Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013 Ran by SYSTEM on 29-08-2013 22:12:40 Running from G:\ Windows 7 Enterprise (X64) OS Language: Polish Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet002 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Communicator] - C:\Program Files (x86)\Microsoft Lync\communicator.exe [12105344 2012-09-28] (Microsoft Corporation) HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215360 2011-01-12] (McAfee, Inc.) HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333376 2011-11-15] (McAfee, Inc.) AppInit_DLLs: C:\Windows\system32\nvinitx.dll [245872 2013-02-28] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-28] (NVIDIA Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegDeleteIcons.vbs () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SetTaskbar.vbs () Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegDeleteIcons.vbs () Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SetTaskbar.vbs () ==================== Services (Whitelisted) ================= S2 CBA8; C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe [157496 2012-08-27] (LANDesk Software, Inc. and its affiliates.) S3 iMobilityService; C:\Program Files (x86)\iPass\Open Mobile\bin\iMobilityService.exe [30208 2012-05-21] (iPass Inc.) S2 Intel Local Scheduler Service; C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE [202744 2013-02-25] (LANDesk Software, Inc. and its affiliates.) S2 Intel PDS; C:\Windows\SysWow64\CBA\pds.exe [32825 2012-10-04] (LANDesk Software Ltd.) S2 iPlatformService; C:\Program Files (x86)\iPass\Open Mobile\omsi\iPlatformService.exe [22528 2012-05-21] (iPass Inc.) S2 ISSUSER; C:\PROGRA~2\LANDesk\LDClient\issuser.exe [1001536 2013-04-17] (LANDesk Software, Inc. and its affiliates.) S2 LANDesk Policy Invoker; C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe [219648 2012-12-13] (LANDesk Software, Inc. and its affiliates.) S2 LANDesk Targeted Multicast; C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe [179200 2012-10-04] (LANDesk Software, Inc. and its affiliates.) S2 Lotus Notes Diagnostics; C:\Notes\nsd.exe [3417480 2011-07-11] (IBM) S2 Lotus Notes Single Logon; C:\Notes\nslsvice.exe [62856 2011-07-11] (IBM Corp) S2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132672 2011-11-15] (McAfee, Inc.) S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [190256 2013-03-30] (McAfee, Inc.) S2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [209760 2011-01-12] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [156248 2013-03-30] (McAfee, Inc.) S2 Multi-user Cleanup Service; C:\Notes\ntmulti.exe [58760 2011-07-11] (IBM Corp) S2 NWSAPAutoWorkstationUpdateSvc; C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe [121200 2011-04-14] (SAP AG) S2 ProcTrigger; C:\Program Files (x86)\LANDesk\LDClient\ProcTriggerSvc.exe [153376 2012-10-04] (LANDesk Software, Inc. and its affiliates.) S2 Softmon; C:\Program Files (x86)\LANDesk\LDClient\softmon.exe [639464 2013-01-11] (LANDesk Software, Inc. and its affiliates.) S2 tracksvc; C:\Program Files (x86)\LANDesk\LDClient\tracksvc.exe [75608 2012-10-04] (LANDesk Software, Inc. and its affiliates.) ==================== Drivers (Whitelisted) ==================== S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB) S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB) S3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [102440 2012-01-13] (Ericsson AB) S3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [9600 2011-12-09] (Lenovo) S3 ldblank; C:\Windows\System32\DRIVERS\ldblank.sys [20992 2012-10-04] (LANDesk Software, Inc. and its affiliates.) S3 ldmirror; C:\Windows\System32\DRIVERS\ldmirror.sys [5120 2012-10-04] (LANDesk Software, Inc. and its affiliates.) S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation) S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation) S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation) S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [153952 2013-03-30] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [217696 2013-03-30] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [607152 2013-03-30] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [97960 2013-03-30] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [281544 2013-03-30] (McAfee, Inc.) S3 mirrorflt; C:\Windows\System32\DRIVERS\mirrorflt.sys [7168 2012-10-04] (LANDesk Software, Inc. and its affiliates.) S1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-02-28] (NVIDIA Corporation) S3 qcusbserlno2k; C:\Windows\system32\drivers\qcusbserlno2k.sys [231040 2011-05-23] (QUALCOMM Incorporated) S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-17] (Synaptics Incorporated) S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2011-12-07] (Ericsson AB) S3 mfeavfk01; No ImagePath S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-28 22:18 - 2013-08-28 22:18 - 00003352 ____N C:\bootsqm.dat 2013-08-28 18:46 - 2013-08-28 18:46 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-08-27 22:45 - 2013-08-27 23:34 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-08-27 15:05 - 2013-08-27 15:05 - 00000165 _____ C:\ProgramData\xuhevoboaparptyomwe.reg 2013-08-27 15:05 - 2013-08-27 15:05 - 00000070 _____ C:\ProgramData\xuhevoboaparptyomwe.bat 2013-08-26 20:43 - 2013-08-28 22:16 - 00010240 _____ (Microsoft Corporation) C:\ProgramData\libnspr4.dll 2013-08-26 20:12 - 2013-08-26 20:12 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2013-08-26 20:07 - 2013-08-26 20:07 - 00192512 _____ C:\ProgramData\qpxefhcumwctwpg 2013-08-26 20:03 - 2013-08-26 20:07 - 00000213 _____ C:\ProgramData\eebdeaccdfbeedc.cfg 2013-08-26 20:03 - 2013-08-26 20:03 - 00174592 _____ C:\ProgramData\qtrypbpmdbykowi 2013-08-26 19:57 - 2013-08-28 23:17 - 00000000 ____D C:\Quarantine 2013-08-20 22:33 - 2013-02-28 02:47 - 26931488 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 25256224 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 20450080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 18054672 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 15129448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 15052728 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 12641480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 11009312 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys 2013-08-20 22:33 - 2013-02-28 02:47 - 09390760 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 07932256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 07565088 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 06263632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 02904352 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 02720544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 02344736 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 01985824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 01814304 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 01510176 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco64.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 01107440 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 00958120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 00284448 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvkflt.sys 2013-08-20 22:33 - 2013-02-28 02:47 - 00245872 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 00201576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2013-08-20 22:33 - 2013-02-28 02:47 - 00030496 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys 2013-08-20 22:33 - 2013-02-28 02:47 - 00017266 _____ C:\Windows\System32\nvinfo.pb 2013-08-20 22:32 - 2013-02-28 02:47 - 02824504 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll 2013-08-20 22:32 - 2013-02-28 02:47 - 02504096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2013-08-20 22:31 - 2012-10-17 23:19 - 01048376 _____ (Synaptics Incorporated) C:\Windows\System32\SynCOM.dll 2013-08-20 22:31 - 2012-10-17 23:19 - 00539960 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCOM.dll 2013-08-20 22:31 - 2012-10-17 23:19 - 00460600 _____ (Synaptics Incorporated) C:\Windows\System32\Drivers\SynTP.sys 2013-08-20 22:31 - 2012-10-17 23:19 - 00229176 _____ (Synaptics Incorporated) C:\Windows\System32\SynTPAPI.dll 2013-08-20 22:31 - 2012-10-17 23:19 - 00177976 _____ (Synaptics Incorporated) C:\Windows\System32\SynTPCo14.dll 2013-08-20 22:31 - 2012-10-17 23:19 - 00113976 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCOM.dll 2013-08-20 22:31 - 2012-10-17 23:19 - 00044344 _____ (Synaptics Incorporated) C:\Windows\System32\Drivers\Smb_driver_Intel.sys 2013-08-20 22:31 - 2011-09-14 18:11 - 01048576 _____ C:\Windows\System32\syndata.bin 2013-08-20 22:31 - 2010-09-07 15:09 - 00015472 _____ (Lenovo Group Limited) C:\Windows\System32\Drivers\smiifx64.sys 2013-08-20 22:30 - 2013-08-20 22:30 - 00000000 ____D C:\Windows\LANDesk_Installs 2013-08-20 14:43 - 2012-01-13 12:38 - 00589896 _____ (Juniper Networks) C:\Windows\System32\dsNcSmartCardProv.dll 2013-08-20 14:43 - 2012-01-13 12:38 - 00421448 _____ (Juniper Networks) C:\Windows\System32\dsNcCredProv.dll 2013-08-20 13:37 - 2013-08-20 13:37 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_l36gsen_01_09_00.Wdf 2013-08-20 13:37 - 2013-08-20 13:37 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_WwanUsbMp64_01009.Wdf 2013-08-20 13:36 - 2013-08-20 13:36 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf 2013-08-20 13:36 - 2013-08-20 13:36 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_tcwbf_01_09_00.Wdf 2013-08-20 13:36 - 2013-08-20 13:36 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_wwussf64_01009.Wdf 2013-08-20 13:36 - 2013-08-20 13:36 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_wwuss64_01009.Wdf 2013-08-20 13:36 - 2013-08-20 13:36 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01009.Wdf 2013-08-20 13:36 - 2013-08-20 13:36 - 00000000 ____D C:\Program Files\Protector Suite 2013-08-20 13:35 - 2013-08-28 22:21 - 00296558 _____ C:\Windows\WindowsUpdate.log 2013-08-20 13:35 - 2013-08-20 13:35 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf 2013-08-20 13:35 - 2013-08-20 13:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-08-20 13:35 - 2013-08-20 13:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-08-20 13:35 - 2013-08-20 13:35 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-08-20 13:35 - 2013-08-20 13:35 - 00000000 ____D C:\Intel 2013-08-20 13:35 - 2013-01-10 22:37 - 06382880 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll 2013-08-20 13:35 - 2013-01-10 22:37 - 03460896 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll 2013-08-20 13:35 - 2013-01-10 22:36 - 02934933 _____ C:\Windows\System32\nvcoproc.bin 2013-08-20 13:35 - 2013-01-10 22:36 - 02558240 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll 2013-08-20 13:35 - 2013-01-10 22:36 - 00997664 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll 2013-08-20 13:35 - 2013-01-10 22:36 - 00884512 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe 2013-08-20 13:35 - 2013-01-10 22:36 - 00558880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\oemdspif.dll 2013-08-20 13:35 - 2013-01-10 22:36 - 00118560 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll 2013-08-20 13:35 - 2013-01-10 22:36 - 00063776 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll 2013-08-20 13:35 - 2013-01-10 22:36 - 00055584 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll 2013-08-20 13:27 - 2013-06-05 04:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-08-20 13:27 - 2013-06-04 07:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll 2013-08-20 13:27 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-08-20 13:27 - 2013-05-27 06:54 - 01188864 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-08-20 13:27 - 2013-05-27 06:53 - 01492992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-08-20 13:27 - 2013-05-27 06:53 - 00134144 _____ (Microsoft Corporation) C:\Windows\System32\url.dll 2013-08-20 13:27 - 2013-05-27 06:50 - 12295680 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-08-20 13:27 - 2013-05-27 06:50 - 09070080 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-08-20 13:27 - 2013-05-27 06:50 - 02458112 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-08-20 13:27 - 2013-05-27 06:50 - 00735232 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-08-20 13:27 - 2013-05-27 06:50 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-08-20 13:27 - 2013-05-27 06:50 - 00097792 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-08-20 13:27 - 2013-05-27 06:50 - 00064512 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-08-20 13:27 - 2013-05-27 06:02 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-20 13:27 - 2013-05-27 06:01 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-20 13:27 - 2013-05-27 06:01 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-08-20 13:27 - 2013-05-27 05:57 - 06035456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-20 13:27 - 2013-05-27 05:57 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-20 13:27 - 2013-05-27 05:57 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-08-20 13:27 - 2013-05-27 05:56 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-20 13:27 - 2013-05-27 05:56 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-20 13:27 - 2013-05-27 05:56 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-20 13:27 - 2013-05-27 05:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-20 13:27 - 2013-05-27 04:58 - 01638912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-08-20 13:27 - 2013-05-27 04:20 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-20 13:26 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-08-20 13:26 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-08-20 13:25 - 2013-05-06 07:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-08-20 13:25 - 2013-05-06 05:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-20 13:11 - 2013-08-29 21:03 - 00737980 _____ C:\Windows\System32\perfh015.dat 2013-08-20 13:11 - 2013-08-29 21:03 - 00154636 _____ C:\Windows\System32\perfc015.dat 2013-08-20 13:11 - 2013-08-20 13:08 - 00337158 _____ C:\Windows\System32\perfi015.dat 2013-08-20 13:11 - 2013-08-20 13:08 - 00038710 _____ C:\Windows\System32\perfd015.dat 2013-08-20 13:10 - 2013-08-20 13:10 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer 2013-08-20 13:10 - 2013-08-20 13:10 - 00000000 ____D C:\Windows\SysWOW64\pl 2013-08-20 13:09 - 2013-08-20 13:09 - 00000000 ____D C:\Windows\System32\pl 2013-08-20 12:50 - 2013-08-20 14:43 - 00000000 ____D C:\Program Files (x86)\Juniper Networks 2013-08-20 12:50 - 2013-08-20 13:46 - 00000000 ____D C:\ProgramData\NGC 2013-08-20 12:50 - 2013-08-20 12:50 - 00000078 _____ C:\Windows\init.ini 2013-08-20 12:50 - 2013-08-20 12:50 - 00000000 ____D C:\ProgramData\Sierra Wireless 2013-08-20 12:50 - 2013-08-20 12:50 - 00000000 ____D C:\Program Files (x86)\iPass 2013-08-20 12:49 - 2013-08-20 12:49 - 00010722 _____ C:\Windows\DPINST.LOG 2013-08-20 12:49 - 2013-08-20 12:49 - 00002982 _____ C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements 2013-08-20 12:49 - 2013-08-20 12:49 - 00001414 _____ C:\Windows\Synaptics.log 2013-08-20 12:49 - 2013-08-20 12:49 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf 2013-08-20 12:49 - 2013-08-20 12:49 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf 2013-08-20 12:49 - 2013-08-20 12:49 - 00000000 ____D C:\Program Files\Synaptics 2013-08-20 12:49 - 2013-08-20 12:49 - 00000000 ____D C:\Program Files\Common Files\Lenovo 2013-08-20 12:48 - 2013-08-20 12:49 - 00000000 ____D C:\Program Files\Lenovo 2013-08-20 12:48 - 2013-08-20 12:48 - 00000000 ____D C:\Program Files (x86)\Lenovo 2013-08-20 12:47 - 2012-01-13 12:37 - 01080392 _____ (Juniper Networks) C:\Windows\CotyVpnIcon.exe 2013-08-20 12:42 - 2013-08-27 14:16 - 00000000 ____D C:\ProgramData\vulScan 2013-08-20 12:42 - 2013-08-20 12:42 - 00000000 ____D C:\ProgramData\LANDesk 2013-08-20 12:41 - 2013-08-20 12:48 - 00000000 ____D C:\Program Files (x86)\LANDesk 2013-08-20 12:41 - 2013-08-20 12:41 - 00000000 ____D C:\Windows\SysWOW64\cba 2013-08-20 12:41 - 2012-10-04 06:16 - 00044232 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\poweroff.exe 2013-08-20 12:41 - 2012-10-04 06:16 - 00033896 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\poweroffUI.exe 2013-08-20 12:41 - 2012-10-04 05:33 - 00003584 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\enuPWOFF.dll 2013-08-20 12:41 - 2012-10-04 03:54 - 00056832 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\ELOGAPI.DLL 2013-08-20 12:41 - 2012-10-04 03:17 - 00004096 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\itaPWOFF.dll 2013-08-20 12:41 - 2012-10-04 03:17 - 00004096 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\deuPWOFF.dll 2013-08-20 12:41 - 2012-10-04 03:17 - 00003584 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\rusPWOFF.dll 2013-08-20 12:41 - 2012-10-04 03:17 - 00003584 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\korPWOFF.dll 2013-08-20 12:41 - 2012-10-04 03:17 - 00003584 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\jpnPWOFF.dll 2013-08-20 12:41 - 2012-10-04 03:17 - 00003584 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\fraPWOFF.dll 2013-08-20 12:41 - 2012-10-04 03:17 - 00003584 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\chtPWOFF.dll 2013-08-20 12:41 - 2012-10-04 03:17 - 00003584 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\chsPWOFF.dll 2013-08-20 12:41 - 2012-10-04 03:16 - 00004096 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\ptbPWOFF.dll 2013-08-20 12:41 - 2012-10-04 03:16 - 00003584 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\SysWOW64\espPWOFF.dll 2013-08-20 12:41 - 2012-10-04 03:15 - 00059600 _____ (Avocent Corporation ) C:\Windows\SysWOW64\LDCmd32.EXE 2013-08-20 12:41 - 2012-10-04 03:07 - 00027984 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\System32\ldmirror.dll 2013-08-20 12:41 - 2012-10-04 03:07 - 00020992 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\System32\Drivers\ldblank.sys 2013-08-20 12:41 - 2012-10-04 03:07 - 00007168 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\System32\Drivers\mirrorflt.sys 2013-08-20 12:41 - 2012-10-04 03:07 - 00005120 _____ (LANDesk Software, Inc. and its affiliates.) C:\Windows\System32\Drivers\ldmirror.sys 2013-08-20 12:41 - 2012-10-04 03:02 - 00086073 _____ (LANDesk Software Ltd.) C:\Windows\SysWOW64\nts.dll 2013-08-20 12:41 - 2012-10-04 03:02 - 00077884 _____ (LANDesk Software Ltd.) C:\Windows\SysWOW64\pds.dll 2013-08-20 12:41 - 2012-10-04 03:02 - 00041023 _____ (LANDesk Software Ltd.) C:\Windows\SysWOW64\msgsys.dll 2013-08-20 12:41 - 2012-10-04 03:02 - 00036927 _____ (LANDesk Software Ltd.) C:\Windows\SysWOW64\msgsys.exe 2013-08-20 12:41 - 2012-10-04 03:02 - 00028729 _____ (LANDesk Software Ltd.) C:\Windows\SysWOW64\cba.dll 2013-08-20 12:41 - 2012-10-04 03:01 - 00077824 _____ (Intel) C:\Windows\SysWOW64\loc32vc0.dll 2013-08-20 12:39 - 2013-08-20 13:45 - 00000000 ____D C:\Windows\rescache 2013-08-20 12:39 - 2013-08-20 12:39 - 00000000 ____D C:\Windows\SysWOW64\NV 2013-08-20 12:39 - 2013-08-20 12:39 - 00000000 ____D C:\Windows\System32\NV 2013-08-20 12:39 - 2013-08-20 12:39 - 00000000 ____D C:\ProgramData\NVIDIA 2013-08-20 12:39 - 2013-08-20 12:39 - 00000000 ____D C:\ProgramData\GroupPolicy 2013-08-20 12:37 - 2013-07-02 09:29 - 00000000 ____D C:\Users\Default\AppData\Roaming\RidNacs 2013-08-20 12:37 - 2013-07-02 09:29 - 00000000 ____D C:\Users\Default User\AppData\Roaming\RidNacs 2013-08-20 12:37 - 2013-04-04 08:36 - 00000000 ____D C:\Users\Default\Documents\SAP 2013-08-20 12:37 - 2013-04-04 08:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\SAP 2013-08-20 12:37 - 2013-04-04 08:36 - 00000000 ____D C:\Users\Default\AppData\Local\SAP 2013-08-20 12:37 - 2013-04-04 08:36 - 00000000 ____D C:\Users\Default User\Documents\SAP 2013-08-20 12:37 - 2013-04-04 08:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\SAP 2013-08-20 12:37 - 2013-04-04 08:36 - 00000000 ____D C:\Users\Default User\AppData\Local\SAP 2013-08-20 12:37 - 2013-03-05 17:20 - 00000000 ____D C:\Users\Default\Tracing 2013-08-20 12:37 - 2012-12-05 20:13 - 00112872 _____ C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT 2013-08-20 12:37 - 2012-12-05 20:13 - 00112872 _____ C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT 2013-08-20 12:37 - 2012-08-13 19:20 - 00000000 ____D C:\Users\Default\.java 2013-08-20 12:37 - 2012-06-15 00:16 - 00000000 ____D C:\Users\Default\AppData\Roaming\Adobe 2013-08-20 12:37 - 2012-06-15 00:16 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Adobe 2013-08-20 12:37 - 2012-06-12 23:29 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe 2013-08-20 12:37 - 2012-06-12 23:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe 2013-08-20 12:37 - 2012-04-26 02:07 - 00330480 _____ C:\Users\Default\Documents\LotusInstall.log 2013-08-20 12:37 - 2012-04-26 02:07 - 00330480 _____ C:\Users\Default User\Documents\LotusInstall.log 2013-08-20 12:37 - 2012-04-26 01:59 - 00047193 _____ C:\Users\Default\install.xml 2013-08-20 12:37 - 2012-04-26 01:49 - 00000000 ____D C:\Users\Default\AppData\Local\Lotus 2013-08-20 12:37 - 2012-04-26 01:49 - 00000000 ____D C:\Users\Default User\AppData\Local\Lotus 2013-08-20 12:37 - 2012-04-02 17:14 - 00000480 __RSH C:\Users\Default\ntuser.pol 2013-08-20 12:37 - 2012-03-27 22:49 - 00000000 ____D C:\Users\Default\AppData\Local\IsolatedStorage 2013-08-20 12:37 - 2012-03-27 22:49 - 00000000 ____D C:\Users\Default User\AppData\Local\IsolatedStorage 2013-08-20 12:37 - 2012-03-27 12:27 - 00000000 ____D C:\Users\Default\AppData\Local\ICAClient 2013-08-20 12:37 - 2012-03-27 12:27 - 00000000 ____D C:\Users\Default User\AppData\Local\ICAClient 2013-08-20 12:37 - 2012-03-27 12:20 - 00000017 _____ C:\Users\Default\AppData\Local\resmon.resmoncfg 2013-08-20 12:37 - 2012-03-27 12:20 - 00000017 _____ C:\Users\Default User\AppData\Local\resmon.resmoncfg 2013-08-20 12:37 - 2012-03-21 20:11 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2013-08-20 12:37 - 2012-03-21 20:11 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2013-08-20 12:37 - 2012-03-21 18:34 - 00000000 ____D C:\Users\Default\AppData\Roaming\McAfee 2013-08-20 12:37 - 2012-03-21 18:34 - 00000000 ____D C:\Users\Default User\AppData\Roaming\McAfee 2013-08-20 12:37 - 2012-03-21 18:32 - 00000020 ___SH C:\Users\Default\ntuser.ini ==================== One Month Modified Files and Folders ======= 2013-08-29 21:03 - 2013-08-20 13:11 - 00737980 _____ C:\Windows\System32\perfh015.dat 2013-08-29 21:03 - 2013-08-20 13:11 - 00154636 _____ C:\Windows\System32\perfc015.dat 2013-08-29 21:03 - 2009-07-14 06:13 - 01662556 _____ C:\Windows\System32\PerfStringBackup.INI 2013-08-29 20:58 - 2013-07-02 09:53 - 00026532 _____ C:\Windows\setupact.log 2013-08-29 20:58 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-29 20:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Registration 2013-08-28 23:17 - 2013-08-26 19:57 - 00000000 ____D C:\Quarantine 2013-08-28 22:21 - 2013-08-20 13:35 - 00296558 _____ C:\Windows\WindowsUpdate.log 2013-08-28 22:21 - 2009-07-14 05:45 - 00011360 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-28 22:21 - 2009-07-14 05:45 - 00011360 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-28 22:18 - 2013-08-28 22:18 - 00003352 ____N C:\bootsqm.dat 2013-08-28 22:16 - 2013-08-26 20:43 - 00010240 _____ (Microsoft Corporation) C:\ProgramData\libnspr4.dll 2013-08-28 18:46 - 2013-08-28 18:46 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-08-27 23:34 - 2013-08-27 22:45 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-08-27 15:05 - 2013-08-27 15:05 - 00000165 _____ C:\ProgramData\xuhevoboaparptyomwe.reg 2013-08-27 15:05 - 2013-08-27 15:05 - 00000070 _____ C:\ProgramData\xuhevoboaparptyomwe.bat 2013-08-27 14:16 - 2013-08-20 12:42 - 00000000 ____D C:\ProgramData\vulScan 2013-08-27 14:10 - 2012-03-20 16:37 - 00013332 __RSH C:\ProgramData\ntuser.pol 2013-08-27 14:10 - 2012-03-20 15:46 - 00000496 _____ C:\Windows\System32\config\netlogon.ftl 2013-08-26 20:12 - 2013-08-26 20:12 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2013-08-26 20:07 - 2013-08-26 20:07 - 00192512 _____ C:\ProgramData\qpxefhcumwctwpg 2013-08-26 20:07 - 2013-08-26 20:03 - 00000213 _____ C:\ProgramData\eebdeaccdfbeedc.cfg 2013-08-26 20:03 - 2013-08-26 20:03 - 00174592 _____ C:\ProgramData\qtrypbpmdbykowi 2013-08-23 14:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF 2013-08-20 22:30 - 2013-08-20 22:30 - 00000000 ____D C:\Windows\LANDesk_Installs 2013-08-20 14:43 - 2013-08-20 12:50 - 00000000 ____D C:\Program Files (x86)\Juniper Networks 2013-08-20 13:46 - 2013-08-20 12:50 - 00000000 ____D C:\ProgramData\NGC 2013-08-20 13:46 - 2012-03-20 20:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-08-20 13:46 - 2012-03-20 20:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-08-20 13:46 - 2011-04-12 08:45 - 00000000 ____D C:\Program Files\Windows Journal 2013-08-20 13:46 - 2009-07-14 05:45 - 00427800 _____ C:\Windows\System32\FNTCACHE.DAT 2013-08-20 13:45 - 2013-08-20 12:39 - 00000000 ____D C:\Windows\rescache 2013-08-20 13:42 - 2012-03-20 18:51 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-20 13:42 - 2011-04-12 08:45 - 00000000 ____D C:\Windows\ShellNew 2013-08-20 13:42 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini 2013-08-20 13:37 - 2013-08-20 13:37 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_l36gsen_01_09_00.Wdf 2013-08-20 13:37 - 2013-08-20 13:37 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_WwanUsbMp64_01009.Wdf 2013-08-20 13:37 - 2013-07-03 05:51 - 00002236 _____ C:\Windows\TSSysprep.log 2013-08-20 13:37 - 2012-03-29 17:16 - 00003293 _____ C:\Windows\DtcInstall.log 2013-08-20 13:36 - 2013-08-20 13:36 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf 2013-08-20 13:36 - 2013-08-20 13:36 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_tcwbf_01_09_00.Wdf 2013-08-20 13:36 - 2013-08-20 13:36 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_wwussf64_01009.Wdf 2013-08-20 13:36 - 2013-08-20 13:36 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_wwuss64_01009.Wdf 2013-08-20 13:36 - 2013-08-20 13:36 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01009.Wdf 2013-08-20 13:36 - 2013-08-20 13:36 - 00000000 ____D C:\Program Files\Protector Suite 2013-08-20 13:36 - 2012-04-26 01:59 - 00000000 ____D C:\Notes 2013-08-20 13:36 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns 2013-08-20 13:35 - 2013-08-20 13:35 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf 2013-08-20 13:35 - 2013-08-20 13:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-08-20 13:35 - 2013-08-20 13:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-08-20 13:35 - 2013-08-20 13:35 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-08-20 13:35 - 2013-08-20 13:35 - 00000000 ____D C:\Intel 2013-08-20 13:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help 2013-08-20 13:10 - 2013-08-20 13:10 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer 2013-08-20 13:10 - 2013-08-20 13:10 - 00000000 ____D C:\Windows\SysWOW64\pl 2013-08-20 13:10 - 2011-04-12 08:38 - 00000000 ____D C:\Windows\SysWOW64\winrm 2013-08-20 13:10 - 2011-04-12 08:38 - 00000000 ____D C:\Windows\SysWOW64\WCN 2013-08-20 13:10 - 2011-04-12 08:38 - 00000000 ____D C:\Windows\SysWOW64\slmgr 2013-08-20 13:10 - 2011-04-12 08:38 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts 2013-08-20 13:10 - 2011-04-12 08:38 - 00000000 ____D C:\Windows\System32\winrm 2013-08-20 13:10 - 2011-04-12 08:38 - 00000000 ____D C:\Windows\System32\WCN 2013-08-20 13:10 - 2011-04-12 08:38 - 00000000 ____D C:\Windows\System32\slmgr 2013-08-20 13:10 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Sidebar 2013-08-20 13:10 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-08-20 13:10 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-08-20 13:10 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\DVD Maker 2013-08-20 13:10 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2013-08-20 13:10 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-08-20 13:10 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-08-20 13:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\MUI 2013-08-20 13:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz 2013-08-20 13:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Dism 2013-08-20 13:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\com 2013-08-20 13:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\sysprep 2013-08-20 13:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\oobe 2013-08-20 13:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\MUI 2013-08-20 13:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\migwiz 2013-08-20 13:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\Dism 2013-08-20 13:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing 2013-08-20 13:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-08-20 13:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\IME 2013-08-20 13:10 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\System 2013-08-20 13:09 - 2013-08-20 13:09 - 00000000 ____D C:\Windows\System32\pl 2013-08-20 13:09 - 2011-04-12 08:38 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts 2013-08-20 13:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\com 2013-08-20 13:08 - 2013-08-20 13:11 - 00337158 _____ C:\Windows\System32\perfi015.dat 2013-08-20 13:08 - 2013-08-20 13:11 - 00038710 _____ C:\Windows\System32\perfd015.dat 2013-08-20 12:50 - 2013-08-20 12:50 - 00000078 _____ C:\Windows\init.ini 2013-08-20 12:50 - 2013-08-20 12:50 - 00000000 ____D C:\ProgramData\Sierra Wireless 2013-08-20 12:50 - 2013-08-20 12:50 - 00000000 ____D C:\Program Files (x86)\iPass 2013-08-20 12:49 - 2013-08-20 12:49 - 00010722 _____ C:\Windows\DPINST.LOG 2013-08-20 12:49 - 2013-08-20 12:49 - 00002982 _____ C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements 2013-08-20 12:49 - 2013-08-20 12:49 - 00001414 _____ C:\Windows\Synaptics.log 2013-08-20 12:49 - 2013-08-20 12:49 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf 2013-08-20 12:49 - 2013-08-20 12:49 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf 2013-08-20 12:49 - 2013-08-20 12:49 - 00000000 ____D C:\Program Files\Synaptics 2013-08-20 12:49 - 2013-08-20 12:49 - 00000000 ____D C:\Program Files\Common Files\Lenovo 2013-08-20 12:49 - 2013-08-20 12:48 - 00000000 ____D C:\Program Files\Lenovo 2013-08-20 12:49 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\System32\restore 2013-08-20 12:48 - 2013-08-20 12:48 - 00000000 ____D C:\Program Files (x86)\Lenovo 2013-08-20 12:48 - 2013-08-20 12:41 - 00000000 ____D C:\Program Files (x86)\LANDesk 2013-08-20 12:42 - 2013-08-20 12:42 - 00000000 ____D C:\ProgramData\LANDesk 2013-08-20 12:41 - 2013-08-20 12:41 - 00000000 ____D C:\Windows\SysWOW64\cba 2013-08-20 12:41 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-08-20 12:39 - 2013-08-20 12:39 - 00000000 ____D C:\Windows\SysWOW64\NV 2013-08-20 12:39 - 2013-08-20 12:39 - 00000000 ____D C:\Windows\System32\NV 2013-08-20 12:39 - 2013-08-20 12:39 - 00000000 ____D C:\ProgramData\NVIDIA 2013-08-20 12:39 - 2013-08-20 12:39 - 00000000 ____D C:\ProgramData\GroupPolicy 2013-08-20 12:39 - 2012-03-20 18:07 - 00000000 ____D C:\Windows\Panther 2013-08-20 12:37 - 2013-03-30 12:11 - 00000000 ____D C:\ProgramData\McAfee 2013-08-20 12:37 - 2009-07-14 04:20 - 00000000 __RHD C:\users\Default Files to move or delete: ==================== C:\ProgramData\xuhevoboaparptyomwe.bat C:\ProgramData\xuhevoboaparptyomwe.reg ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-08-20 12:49:35 Restore point made on: 2013-08-20 12:50:19 Restore point made on: 2013-08-20 12:52:07 Restore point made on: 2013-08-20 13:25:29 Restore point made on: 2013-08-20 13:25:41 Restore point made on: 2013-08-20 13:26:07 Restore point made on: 2013-08-20 13:26:25 Restore point made on: 2013-08-20 13:26:35 Restore point made on: 2013-08-20 13:26:46 Restore point made on: 2013-08-20 13:26:58 Restore point made on: 2013-08-20 13:27:09 Restore point made on: 2013-08-20 13:27:23 Restore point made on: 2013-08-20 13:27:33 Restore point made on: 2013-08-20 13:27:57 Restore point made on: 2013-08-20 13:33:49 Restore point made on: 2013-08-20 13:35:36 Restore point made on: 2013-08-20 13:41:18 Restore point made on: 2013-08-21 22:22:48 ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 7967.21 MB Available physical RAM: 7139.05 MB Total Pagefile: 7965.36 MB Available Pagefile: 7135.38 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100 GB) (Free:55.29 GB) NTFS Drive e: (DATA) (Fixed) (Total:67.58 GB) (Free:52.97 GB) NTFS Drive f: (GRMCULXFRER_PL_DVD) (CDROM) (Total:2.91 GB) (Free:0 GB) UDF Drive g: (CREATOR3W) (Removable) (Total:3.73 GB) (Free:2.36 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 168 GB) (Disk ID: 9DFA64F0) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=68 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 04030201) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) LastRegBack: 2013-08-23 13:41 ==================== End Of Log ============================