 11:14:36 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2014/11/17 11:14:36 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2014/11/17 11:12:47 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2014/11/17 11:12:47 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2014/11/17 11:12:32 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2014/11/17 11:12:32 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2014/11/17 11:12:31 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/11/17 11:12:31 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/11/17 11:12:30 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/11/17 11:12:30 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/11/17 11:08:52 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/11/17 11:08:52 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/11/17 11:08:52 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/11/17 11:08:52 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/11/17 11:08:51 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/11/17 11:07:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/11/17 11:07:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/11/17 11:05:24 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/11/17 11:02:59 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/11/17 11:02:59 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/11/17 11:01:10 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014/11/14 11:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/11/11 10:46:26 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\PandoraRecovery
[2014/11/11 10:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
[2014/11/11 10:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pandora Recovery
[2014/11/03 12:32:41 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Lands End
[2014/11/02 10:19:16 | 000,000,000 | R--D | C] -- C:\Users\IBM_ADMIN\Dropbox
[2014/11/02 10:18:42 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/11/02 10:17:42 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox
[2014/10/27 20:10:58 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Boeing
[2014/10/21 03:06:12 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/10/21 03:06:12 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/10/21 03:06:12 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/10/21 03:06:12 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/10/21 03:06:12 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/10/21 03:06:12 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/10/21 02:59:17 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/10/21 02:59:17 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/10/21 02:59:03 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/10/21 02:59:03 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/10/21 02:59:02 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/10/21 02:59:02 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/10/21 02:59:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/10/21 02:59:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/10/21 02:58:59 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/10/21 02:58:59 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/10/21 02:58:59 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/10/21 02:58:59 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/10/21 02:58:59 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/10/21 02:58:59 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/10/21 02:58:59 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/10/21 02:58:59 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/10/21 02:58:58 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/10/21 02:58:58 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/10/21 02:58:57 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/10/21 02:58:57 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/10/21 02:58:57 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/10/21 02:58:57 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/10/21 02:58:57 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/10/21 02:58:57 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/10/21 02:58:56 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/10/21 02:58:56 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/10/21 02:58:55 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/10/21 02:58:55 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/10/21 02:58:55 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/10/21 02:58:55 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/10/21 02:58:55 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/10/21 02:58:55 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/10/21 02:58:51 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/10/21 02:58:50 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/10/21 02:58:50 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/10/13 16:18:19 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Medibank
[2014/09/28 10:16:03 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\TeamViewer
[2014/09/19 11:29:26 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Local\WebEx
[2014/08/29 16:50:20 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/25 14:53:47 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Grainger
[2014/08/22 14:16:39 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/08/22 14:16:27 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/08/22 14:16:27 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/08/22 14:16:27 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/08/22 14:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/22 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/08/21 18:36:47 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/08/21 18:36:46 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/08/19 12:16:29 | 000,000,000 | -HSD | C] -- C:\Users\IBM_ADMIN\AppData\Local\EmieUserList
[2014/08/19 12:16:29 | 000,000,000 | -HSD | C] -- C:\Users\IBM_ADMIN\AppData\Local\EmieSiteList
[2014/08/19 09:59:16 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2014/08/19 09:45:13 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/08/19 09:45:07 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/08/19 09:45:07 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/08/19 09:45:07 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/08/19 09:45:07 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/08/19 09:45:07 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/08/19 09:45:07 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/08/19 09:45:07 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/08/19 09:45:07 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/08/19 09:45:07 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/08/19 09:45:07 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/08/19 09:45:07 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/08/19 09:45:07 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/08/19 09:45:07 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/08/19 09:45:07 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/08/19 09:45:07 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/08/19 09:45:07 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/08/19 09:45:07 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/08/19 09:45:07 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/08/19 09:45:07 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/08/19 09:45:07 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/08/19 09:45:07 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/08/19 09:45:07 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/08/19 09:45:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/08/19 09:45:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/08/19 09:45:07 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/08/19 09:45:07 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/08/19 09:45:07 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/08/19 09:45:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/08/19 09:45:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/08/19 09:45:07 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/08/19 09:45:07 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/08/19 09:45:07 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/08/19 09:45:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/08/19 09:45:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/08/19 09:45:07 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/08/19 09:45:07 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/08/19 09:45:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/08/19 09:45:07 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/08/19 09:45:06 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/08/19 09:45:06 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/08/19 09:45:06 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/08/19 09:45:06 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/08/19 09:45:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/08/19 09:45:06 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/08/19 09:43:42 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/08/19 09:43:42 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/08/19 09:43:42 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/08/19 09:43:42 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2014/08/19 09:43:42 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2014/08/19 09:43:42 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2014/08/19 09:43:42 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2014/08/19 09:43:00 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2014/08/19 09:41:36 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/19 09:41:36 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/19 09:41:35 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/08/19 09:41:35 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/08/19 09:41:35 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2014/08/19 09:41:35 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2014/08/19 09:41:35 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/08/19 09:41:35 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2014/08/19 09:41:35 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2014/08/19 09:41:35 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2014/08/19 09:41:35 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2014/08/19 09:41:35 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/08/19 09:41:35 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/08/19 09:41:35 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2014/08/19 09:41:35 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2014/08/19 09:41:35 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2014/08/19 09:41:35 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2014/08/19 09:41:35 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2014/08/19 09:41:35 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2014/08/19 09:41:35 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2014/08/19 09:41:35 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2014/08/19 09:41:35 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/19 09:41:35 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/19 09:41:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/19 09:41:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/19 09:41:35 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/19 09:41:35 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/19 09:38:59 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2014/08/19 09:38:59 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2014/08/18 08:31:42 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/08/18 08:31:42 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/08/18 08:31:42 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2014/08/18 08:31:42 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2014/08/18 08:31:42 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/08/18 08:31:37 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/08/18 08:24:01 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/08/18 08:00:28 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2014/08/18 08:00:28 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2014/08/18 08:00:28 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2014/08/18 08:00:28 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2014/08/18 08:00:28 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014/08/18 08:00:28 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014/08/18 08:00:12 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/08/18 08:00:12 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/08/04 09:09:17 | 000,000,000 | -HSD | C] -- C:\Users\IBM_ADMIN\Documents\cache
[2014/07/31 12:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2014/07/31 12:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/07/31 12:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/07/31 12:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/07/30 14:43:30 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Allison
[2014/07/29 14:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MANDIANT
[2014/07/29 14:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MANDIANT
[2014/07/21 16:15:51 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\AdobeMuse
[2014/07/21 16:12:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Muse
[2014/07/21 16:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/07/16 13:33:10 | 000,000,000 | ---D | C] -- C:\ibmbeta
[2014/07/14 07:58:41 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/07/14 07:58:41 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/07/14 07:50:24 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/07/14 07:50:24 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/06/22 10:14:35 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Local\Adobe
[2014/06/22 10:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/06/22 10:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014/06/20 10:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2014/06/16 22:06:55 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/06/16 21:57:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/16 21:57:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/06/16 21:56:19 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/06/16 21:56:19 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/06/11 14:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/06/11 14:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/06/11 14:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/06/11 14:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/06/11 14:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/06/11 14:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/06/11 14:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2014/06/03 10:16:36 | 000,000,000 | ---D | C] -- C:\My Web Sites
[2014/06/03 10:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
[2014/06/03 10:16:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinHTTrack
[2014/06/02 08:40:08 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Sunoco
[2014/05/12 11:40:14 | 000,000,000 | ---D | C] -- C:\swd
[2014/04/14 08:58:47 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/14 08:58:47 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/14 08:58:47 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/14 08:58:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/14 08:58:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/14 08:58:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/14 08:58:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/14 08:58:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/14 08:58:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/14 08:58:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/04/04 09:44:34 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\E&Y
[2014/04/01 12:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAP Tutor
[2014/04/01 08:34:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2014/03/24 19:14:24 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Oracle
[2014/03/24 12:01:49 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Saba
[2014/03/24 12:01:45 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Centra
[2014/03/19 08:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Text SOCKS Client 14 x64
[2014/03/19 08:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Open Text
[2014/03/19 08:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Open Text
[2014/03/19 08:40:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Open Text
[2014/03/18 13:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\BigFix
[2014/03/14 15:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2013
[2014/03/14 15:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HRBlock2013
[2014/03/04 10:58:44 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Aramco
[2014/02/27 07:53:56 | 000,158,096 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\FwsVpn.dll
[2014/02/27 07:53:56 | 000,044,448 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\WGX64.SYS
[2014/02/27 07:53:52 | 000,361,360 | ---- | C] (Symantec Corporation) -- C:\Windows\SysWow64\sysfer.dll
[2014/02/27 07:53:52 | 000,011,152 | ---- | C] (Symantec Corporation) -- C:\Windows\SysWow64\sysferThunk.dll
[2014/02/27 07:53:51 | 000,459,152 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\sysfer.dll
[2014/02/27 07:53:51 | 000,155,352 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SysPlant.sys
[2014/02/27 07:53:51 | 000,012,176 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\sysferThunk.dll
[2014/02/26 14:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1992-12.com.symantec
[2014/02/26 14:07:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64
[2014/02/26 14:07:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP
[2014/02/26 14:07:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105
[2014/02/26 14:07:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C010FAD
[2014/02/17 10:11:09 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\SAP-Rational Connector
[2014/02/12 09:51:59 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\UltraVNC
[2014/02/12 09:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC
[2014/02/12 09:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uvnc bvba
[2014/02/10 12:51:23 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\WR Grace
[2014/02/04 19:41:22 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Pinnacle Studio
[2014/02/04 15:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pinnacle
[2014/02/04 14:59:51 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Local\Pinnacle
[2014/02/04 14:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Ultimate Collection
[2014/02/04 14:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 15
[2014/02/04 14:55:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Projects
[2014/02/04 14:53:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pegasus Imaging
[2014/02/04 14:53:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Yahoo!
[2014/02/04 14:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Studio 15
[2014/02/04 14:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Plus
[2014/02/04 14:53:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2014/02/04 14:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2014/02/04 14:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pinnacle
[2014/01/17 15:24:12 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2014/01/17 15:24:12 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2014/01/13 13:46:26 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Cepheid
[2014/01/10 13:31:11 | 000,084,288 | ---- | C] (IBM) -- C:\Windows\SysWow64\javacplIBM60.cpl
[2014/01/10 13:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TempFolder
[2014/01/10 09:58:00 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Desktop\Temp
[2014/01/09 09:10:03 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
[2014/01/06 14:23:36 | 004,558,848 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2014/01/03 11:17:15 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Southwire
[2014/01/03 10:17:04 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\IBM
[2013/12/27 09:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/12/27 09:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/12/27 09:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[1 C:\Users\IBM_ADMIN\*.tmp files -> C:\Users\IBM_ADMIN\*.tmp -> ]
========== Files - Modified Within 360 Days ==========
[2014/12/15 15:59:42 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/15 15:59:39 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/12/15 15:59:39 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/12/15 15:55:26 | 002,536,805 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\Cat.DB
[2014/12/15 15:49:20 | 000,027,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/15 15:49:20 | 000,027,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/15 15:36:34 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/15 15:35:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/15 15:34:30 | 2055,655,423 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/15 15:27:13 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2014/12/15 15:19:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/15 14:35:00 | 000,000,594 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-598280094-1804934353-2193003435-1000.job
[2014/12/15 12:08:42 | 000,001,832 | ---- | M] () -- C:\Users\IBM_ADMIN\AppData\Local\SLC_rryanthony.prx
[2014/12/14 23:51:52 | 000,000,000 | ---- | M] () -- C:\Windows\f5unistall.INI
[2014/12/14 22:26:01 | 000,061,440 | ---- | M] ( ) -- C:\Users\IBM_ADMIN\Desktop\VEW.exe
[2014/12/14 22:19:38 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/12 15:06:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/12/12 14:20:56 | 000,778,950 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/12 14:20:56 | 000,660,374 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/12 14:20:56 | 000,121,270 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/12 12:16:13 | 005,198,336 | ---- | M] (AVAST Software) -- C:\Users\IBM_ADMIN\Desktop\aswmbr.exe
[2014/12/12 10:21:15 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/10 20:12:55 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/08 08:09:00 | 000,062,790 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\VT20141208.005
[2014/12/04 14:24:16 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
[2014/11/30 15:19:08 | 000,198,568 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\REBATE MCA-10008 US New.pdf
[2014/11/26 23:32:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/11/24 12:18:57 | 000,042,525 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\B3LE3_-CAAEwHoN.jpg-large
[2014/11/21 11:09:00 | 000,821,273 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\Lil Roy Restaurant Certificate.pdf
[2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/11/18 07:29:12 | 000,546,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/18 07:16:30 | 000,587,244 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\grendle308-screenplay-hell_swallowed_whole.pdf
[2014/11/18 07:16:14 | 000,183,648 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\BobGrieve-screenplay-hot_air_3rd_draft.pdf
[2014/11/14 11:18:33 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/11/12 09:10:03 | 000,080,624 | ---- | M] (IBM Corp.) -- C:\Windows\isamunin.exe
[2014/11/11 10:46:23 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2014/11/04 14:40:20 | 000,062,964 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\saltwater_fishing_guide.pdf
[2014/11/02 10:19:17 | 000,001,005 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\Dropbox.lnk
[2014/10/24 20:57:59 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/10/24 20:32:37 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/10/17 21:05:23 | 000,861,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014/10/13 21:12:57 | 001,460,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/10/13 21:09:31 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2014/10/13 21:07:31 | 000,681,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2014/10/13 20:47:30 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2014/10/13 20:46:02 | 000,681,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2014/10/02 21:12:00 | 000,500,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/10/02 21:11:54 | 000,284,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/10/02 21:11:51 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/10/02 21:11:51 | 000,296,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/10/02 20:44:42 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/09/19 04:42:47 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/09/11 10:15:58 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/08/22 21:07:00 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/22 14:16:21 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/08/22 14:16:21 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/08/22 14:16:21 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/08/21 01:40:32 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/08/21 01:23:10 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/08/19 09:45:13 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/08/19 09:45:07 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/08/19 09:45:07 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/08/19 09:45:07 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/08/19 09:45:07 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/08/19 09:45:07 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/08/19 09:45:07 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/08/19 09:45:07 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/08/19 09:45:07 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/08/19 09:45:07 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/08/19 09:45:07 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/08/19 09:45:07 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/08/19 09:45:07 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/08/19 09:45:07 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/08/19 09:45:07 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/08/19 09:45:07 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/08/19 09:45:07 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/08/19 09:45:07 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/08/19 09:45:07 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/08/19 09:45:07 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/08/19 09:45:07 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/08/19 09:45:07 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/08/19 09:45:07 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/08/19 09:45:07 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/08/19 09:45:07 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/08/19 09:45:07 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/08/19 09:45:07 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/08/19 09:45:07 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/08/19 09:45:07 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/08/19 09:45:07 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/08/19 09:45:07 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/08/19 09:45:07 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/08/19 09:45:07 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/08/19 09:45:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/08/19 09:45:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/08/19 09:45:07 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/08/19 09:45:07 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/08/19 09:45:07 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/08/19 09:45:07 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/08/19 09:45:07 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/08/19 09:45:07 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/08/19 09:45:06 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/08/19 09:45:06 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/08/19 09:45:06 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/08/19 09:45:06 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/08/19 09:45:06 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/08/19 09:45:06 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/08/19 09:43:42 | 005,549,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/08/19 09:43:42 | 003,969,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/08/19 09:43:42 | 003,914,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/08/19 09:43:42 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2014/08/19 09:43:42 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2014/08/19 09:43:42 | 000,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2014/08/19 09:43:42 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2014/08/19 09:43:00 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2014/08/19 09:41:36 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/19 09:41:36 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/19 09:41:35 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/08/19 09:41:35 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/08/19 09:41:35 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2014/08/19 09:41:35 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2014/08/19 09:41:35 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/08/19 09:41:35 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2014/08/19 09:41:35 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2014/08/19 09:41:35 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2014/08/19 09:41:35 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2014/08/19 09:41:35 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/08/19 09:41:35 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/08/19 09:41:35 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2014/08/19 09:41:35 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2014/08/19 09:41:35 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2014/08/19 09:41:35 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2014/08/19 09:41:35 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2014/08/19 09:41:35 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2014/08/19 09:41:35 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2014/08/19 09:41:35 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2014/08/19 09:41:35 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/19 09:41:35 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/19 09:41:35 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/19 09:41:35 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/19 09:41:35 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/19 09:38:59 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2014/08/19 09:38:59 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2014/08/12 14:37:26 | 048,997,564 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\IMG_3036.MOV
[2014/08/11 21:02:49 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2014/08/11 20:36:37 | 000,701,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2014/07/31 12:47:14 | 000,001,518 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2014/07/25 09:01:41 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/07/25 08:30:30 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/07/25 08:28:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/07/25 08:28:27 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/07/25 08:25:45 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/07/25 08:10:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/07/25 08:03:50 | 000,598,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/07/25 08:00:51 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/07/25 08:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/07/25 07:59:28 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/07/25 07:47:25 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/07/25 07:40:12 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/07/25 07:34:49 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/07/25 07:33:08 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/07/25 07:30:32 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/07/25 07:28:15 | 005,824,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/07/25 07:28:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/07/25 07:19:18 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/07/25 07:17:33 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/07/25 07:17:26 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/07/25 07:12:35 | 000,438,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/07/25 07:10:53 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/07/25 07:10:15 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/07/25 07:08:47 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/07/25 06:47:50 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/07/25 06:43:16 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/07/25 06:42:31 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/07/25 06:39:29 | 002,087,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/07/25 06:39:25 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/07/25 06:36:30 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/07/25 06:34:04 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/07/25 06:07:49 | 002,001,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/07/25 06:07:10 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/07/25 05:17:47 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/07/25 05:09:19 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/07/13 21:02:45 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/06/30 17:24:50 | 000,008,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014/06/30 17:14:53 | 000,008,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014/06/22 10:31:02 | 000,193,182 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\Rajendran2014 NFFBAR.pdf
[2014/06/22 10:30:58 | 000,193,183 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\Regina_2014 NFFBAR.pdf
[2014/06/20 10:10:39 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2014/06/18 17:23:33 | 001,943,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/06/18 17:23:33 | 000,156,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/06/18 17:23:33 | 000,073,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/06/18 17:23:32 | 001,131,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/06/18 17:23:32 | 000,156,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/06/18 17:23:32 | 000,081,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/06/17 21:18:30 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/06/17 20:51:32 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/06/06 05:10:34 | 000,624,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/06/06 04:44:17 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/06/06 01:16:07 | 000,035,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/06/06 01:12:57 | 000,035,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/06/03 05:02:37 | 000,112,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/06/03 05:02:21 | 003,241,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/06/03 05:02:21 | 000,504,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2014/06/03 05:02:12 | 001,941,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/06/03 04:29:50 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2014/06/03 04:29:40 | 001,805,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/05/23 21:34:25 | 000,144,693 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\dennisdebon-screenplay-project_blue_book.pdf
[2014/05/12 12:55:59 | 000,106,003 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\THE BREAK IN 2011.pdf
[2014/04/24 21:34:59 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/04/11 21:19:38 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/04/11 21:19:38 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/04/11 21:19:37 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/04/04 21:47:09 | 000,288,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/03/26 09:41:39 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/03/26 09:25:14 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/03/09 16:48:52 | 000,171,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2014/03/09 16:48:51 | 001,389,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2014/03/09 16:47:43 | 000,099,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2014/03/09 16:47:42 | 000,619,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2014/03/07 12:48:39 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2014/03/04 04:44:21 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/03/04 04:44:21 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/03/04 04:44:21 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/03/04 04:44:03 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/03/04 04:44:00 | 001,163,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/03/04 04:17:19 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/03/04 04:16:54 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/03/04 04:16:18 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/03/04 03:09:30 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/03/04 03:09:29 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/02/27 07:53:57 | 000,056,720 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\snacnp.dll
[2014/02/27 07:53:57 | 000,050,576 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWow64\snacnp.dll
[2014/02/27 07:53:56 | 000,576,912 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\SymVPN.dll
[2014/02/27 07:53:56 | 000,158,096 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\FwsVpn.dll
[2014/02/27 07:53:56 | 000,044,448 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\WGX64.SYS
[2014/02/27 07:53:52 | 000,361,360 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWow64\sysfer.dll
[2014/02/27 07:53:52 | 000,011,152 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWow64\sysferThunk.dll
[2014/02/27 07:53:51 | 000,459,152 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\sysfer.dll
[2014/02/27 07:53:51 | 000,155,352 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SysPlant.sys
[2014/02/27 07:53:51 | 000,012,176 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\sysferThunk.dll
[2014/02/26 14:10:26 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/02/26 14:10:26 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/02/26 14:10:26 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/02/26 14:09:04 | 000,000,114 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\isolate.ini
[2014/02/17 08:57:10 | 000,773,166 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/01/17 15:24:12 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2014/01/17 15:24:12 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2014/01/16 12:30:04 | 000,004,096 | -H-- | M] () -- C:\Users\IBM_ADMIN\AppData\Local\keyfile3.drm
[2014/01/06 14:23:36 | 004,558,848 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2013/12/24 17:48:32 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[1 C:\Users\IBM_ADMIN\*.tmp files -> C:\Users\IBM_ADMIN\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/12/15 15:24:11 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2014/12/14 23:51:52 | 000,000,000 | ---- | C] () -- C:\Windows\f5unistall.INI
[2014/12/14 22:26:00 | 000,061,440 | ---- | C] ( ) -- C:\Users\IBM_ADMIN\Desktop\VEW.exe
[2014/12/12 14:20:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/12/12 14:20:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/12/12 14:20:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/12/12 14:20:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/12/12 14:20:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/12/12 11:40:01 | 000,001,832 | ---- | C] () -- C:\Users\IBM_ADMIN\AppData\Local\SLC_rryanthony.prx
[2014/12/09 00:03:45 | 000,062,790 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\VT20141208.005
[2014/11/30 15:19:05 | 000,198,568 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\REBATE MCA-10008 US New.pdf
[2014/11/26 23:32:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/11/24 12:18:57 | 000,042,525 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\B3LE3_-CAAEwHoN.jpg-large
[2014/11/21 11:08:57 | 000,821,273 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\Lil Roy Restaurant Certificate.pdf
[2014/11/18 07:16:30 | 000,587,244 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\grendle308-screenplay-hell_swallowed_whole.pdf
[2014/11/18 07:16:13 | 000,183,648 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\BobGrieve-screenplay-hot_air_3rd_draft.pdf
[2014/11/11 10:46:23 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2014/11/04 14:40:19 | 000,062,964 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\saltwater_fishing_guide.pdf
[2014/11/02 10:19:16 | 000,001,005 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\Dropbox.lnk
[2014/09/02 07:30:24 | 048,997,564 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\IMG_3036.MOV
[2014/08/19 09:45:07 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/08/19 09:45:07 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/07/31 12:57:02 | 000,001,040 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
[2014/07/31 12:47:14 | 000,001,530 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2014/07/31 12:47:13 | 000,001,518 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2014/07/21 16:12:17 | 000,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Muse.lnk
[2014/06/22 10:29:34 | 000,193,183 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\Regina_2014 NFFBAR.pdf
[2014/06/22 10:20:47 | 000,193,182 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\Rajendran2014 NFFBAR.pdf
[2014/06/22 10:12:17 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/06/20 10:09:12 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2014/05/23 21:34:25 | 000,144,693 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\dennisdebon-screenplay-project_blue_book.pdf
[2014/05/12 12:55:59 | 000,106,003 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\THE BREAK IN 2011.pdf
[2014/04/14 08:11:14 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/07 10:01:56 | 000,000,594 | ---- | C] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-598280094-1804934353-2193003435-1000.job
[2014/02/27 07:53:57 | 002,536,805 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\Cat.DB
[2014/02/26 14:09:04 | 000,000,114 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\isolate.ini
[2014/02/04 14:49:35 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2014/01/16 12:30:04 | 000,004,096 | -H-- | C] () -- C:\Users\IBM_ADMIN\AppData\Local\keyfile3.drm
[2013/09/29 19:46:43 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2013/03/13 16:51:24 | 000,677,328 | ---- | C] () -- C:\Windows\SysWow64\amsrb932.dll
[2012/07/23 11:54:35 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.311018984119889580931149468956
[2012/01/30 08:44:03 | 000,061,305 | ---- | C] () -- C:\Users\IBM_ADMIN\install.xml
[2010/09/09 12:23:52 | 000,271,686 | ---- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >