Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop wifi shows connection but browsers won't download

Started by givemefood , Dec 11 2014 06:24 AM

  • Please log in to reply

#16
givemefood
Posted 15 December 2014 - 02:46 PM

givemefood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Here's the FRST fix log. I will post the remaining stuff in a few mins:

 

FRST log

------------

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by rryanthony at 2014-12-15 15:28:46 Run:1
Running from C:\Users\IBM_ADMIN\Downloads
Loaded Profiles: rryanthony & UpdatusUser (Available profiles: rryanthony & UpdatusUser)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
S2 PMEM; C:\Windows\SysWOW64\drivers\PMEMNT.SYS [7012 2002-07-17] (Microsoft Corporation) [File not signed]
AlternateDataStreams: C:\Users\IBM_ADMIN\Local Settings:s9CLc9Uqs52EW1aEg17R2W
AlternateDataStreams: C:\Users\IBM_ADMIN\AppData\Local:s9CLc9Uqs52EW1aEg17R2W
AlternateDataStreams: C:\Users\IBM_ADMIN\AppData\Local\Application Data:s9CLc9Uqs52EW1aEg17R2W
RoxWatch12
*****************
 
"HKU\S-1-5-21-598280094-1804934353-2193003435-1000\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}" => Key deleted successfully.
PMEM => Service deleted successfully.
"C:\Users\IBM_ADMIN\Local Settings" => ":s9CLc9Uqs52EW1aEg17R2W" ADS not found.
C:\Users\IBM_ADMIN\AppData\Local => ":s9CLc9Uqs52EW1aEg17R2W" ADS removed successfully.
"C:\Users\IBM_ADMIN\AppData\Local\Application Data" => ":s9CLc9Uqs52EW1aEg17R2W" ADS not found.
RoxWatch12 => Error: No automatic fix found for this entry.
 
==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by rryanthony at 2014-12-15 15:28:46 Run:1
Running from C:\Users\IBM_ADMIN\Downloads
Loaded Profiles: rryanthony & UpdatusUser (Available profiles: rryanthony & UpdatusUser)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
S2 PMEM; C:\Windows\SysWOW64\drivers\PMEMNT.SYS [7012 2002-07-17] (Microsoft Corporation) [File not signed]
AlternateDataStreams: C:\Users\IBM_ADMIN\Local Settings:s9CLc9Uqs52EW1aEg17R2W
AlternateDataStreams: C:\Users\IBM_ADMIN\AppData\Local:s9CLc9Uqs52EW1aEg17R2W
AlternateDataStreams: C:\Users\IBM_ADMIN\AppData\Local\Application Data:s9CLc9Uqs52EW1aEg17R2W
RoxWatch12
*****************
 
"HKU\S-1-5-21-598280094-1804934353-2193003435-1000\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}" => Key deleted successfully.
PMEM => Service deleted successfully.
"C:\Users\IBM_ADMIN\Local Settings" => ":s9CLc9Uqs52EW1aEg17R2W" ADS not found.
C:\Users\IBM_ADMIN\AppData\Local => ":s9CLc9Uqs52EW1aEg17R2W" ADS removed successfully.
"C:\Users\IBM_ADMIN\AppData\Local\Application Data" => ":s9CLc9Uqs52EW1aEg17R2W" ADS not found.
RoxWatch12 => Error: No automatic fix found for this entry.
 
==== End of Fixlog ====

  • 0

Advertisements

#17
givemefood
Posted 15 December 2014 - 06:07 PM

givemefood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

FRST.txt

------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by rryanthony (administrator) on IBM-2F08I7T981U on 15-12-2014 15:47:07
Running from C:\Users\IBM_ADMIN\Downloads
Loaded Profiles: rryanthony & UpdatusUser (Available profiles: rryanthony & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe
(IBM Corp.) C:\Program Files (x86)\C4ebreg\c4ebreg.exe
(IBM Corp.) C:\sdwork\issimsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(IBM Corp) C:\notes\SUService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(IBM) C:\notes\nsd.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe
(Symantec Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IBM) C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\soffice.bin
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Symantec Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
(IBM Corp.) C:\Program Files (x86)\C4ebreg\isamtray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
(Symantec Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPcbt64.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IBM Corp.) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetClient.exe
(AT&T) C:\Program Files (x86)\AT&T Network Client\NetMsg.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\AT&T Network Client\SwiApiMux.exe
(IBM Corp.) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2012-01-27] (Synaptics Incorporated)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [42344 2011-07-22] (Lenovo Group Limited)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ACWLIcon] => C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe [195648 2011-10-20] (Lenovo)
HKLM-x32\...\Run: [ACTray] => C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe [433216 2011-10-20] (Lenovo)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe [307184 2011-03-02] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe [518640 2011-01-12] ()
HKLM-x32\...\Run: [C4EBReg] => C:\Program Files (x86)\C4ebreg\c4ebreg.exe [576240 2014-11-14] (IBM Corp.)
HKLM-x32\...\Run: [Isamtray] => C:\Program Files (x86)\C4ebreg\isamtray.exe [381680 2014-11-14] (IBM Corp.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: xpmmsilauncher*.exe <====== ATTENTION
HKLM Group Policy restriction on software: WindowsXPMode*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\Run: [NetSP - restore settings on power failure] => C:\Program Files (x86)\AT&T Network Client\NetSP.exe [53600 2010-09-09] (AT&T)
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\Run: [NotesSODCPreLoad] => C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\preload.exe [40960 2012-01-30] ()
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\Run: [GoogleChromeAutoLaunch_47692A8BDE1D0898868E82D17210B48D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\RunOnce: [Adobe Speed Launcher] => 1418675976
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [239720 2011-08-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [200808 2011-08-12] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AT&T Global Network Client Monitor.lnk
ShortcutTarget: AT&T Global Network Client Monitor.lnk -> C:\Windows\Installer\{007AAB7C-E893-48BD-9DA2-7F417CA16322}\NetGM1_89563E53ECF44E868145468A128BDC83.exe (Acresso Software Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\InfoPrint Select Notification.lnk
ShortcutTarget: InfoPrint Select Notification.lnk -> C:\Program Files\IBM\Infoprint Select\ipnotify.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PGP Tray.lnk
ShortcutTarget: PGP Tray.lnk -> C:\Windows\Installer\{806D3984-9484-470A-BC63-3B7F65488B58}\Icon6560581611.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk
ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-598280094-1804934353-2193003435-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-598280094-1804934353-2193003435-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-598280094-1804934353-2193003435-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\IBM\Java60\jre\bin\ssv.dll (IBM)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll (IBM)
BHO-x32: Plugin Class -> {56CD20F0-7C09-11D5-A768-0050042307CE} -> c:\program files (x86)\sap\sap tutor\free_playerie.dll (SAP AG)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://
DPF: HKLM-x32 {00627E89-A19D-4A2B-938B-059CB7B1B493} C:\Users\IBM_AD~1\AppData\Local\Temp\f5tmp\f5certchk.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} http://
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\IBM_AD~1\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\IBM_AD~1\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} C:\Users\IBM_AD~1\AppData\Local\Temp\f5tmp\f5InspectionHost.cab
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\IBM_AD~1\AppData\Local\Temp\f5tmp\urxhost.cab
DPF: HKLM-x32 {E734BF43-7194-4E3A-832F-307606DDF665} https://cs.conferenc...ts/WDPLUGIN.CAB
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 08 C:\Program Files (x86)\Open Text\SOCKS Client\HumSOCKS.dll [528896] (Open Text Corporation)
Winsock: Catalog5-x64 08 C:\Program Files\Open Text\SOCKS Client\HumSOCKS.dll [727040] (Open Text Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.128.128.128
Tcpip\..\Interfaces\{AC2CF689-6241-4B37-B9AA-C711A5084DE0}: [NameServer] 9.0.130.50,9.0.128.50
 
FireFox:
========
FF ProfilePath: C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default
FF Homepage: w3.ibm.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @IBM.com/Java60 -> C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @IBM.com/Java,version=1.6.0 -> C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
FF Plugin-x32: @IBM.com/JavaPlugin -> C:\Program Files (x86)\IBM\Java60\jre\bin\plugin2\npjp2.dll (IBM)
FF Plugin-x32: @IBM.com/WDPlugin,version=1 -> C:\Program Files (x86)\Mozilla Firefox\plugins ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-598280094-1804934353-2193003435-1000: @citrixonline.com/appdetectorplugin -> C:\Users\IBM_ADMIN\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-598280094-1804934353-2193003435-1000: @IBM.com/WDPlugin,version=1 -> C:\Program Files (x86)\Mozilla Firefox\plugins ()
FF Plugin HKU\S-1-5-21-598280094-1804934353-2193003435-1000: LWAPlugin15.8 -> C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF user.js: detected! => C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npcpsweb.dll (IBM )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwdplugin821.dll (IBM )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: RivalGaming  - C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2012-07-26]
FF Extension: IBM Add To Notes Address Book BluePages Plugin - C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\Extensions\[email protected] [2012-01-30]
FF Extension: IBM CCK - C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\Extensions\[email protected] [2014-12-02]
FF Extension: IE Tab 2 (FF 3.6+) - IBM Edition - C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\Extensions\[email protected] [2013-10-01]
FF Extension: WebSlingPlayer - C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2012-07-25]
FF Extension: Cookies Manager+ - C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2013-03-31]
FF Extension: F5 Networks Host Plugin - C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2014-12-14]
FF Extension: IBM Add To Notes Address Book BluePages Plugin - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013-12-16]
FF Extension: IBM CCK - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013-12-16]
FF Extension: IE Tab + (IBM Edition) - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013-12-16]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2013-12-16]
 
Chrome: 
=======
CHR Profile: C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-12]
CHR Extension: (Google Drive) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-12]
CHR Extension: (Google Search) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-12]
CHR Extension: (Vibe for Google Chrome™) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbnookjgoaaelhciadikaadnkgmiamei [2014-09-30]
CHR Extension: (Ark Browser Plugin) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\edppjepaddkecolndfomijbbccbepinm [2014-09-30]
CHR Extension: (Yesware Email Tracking) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjnkapjmjfpipfcccnjbjcbgdnahpjp [2014-10-21]
CHR Extension: (Rapportive) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2014-09-29]
CHR Extension: (Profile Visitors for Facebook) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk [2014-12-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (Google Wallet) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-12]
CHR Extension: (SEO for Chrome) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2014-12-08]
CHR Extension: (Gmail) - C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-12]
CHR HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2011-02-09] ()
R2 BESClient; C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe [5387640 2013-05-03] (IBM Corp.)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [39408 2011-02-25] ()
R2 cpextender; C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [353672 2009-11-02] (Check Point Software Technologies)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2011-03-24] (Lenovo.)
R2 Intelligent Response Agent; C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe [13387128 2012-09-25] ()
R2 ISAMSvc; C:\Program Files (x86)\C4ebreg\c4ebreg.exe [576240 2014-11-14] (IBM Corp.) [File not signed]
R2 ISSIMon; c:\sdwork\issimsvc.exe [184088 2012-09-07] (IBM Corp.) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 LNSUSvc; c:\notes\SUService.exe [192104 2013-08-01] (IBM Corp)
R2 Lotus Notes Diagnostics; c:\notes\nsd.exe [4456040 2013-08-01] (IBM)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 netcfgsvr; C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe [476000 2010-09-09] (AT&T)
R2 NetClientSvc; C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe [349536 2010-09-09] (AT&T)
R2 NetLogSvc; C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe [79200 2010-09-09] (AT&T)
R2 PGP RDD Service; C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [1588544 2012-07-21] (Symantec Corporation)
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1099248 2011-03-02] (Sonic Solutions)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2013-10-20] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2013-10-20] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2013-10-20] (Symantec Corporation)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed]
S3 TRCTARGET; C:\Program Files (x86)\IBM\Tivoli\Remote Control\Target\trc_base.exe [745472 2012-02-09] (IBM Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 agnfilt; C:\Windows\System32\DRIVERS\agnfilt.sys [190464 2010-09-09] (AT&T)
R3 avpnnic; C:\Windows\System32\DRIVERS\avpnnic.sys [14848 2010-06-29] (AT&T)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20141210.012\BHDrvx64.sys [1586904 2014-10-03] (Symantec Corporation)
R1 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [169048 2013-10-20] (Symantec Corporation)
S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-10] (Intel Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2012-01-27] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2012-01-27] (Ericsson AB)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
S3 huawei_update; C:\Windows\system32\drivers\ew_hwupgrade.sys [22528 2012-01-27] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20141212.011\IDSvia64.sys [637656 2014-11-18] (Symantec Corporation)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x64.sys [348944 2011-06-15] (Intel® Corporation)
R0 ioatdma; C:\Windows\System32\Drivers\ioatdma.sys [46792 2009-11-16] (Intel Corporation)
S3 ioatdma1; C:\Windows\System32\Drivers\qd160x64.sys [40144 2009-11-16] (Intel Corporation)
S3 ioatdma2; C:\Windows\System32\Drivers\qd260x64.sys [41168 2009-11-16] (Intel Corporation)
S3 l36wgps; C:\Windows\system32\drivers\l36wgps64.sys [101416 2012-01-27] (Ericsson AB)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2012-01-27] (Lenovo)
R3 Mandiant_Tools; C:\ProgramData\MANDIANT\MANDIANT Intelligent Response Agent\mktools.sys [25168 2014-07-29] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [411208 2012-01-27] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [419912 2012-01-27] (MCCI Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141215.002\ENG64.SYS [129752 2014-09-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141215.002\EX64.SYS [2137304 2014-09-24] (Symantec Corporation)
R2 PGPdisk; C:\Windows\System32\Drivers\PGPdisk.sys [273848 2012-07-21] (Symantec Corporation)
R1 PGPsdkDriver; C:\Windows\System32\Drivers\PGPsdk.sys [51856 2012-07-21] (Symantec Corporation)
R0 PGPwded; C:\Windows\System32\Drivers\PGPwded.sys [372704 2012-07-21] (Symantec Corporation)
R0 Pgpwdefs; C:\Windows\System32\DRIVERS\Pgpwdefs.sys [15848 2012-07-21] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2013-10-20] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2013-10-20] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [34800 2013-10-20] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2013-10-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2013-10-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2013-10-20] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2013-10-20] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155352 2014-02-27] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [92456 2013-10-20] (Symantec Corporation)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-11-22] (Acronis)
R3 VNA; C:\Windows\System32\DRIVERS\vna.sys [161256 2009-11-02] (Check Point Software Technologies)
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-15 15:47 - 2014-12-15 15:47 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Roaming\smkits
2014-12-15 15:44 - 2014-12-15 15:44 - 00003191 _____ () C:\VEW_app.txt
2014-12-15 15:43 - 2014-12-15 15:43 - 00002184 _____ () C:\Users\IBM_ADMIN\Desktop\VEW_system.txt
2014-12-15 15:24 - 2014-12-15 15:27 - 00001594 _____ () C:\Windows\VPNUnInstall.MIF
2014-12-15 07:23 - 2014-12-15 07:24 - 00049738 _____ () C:\Users\IBM_ADMIN\Downloads\Addition.txt
2014-12-15 07:22 - 2014-12-15 15:48 - 00039559 _____ () C:\Users\IBM_ADMIN\Downloads\FRST.txt
2014-12-15 07:22 - 2014-12-15 15:47 - 00000000 ____D () C:\FRST
2014-12-15 07:21 - 2014-12-15 07:21 - 02119168 _____ (Farbar) C:\Users\IBM_ADMIN\Downloads\FRST64.exe
2014-12-15 00:21 - 2014-12-15 15:31 - 00000018 _____ () C:\Users\IBM_ADMIN\Desktop\Christmas_2014_List.txt
2014-12-14 23:54 - 2014-12-14 23:54 - 01056912 _____ () C:\Users\IBM_ADMIN\Downloads\Connecting v2.pptx
2014-12-14 23:51 - 2014-12-14 23:51 - 00000000 ____D () C:\ProgramData\F5 Networks
2014-12-14 23:51 - 2014-12-14 23:51 - 00000000 _____ () C:\Windows\f5unistall.INI
2014-12-14 23:24 - 2014-12-14 23:24 - 00003337 _____ () C:\VEW_application.txt
2014-12-14 23:23 - 2014-12-14 23:23 - 00003110 _____ () C:\VEW_system.txt
2014-12-14 23:22 - 2014-12-15 15:44 - 00003191 _____ () C:\VEW.txt
2014-12-14 22:26 - 2014-12-14 22:26 - 00061440 _____ ( ) C:\Users\IBM_ADMIN\Desktop\VEW.exe
2014-12-14 22:10 - 2014-12-14 22:10 - 01213024 _____ () C:\Users\IBM_ADMIN\Downloads\IBM Administration v6.pptx
2014-12-14 22:08 - 2014-12-14 22:11 - 00000000 ____D () C:\Users\IBM_ADMIN\Documents\Wiley
2014-12-13 21:56 - 2014-12-13 21:56 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\IBM_ADMIN\Downloads\tdsskiller.exe
2014-12-12 15:31 - 2014-12-12 15:31 - 00041435 _____ () C:\ComboFix.txt
2014-12-12 14:20 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-12 14:20 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-12 14:20 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-12 14:20 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-12 14:20 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-12 14:20 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-12 14:20 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-12 14:20 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-12 14:19 - 2014-12-12 15:32 - 00000000 ____D () C:\Qoobox
2014-12-12 14:18 - 2014-12-12 15:22 - 00000000 ____D () C:\Windows\erdnt
2014-12-12 12:16 - 2014-12-12 12:16 - 05198336 _____ (AVAST Software) C:\Users\IBM_ADMIN\Desktop\aswmbr.exe
2014-12-12 11:40 - 2014-12-15 12:08 - 00001832 _____ () C:\Users\IBM_ADMIN\AppData\Local\SLC_rryanthony.prx
2014-12-12 11:38 - 2014-12-12 11:38 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2014-12-12 11:35 - 2014-12-12 11:35 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Roaming\CheckPoint
2014-12-12 10:44 - 2014-12-12 10:44 - 00000000 ____D () C:\_OTL
2014-12-11 14:52 - 2014-12-11 14:52 - 06290457 _____ () C:\Users\IBM_ADMIN\Downloads\Project Tm Security Strategy.zip
2014-12-10 21:41 - 2014-12-10 22:25 - 00089200 _____ () C:\Users\IBM_ADMIN\Downloads\Extras.Txt
2014-12-10 21:39 - 2014-12-14 10:08 - 00303578 _____ () C:\Users\IBM_ADMIN\Downloads\OTL.Txt
2014-12-10 21:21 - 2014-12-10 21:22 - 00602112 _____ (OldTimer Tools) C:\Users\IBM_ADMIN\Downloads\OTL.exe
2014-12-10 20:13 - 2014-12-14 22:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-10 20:12 - 2014-12-10 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-10 20:12 - 2014-12-10 20:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-10 20:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-10 20:12 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-10 20:08 - 2014-12-10 20:12 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\IBM_ADMIN\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-09 11:57 - 2014-12-09 11:57 - 01743906 _____ () C:\Users\IBM_ADMIN\Downloads\Sizing kickoff (1).pptx
2014-12-09 10:59 - 2014-12-09 10:59 - 00000040 ____H () C:\Users\IBM_ADMIN\Downloads\.picasa.ini
2014-12-09 07:27 - 2014-12-09 07:27 - 00277504 _____ () C:\Users\IBM_ADMIN\Downloads\Hosting and Cloud Services RACI.xls
2014-12-09 07:21 - 2014-12-09 07:21 - 00216092 _____ () C:\Users\IBM_ADMIN\Downloads\Post Processing Task List.xlsx
2014-12-09 07:18 - 2014-12-09 07:18 - 00190976 _____ () C:\Users\IBM_ADMIN\Downloads\Example - Infrastructure Deployment Plan Workbook.xls
2014-12-09 07:08 - 2014-12-09 07:09 - 11050496 _____ () C:\Users\IBM_ADMIN\Downloads\Sizing Results.ppt
2014-12-09 07:07 - 2014-12-09 07:08 - 01743906 _____ () C:\Users\IBM_ADMIN\Downloads\Sizing kickoff.pptx
2014-12-08 17:34 - 2014-12-08 17:34 - 03830272 _____ () C:\Users\IBM_ADMIN\Desktop\Align Technology Methods Tools Adoption Workshops 2014-10-15 (Tools Only).ppt
2014-12-08 17:29 - 2014-12-08 17:29 - 13356544 _____ () C:\Users\IBM_ADMIN\Desktop\IBM Tools for SAP 23 August 2013 VX.ppt
2014-12-08 14:41 - 2014-12-08 14:41 - 01900032 _____ () C:\Users\IBM_ADMIN\Downloads\IBM deployment accelerator overview 1-2.ppt
2014-12-08 10:44 - 2014-12-08 10:47 - 00000000 ____D () C:\Users\IBM_ADMIN\Downloads\Adobe Acrobat XI Pro 11.0.9 Multilanguage [ChingLiu]
2014-12-08 09:18 - 2014-12-08 09:18 - 00160375 _____ () C:\Users\IBM_ADMIN\Downloads\Renet (1)
2014-12-08 08:53 - 2014-12-08 08:53 - 00160375 _____ () C:\Users\IBM_ADMIN\Downloads\Renet
2014-12-04 20:39 - 2014-12-04 20:39 - 00184320 _____ () C:\Users\IBM_ADMIN\Downloads\Project Governance Model.ppt
2014-12-04 20:39 - 2014-12-04 20:39 - 00032768 _____ () C:\Users\IBM_ADMIN\Downloads\PMO Issue Tracker.xls
2014-12-04 20:30 - 2014-12-04 20:30 - 00107851 _____ () C:\Users\IBM_ADMIN\Downloads\Oracle Implementation Project Issue Escalation Process v2.pptx
2014-12-02 14:31 - 2014-12-02 14:32 - 02046375 _____ () C:\Users\IBM_ADMIN\Desktop\SOLMAN  Assesment V01.2.pptx
2014-12-02 14:06 - 2014-12-02 14:06 - 00720171 _____ () C:\Users\IBM_ADMIN\Desktop\SOLMAN Roadmap v0.2.pptx
2014-12-01 22:24 - 2014-12-01 22:24 - 00057344 _____ () C:\Users\IBM_ADMIN\Downloads\image.jpeg
2014-11-26 23:33 - 2014-11-26 23:33 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Roaming\LavasoftStatistics
2014-11-26 23:32 - 2014-11-26 23:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-11-26 23:28 - 2014-11-26 23:28 - 01753736 _____ () C:\Users\IBM_ADMIN\Downloads\Adaware_Installer.exe
2014-11-24 12:29 - 2014-11-24 12:29 - 00000255 _____ () C:\Users\IBM_ADMIN\Downloads\embed_code_no_ad_630.html
2014-11-24 12:18 - 2014-11-24 12:18 - 00042525 _____ () C:\Users\IBM_ADMIN\Desktop\B3LE3_-CAAEwHoN.jpg-large
2014-11-24 11:48 - 2014-11-24 12:47 - 3754366204 _____ () C:\Users\IBM_ADMIN\Downloads\www.TamilRockers.net - Retta Vaalu (2014) [1080p HD - AVC - DD - 3.6GB - Tamil].ts
2014-11-24 07:37 - 2014-11-24 07:37 - 00000000 ____D () C:\Users\IBM_ADMIN\Downloads\IBM_Detailed_Status_Entry_1_5_3
2014-11-24 07:36 - 2014-11-24 07:36 - 02074594 _____ () C:\Users\IBM_ADMIN\Downloads\IBM_Detailed_Status_Entry_1_5_3.zip
2014-11-18 13:42 - 2014-11-18 13:42 - 00001644 _____ () C:\Users\IBM_ADMIN\Downloads\webprmpt (3).pl
2014-11-18 13:42 - 2014-11-18 13:42 - 00001644 _____ () C:\Users\IBM_ADMIN\Downloads\webprmpt (2).pl
2014-11-18 11:52 - 2014-12-15 15:31 - 00004187 _____ () C:\Users\IBM_ADMIN\Desktop\Misc Nov 2014.txt
2014-11-18 10:08 - 2014-11-18 10:09 - 00560749 _____ () C:\Users\IBM_ADMIN\Desktop\Method Refresh Training - Testing.pptx
2014-11-18 07:51 - 2014-11-18 07:51 - 00000000 ____D () C:\Users\IBM_ADMIN\Downloads\DetailStatusEntry_Training_Matls_2011
2014-11-17 21:37 - 2014-11-17 21:39 - 361225302 _____ () C:\Users\IBM_ADMIN\Downloads\BUBBLE TEAM CUT 2.mp4
2014-11-17 11:15 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-17 11:14 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-17 11:14 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-17 11:12 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-17 11:12 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-17 11:12 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-17 11:12 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-17 11:12 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-17 11:12 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-17 11:12 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-17 11:12 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-17 11:12 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-17 11:12 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-11-17 11:12 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-11-17 11:12 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-11-17 11:12 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-11-17 11:12 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-11-17 11:08 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-17 11:08 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-17 11:08 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-17 11:08 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-17 11:08 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-17 11:08 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-17 11:08 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-17 11:08 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-17 11:07 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-17 11:07 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-17 11:07 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-17 11:07 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-17 11:05 - 2014-09-19 04:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-17 11:05 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-17 11:05 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-17 11:05 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-17 11:05 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-17 11:05 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-17 11:05 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-17 11:05 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-17 11:05 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-17 11:05 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-17 11:05 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-17 11:05 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-17 11:05 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-17 11:05 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-17 11:05 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-17 11:02 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-17 11:02 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-17 11:01 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-17 11:01 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-15 15:45 - 2012-06-28 04:01 - 01724973 _____ () C:\Windows\WindowsUpdate.log
2014-12-15 15:38 - 2012-11-27 14:16 - 00000000 ___RD () C:\Users\IBM_ADMIN\Google Drive
2014-12-15 15:38 - 2012-01-30 09:41 - 00000000 ____D () C:\ProgramData\Sonic
2014-12-15 15:36 - 2012-11-27 13:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-15 15:36 - 2012-01-30 08:45 - 00054948 _____ () C:\SUService.log
2014-12-15 15:36 - 2011-03-25 16:42 - 00000000 ____D () C:\Program Files (x86)\C4ebreg
2014-12-15 15:36 - 2010-11-11 20:35 - 00000000 ____D () C:\sdwork
2014-12-15 15:35 - 2012-01-27 16:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-15 15:35 - 2011-09-29 04:03 - 00081818 _____ () C:\Windows\setupact.log
2014-12-15 15:35 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-15 15:34 - 2010-07-13 18:37 - 00503506 _____ () C:\Windows\PFRO.log
2014-12-15 15:32 - 2012-07-22 19:45 - 00000000 ____D () C:\Users\IBM_ADMIN\Documents\SavedChats
2014-12-15 15:19 - 2012-11-27 13:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-15 15:05 - 2010-11-11 20:08 - 00000000 ____D () C:\Program Files (x86)\WST
2014-12-15 15:02 - 2014-04-14 08:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-15 14:35 - 2014-03-07 10:01 - 00000594 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-598280094-1804934353-2193003435-1000.job
2014-12-15 13:19 - 2010-07-13 17:52 - 00000000 ____D () C:\ProgramData\Symantec
2014-12-15 08:30 - 2014-06-22 10:12 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-15 02:00 - 2014-06-22 10:14 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Local\Adobe
2014-12-14 20:23 - 2009-07-13 23:45 - 00027696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-14 20:23 - 2009-07-13 23:45 - 00027696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 20:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-12-12 15:31 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-12-12 15:07 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-12 14:41 - 2009-07-13 21:34 - 98304000 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-12-12 14:41 - 2009-07-13 21:34 - 19922944 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-12-12 14:41 - 2009-07-13 21:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-12-12 14:41 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-12-12 14:41 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-12-12 14:20 - 2009-07-14 00:13 - 00778950 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-12 10:21 - 2013-12-12 11:26 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 10:31 - 2012-07-20 18:45 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Roaming\SAP
2014-12-11 10:31 - 2012-07-20 16:14 - 00000000 ____D () C:\Users\IBM_ADMIN\Documents\SAP
2014-12-11 10:31 - 2012-07-20 16:14 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Local\SAP
2014-12-10 22:08 - 2012-07-23 08:53 - 00000000 ____D () C:\Users\IBM_ADMIN\Documents\Personal
2014-12-10 20:12 - 2012-08-13 10:32 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-10 20:12 - 2012-08-13 10:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-08 13:23 - 2012-07-20 16:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-08 13:23 - 2012-01-27 14:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-05 16:05 - 2012-09-06 07:08 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Roaming\WDPlugin
2014-12-04 20:42 - 2012-07-26 10:34 - 00000000 ____D () C:\Users\IBM_ADMIN\Documents\Temp
2014-12-04 20:42 - 2012-07-22 19:41 - 00000000 ____D () C:\Users\IBM_ADMIN\Documents\PM&T
2014-12-04 20:34 - 2012-07-23 14:55 - 00000000 ____D () C:\Users\IBM_ADMIN\AppData\Local\CrashDumps
2014-12-04 14:24 - 2012-07-26 17:27 - 00000059 _____ () C:\Windows\wpd99.drv
2014-12-04 14:24 - 2012-07-26 17:27 - 00000000 ____D () C:\ProgramData\pdf995
2014-12-03 14:30 - 2012-09-14 08:15 - 00000000 ____D () C:\ProgramData\WebEx
2014-11-24 12:24 - 2010-06-28 23:27 - 00000000 ____D () C:\Users\IBM_ADMIN
2014-11-21 06:14 - 2012-08-13 10:32 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-18 17:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-18 12:29 - 2014-04-14 08:11 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-18 07:29 - 2009-07-13 23:45 - 00546048 _____ () C:\Windows\system32\FNTCACHE.DAT
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-15 00:52
 
==================== End Of Log ============================
 
 
Addition.txt
---------------
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by rryanthony at 2014-12-15 15:48:38
Running from C:\Users\IBM_ADMIN\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Muse (HKLM-x32\...\AdobeMuse) (Version: 7.0.314 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Network Client – IBM (HKLM-x32\...\{007AAB7C-E893-48BD-9DA2-7F417CA16322}) (Version: 8.2.0.3003 - AT&T)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 70.2014.0409.2153 - F5 Networks, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MX300 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series) (Version:  - )
Celtx (2.9.7) (HKLM-x32\...\Celtx (2.9.7)) (Version: 2.9.7 (en-US) - Greyfirst)
Check Point SSL Network Extender Service (HKLM-x32\...\{bd2dc9de-a525-48b8-8b62-f96efd6d81eb}) (Version: 7.01.0000 - CheckPoint)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.0.30 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.2 - Conexant)
CVE-2012-4792 (HKLM\...\{6631f21e-4389-4c67-9b10-cf2b559b8d4a}.sdb) (Version:  - )
CVE-2012-4792 (HKLM\...\{a1447a51-d8b1-4e93-bb19-82bd20da6fd2}.sdb) (Version:  - )
CVE-2013-3893 (HKLM\...\{55aab41f-5d5c-abdf-4568-baef76587bd7}.sdb) (Version:  - )
CVE-2014-0322 (HKLM\...\{25408f0a-987b-4ab0-a5ac-2ddb89ff22cf}.sdb) (Version:  - )
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\Dropbox) (Version: 2.10.41 - Dropbox, Inc.)
EASEUS Data Recovery Wizard Professional 5.5.1 (HKLM-x32\...\EASEUS Data Recovery Wizard Professional 5.5.1_is1) (Version:  - EASEUS)
ECL Viewer (HKLM-x32\...\SAP_ECL) (Version: 6.0 - SAP AG)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.3.120 - Final Draft, Inc.)
Final Draft 7 (HKLM-x32\...\{78D62D17-D970-42DA-B8CF-5E5576293B33}) (Version: 7.0.0.54 - Final Draft, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToMeeting 6.1.0.1312 (HKU\S-1-5-21-598280094-1804934353-2193003435-1000\...\GoToMeeting) (Version: 6.1.0.1312 - CitrixOnline)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
H&R Block Pennsylvania 2012 (HKLM-x32\...\{E8DD8C86-E233-4AE4-BB8A-C52D36D7756D}) (Version: 1.12.3501 - HRB Technology, LLC.)
H&R Block Pennsylvania 2013 (HKLM-x32\...\{7F62C83B-2474-498A-8F5C-E5C452DF2D15}) (Version: 1.13.4501 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.07.7803 - HRB Technology, LLC.)
IBM 32-bit Runtime Environment for Java v6 (HKLM-x32\...\InstallShield_{75E7FEE8-16B1-4B1D-82B4-9594A38EDF76}) (Version: 6 - IBM)
IBM 32-bit Runtime Environment for Java v6 (x32 Version: 6 - IBM) Hidden
IBM 64-bit Runtime Environment for Java v6 (HKLM-x32\...\InstallShield_{AEA927BE-882E-41E1-9969-B7AA74FB667C}) (Version: 6 - IBM)
IBM 64-bit Runtime Environment for Java v6 (Version: 6 - IBM) Hidden
IBM Endpoint Manager Client (HKLM-x32\...\{C7C91D55-F9E0-43AB-8006-BDF6B284B945}) (Version: 9.0.649.0 - IBM Corp.)
IBM Lotus Sametime Connect 8.5.1 (HKLM-x32\...\{D85DB905-556E-4FEC-8174-11C7746AAFD0}) (Version: 8.51.10219 - IBM)
IBM My Help (HKLM-x32\...\{DFF415AC-3883-4338-9365-DDCB74A0CFBA}) (Version: 1.5.14 - IBM)
IBM SmartCloud Meetings for IBM (HKLM-x32\...\{9C5C8B8B-D972-4901-B3A4-0987E288A0C3}) (Version: 8.5.10.40 - IBM Corporation)
IBM Solution Workbench for SAP 1.9.2 (HKLM-x32\...\IBM Solution Workbench for SAP_is1) (Version:  - IBM)
IBM Standard Asset Manager (HKLM-x32\...\IBMSAM) (Version:  - IBM Corporation)
IBM Standard Software Installer (HKLM-x32\...\ISSI) (Version:  - IBM Corporation)
IBM Tivoli Remote Control Ayúdame Premium Edition - Target (HKLM-x32\...\{E0E58ABE-8A49-4449-BC8A-EC83ABE72ACA}) (Version: 8.2.0.0104 - IBM United Kingdom Ltd.)
ICLA (HKLM-x32\...\{B8A92780-00E2-11D5-B354-00010381611A}) (Version: 1.05.0300 - IBM)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ILC (HKLM-x32\...\{CA96F3A1-F350-11D3-B354-002035C150E4}) (Version: 1.05.0300 - IBM)
InfoPrint Select (HKLM-x32\...\{66AF6743-9222-499E-8F09-7613033274E8}) (Version: 4.3.0 - InfoPrint Solutions Company)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.4 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lotus Notes 8.5.3 (HKLM-x32\...\{95246D82-99D2-4229-841E-6867C3251087}) (Version: 8.53.11258 - IBM)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MANDIANT Intelligent Response Agent (HKLM-x32\...\{19A7772F-0D3D-41A6-ABD3-AACBE3699F9B}) (Version: 2.2.1504 - MANDIANT)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{7BD1CCBE-BB22-469C-83DB-D9ED915A168C}) (Version: 15.8.8880.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{90120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM-x32\...\{90510409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.3216.5614 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Magic Screenwriter 6 (HKLM-x32\...\{DC10C616-22E5-40AD-A3EA-3E7A957ECDC7}) (Version: 6.05.89 - Write Brothers, Inc.)
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 275.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 275.93 - NVIDIA Corporation)
NVIDIA Graphics Driver 275.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.93 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.60.01 - )
Open Text SOCKS Client™ 14 x64 (HKLM\...\{88B0A781-AE43-40CA-B149-DEF1C82ACD9F}) (Version: 14.0.11.0 - Open Text Corporation)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )
Pdf995 (HKLM-x32\...\Pdf995) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
PGP Desktop (HKLM\...\{806D3984-9484-470A-BC63-3B7F65488B58}) (Version: 10.2.1.4869 - PGP Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pinnacle Studio 15 (HKLM-x32\...\{1362E602-9625-42D3-B57F-CDA9D26F9DA8}) (Version: 15.0.0.7593 - Pinnacle Systems)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Roxio Creator Silver 4 (HKLM-x32\...\{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}) (Version: 13.0 - Roxio)
SAP Business Explorer (HKLM-x32\...\SAPBI) (Version: 7.20 - SAP AG)
SAP GUI for Windows 7.20 (HKLM-x32\...\SAPGUI710) (Version: 7.20 Compilation 3 - SAP)
SAP Tutor Personal Player (HKLM-x32\...\SAP_TutorPersonalPlayer) (Version:  - SAP AG)
Snagit 11 (HKLM-x32\...\{F8E3C768-71F3-11E1-9DF7-70804824019B}) (Version: 11.0.1 - TechSmith Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Endpoint Protection (HKLM\...\{B53661DC-CD94-4B14-B15F-D9DDCFF72558}) (Version: 12.1.4013.4013 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.19.0 - Synaptics Incorporated)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2900 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.62.00.00 - )
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.48 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.85 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.08 - Lenovo)
UltraVnc (HKLM-x32\...\Ultravnc2_is1) (Version: 1.1.9.6 - uvnc bvba)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WebSlingPlayer ActiveX (HKLM-x32\...\{D91CBC0D-D45B-4FE7-AF44-E2BDD302CD9F}) (Version: 1.5.7158 - Sling Media)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinHTTrack Website Copier 3.47-27 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.47.27 - HTTrack)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Workstation Security Tool 2.7 (HKLM-x32\...\Workstation Security Tool_is1) (Version:  - IBM)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Local\Citrix\GoToMeeting\1312\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-598280094-1804934353-2193003435-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
15-12-2014 12:38:45 AA11
15-12-2014 20:23:36 Removed Cisco Systems VPN Client 5.0.07.0290
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-12-12 15:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {165D3C29-7215-4A42-8C34-02CA67303A24} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-08] (Adobe Systems Incorporated)
Task: {39C55FD8-C6A3-44AA-80B7-21C5E41D1B7D} - System32\Tasks\Time Reminder => C:\Windows\ITSYSTEMS\Reminder\Reminder.vbs [2011-06-08] ()
Task: {3D40BE8E-BD9C-46B2-A084-69E9A1EB9B40} - System32\Tasks\AdobeAAMUpdater-1.0-IBM-2F08I7T981U-rryanthony => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {4AA86CE8-E151-4123-9369-773AD4EC6EDE} - System32\Tasks\G2MUpdateTask-S-1-5-21-598280094-1804934353-2193003435-1000 => C:\Users\IBM_ADMIN\AppData\Local\Citrix\GoToMeeting\1312\g2mupdate.exe [2014-03-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {50CCA8A7-4B9F-4F70-B6B8-244309002222} - System32\Tasks\Run My Help Delay => C:\Program Files (x86)\IBM\My Help\MyHelp.exe [2011-10-27] ()
Task: {7FD7D056-D29D-4B15-B435-FED4F707480D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27] (Google Inc.)
Task: {964653D9-FCB3-4408-B840-A216E1CEF56F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27] (Google Inc.)
Task: {CF5BE985-C9C6-4048-B5B4-9D5BBDB8B970} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-03-24] (Lenovo Group Limited)
Task: {E913EEDE-68FB-4D05-B7E8-52F5BE5DDC3D} - System32\Tasks\Run My Help => C:\Program Files (x86)\IBM\My Help\MyHelp.exe [2011-10-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-598280094-1804934353-2193003435-1000.job => C:\Users\IBM_ADMIN\AppData\Local\Citrix\GoToMeeting\1312\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-01-27 14:22 - 2010-03-15 23:14 - 00268800 _____ () C:\Windows\System32\selpms.dll
2012-01-27 14:22 - 2010-03-15 23:13 - 01132544 _____ () C:\Windows\System32\pdclntif.dll
2012-07-26 17:27 - 2012-04-26 14:51 - 00040448 _____ () C:\Windows\System32\pdf995mon64.dll
2012-01-27 14:22 - 2010-03-15 23:20 - 00039424 _____ () C:\PROGRAM FILES\IBM\INFOPRINT SELECT\pdresrc.dll
2011-02-09 17:36 - 2011-02-09 17:36 - 00457200 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2012-01-27 17:39 - 2011-03-24 03:48 - 00044544 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-02-25 01:02 - 2011-02-25 01:02 - 00039408 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2012-09-25 16:03 - 2012-09-25 16:03 - 13387128 _____ () C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe
2012-01-27 07:51 - 2012-01-27 07:51 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2012-01-27 07:49 - 2012-01-27 07:49 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-01-27 17:30 - 2010-10-26 13:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2011-01-12 18:22 - 2011-01-12 18:22 - 00518640 _____ () C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
2011-10-20 10:12 - 2011-10-20 10:12 - 00086016 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-02-25 01:02 - 2011-02-25 01:02 - 03153904 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2011-02-25 01:02 - 2011-02-25 01:02 - 00523248 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2011-02-25 01:02 - 2011-02-25 01:02 - 00107504 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2012-01-30 08:48 - 2012-01-30 08:48 - 00967168 _____ () C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\libxml2.dll
2012-01-30 08:48 - 2012-01-30 08:48 - 00163840 _____ () C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.system.win32_3.0.0.20110822-1305\basis\program\libxslt.dll
2012-01-30 08:48 - 2012-01-30 08:48 - 00139264 _____ () C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.base.win32_3.0.0.20110822-1305\basis\program\NSLDAP32V50.dll
2014-12-15 15:37 - 2014-12-15 15:37 - 00098816 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32api.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00110080 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\pywintypes27.dll
2014-12-15 15:37 - 2014-12-15 15:37 - 00364544 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\pythoncom27.dll
2014-12-15 15:37 - 2014-12-15 15:37 - 00045568 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\_socket.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 01160704 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\_ssl.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00320512 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32com.shell.shell.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00713216 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\_hashlib.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 01175040 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\wx._core_.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00805888 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\wx._gdi_.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00811008 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\wx._windows_.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 01062400 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\wx._controls_.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00735232 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\wx._misc_.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00128512 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\_elementtree.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00127488 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\pyexpat.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00557056 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\pysqlite2._sqlite.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00087552 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\_ctypes.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00119808 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32file.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00108544 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32security.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00007168 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\hashobjs_ext.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00167936 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32gui.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00018432 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32event.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00038912 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32inet.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00011264 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32crypt.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00070656 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\wx._html2.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00027136 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\_multiprocessing.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00035840 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32process.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00686080 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\unicodedata.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00122368 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\wx._wizard.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00024064 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32pipe.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00025600 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32pdh.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00525640 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\windows._lib_cacheinvalidation.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00010240 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\select.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00017408 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32profile.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00022528 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\win32ts.pyd
2014-12-15 15:37 - 2014-12-15 15:37 - 00078336 _____ () C:\Users\IBM_ADMIN\AppData\Local\Temp\_MEI53922\wx._animate.pyd
2011-01-20 21:44 - 2011-01-20 21:44 - 00394224 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2012-01-08 08:41 - 2012-01-08 08:41 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-12-12 10:21 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 10:21 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 10:21 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 10:21 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2009-08-06 07:19 - 2009-08-06 07:19 - 02371584 _____ () C:\notes\ltspln50.dll
2014-01-10 13:19 - 2013-02-22 10:00 - 00184320 _____ () C:\notes\libpng15.dll
2008-06-25 11:18 - 2008-06-25 11:18 - 00098304 _____ () C:\notes\zlib1.dll
2011-09-15 16:19 - 2011-09-15 16:19 - 00081920 _____ () C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\eclipse_1118.dll
2011-09-15 16:19 - 2011-09-15 16:19 - 00110592 _____ () C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\pipeserver.dll
2014-01-10 13:39 - 2014-01-10 13:39 - 00090112 _____ () C:\notes\data\workspace\.config\org.eclipse.osgi\bundles\138\1\.cp\swtIbmWrapper.dll
2014-01-10 13:21 - 2014-01-10 13:21 - 00208896 _____ () C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.os.win32_6.2.3.20130726-0900\os\win32\x86\os.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-598280094-1804934353-2193003435-500 - Administrator - Disabled)
Guest (S-1-5-21-598280094-1804934353-2193003435-501 - Limited - Disabled)
rryanthony (S-1-5-21-598280094-1804934353-2193003435-1000 - Administrator - Enabled) => C:\Users\IBM_ADMIN
UpdatusUser (S-1-5-21-598280094-1804934353-2193003435-1002 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (12/15/2014 03:43:11 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NVIDIA Update Service Daemon service hung on starting.
 
Error: (12/15/2014 03:39:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (12/15/2014 03:37:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
 
Error: (12/15/2014 03:36:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/15/2014 03:32:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
 
Microsoft Office Sessions:
=========================
Error: (09/04/2014 03:12:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 11534 seconds with 3660 seconds of active time.  This session ended with a crash.
 
Error: (09/04/2014 00:00:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 9499 seconds with 4020 seconds of active time.  This session ended with a crash.
 
Error: (02/08/2014 08:26:51 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 299501 seconds with 5520 seconds of active time.  This session ended with a crash.
 
Error: (08/06/2013 02:33:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 774 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error: (07/23/2013 09:46:39 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 381 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/09/2013 10:31:08 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1343 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/09/2013 10:08:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/09/2013 09:32:08 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/09/2013 09:31:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 197 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (07/09/2013 09:27:14 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 921 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-12 14:33:49.805
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-12 14:33:49.711
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2540M CPU @ 2.60GHz
Percentage of memory in use: 41%
Total physical RAM: 8075.23 MB
Available physical RAM: 4689.89 MB
Total Pagefile: 16148.65 MB
Available Pagefile: 12650.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.76 GB) (Free:31.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 11C838BC)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
OTL.txt
-----------
OTL logfile created on: 12/15/2014 3:52:46 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\IBM_ADMIN\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.89 Gb Total Physical Memory | 4.49 Gb Available Physical Memory | 56.91% Memory free
15.77 Gb Paging File | 12.35 Gb Available in Paging File | 78.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 31.28 Gb Free Space | 6.72% Space Free | Partition Type: NTFS
 
Computer Name: IBM-2F08I7T981U | User Name: rryanthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/10 21:22:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\IBM_ADMIN\Downloads\OTL.exe
PRC - [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/14 11:18:57 | 000,381,680 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\C4ebreg\isamtray.exe
PRC - [2014/11/14 11:18:43 | 000,576,240 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\C4ebreg\c4ebreg.exe
PRC - [2014/10/21 17:52:24 | 022,869,088 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/10/20 18:45:38 | 000,144,368 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
PRC - [2013/08/01 12:40:16 | 001,871,464 | ---- | M] (IBM Corp) -- C:\notes\nlnotes.exe
PRC - [2013/08/01 12:39:12 | 000,192,104 | ---- | M] (IBM Corp) -- c:\notes\SUService.exe
PRC - [2013/08/01 12:36:44 | 004,456,040 | ---- | M] (IBM) -- c:\notes\nsd.exe
PRC - [2013/05/03 16:19:34 | 005,387,640 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
PRC - [2013/05/03 16:19:34 | 001,486,200 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
PRC - [2012/09/07 13:09:18 | 000,184,088 | ---- | M] (IBM Corp.) -- c:\sdwork\issimsvc.exe
PRC - [2012/07/21 15:05:20 | 001,588,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
PRC - [2012/07/21 15:05:14 | 003,935,944 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
PRC - [2012/05/16 14:05:42 | 000,100,792 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
PRC - [2012/05/16 14:05:24 | 008,192,440 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe
PRC - [2012/05/16 14:05:16 | 009,063,352 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
PRC - [2012/05/16 13:36:14 | 000,046,080 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe
PRC - [2012/01/30 08:48:19 | 011,296,768 | ---- | M] (IBM) -- C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\soffice.bin
PRC - [2011/10/20 12:11:24 | 000,412,736 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2011/10/20 12:09:32 | 000,363,584 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2011/10/20 12:09:26 | 000,195,648 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
PRC - [2011/10/20 12:09:20 | 000,433,216 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
PRC - [2011/10/20 12:09:18 | 000,269,376 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2011/10/20 12:09:16 | 000,134,208 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2011/09/16 08:28:56 | 000,016,776 | ---- | M] (IBM Corp) -- C:\notes\ntaskldr.exe
PRC - [2011/09/15 16:19:14 | 000,079,232 | ---- | M] (IBM) -- C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe
PRC - [2011/08/12 23:18:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/12 05:20:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/11 19:04:14 | 000,328,552 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/07/25 23:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011/07/22 12:21:34 | 000,060,264 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/07/22 12:21:32 | 000,042,344 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2011/07/22 12:21:18 | 000,041,832 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011/07/12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/03/24 03:48:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/02/25 01:02:00 | 000,039,408 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
PRC - [2011/02/09 17:36:58 | 000,457,200 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
PRC - [2011/01/12 18:22:58 | 000,518,640 | ---- | M] () -- C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/11/18 16:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010/10/12 16:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 16:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/09/09 12:40:38 | 000,079,200 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe
PRC - [2010/09/09 12:40:38 | 000,071,520 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Network Client\NetMsg.exe
PRC - [2010/09/09 12:40:24 | 000,476,000 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe
PRC - [2010/09/09 12:40:02 | 000,349,536 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe
PRC - [2010/09/09 12:39:56 | 000,340,320 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Network Client\NetClient.exe
PRC - [2010/09/09 12:23:50 | 000,210,200 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\AT&T Network Client\SwiApiMux.exe
PRC - [2009/11/02 18:43:16 | 000,353,672 | ---- | M] (Check Point Software Technologies) -- C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/15 15:37:59 | 001,175,040 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\wx._core_.pyd
MOD - [2014/12/15 15:37:59 | 001,160,704 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\_ssl.pyd
MOD - [2014/12/15 15:37:59 | 001,062,400 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\wx._controls_.pyd
MOD - [2014/12/15 15:37:59 | 000,811,008 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\wx._windows_.pyd
MOD - [2014/12/15 15:37:59 | 000,805,888 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\wx._gdi_.pyd
MOD - [2014/12/15 15:37:59 | 000,735,232 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\wx._misc_.pyd
MOD - [2014/12/15 15:37:59 | 000,713,216 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\_hashlib.pyd
MOD - [2014/12/15 15:37:59 | 000,686,080 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\unicodedata.pyd
MOD - [2014/12/15 15:37:59 | 000,557,056 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\pysqlite2._sqlite.pyd
MOD - [2014/12/15 15:37:59 | 000,525,640 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\windows._lib_cacheinvalidation.pyd
MOD - [2014/12/15 15:37:59 | 000,364,544 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\pythoncom27.dll
MOD - [2014/12/15 15:37:59 | 000,320,512 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32com.shell.shell.pyd
MOD - [2014/12/15 15:37:59 | 000,167,936 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32gui.pyd
MOD - [2014/12/15 15:37:59 | 000,128,512 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\_elementtree.pyd
MOD - [2014/12/15 15:37:59 | 000,127,488 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\pyexpat.pyd
MOD - [2014/12/15 15:37:59 | 000,122,368 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\wx._wizard.pyd
MOD - [2014/12/15 15:37:59 | 000,119,808 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32file.pyd
MOD - [2014/12/15 15:37:59 | 000,110,080 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\pywintypes27.dll
MOD - [2014/12/15 15:37:59 | 000,108,544 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32security.pyd
MOD - [2014/12/15 15:37:59 | 000,098,816 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32api.pyd
MOD - [2014/12/15 15:37:59 | 000,087,552 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\_ctypes.pyd
MOD - [2014/12/15 15:37:59 | 000,078,336 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\wx._animate.pyd
MOD - [2014/12/15 15:37:59 | 000,070,656 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\wx._html2.pyd
MOD - [2014/12/15 15:37:59 | 000,045,568 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\_socket.pyd
MOD - [2014/12/15 15:37:59 | 000,038,912 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32inet.pyd
MOD - [2014/12/15 15:37:59 | 000,035,840 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32process.pyd
MOD - [2014/12/15 15:37:59 | 000,027,136 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\_multiprocessing.pyd
MOD - [2014/12/15 15:37:59 | 000,025,600 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32pdh.pyd
MOD - [2014/12/15 15:37:59 | 000,024,064 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32pipe.pyd
MOD - [2014/12/15 15:37:59 | 000,022,528 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32ts.pyd
MOD - [2014/12/15 15:37:59 | 000,018,432 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32event.pyd
MOD - [2014/12/15 15:37:59 | 000,017,408 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32profile.pyd
MOD - [2014/12/15 15:37:59 | 000,011,264 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\win32crypt.pyd
MOD - [2014/12/15 15:37:59 | 000,010,240 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\select.pyd
MOD - [2014/12/15 15:37:59 | 000,007,168 | ---- | M] () -- C:\Users\IBM_AD~1\AppData\Local\Temp\_MEI53922\hashobjs_ext.pyd
MOD - [2014/12/05 20:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/05 20:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/05 20:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/05 20:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/09/17 11:54:45 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\eab470ea118ad56a2a287fbc9b4eb814\System.Xaml.ni.dll
MOD - [2014/09/17 07:36:25 | 017,999,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3a80d309a42932484b46e1ce5b1a26fb\PresentationFramework.ni.dll
MOD - [2014/09/17 07:36:12 | 011,451,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\52a6dbea295b050d39eac633f4f45699\PresentationCore.ni.dll
MOD - [2014/09/17 07:36:08 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\eb5ed59617b97ec2ac332e367285fefc\PresentationFramework.Aero.ni.dll
MOD - [2014/09/17 07:36:05 | 013,140,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bc9c68dd8cfcf134e5f385a8ce73a05f\System.Windows.Forms.ni.dll
MOD - [2014/09/17 07:36:01 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b4c5db3d869e939a848ca08ac7cf3e88\System.Core.ni.dll
MOD - [2014/09/17 07:35:54 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\311df96b9394d130b24653d51163142e\WindowsBase.ni.dll
MOD - [2014/09/17 07:35:52 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a421135e2f2680ad100d485476a520f4\System.Drawing.ni.dll
MOD - [2014/09/17 07:35:49 | 009,086,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\0c9b60c066b18195e4b293e0d0802f60\System.ni.dll
MOD - [2014/09/17 07:35:44 | 014,416,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\64a3cdb7bc50e751c0bfb210625265d9\mscorlib.ni.dll
MOD - [2014/02/12 19:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 19:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/10 13:40:14 | 000,075,776 | ---- | M] () -- C:\notes\data\workspace\.config\org.eclipse.osgi\bundles\824\1\.cp\os\win32\NativeNetInfo.dll
MOD - [2014/01/10 13:40:07 | 004,505,600 | ---- | M] () -- C:\notes\data\workspace\.config\org.eclipse.osgi\bundles\795\1\.cp\os\win32\x86\PhoneGridGIPS.dll
MOD - [2014/01/10 13:39:40 | 000,090,112 | ---- | M] () -- C:\notes\data\workspace\.config\org.eclipse.osgi\bundles\138\1\.cp\swtIbmWrapper.dll
MOD - [2014/01/10 13:21:37 | 000,208,896 | ---- | M] () -- C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.os.win32_6.2.3.20130726-0900\os\win32\x86\os.dll
MOD - [2014/01/10 13:21:31 | 000,061,440 | ---- | M] () -- C:\notes\framework\shared\eclipse\plugins\com.ibm.collaboration.realtime.ui.win32.win32.x86_8.5.1.20130618-0800\os\win32\x86\Win32WindowUtils2.dll
MOD - [2014/01/10 13:20:48 | 000,147,456 | ---- | M] () -- C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.xulrunner.runtime.win32.x86_6.2.3.20130726-0900\swtxpcom.dll
MOD - [2013/02/22 10:00:54 | 000,184,320 | ---- | M] () -- C:\notes\libpng15.dll
MOD - [2012/01/30 08:48:19 | 000,967,168 | ---- | M] () -- C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\libxml2.dll
MOD - [2012/01/30 08:48:16 | 000,163,840 | ---- | M] () -- C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.system.win32_3.0.0.20110822-1305\basis\program\libxslt.dll
MOD - [2012/01/30 08:48:12 | 000,139,264 | ---- | M] () -- C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.basis.base.win32_3.0.0.20110822-1305\basis\program\nsldap32v50.dll
MOD - [2012/01/30 08:46:33 | 000,841,728 | ---- | M] () -- C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.xulrunner.runtime.win32.x86_6.2.3.20110915-1350\xulrunner\js3250.dll
MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/10/20 10:12:28 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
MOD - [2011/09/15 16:19:14 | 000,081,920 | ---- | M] () -- C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\eclipse_1118.dll
MOD - [2011/09/15 16:19:12 | 000,110,592 | ---- | M] () -- C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\pipeserver.dll
MOD - [2011/01/20 21:44:32 | 000,394,224 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2011/01/12 18:22:58 | 000,518,640 | ---- | M] () -- C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/08/06 07:19:58 | 002,371,584 | ---- | M] () -- C:\notes\ltspln50.dll
MOD - [2008/06/25 11:18:18 | 000,098,304 | ---- | M] () -- C:\notes\zlib1.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/07/25 08:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2012/01/27 07:50:49 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011/10/17 15:48:24 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/08/08 07:39:18 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 21:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 20:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/07/22 12:21:34 | 000,060,264 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2011/07/22 12:21:18 | 000,041,832 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/07/12 16:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2011/07/12 16:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2011/06/03 12:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/03/29 19:15:36 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/12/17 08:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/12/08 13:23:47 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/14 11:18:43 | 000,576,240 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files (x86)\C4ebreg\c4ebreg.exe -- (ISAMSvc)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/16 09:15:53 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/20 18:45:44 | 002,377,984 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe -- (SmcService)
SRV - [2013/10/20 18:45:44 | 000,334,736 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe -- (SNAC)
SRV - [2013/10/20 18:45:38 | 000,144,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2013/08/01 12:39:12 | 000,192,104 | ---- | M] (IBM Corp) [Auto | Running] -- c:\notes\SUService.exe -- (LNSUSvc)
SRV - [2013/08/01 12:36:44 | 004,456,040 | ---- | M] (IBM) [Auto | Running] -- c:\notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2013/05/03 16:19:34 | 005,387,640 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)
SRV - [2012/09/25 16:03:16 | 013,387,128 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe -- (Intelligent Response Agent)
SRV - [2012/09/07 13:09:18 | 000,184,088 | ---- | M] (IBM Corp.) [Auto | Running] -- c:\sdwork\issimsvc.exe -- (ISSIMon)
SRV - [2012/07/21 15:05:20 | 001,588,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service)
SRV - [2012/02/09 15:30:04 | 000,745,472 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\IBM\Tivoli\Remote Control\Target\trc_base.exe -- (TRCTARGET)
SRV - [2012/01/27 07:48:07 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2011/10/20 12:09:18 | 000,269,376 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2011/10/20 12:09:16 | 000,134,208 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2011/08/12 23:18:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/12 05:20:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/07/25 23:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/03/24 03:48:00 | 000,477,032 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2011/03/24 03:48:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/03/02 08:09:42 | 000,354,288 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2011/03/02 08:09:06 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2011/02/25 01:02:00 | 000,039,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2011/02/09 17:36:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2010/11/20 07:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/11/18 16:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010/09/09 12:40:38 | 000,079,200 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe -- (NetLogSvc)
SRV - [2010/09/09 12:40:24 | 000,476,000 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe -- (netcfgsvr)
SRV - [2010/09/09 12:40:02 | 000,349,536 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe -- (NetClientSvc)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/02 18:43:16 | 000,353,672 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/02/27 07:53:51 | 000,155,352 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SysPlant.sys -- (SysPlant)
DRV:64bit: - [2014/02/26 14:10:26 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/11/22 12:43:12 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53)
DRV:64bit: - [2013/10/20 18:45:46 | 001,147,480 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013/10/20 18:45:46 | 000,797,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/10/20 18:45:46 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/10/20 18:45:46 | 000,437,336 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\symnets.sys -- (SYMNETS)
DRV:64bit: - [2013/10/20 18:45:46 | 000,224,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/10/20 18:45:46 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys -- (ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE})
DRV:64bit: - [2013/10/20 18:45:46 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/10/20 18:45:44 | 000,092,456 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Teefer.sys -- (Teefer2)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/21 15:05:34 | 000,015,848 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\PGPwdefs.sys -- (Pgpwdefs)
DRV:64bit: - [2012/07/21 15:05:32 | 000,372,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PGPwded.sys -- (PGPwded)
DRV:64bit: - [2012/07/21 15:05:30 | 000,051,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PGPsdk.sys -- (PGPsdkDriver)
DRV:64bit: - [2012/07/21 15:05:22 | 000,273,848 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PGPdisk.sys -- (PGPdisk)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/27 07:51:10 | 001,423,408 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/01/27 07:50:59 | 000,118,016 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LenovoRd.sys -- (LenovoRd)
DRV:64bit: - [2012/01/27 07:50:57 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2012/01/27 07:50:57 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2012/01/27 07:50:57 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2012/01/27 07:50:57 | 000,054,784 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2012/01/27 07:50:56 | 000,067,072 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2012/01/27 07:50:56 | 000,061,952 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2012/01/27 07:50:51 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2012/01/27 07:50:51 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2012/01/27 07:50:50 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iastor)
DRV:64bit: - [2012/01/27 07:50:49 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/01/27 07:50:49 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2012/01/27 07:50:49 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2012/01/27 07:50:44 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2012/01/27 07:50:33 | 000,419,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV:64bit: - [2012/01/27 07:50:33 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2012/01/27 07:50:33 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2012/01/27 07:50:32 | 000,411,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV:64bit: - [2012/01/27 07:50:32 | 000,101,416 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\l36wgps64.sys -- (l36wgps)
DRV:64bit: - [2012/01/27 07:48:09 | 000,091,648 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2012/01/27 07:48:09 | 000,029,696 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2012/01/27 07:48:08 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012/01/27 07:48:08 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012/01/27 07:48:08 | 000,022,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwupgrade.sys -- (huawei_update)
DRV:64bit: - [2012/01/27 07:48:08 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2012/01/27 07:48:07 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012/01/27 07:48:07 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2012/01/27 07:48:06 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2012/01/27 07:48:05 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2012/01/27 07:48:05 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2012/01/27 07:48:05 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2011/10/17 16:24:50 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/10/17 16:24:44 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/10/17 16:24:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/10/03 15:46:40 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/09/26 02:40:28 | 012,309,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/12 23:18:00 | 000,027,240 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/04 15:45:24 | 000,341,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/08/03 17:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/06/15 12:50:44 | 000,348,944 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ifM60x64.sys -- (IFCoEMP)
DRV:64bit: - [2011/03/29 19:13:40 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011/03/29 19:11:48 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011/03/24 03:48:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2011/03/24 03:48:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 01:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2011/02/09 01:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2011/02/09 01:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:07:04 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 04:57:43 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/09/09 15:24:04 | 000,190,464 | ---- | M] (AT&T) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\agnfilt.sys -- (agnfilt)
DRV:64bit: - [2010/09/07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/07/14 11:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/06/29 18:22:50 | 000,014,848 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avpnnic.sys -- (avpnnic)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/11/16 06:27:48 | 000,041,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma2)
DRV:64bit: - [2009/11/16 06:27:46 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd160x64.sys -- (ioatdma1)
DRV:64bit: - [2009/11/16 06:27:44 | 000,046,792 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ioatdma.sys -- (ioatdma)
DRV:64bit: - [2009/11/02 18:43:16 | 000,161,256 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vna.sys -- (VNA)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:35:02 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1k60x64.sys -- (e1kexpress)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007/02/19 00:56:38 | 000,027,136 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2014/12/11 06:01:56 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/12/11 06:01:55 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/11/18 18:13:19 | 000,637,656 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20141212.011\IDSviA64.sys -- (IDSVia64)
DRV - [2014/10/03 23:06:12 | 001,586,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20141210.012\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/09/24 13:05:23 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141215.002\ex64.sys -- (NAVEX15)
DRV - [2014/09/24 13:05:23 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141215.002\eng64.sys -- (NAVENG)
DRV - [2014/07/29 14:42:52 | 000,025,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\ProgramData\MANDIANT\MANDIANT Intelligent Response Agent\mktools.sys -- (Mandiant_Tools)
DRV - [2013/10/20 18:45:44 | 000,034,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys -- (SyDvCtrl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C ED 65 D5 DD 17 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {2602979F-3C33-4DC4-897A-BAA62A38788B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{2602979F-3C33-4DC4-897A-BAA62A38788B}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;<local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "w3.ibm.com"
FF - prefs.js..extensions.enabledAddons: %7B9EB34849-81D3-4841-939D-666D522B889A%7D:1.5.7.158
FF - prefs.js..extensions.enabledAddons: %7Bbb6bc1bb-f824-4702-90cd-35e2fb24f25d%7D:1.5.1.1
FF - prefs.js..extensions.enabledAddons: %7BDBBB3167-6E81-400f-BBFD-BD8921726F52%7D:7091.2014.0409.2153
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:2.04.20110724.1ibm
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@IBM.com/Java60: C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@IBM.com/Java,version=1.6.0: C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
FF - HKLM\Software\MozillaPlugins\@IBM.com/JavaPlugin: C:\Program Files (x86)\IBM\Java60\jre\bin\plugin2\npjp2.dll (IBM)
FF - HKLM\Software\MozillaPlugins\@IBM.com/WDPlugin,version=1: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/15 08:30:43 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\IBM_ADMIN\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@IBM.com/WDPlugin,version=1: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/15 08:30:43 | 000,000,000 | ---D | M]
FF - HKCU\Software\MozillaPlugins\LWAPlugin15.8: C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/06/11 14:14:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/15 08:30:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/06/11 14:14:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/15 08:30:43 | 000,000,000 | ---D | M]
 
[2013/07/29 09:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Extensions
[2013/07/29 09:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Extensions\[email protected]
[2014/12/14 23:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions
[2012/07/25 19:54:59 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2013/03/31 09:08:11 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2014/12/14 23:51:38 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2012/01/30 08:34:56 | 000,000,000 | ---D | M] (IBM Add To Notes Address Book BluePages Plugin) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (IBM CCK) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]
[2013/10/01 11:50:04 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+) - IBM Edition) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]
[2012/01/30 08:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\defaults
[2012/01/30 08:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\plugins
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\chrome
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\components
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\defaults
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\modules
[2014/12/02 17:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\[email protected]\searchplugins
[2014/12/02 15:16:28 | 000,319,610 | ---- | M] () (No name found) -- C:\Users\IBM_ADMIN\AppData\Roaming\mozilla\firefox\profiles\2ziq4yrx.default\extensions\[email protected]\lucifox-0.9.9-fx+sm.xpi
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (IBM Add To Notes Address Book BluePages Plugin) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (IBM CCK) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (IE Tab + (IBM Edition)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/16 09:15:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\plugins
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\chrome
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\modules
[2013/12/16 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\searchplugins
[2010/10/12 15:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 15:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 15:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/10/12 15:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010/08/02 12:01:32 | 000,122,880 | ---- | M] (IBM ) -- C:\Program Files (x86)\mozilla firefox\plugins\npcpsweb.dll
[2010/10/12 17:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2012/06/28 15:30:44 | 000,299,696 | ---- | M] (IBM ) -- C:\Program Files (x86)\mozilla firefox\plugins\npwdplugin821.dll
[2010/10/12 15:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbnookjgoaaelhciadikaadnkgmiamei\3.4.5_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\edppjepaddkecolndfomijbbccbepinm\1.2.6_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjnkapjmjfpipfcccnjbjcbgdnahpjp\2.0.265_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin\1.4.3_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj\0.9.5_0\
CHR - Extension: No name found = C:\Users\IBM_ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/12/12 15:06:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\IBM\Java60\jre\bin\ssv.dll (IBM)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll (IBM)
O2 - BHO: (Plugin Class) - {56CD20F0-7C09-11D5-A768-0050042307CE} - c:\Program Files (x86)\SAP\SAP Tutor\free_PlayerIE.dll (SAP AG)
O2 - BHO: (Symantec Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [C4EBReg] C:\Program Files (x86)\C4ebreg\c4ebreg.exe (IBM Corp.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Isamtray] C:\Program Files (x86)\C4ebreg\isamtray.exe (IBM Corp.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe (Sonic Solutions)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_47692A8BDE1D0898868E82D17210B48D] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files (x86)\AT&T Network Client\NetSP.exe (AT&T)
O4 - HKCU..\Run: [NotesSODCPreLoad] C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110822-1305\program\preload.exe ()
O4 - HKCU..\RunOnce: [Adobe Speed Launcher] 1418675976 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Open Text\SOCKS Client\HumSOCKS.dll (Open Text Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Open Text\SOCKS Client\HumSOCKS.dll (Open Text Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ibm.com ([w3-03] https in Trusted sites)
O15 - HKCU\..Trusted Domains: wiley.com ([naedge] http in Trusted sites)
O15 - HKCU\..Trusted Domains: wiley.com ([naedge] https in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} C:\Users\IBM_AD~1\AppData\Local\Temp\f5tmp\f5certchk.cab (F5 Networks Certificate Checker)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\IBM_AD~1\AppData\Local\Temp\f5tmp\f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\IBM_AD~1\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1 (F5 Networks Auto Update)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} C:\Users\IBM_AD~1\AppData\Local\Temp\f5tmp\f5InspectionHost.cab (F5 Networks Policy Agent Host Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http:// (Java Plug-in 11.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http:// (Java Plug-in 11.25.2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\IBM_AD~1\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control)
O16 - DPF: {E734BF43-7194-4E3A-832F-307606DDF665} https://cs.conferenc...ts/WDPLUGIN.CAB (Unyte Conferencing Plugin)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.128.128.128
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9B3B138-37B1-4DDB-8F6D-E3DE308AB852}: DhcpNameServer = 10.128.128.128
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC2CF689-6241-4B37-B9AA-C711A5084DE0}: NameServer = 9.0.130.50,9.0.128.50
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 360 Days ==========
 
[2014/12/15 15:47:27 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\smkits
[2014/12/15 07:39:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/12/15 07:22:17 | 000,000,000 | ---D | C] -- C:\FRST
[2014/12/14 23:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\F5 Networks
[2014/12/14 22:08:14 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Wiley
[2014/12/12 15:06:38 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/12/12 14:20:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/12/12 14:20:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/12/12 14:20:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/12/12 14:19:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/12/12 14:18:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/12/12 12:16:11 | 005,198,336 | ---- | C] (AVAST Software) -- C:\Users\IBM_ADMIN\Desktop\aswmbr.exe
[2014/12/12 11:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2014/12/12 11:35:21 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\CheckPoint
[2014/12/12 10:44:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/12/10 20:13:24 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/10 20:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/12/10 20:12:52 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/12/10 20:12:52 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/12/10 20:12:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/11/26 23:33:05 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\LavasoftStatistics
[2014/11/17 11:14:36 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2014/11/17 11:14:36 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2014/11/17 11:12:47 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2014/11/17 11:12:47 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2014/11/17 11:12:32 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2014/11/17 11:12:32 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2014/11/17 11:12:31 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/11/17 11:12:31 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/11/17 11:12:30 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/11/17 11:12:30 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/11/17 11:08:52 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/11/17 11:08:52 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/11/17 11:08:52 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/11/17 11:08:52 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/11/17 11:08:51 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/11/17 11:07:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/11/17 11:07:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/11/17 11:05:24 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/11/17 11:02:59 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/11/17 11:02:59 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/11/17 11:01:10 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014/11/14 11:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/11/11 10:46:26 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\PandoraRecovery
[2014/11/11 10:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
[2014/11/11 10:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pandora Recovery
[2014/11/03 12:32:41 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Lands End
[2014/11/02 10:19:16 | 000,000,000 | R--D | C] -- C:\Users\IBM_ADMIN\Dropbox
[2014/11/02 10:18:42 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/11/02 10:17:42 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Dropbox
[2014/10/27 20:10:58 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Boeing
[2014/10/21 03:06:12 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/10/21 03:06:12 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/10/21 03:06:12 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/10/21 03:06:12 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/10/21 03:06:12 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/10/21 03:06:12 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/10/21 02:59:17 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/10/21 02:59:17 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/10/21 02:59:03 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/10/21 02:59:03 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/10/21 02:59:02 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/10/21 02:59:02 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/10/21 02:59:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/10/21 02:59:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/10/21 02:58:59 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/10/21 02:58:59 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/10/21 02:58:59 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/10/21 02:58:59 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/10/21 02:58:59 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/10/21 02:58:59 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/10/21 02:58:59 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/10/21 02:58:59 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/10/21 02:58:58 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/10/21 02:58:58 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/10/21 02:58:57 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/10/21 02:58:57 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/10/21 02:58:57 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/10/21 02:58:57 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/10/21 02:58:57 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/10/21 02:58:57 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/10/21 02:58:56 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/10/21 02:58:56 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/10/21 02:58:55 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/10/21 02:58:55 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/10/21 02:58:55 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/10/21 02:58:55 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/10/21 02:58:55 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/10/21 02:58:55 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/10/21 02:58:51 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/10/21 02:58:50 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/10/21 02:58:50 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/10/13 16:18:19 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Medibank
[2014/09/28 10:16:03 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\TeamViewer
[2014/09/19 11:29:26 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Local\WebEx
[2014/08/29 16:50:20 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/25 14:53:47 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Grainger
[2014/08/22 14:16:39 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/08/22 14:16:27 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/08/22 14:16:27 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/08/22 14:16:27 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/08/22 14:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/22 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/08/21 18:36:47 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/08/21 18:36:46 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/08/19 12:16:29 | 000,000,000 | -HSD | C] -- C:\Users\IBM_ADMIN\AppData\Local\EmieUserList
[2014/08/19 12:16:29 | 000,000,000 | -HSD | C] -- C:\Users\IBM_ADMIN\AppData\Local\EmieSiteList
[2014/08/19 09:59:16 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2014/08/19 09:45:13 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/08/19 09:45:07 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/08/19 09:45:07 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/08/19 09:45:07 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/08/19 09:45:07 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/08/19 09:45:07 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/08/19 09:45:07 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/08/19 09:45:07 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/08/19 09:45:07 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/08/19 09:45:07 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/08/19 09:45:07 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/08/19 09:45:07 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/08/19 09:45:07 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/08/19 09:45:07 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/08/19 09:45:07 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/08/19 09:45:07 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/08/19 09:45:07 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/08/19 09:45:07 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/08/19 09:45:07 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/08/19 09:45:07 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/08/19 09:45:07 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/08/19 09:45:07 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/08/19 09:45:07 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/08/19 09:45:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/08/19 09:45:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/08/19 09:45:07 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/08/19 09:45:07 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/08/19 09:45:07 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/08/19 09:45:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/08/19 09:45:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/08/19 09:45:07 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/08/19 09:45:07 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/08/19 09:45:07 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/08/19 09:45:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/08/19 09:45:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/08/19 09:45:07 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/08/19 09:45:07 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/08/19 09:45:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/08/19 09:45:07 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/08/19 09:45:06 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/08/19 09:45:06 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/08/19 09:45:06 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/08/19 09:45:06 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/08/19 09:45:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/08/19 09:45:06 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/08/19 09:43:42 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/08/19 09:43:42 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/08/19 09:43:42 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/08/19 09:43:42 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2014/08/19 09:43:42 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2014/08/19 09:43:42 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2014/08/19 09:43:42 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2014/08/19 09:43:00 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2014/08/19 09:41:36 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/19 09:41:36 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/19 09:41:35 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/08/19 09:41:35 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/08/19 09:41:35 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2014/08/19 09:41:35 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2014/08/19 09:41:35 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/08/19 09:41:35 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2014/08/19 09:41:35 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2014/08/19 09:41:35 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2014/08/19 09:41:35 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2014/08/19 09:41:35 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/08/19 09:41:35 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/08/19 09:41:35 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2014/08/19 09:41:35 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2014/08/19 09:41:35 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2014/08/19 09:41:35 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2014/08/19 09:41:35 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2014/08/19 09:41:35 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2014/08/19 09:41:35 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2014/08/19 09:41:35 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2014/08/19 09:41:35 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/19 09:41:35 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/19 09:41:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/19 09:41:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/19 09:41:35 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/19 09:41:35 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/19 09:38:59 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2014/08/19 09:38:59 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2014/08/18 08:31:42 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/08/18 08:31:42 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/08/18 08:31:42 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2014/08/18 08:31:42 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2014/08/18 08:31:42 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/08/18 08:31:37 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/08/18 08:24:01 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/08/18 08:00:28 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2014/08/18 08:00:28 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2014/08/18 08:00:28 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2014/08/18 08:00:28 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2014/08/18 08:00:28 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014/08/18 08:00:28 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014/08/18 08:00:12 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/08/18 08:00:12 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/08/04 09:09:17 | 000,000,000 | -HSD | C] -- C:\Users\IBM_ADMIN\Documents\cache
[2014/07/31 12:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2014/07/31 12:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/07/31 12:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/07/31 12:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/07/30 14:43:30 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Allison
[2014/07/29 14:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MANDIANT
[2014/07/29 14:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MANDIANT
[2014/07/21 16:15:51 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\AdobeMuse
[2014/07/21 16:12:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Muse
[2014/07/21 16:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/07/16 13:33:10 | 000,000,000 | ---D | C] -- C:\ibmbeta
[2014/07/14 07:58:41 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/07/14 07:58:41 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/07/14 07:50:24 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/07/14 07:50:24 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/06/22 10:14:35 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Local\Adobe
[2014/06/22 10:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/06/22 10:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014/06/20 10:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2014/06/16 22:06:55 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/06/16 21:57:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/16 21:57:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/06/16 21:56:19 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/06/16 21:56:19 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/06/11 14:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/06/11 14:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/06/11 14:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/06/11 14:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/06/11 14:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/06/11 14:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/06/11 14:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2014/06/03 10:16:36 | 000,000,000 | ---D | C] -- C:\My Web Sites
[2014/06/03 10:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
[2014/06/03 10:16:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinHTTrack
[2014/06/02 08:40:08 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Sunoco
[2014/05/12 11:40:14 | 000,000,000 | ---D | C] -- C:\swd
[2014/04/14 08:58:47 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/14 08:58:47 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/14 08:58:47 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/14 08:58:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/14 08:58:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/14 08:58:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/14 08:58:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/14 08:58:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/14 08:58:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/14 08:58:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/04/04 09:44:34 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\E&Y
[2014/04/01 12:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAP Tutor
[2014/04/01 08:34:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2014/03/24 19:14:24 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Oracle
[2014/03/24 12:01:49 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Saba
[2014/03/24 12:01:45 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Centra
[2014/03/19 08:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Text SOCKS Client 14 x64
[2014/03/19 08:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Open Text
[2014/03/19 08:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Open Text
[2014/03/19 08:40:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Open Text
[2014/03/18 13:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\BigFix
[2014/03/14 15:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2013
[2014/03/14 15:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HRBlock2013
[2014/03/04 10:58:44 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Aramco
[2014/02/27 07:53:56 | 000,158,096 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\FwsVpn.dll
[2014/02/27 07:53:56 | 000,044,448 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\WGX64.SYS
[2014/02/27 07:53:52 | 000,361,360 | ---- | C] (Symantec Corporation) -- C:\Windows\SysWow64\sysfer.dll
[2014/02/27 07:53:52 | 000,011,152 | ---- | C] (Symantec Corporation) -- C:\Windows\SysWow64\sysferThunk.dll
[2014/02/27 07:53:51 | 000,459,152 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\sysfer.dll
[2014/02/27 07:53:51 | 000,155,352 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SysPlant.sys
[2014/02/27 07:53:51 | 000,012,176 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\sysferThunk.dll
[2014/02/26 14:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1992-12.com.symantec
[2014/02/26 14:07:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64
[2014/02/26 14:07:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP
[2014/02/26 14:07:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105
[2014/02/26 14:07:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\SEP\0C010FAD
[2014/02/17 10:11:09 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\SAP-Rational Connector
[2014/02/12 09:51:59 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\UltraVNC
[2014/02/12 09:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC
[2014/02/12 09:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uvnc bvba
[2014/02/10 12:51:23 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\WR Grace
[2014/02/04 19:41:22 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Pinnacle Studio
[2014/02/04 15:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pinnacle
[2014/02/04 14:59:51 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Local\Pinnacle
[2014/02/04 14:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Ultimate Collection
[2014/02/04 14:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 15
[2014/02/04 14:55:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Projects
[2014/02/04 14:53:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pegasus Imaging
[2014/02/04 14:53:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Yahoo!
[2014/02/04 14:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Studio 15
[2014/02/04 14:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Plus
[2014/02/04 14:53:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2014/02/04 14:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2014/02/04 14:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pinnacle
[2014/01/17 15:24:12 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2014/01/17 15:24:12 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2014/01/13 13:46:26 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Cepheid
[2014/01/10 13:31:11 | 000,084,288 | ---- | C] (IBM) -- C:\Windows\SysWow64\javacplIBM60.cpl
[2014/01/10 13:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TempFolder
[2014/01/10 09:58:00 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Desktop\Temp
[2014/01/09 09:10:03 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
[2014/01/06 14:23:36 | 004,558,848 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2014/01/03 11:17:15 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\Documents\Southwire
[2014/01/03 10:17:04 | 000,000,000 | ---D | C] -- C:\Users\IBM_ADMIN\IBM
[2013/12/27 09:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/12/27 09:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/12/27 09:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[1 C:\Users\IBM_ADMIN\*.tmp files -> C:\Users\IBM_ADMIN\*.tmp -> ]
 
========== Files - Modified Within 360 Days ==========
 
[2014/12/15 15:59:42 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/15 15:59:39 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/12/15 15:59:39 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/12/15 15:55:26 | 002,536,805 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\Cat.DB
[2014/12/15 15:49:20 | 000,027,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/15 15:49:20 | 000,027,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/15 15:36:34 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/15 15:35:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/15 15:34:30 | 2055,655,423 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/15 15:27:13 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2014/12/15 15:19:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/15 14:35:00 | 000,000,594 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-598280094-1804934353-2193003435-1000.job
[2014/12/15 12:08:42 | 000,001,832 | ---- | M] () -- C:\Users\IBM_ADMIN\AppData\Local\SLC_rryanthony.prx
[2014/12/14 23:51:52 | 000,000,000 | ---- | M] () -- C:\Windows\f5unistall.INI
[2014/12/14 22:26:01 | 000,061,440 | ---- | M] ( ) -- C:\Users\IBM_ADMIN\Desktop\VEW.exe
[2014/12/14 22:19:38 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/12 15:06:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/12/12 14:20:56 | 000,778,950 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/12 14:20:56 | 000,660,374 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/12 14:20:56 | 000,121,270 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/12 12:16:13 | 005,198,336 | ---- | M] (AVAST Software) -- C:\Users\IBM_ADMIN\Desktop\aswmbr.exe
[2014/12/12 10:21:15 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/10 20:12:55 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/08 08:09:00 | 000,062,790 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\VT20141208.005
[2014/12/04 14:24:16 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
[2014/11/30 15:19:08 | 000,198,568 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\REBATE MCA-10008 US New.pdf
[2014/11/26 23:32:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/11/24 12:18:57 | 000,042,525 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\B3LE3_-CAAEwHoN.jpg-large
[2014/11/21 11:09:00 | 000,821,273 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\Lil Roy Restaurant Certificate.pdf
[2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/11/18 07:29:12 | 000,546,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/18 07:16:30 | 000,587,244 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\grendle308-screenplay-hell_swallowed_whole.pdf
[2014/11/18 07:16:14 | 000,183,648 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\BobGrieve-screenplay-hot_air_3rd_draft.pdf
[2014/11/14 11:18:33 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/11/12 09:10:03 | 000,080,624 | ---- | M] (IBM Corp.) -- C:\Windows\isamunin.exe
[2014/11/11 10:46:23 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2014/11/04 14:40:20 | 000,062,964 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\saltwater_fishing_guide.pdf
[2014/11/02 10:19:17 | 000,001,005 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\Dropbox.lnk
[2014/10/24 20:57:59 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/10/24 20:32:37 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/10/17 21:05:23 | 000,861,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014/10/13 21:12:57 | 001,460,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/10/13 21:09:31 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2014/10/13 21:07:31 | 000,681,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2014/10/13 20:47:30 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2014/10/13 20:46:02 | 000,681,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2014/10/02 21:12:00 | 000,500,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/10/02 21:11:54 | 000,284,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/10/02 21:11:51 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/10/02 21:11:51 | 000,296,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/10/02 20:44:42 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/09/19 04:42:47 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/09/11 10:15:58 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/08/22 21:07:00 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/22 14:16:21 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/08/22 14:16:21 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/08/22 14:16:21 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/08/21 01:40:32 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/08/21 01:23:10 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/08/19 09:45:13 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/08/19 09:45:07 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/08/19 09:45:07 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/08/19 09:45:07 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/08/19 09:45:07 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/08/19 09:45:07 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/08/19 09:45:07 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/08/19 09:45:07 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/08/19 09:45:07 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/08/19 09:45:07 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/08/19 09:45:07 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/08/19 09:45:07 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/08/19 09:45:07 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/08/19 09:45:07 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/08/19 09:45:07 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/08/19 09:45:07 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/08/19 09:45:07 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/08/19 09:45:07 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/08/19 09:45:07 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/08/19 09:45:07 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/08/19 09:45:07 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/08/19 09:45:07 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/08/19 09:45:07 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/08/19 09:45:07 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/08/19 09:45:07 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/08/19 09:45:07 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/08/19 09:45:07 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/08/19 09:45:07 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/08/19 09:45:07 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/08/19 09:45:07 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/08/19 09:45:07 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/08/19 09:45:07 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/08/19 09:45:07 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/08/19 09:45:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/08/19 09:45:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/08/19 09:45:07 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/08/19 09:45:07 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/08/19 09:45:07 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/08/19 09:45:07 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/08/19 09:45:07 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/08/19 09:45:07 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/08/19 09:45:06 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/08/19 09:45:06 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/08/19 09:45:06 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/08/19 09:45:06 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/08/19 09:45:06 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/08/19 09:45:06 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/08/19 09:43:42 | 005,549,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/08/19 09:43:42 | 003,969,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/08/19 09:43:42 | 003,914,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/08/19 09:43:42 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2014/08/19 09:43:42 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2014/08/19 09:43:42 | 000,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2014/08/19 09:43:42 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2014/08/19 09:43:00 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2014/08/19 09:41:36 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/19 09:41:36 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/19 09:41:36 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/19 09:41:35 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/08/19 09:41:35 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/08/19 09:41:35 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2014/08/19 09:41:35 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2014/08/19 09:41:35 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/08/19 09:41:35 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2014/08/19 09:41:35 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2014/08/19 09:41:35 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2014/08/19 09:41:35 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2014/08/19 09:41:35 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/08/19 09:41:35 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/08/19 09:41:35 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2014/08/19 09:41:35 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2014/08/19 09:41:35 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2014/08/19 09:41:35 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2014/08/19 09:41:35 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2014/08/19 09:41:35 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2014/08/19 09:41:35 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2014/08/19 09:41:35 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2014/08/19 09:41:35 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/19 09:41:35 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/19 09:41:35 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/19 09:41:35 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/19 09:41:35 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/19 09:38:59 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2014/08/19 09:38:59 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2014/08/12 14:37:26 | 048,997,564 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\IMG_3036.MOV
[2014/08/11 21:02:49 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2014/08/11 20:36:37 | 000,701,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2014/07/31 12:47:14 | 000,001,518 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2014/07/25 09:01:41 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/07/25 08:30:30 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/07/25 08:28:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/07/25 08:28:27 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/07/25 08:25:45 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/07/25 08:10:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/07/25 08:03:50 | 000,598,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/07/25 08:00:51 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/07/25 08:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/07/25 07:59:28 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/07/25 07:47:25 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/07/25 07:40:12 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/07/25 07:34:49 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/07/25 07:33:08 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/07/25 07:30:32 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/07/25 07:28:15 | 005,824,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/07/25 07:28:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/07/25 07:19:18 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/07/25 07:17:33 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/07/25 07:17:26 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/07/25 07:12:35 | 000,438,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/07/25 07:10:53 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/07/25 07:10:15 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/07/25 07:08:47 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/07/25 06:47:50 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/07/25 06:43:16 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/07/25 06:42:31 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/07/25 06:39:29 | 002,087,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/07/25 06:39:25 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/07/25 06:36:30 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/07/25 06:34:04 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/07/25 06:07:49 | 002,001,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/07/25 06:07:10 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/07/25 05:17:47 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/07/25 05:09:19 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/07/13 21:02:45 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/06/30 17:24:50 | 000,008,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014/06/30 17:14:53 | 000,008,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014/06/22 10:31:02 | 000,193,182 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\Rajendran2014 NFFBAR.pdf
[2014/06/22 10:30:58 | 000,193,183 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\Regina_2014 NFFBAR.pdf
[2014/06/20 10:10:39 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2014/06/18 17:23:33 | 001,943,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/06/18 17:23:33 | 000,156,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/06/18 17:23:33 | 000,073,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/06/18 17:23:32 | 001,131,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/06/18 17:23:32 | 000,156,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/06/18 17:23:32 | 000,081,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/06/17 21:18:30 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/06/17 20:51:32 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/06/06 05:10:34 | 000,624,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/06/06 04:44:17 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/06/06 01:16:07 | 000,035,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/06/06 01:12:57 | 000,035,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/06/03 05:02:37 | 000,112,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/06/03 05:02:21 | 003,241,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/06/03 05:02:21 | 000,504,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2014/06/03 05:02:12 | 001,941,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/06/03 04:29:50 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2014/06/03 04:29:40 | 001,805,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/05/23 21:34:25 | 000,144,693 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\dennisdebon-screenplay-project_blue_book.pdf
[2014/05/12 12:55:59 | 000,106,003 | ---- | M] () -- C:\Users\IBM_ADMIN\Desktop\THE BREAK IN 2011.pdf
[2014/04/24 21:34:59 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/04/11 21:19:38 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/04/11 21:19:38 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/04/11 21:19:37 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/04/04 21:47:09 | 000,288,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/03/26 09:41:39 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/03/26 09:25:14 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/03/09 16:48:52 | 000,171,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2014/03/09 16:48:51 | 001,389,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2014/03/09 16:47:43 | 000,099,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2014/03/09 16:47:42 | 000,619,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2014/03/07 12:48:39 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2014/03/04 04:44:21 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/03/04 04:44:21 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/03/04 04:44:21 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/03/04 04:44:03 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/03/04 04:44:00 | 001,163,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/03/04 04:17:19 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/03/04 04:16:54 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/03/04 04:16:18 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/03/04 03:09:30 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/03/04 03:09:29 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/02/27 07:53:57 | 000,056,720 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\snacnp.dll
[2014/02/27 07:53:57 | 000,050,576 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWow64\snacnp.dll
[2014/02/27 07:53:56 | 000,576,912 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\SymVPN.dll
[2014/02/27 07:53:56 | 000,158,096 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\FwsVpn.dll
[2014/02/27 07:53:56 | 000,044,448 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\WGX64.SYS
[2014/02/27 07:53:52 | 000,361,360 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWow64\sysfer.dll
[2014/02/27 07:53:52 | 000,011,152 | ---- | M] (Symantec Corporation) -- C:\Windows\SysWow64\sysferThunk.dll
[2014/02/27 07:53:51 | 000,459,152 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\sysfer.dll
[2014/02/27 07:53:51 | 000,155,352 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SysPlant.sys
[2014/02/27 07:53:51 | 000,012,176 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\sysferThunk.dll
[2014/02/26 14:10:26 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/02/26 14:10:26 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/02/26 14:10:26 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/02/26 14:09:04 | 000,000,114 | ---- | M] () -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\isolate.ini
[2014/02/17 08:57:10 | 000,773,166 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/01/17 15:24:12 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2014/01/17 15:24:12 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2014/01/16 12:30:04 | 000,004,096 | -H-- | M] () -- C:\Users\IBM_ADMIN\AppData\Local\keyfile3.drm
[2014/01/06 14:23:36 | 004,558,848 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2013/12/24 17:48:32 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[1 C:\Users\IBM_ADMIN\*.tmp files -> C:\Users\IBM_ADMIN\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/15 15:24:11 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2014/12/14 23:51:52 | 000,000,000 | ---- | C] () -- C:\Windows\f5unistall.INI
[2014/12/14 22:26:00 | 000,061,440 | ---- | C] ( ) -- C:\Users\IBM_ADMIN\Desktop\VEW.exe
[2014/12/12 14:20:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/12/12 14:20:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/12/12 14:20:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/12/12 14:20:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/12/12 14:20:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/12/12 11:40:01 | 000,001,832 | ---- | C] () -- C:\Users\IBM_ADMIN\AppData\Local\SLC_rryanthony.prx
[2014/12/09 00:03:45 | 000,062,790 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\VT20141208.005
[2014/11/30 15:19:05 | 000,198,568 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\REBATE MCA-10008 US New.pdf
[2014/11/26 23:32:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/11/24 12:18:57 | 000,042,525 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\B3LE3_-CAAEwHoN.jpg-large
[2014/11/21 11:08:57 | 000,821,273 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\Lil Roy Restaurant Certificate.pdf
[2014/11/18 07:16:30 | 000,587,244 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\grendle308-screenplay-hell_swallowed_whole.pdf
[2014/11/18 07:16:13 | 000,183,648 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\BobGrieve-screenplay-hot_air_3rd_draft.pdf
[2014/11/11 10:46:23 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2014/11/04 14:40:19 | 000,062,964 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\saltwater_fishing_guide.pdf
[2014/11/02 10:19:16 | 000,001,005 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\Dropbox.lnk
[2014/09/02 07:30:24 | 048,997,564 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\IMG_3036.MOV
[2014/08/19 09:45:07 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/08/19 09:45:07 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/07/31 12:57:02 | 000,001,040 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
[2014/07/31 12:47:14 | 000,001,530 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2014/07/31 12:47:13 | 000,001,518 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2014/07/21 16:12:17 | 000,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Muse.lnk
[2014/06/22 10:29:34 | 000,193,183 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\Regina_2014 NFFBAR.pdf
[2014/06/22 10:20:47 | 000,193,182 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\Rajendran2014 NFFBAR.pdf
[2014/06/22 10:12:17 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/06/20 10:09:12 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2014/05/23 21:34:25 | 000,144,693 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\dennisdebon-screenplay-project_blue_book.pdf
[2014/05/12 12:55:59 | 000,106,003 | ---- | C] () -- C:\Users\IBM_ADMIN\Desktop\THE BREAK IN 2011.pdf
[2014/04/14 08:11:14 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/07 10:01:56 | 000,000,594 | ---- | C] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-598280094-1804934353-2193003435-1000.job
[2014/02/27 07:53:57 | 002,536,805 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\Cat.DB
[2014/02/26 14:09:04 | 000,000,114 | ---- | C] () -- C:\Windows\SysNative\drivers\SEP\0C010FAD\0FAD.105\x64\isolate.ini
[2014/02/04 14:49:35 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2014/01/16 12:30:04 | 000,004,096 | -H-- | C] () -- C:\Users\IBM_ADMIN\AppData\Local\keyfile3.drm
[2013/09/29 19:46:43 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2013/03/13 16:51:24 | 000,677,328 | ---- | C] () -- C:\Windows\SysWow64\amsrb932.dll
[2012/07/23 11:54:35 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.311018984119889580931149468956
[2012/01/30 08:44:03 | 000,061,305 | ---- | C] () -- C:\Users\IBM_ADMIN\install.xml
[2010/09/09 12:23:52 | 000,271,686 | ---- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >

  • 0

#18
RKinner
Posted 15 December 2014 - 10:46 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the next line:
 
sc config "RoxWatch12" start= disabled
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  (Yes)  Right click and Paste or Edit then Paste and the copied line should appear.  Hit Enter.
 

 

 

 

- Right click on Computer and select Manage
- Go to Local Users and Groups -> Users
- Doubleclick UpdatusUser
- Click Member Of tab
- Click Add
- Type Administrators then Check Names
- Click OK, OK
- Click on Services and Applications then on Services
- Scroll down to "NVIDIA Update Service Daemon"
- Click Start.
- If all went well you will see a popup saying: The NVIDIA Update Service Daemon service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs.

 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
What else is not working?

  • 0

#19
givemefood
Posted 16 December 2014 - 08:25 AM

givemefood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

All done.

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 16/12/2014 9:24:57 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#20
givemefood
Posted 16 December 2014 - 08:27 AM

givemefood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Laptop seems to be working just fine now. Do you think it needs further analysis? Thanks for your help again.


  • 0

#21
RKinner
Posted 16 December 2014 - 09:07 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I don't see anything else tho it would not hurt to run a free ESET scan:

 

Use IE and go to http://eset.com/onlinescan  and click on ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  
 
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
 
 
This can take 3 hours or so.  (Best to pause your anti-virus or it will take longer or not work at all)  Unless it finds something that it can't fix then we are done and can clean up:
 


 
OK.  It looks like it worked OK.  Unless you see other problems I think we are done and can clean up
 
Copy the following:
 
 
:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
 
Right click on OTL and Run As Administrator.   In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.
 
That will get the last of the malware off the system.
 
 
 
You can uninstall or delete any tools we had you download and their logs. 
 
If we ran Combofix:To uninstall combofix, copy the next line:
 
"%userprofile%\Desktop\combofix.exe" /Uninstall
 
Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.
 
 
 
OTL has a cleanup tab but DO NOT USE IT!.  There are reports that it leaves the PC unbootable.  Instead just delete  OTL.exe and the folder c:\_OTL.
 
To hide hidden files again:
 
Vista or Win7
 
# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the  checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer. 
 
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
Unless you have the latest version of Avast which has its own update checker:  To help keep your programs up-to-date you should download and run the UpdateChecker: 
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it.  Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
 Seems to work best if Firefox is the default browser.  Windows always hides its icon so you need to unhide it.  Click on the up arrow to the left of the clock.  Then click on Customize.  Maximize the window so you can see all of the options.  Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications.  OK.  When you reboot you should see the icon.  It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser.  (Seems to work best if it uses Firefox.  If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results.  Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it.  While there, also check Hide Beta Versions.  OK. )  You will see a list of programs that have updates with green down arrows next to them.  You do not need to download any Beta Versions.  There is an option Settings to Hide Beta Versions.  I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases.  OK. 
 
You can also try Secunia PSI http://secunia.com/v...l/download_psi/  Same kind of info.  You don't need both.
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.
 
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox .  Close Chrome/Firefox. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow.
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.com before you open them.
 
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
The free version does not update on its own so you should check for updated versions once in a while.
 
 
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
 
Make sure Windows Updates is turned and that it works.  Go to Control panel, Windows Updates and see if it works.  
 
 
My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)
 
Ron
 
 
 

  • 0

#22
givemefood
Posted 18 December 2014 - 04:06 PM

givemefood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Thanks for all your help Ron.

 

I have one more laptop which is a thorough mess for which I will create a new topic.


  • 0

#23
RKinner
Posted 18 December 2014 - 04:41 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

You can continue here if you like.


  • 0

#24
givemefood
Posted 25 January 2015 - 09:50 PM

givemefood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Ron -- Still having problems. The laptop was good for a few weeks but the past 5 days or so I am getting a lot of wifi drops and even if I reconnect there are occasional no connections.

 

Any suggestions? 


  • 0

#25
RKinner
Posted 25 January 2015 - 11:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

 
Please download Farbar Recovery Scan Tool and save it to your Desktop. 
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
    •  
     
     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
    Ron

    • 0

    Advertisements

    Back to Virus, Spyware, Malware Removal · Next Unread Topic →




    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    1. Geeks to Go Community
    2. Security
    3. Virus, Spyware, Malware Removal

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP