Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Do I have a malware problem? [Solved]

Started by Deevly , Dec 08 2014 02:45 PM

This topic is locked

#1
Deevly

Posted 08 December 2014 - 02:45 PM

Member

Member
15 posts

So, I wasn't paying attention last night and downloaded what I thought was Firefox from a non-Mozilla site, freegogo-download. I realized immediately what I'd done, and tried to remedy my mistake, probably rather ham-fistedly, and now I'm paranoid that there's something nasty lurking in the background. Here's what happened:

I tried to immediately uninstall the programs that downloaded: Driver Restore, PC Utility Pro, Optimizer Pro, Firefox Packages ... maybe something called Vosteran. That may not be a complete list of what I uninstalled because my notes were a bit panicky, and that last one may not have been something I uninstalled, but I saw it somewhere. (My notes aren't clear.) Everything appeared to uninstall okay, except "Firefox Packages," which would only give me a popup from an "uninstaller.exe" that didn't look legit.

I downloaded malwarebytes and adwcleaner, both of which found and quarantined a few things. I tried to download and use Norton Security Scan, but it just hung there and wouldn't work. Then I tried to download a 30-day trial of Norton Security, which seemed to be okay, but when I tried to scan, nothing happened. That's when I noticed that the security that came with this new laptop, McAfee and Windows Defender, were disabled and I couldn't enable them. So I did a system Restore.

I don't know how smart that was, but it appeared to get rid of everything I'd downloaded the last few days since I'd gotten the laptop. Appeared.

So I downloaded the 30-day trial of Norton Security again. And it worked this time. I ran a full scan and it found something called Bloodhound.MalPE.

Everything "seems" okay today, (apart from the fact that when I downloaded the real Firefox app for Windows 8.1, it didn't work.) but I really don't think I handled any of that properly and I just want to find out what I missed. I feel like there's something lurking. I got even more paranoid when I looked at the Norton history this afternoon and saw some "unauthorized access blocked" messages that may be perfectly normal, I don't know. If someone could take a look, I'd really appreciate it.

OTL created two text files, OTL.txt and Extras. txt. I'll post both.

OTL.txt:

OTL logfile created on: 12/8/2014 3:09:08 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Deidra\Downloads

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17416)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 3.71 Gb Available Physical Memory | 46.91% Memory free

9.79 Gb Paging File | 4.15 Gb Available in Paging File | 42.42% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 195.93 Gb Total Space | 144.52 Gb Free Space | 73.76% Space Free | Partition Type: NTFS

Drive D: | 25.00 Gb Total Space | 21.60 Gb Free Space | 86.40% Space Free | Partition Type: NTFS

Computer Name: FLIPSY | User Name: Deidra | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/12/08 15:08:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Deidra\Downloads\OTL.exe

PRC - [2014/12/04 16:33:58 | 000,072,192 | ---- | M] () -- C:\Program Files\WindowsApps\Amazon.com.Amazon_3.1.2.7_neutral__343d40qqvtj1t\AmazonForWindowsWebview.exe

PRC - [2014/11/25 01:39:27 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2014/09/13 08:49:28 | 000,282,568 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.0.0.110\NS.exe

PRC - [2014/08/20 21:11:28 | 000,154,896 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe

PRC - [2014/08/20 21:11:28 | 000,153,872 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe

PRC - [2014/08/20 21:11:26 | 000,294,672 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe

PRC - [2014/08/20 21:11:26 | 000,108,304 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe

PRC - [2014/08/20 21:11:13 | 000,161,792 | ---- | M] () -- C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe

PRC - [2014/08/20 21:11:10 | 000,249,872 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe

PRC - [2014/06/21 13:13:06 | 001,354,296 | ---- | M] (Superfish, Inc.) -- C:\Program Files (x86)\Lenovo\VisualDiscovery\VisualDiscovery.exe

PRC - [2014/05/21 20:29:04 | 000,584,960 | ---- | M] (LENOVO INCORPORATED.) -- C:\Program Files\lenovo\iMController\SystemAgentService.exe

PRC - [2014/04/08 20:05:52 | 004,260,112 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe

PRC - [2014/03/26 14:37:04 | 001,165,688 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

PRC - [2014/03/26 14:36:30 | 001,206,648 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

PRC - [2014/03/18 04:55:25 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WWAHost.exe

PRC - [2014/02/24 18:39:42 | 001,479,944 | ---- | M] (PointGrab LTD) -- C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe

PRC - [2014/02/24 18:39:40 | 000,512,776 | ---- | M] (PointGrab LTD) -- C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe

PRC - [2013/12/12 20:57:54 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE

PRC - [2013/11/07 19:12:28 | 005,545,448 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe

PRC - [2013/08/08 15:25:18 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2013/08/08 15:25:12 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

PRC - [2013/08/07 16:24:00 | 000,287,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2013/08/07 16:24:00 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

========== Modules (No Company Name) ==========

MOD - [2014/12/08 13:28:02 | 000,869,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Web\e80741874129b38ff4bc85abedf8e4a2\Windows.Web.ni.dll

MOD - [2014/12/08 13:27:58 | 000,337,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Data\fe565d34d4335337c06264bb0d85e3b0\Windows.Data.ni.dll

MOD - [2014/12/08 13:27:45 | 000,797,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Networking\e1a2f3f274995f1f847c00f962657943\Windows.Networking.ni.dll

MOD - [2014/12/08 13:27:43 | 000,960,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI\6c2169e34bfb3814fa44f267572335f6\Windows.UI.ni.dll

MOD - [2014/12/08 13:27:42 | 000,228,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll

MOD - [2014/12/08 13:27:42 | 000,133,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.System\7819e306c2c55c42f35a5fa10b93710f\Windows.System.ni.dll

MOD - [2014/12/08 13:27:39 | 000,808,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f0a2c10499402eff632a7a7df0b4afef\Windows.Storage.ni.dll

MOD - [2014/12/08 13:27:38 | 001,130,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\6e37f358bf8363dad51e2333292d61a9\Windows.ApplicationModel.ni.dll

MOD - [2014/12/08 13:27:37 | 003,530,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll

MOD - [2014/12/04 16:33:58 | 000,072,192 | ---- | M] () -- C:\Program Files\WindowsApps\Amazon.com.Amazon_3.1.2.7_neutral__343d40qqvtj1t\AmazonForWindowsWebview.exe

MOD - [2014/11/25 01:39:24 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll

MOD - [2014/11/25 01:39:20 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll

MOD - [2014/11/25 01:39:18 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll

MOD - [2014/11/25 01:39:17 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll

MOD - [2014/08/20 21:11:28 | 000,101,648 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll

MOD - [2014/08/20 21:11:26 | 000,294,672 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe

MOD - [2014/08/20 21:11:26 | 000,108,304 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe

MOD - [2014/08/20 21:11:26 | 000,102,672 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\3200\TransitionLib.dll

MOD - [2014/08/20 21:11:26 | 000,101,648 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll

MOD - [2014/02/24 18:39:42 | 002,690,312 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterFilter.ax

========== Services (SafeList) ==========

SRV:64bit: - [2014/10/30 23:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2014/10/06 20:54:27 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2014/09/21 22:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)

SRV:64bit: - [2014/09/21 22:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV:64bit: - [2014/08/20 21:13:17 | 000,198,192 | ---- | M] (Lenovo(beijing) Limited) [Auto | Running] -- C:\Windows\SysNative\LenovoWiFiHotspotSvr.exe -- (LenovoWiFiHotspotSvr)

SRV:64bit: - [2014/08/20 21:11:10 | 000,328,720 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe -- (PhoneCompanionVap)

SRV:64bit: - [2014/08/20 21:11:10 | 000,249,872 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe -- (PhoneCompanionPusher)

SRV:64bit: - [2014/08/15 22:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2014/08/15 19:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2014/08/15 19:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2014/05/21 20:29:04 | 000,584,960 | ---- | M] (LENOVO INCORPORATED.) [Auto | Running] -- C:\Program Files\lenovo\iMController\SystemAgentService.exe -- (Lenovo System Agent Service)

SRV:64bit: - [2014/04/14 20:45:06 | 000,282,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)

SRV:64bit: - [2014/04/02 21:51:48 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)

SRV:64bit: - [2014/03/18 04:55:03 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)

SRV:64bit: - [2014/03/18 04:55:03 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)

SRV:64bit: - [2014/03/18 04:54:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2014/03/18 04:54:56 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)

SRV:64bit: - [2014/03/18 04:54:56 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

SRV:64bit: - [2014/03/18 04:54:53 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)

SRV:64bit: - [2014/03/14 01:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)

SRV:64bit: - [2014/03/08 00:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)

SRV:64bit: - [2014/03/06 02:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)

SRV:64bit: - [2014/01/17 20:37:48 | 003,816,176 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)

SRV:64bit: - [2014/01/17 20:37:30 | 000,284,912 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2014/01/17 20:37:08 | 000,632,048 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2014/01/17 20:36:42 | 000,154,864 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2013/12/12 20:57:44 | 000,230,920 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe -- (NitroDriverReadSpool9)

SRV:64bit: - [2013/11/07 19:12:36 | 000,198,120 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)

SRV:64bit: - [2013/09/13 03:40:30 | 000,288,472 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)

SRV:64bit: - [2013/08/22 06:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)

SRV:64bit: - [2013/08/22 06:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)

SRV:64bit: - [2013/08/22 06:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)

SRV:64bit: - [2013/08/22 06:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)

SRV:64bit: - [2013/08/22 06:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)

SRV:64bit: - [2013/08/22 05:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)

SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)

SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)

SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)

SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)

SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)

SRV:64bit: - [2013/08/22 05:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)

SRV:64bit: - [2013/08/22 04:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)

SRV:64bit: - [2013/08/22 04:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)

SRV:64bit: - [2013/08/22 04:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)

SRV:64bit: - [2013/08/22 04:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)

SRV:64bit: - [2013/08/22 04:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)

SRV:64bit: - [2013/08/22 04:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2013/08/22 04:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2013/08/22 04:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV:64bit: - [2013/08/07 16:24:00 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV:64bit: - [2013/08/02 11:37:12 | 000,148,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyCriticalService.exe -- (DptfPolicyCriticalService)

SRV:64bit: - [2013/08/02 11:37:12 | 000,124,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyLpmService.exe -- (DptfPolicyLpmService)

SRV:64bit: - [2013/08/02 11:37:12 | 000,116,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService)

SRV:64bit: - [2013/08/02 11:37:12 | 000,115,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService)

SRV:64bit: - [2013/05/11 19:45:54 | 000,822,232 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®

SRV:64bit: - [2013/05/11 19:45:38 | 000,733,696 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV:64bit: - [2012/04/24 05:43:50 | 000,390,632 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)

SRV - [2014/10/15 07:46:07 | 000,282,568 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.0.2.17\NS.exe -- (NS)

SRV - [2014/08/20 21:11:28 | 000,070,416 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe -- (LsvUIService)

SRV - [2014/08/20 21:11:26 | 000,034,576 | ---- | M] (Lenovo) [Auto | Running] -- C:\ProgramData\LenovoTransition\Server\x64\ymc.exe -- (ymc)

SRV - [2014/08/20 21:11:25 | 000,068,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe -- (VeriFaceSrv)

SRV - [2014/08/15 22:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2014/06/21 13:13:06 | 001,354,296 | ---- | M] (Superfish, Inc.) [Auto | Running] -- C:\Program Files (x86)\Lenovo\VisualDiscovery\VisualDiscovery.exe -- (VisualDiscovery)

SRV - [2014/06/03 13:08:46 | 000,533,760 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe -- (Lenovo EasyPlus Hotspot)

SRV - [2014/04/14 20:45:10 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2014/04/08 20:05:52 | 004,260,112 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe -- (DAMSvc)

SRV - [2014/03/26 14:37:04 | 001,165,688 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2014/03/26 14:36:30 | 001,206,648 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)

SRV - [2014/03/14 01:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)

SRV - [2014/02/24 18:39:40 | 000,512,776 | ---- | M] (PointGrab LTD) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe -- (PG_Service_Launcher)

SRV - [2014/02/24 18:39:38 | 000,167,176 | ---- | M] (PointGrab LTD) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe -- (PGService)

SRV - [2014/01/06 17:14:12 | 000,019,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe -- (YogaPicks.AppService)

SRV - [2013/12/12 20:57:54 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)

SRV - [2013/08/21 22:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2013/08/21 21:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)

SRV - [2013/08/08 15:25:18 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2013/08/08 15:25:12 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/12/07 21:32:59 | 000,102,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2014/10/09 20:58:57 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2014/09/21 22:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)

DRV:64bit: - [2014/09/21 22:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)

DRV:64bit: - [2014/09/21 21:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)

DRV:64bit: - [2014/08/20 21:13:37 | 000,035,600 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)

DRV:64bit: - [2014/08/14 19:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2014/07/24 10:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2014/06/01 05:11:02 | 003,443,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwbw02.sys -- (NETwNb64)

DRV:64bit: - [2014/05/12 13:29:44 | 000,039,800 | ---- | M] (Superfish, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VDWFP64.sys -- (VDWFP)

DRV:64bit: - [2014/05/09 17:27:38 | 000,192,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibtusb.sys -- (ibtusb)

DRV:64bit: - [2014/05/01 08:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)

DRV:64bit: - [2014/04/22 13:47:46 | 001,424,184 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)

DRV:64bit: - [2014/04/01 01:23:41 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)

DRV:64bit: - [2014/03/26 14:37:38 | 000,140,600 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)

DRV:64bit: - [2014/03/19 22:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)

DRV:64bit: - [2014/03/18 04:54:57 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\windows\SysNative\drivers\refs.sys -- (ReFS)

DRV:64bit: - [2014/03/18 04:54:54 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)

DRV:64bit: - [2014/03/18 04:54:43 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2014/03/18 04:54:43 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)

DRV:64bit: - [2014/03/18 04:54:42 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2014/03/18 04:54:42 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2014/03/18 04:54:42 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)

DRV:64bit: - [2014/03/18 04:54:42 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)

DRV:64bit: - [2014/03/18 04:54:42 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)

DRV:64bit: - [2014/03/18 04:54:42 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)

DRV:64bit: - [2014/03/18 04:54:42 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)

DRV:64bit: - [2014/03/18 04:54:42 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)

DRV:64bit: - [2014/03/18 04:38:02 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2014/03/13 07:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\wof.sys -- (Wof)

DRV:64bit: - [2014/03/08 15:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2014/03/06 20:26:42 | 000,450,520 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2014/03/06 20:18:22 | 003,729,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2014/03/01 15:32:31 | 000,038,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)

DRV:64bit: - [2014/03/01 15:32:31 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)

DRV:64bit: - [2013/12/30 22:27:36 | 001,527,712 | ---- | M] (Sunplus) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPUVCBv_x64.sys -- (SPUVCbv)

DRV:64bit: - [2013/08/28 22:42:56 | 000,524,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2013/08/28 22:42:56 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)

DRV:64bit: - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)

DRV:64bit: - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2013/08/22 07:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)

DRV:64bit: - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)

DRV:64bit: - [2013/08/22 07:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)

DRV:64bit: - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)

DRV:64bit: - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)

DRV:64bit: - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)

DRV:64bit: - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)

DRV:64bit: - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV:64bit: - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)

DRV:64bit: - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)

DRV:64bit: - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)

DRV:64bit: - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)

DRV:64bit: - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)

DRV:64bit: - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)

DRV:64bit: - [2013/08/22 07:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)

DRV:64bit: - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV:64bit: - [2013/08/22 06:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)

DRV:64bit: - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)

DRV:64bit: - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)

DRV:64bit: - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV:64bit: - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)

DRV:64bit: - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)

DRV:64bit: - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)

DRV:64bit: - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2013/08/22 06:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2013/08/22 06:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)

DRV:64bit: - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)

DRV:64bit: - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2013/08/22 06:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)

DRV:64bit: - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)

DRV:64bit: - [2013/08/22 06:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2013/08/22 06:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)

DRV:64bit: - [2013/08/22 06:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)

DRV:64bit: - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)

DRV:64bit: - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)

DRV:64bit: - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)

DRV:64bit: - [2013/08/08 19:06:40 | 000,021,920 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)

DRV:64bit: - [2013/08/08 19:06:40 | 000,021,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)

DRV:64bit: - [2013/08/08 15:25:14 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)

DRV:64bit: - [2013/08/07 19:01:32 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)

DRV:64bit: - [2013/08/07 19:01:24 | 000,029,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\INETMON.sys -- (INETMON)

DRV:64bit: - [2013/08/07 16:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)

DRV:64bit: - [2013/08/02 11:37:06 | 000,494,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfManager.sys -- (DptfManager)

DRV:64bit: - [2013/08/02 11:37:06 | 000,287,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevProc.sys -- (DptfDevProc)

DRV:64bit: - [2013/08/02 11:37:06 | 000,114,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevPch.sys -- (DptfDevPch)

DRV:64bit: - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)

DRV:64bit: - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)

DRV:64bit: - [2013/07/18 10:53:33 | 000,113,864 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88772.sys -- (AX88772)

DRV:64bit: - [2013/06/18 09:45:43 | 004,649,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwew02.sys -- (NETwNe64)

DRV:64bit: - [2013/06/18 09:45:26 | 000,460,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1i63x64.sys -- (e1iexpress)

DRV:64bit: - [2012/06/13 19:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)

DRV - [2014/12/07 04:53:35 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20141207.020\ex64.sys -- (NAVEX15)

DRV - [2014/12/07 04:53:35 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2014/12/07 04:53:35 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20141207.020\eng64.sys -- (NAVENG)

DRV - [2014/12/05 18:33:54 | 000,637,656 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20141205.001\IDSviA64.sys -- (IDSVia64)

DRV - [2014/12/03 01:45:46 | 001,587,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20141203.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2014/08/27 01:08:34 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D0232CC2-9906-451D-8D17-174CE262E070}

IE:64bit: - HKLM\..\SearchScopes\{D0232CC2-9906-451D-8D17-174CE262E070}: "URL" = http://www.bing.com/...=IE11TR&pc=LCJB

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {D0232CC2-9906-451D-8D17-174CE262E070}

IE - HKLM\..\SearchScopes\{D0232CC2-9906-451D-8D17-174CE262E070}: "URL" = http://www.bing.com/...=IE11TR&pc=LCJB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKCU\..\SearchScopes,DefaultScope = {D0232CC2-9906-451D-8D17-174CE262E070}

IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869

IE - HKCU\..\SearchScopes\{D0232CC2-9906-451D-8D17-174CE262E070}: "URL" = http://www.bing.com/...=IE11TR&pc=LCJB

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.isUS: true

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.0.110\coFFPlgn\ [2014/12/07 22:46:00 | 000,000,000 | ---D | M]

[2014/12/07 22:15:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deidra\AppData\Roaming\mozilla\Extensions

========== Chrome ==========

CHR - plugin: Error reading preferences file

CHR - Extension: No name found = C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\

CHR - Extension: No name found = C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\

CHR - Extension: No name found = C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: No name found = C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\

CHR - Extension: No name found = C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: No name found = C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: No name found = C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\

CHR - Extension: No name found = C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: No name found = C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/08/22 08:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Norton Security\Engine64\22.0.0.110\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.0.0.110\CoIEPlg.dll (Symantec Corporation)

O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Norton Security\Engine64\22.0.0.110\CoIEPlg.dll (Symantec Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.0.0.110\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Norton Security\Engine64\22.0.0.110\CoIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.0.0.110\CoIEPlg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [AutoStartTransition] C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe ()

O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)

O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysNative\DptfPolicyLpmServiceHelper.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Energy Manager] C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited)

O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Lenovo Utility] C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Lenovo(beijing) Limited)

O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Yoga PhoneCompanion] C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe (Lenovo)

O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software LLC.)

O4 - HKLM..\Run: [Yoga Picks] C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe (Lenovo)

O4 - HKCU..\Run: [Pokki] "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69D4D24E-EABE-4D89-9D53-63772106FBD6}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC7BA11C-B9A8-481A-B85E-8792CBC3E87C}: DhcpNameServer = 150.201.1.3

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll) - C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll (ClientConnect LTD)

O20 - AppInit_DLLs: (C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll) - C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll (ClientConnect LTD)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/12/08 00:13:30 | 001,151,704 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600020.011\symefa64.sys

[2014/12/08 00:13:30 | 001,016,024 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600020.011\srtsp64.sys

[2014/12/08 00:13:30 | 000,565,464 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600020.011\symnets.sys

[2014/12/08 00:13:30 | 000,490,712 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600020.011\symds64.sys

[2014/12/08 00:13:30 | 000,271,576 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600020.011\ironx64.sys

[2014/12/08 00:13:30 | 000,165,080 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600020.011\ccsetx64.sys

[2014/12/08 00:13:30 | 000,042,200 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600020.011\srtspx64.sys

[2014/12/08 00:13:30 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600020.011\symelam.sys

[2014/12/08 00:13:28 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NSx64\1600020.011

[2014/12/07 22:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2014/12/07 22:13:26 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Roaming\Mozilla

[2014/12/07 22:13:26 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\Mozilla

[2014/12/07 22:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2014/12/07 21:45:54 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\NPE

[2014/12/07 21:32:59 | 000,102,616 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS

[2014/12/07 21:32:56 | 001,151,704 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600000.06E\SymEFA64.sys

[2014/12/07 21:32:56 | 001,016,024 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600000.06E\srtsp64.sys

[2014/12/07 21:32:56 | 000,565,464 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600000.06E\symnets.sys

[2014/12/07 21:32:56 | 000,490,712 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600000.06E\SymDS64.sys

[2014/12/07 21:32:56 | 000,271,576 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600000.06E\Ironx64.sys

[2014/12/07 21:32:56 | 000,165,080 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600000.06E\ccSetx64.sys

[2014/12/07 21:32:56 | 000,042,200 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600000.06E\srtspx64.sys

[2014/12/07 21:32:56 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600000.06E\SymELAM.sys

[2014/12/07 21:32:29 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NSx64

[2014/12/07 21:32:29 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NSx64\1600000.06E

[2014/12/07 21:32:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security

[2014/12/07 20:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared

[2014/12/07 19:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2014/12/07 19:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security

[2014/12/07 18:52:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/12/07 18:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan

[2014/12/07 18:24:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2014/12/07 18:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

[2014/12/07 18:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller

[2014/12/07 17:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2014/12/07 17:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2014/12/07 17:38:16 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\Programs

[2014/12/07 17:02:00 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\AppData\Local\EmieBrowserModeList

[2014/12/04 22:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices

[2014/12/04 15:32:31 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Roaming\Nitro PDF

[2014/12/04 15:28:48 | 000,000,000 | ---D | C] -- C:\Users\Deidra\Documents\Medical Arts

[2014/12/04 15:28:46 | 000,000,000 | ---D | C] -- C:\Users\Deidra\Documents\coop

[2014/12/03 22:27:09 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\Lenovo

[2014/12/03 13:10:05 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT

[2014/12/03 13:08:11 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\CyberLink

[2014/12/03 12:49:18 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\CrashDumps

[2014/12/03 12:42:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2014/12/03 12:42:05 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\Google

[2014/12/03 12:41:51 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\Deployment

[2014/12/03 12:41:51 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\Apps

[2014/12/03 12:41:29 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\AppData\Local\EmieUserList

[2014/12/03 12:41:29 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\AppData\Local\EmieSiteList

[2014/12/03 12:29:23 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Roaming\Screensaver Factory

[2014/12/03 11:56:58 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Roaming\Hightail for Lenovo

[2014/12/03 11:54:53 | 000,000,000 | ---D | C] -- C:\Users\Deidra\OneDrive

[2014/12/03 11:49:56 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Roaming\Intel Corporation

[2014/12/03 11:48:47 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Roaming\Macromedia

[2014/12/03 11:48:25 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\LenovoBrowserGuard

[2014/12/03 11:48:23 | 000,000,000 | R--D | C] -- C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2014/12/03 11:48:23 | 000,000,000 | R--D | C] -- C:\Users\Deidra\Searches

[2014/12/03 11:48:23 | 000,000,000 | R--D | C] -- C:\Users\Deidra\Contacts

[2014/12/03 11:48:23 | 000,000,000 | R--D | C] -- C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2014/12/03 11:48:23 | 000,000,000 | -H-D | C] -- C:\Users\Deidra\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2014/12/03 11:48:23 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\VirtualStore

[2014/12/03 11:48:23 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Roaming\Adobe

[2014/12/03 11:48:22 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\Packages

[2014/12/03 11:48:21 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\IntelGraphicsProfiles

[2014/12/03 11:48:21 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Roaming\Intel

[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\AppData\Local\Temporary Internet Files

[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\Templates

[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\Start Menu

[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\SendTo

[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\Recent

[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\PrintHood

[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\NetHood

[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\Documents\My Videos

[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\Documents\My Pictures

[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\Documents\My Music

[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\My Documents

[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\Local Settings

[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\AppData\Local\History

[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\Cookies

[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\Application Data

[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\AppData\Local\Application Data

[2014/12/03 11:48:07 | 000,000,000 | --SD | C] -- C:\Users\Deidra\AppData\Roaming\Microsoft

[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\Videos

[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\Saved Games

[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\Music

[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\Links

[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\Favorites

[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\Downloads

[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\Documents

[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\Desktop

[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

[2014/12/03 11:48:07 | 000,000,000 | -H-D | C] -- C:\Users\Deidra\AppData

[2014/12/03 11:48:07 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\Temp

[2014/12/03 11:48:07 | 000,000,000 | ---D | C] -- C:\Users\Deidra\Roaming

[2014/12/03 11:48:07 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\Pokki

[2014/12/03 11:48:07 | 000,000,000 | ---D | C] -- C:\Users\Deidra\Pictures

[2014/12/03 11:48:07 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\Microsoft

[2014/12/03 11:48:07 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

========== Files - Modified Within 30 Days ==========

[2014/12/08 14:49:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/12/08 14:45:14 | 150,994,944 | -HS- | M] () -- C:\swapfile.sys

[2014/12/08 14:37:36 | 002,952,975 | ---- | M] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\Cat.DB

[2014/12/08 13:00:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2014/12/07 22:49:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/12/07 22:48:53 | 000,865,408 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2014/12/07 22:48:53 | 000,738,346 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2014/12/07 22:48:53 | 000,138,624 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2014/12/07 22:45:21 | 000,002,310 | ---- | M] () -- C:\Users\Deidra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2014/12/07 22:45:21 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/12/07 22:43:49 | 2503,389,183 | -HS- | M] () -- C:\hiberfil.sys

[2014/12/07 22:43:24 | 000,002,560 | ---- | M] () -- C:\windows\SysNative\VfService.trf

[2014/12/07 22:05:49 | 000,010,760 | ---- | M] () -- C:\windows\SysWow64\VisualDiscovery.ini

[2014/12/07 22:05:49 | 000,005,288 | ---- | M] () -- C:\windows\SysWow64\VisualDiscoveryOff.ini

[2014/12/07 22:05:49 | 000,005,288 | ---- | M] () -- C:\windows\SysNative\VisualDiscoveryOff.ini

[2014/12/07 21:32:59 | 000,102,616 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS

[2014/12/07 21:32:59 | 000,008,214 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT

[2014/12/07 21:32:59 | 000,002,748 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security.lnk

[2014/12/07 21:32:59 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF

[2014/12/07 14:40:59 | 000,007,605 | ---- | M] () -- C:\Users\Deidra\AppData\Local\Resmon.ResmonCfg

[2014/12/03 23:15:42 | 000,346,744 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2014/12/03 12:01:03 | 000,001,447 | ---- | M] () -- C:\Users\Deidra\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2014/12/03 11:56:04 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf

[2014/12/03 11:48:21 | 000,000,180 | ---- | M] () -- C:\windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

[2014/11/17 06:35:18 | 000,054,581 | ---- | M] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\VT20141117.003

========== Files Created - No Company Name ==========

[2014/12/08 00:13:30 | 000,009,939 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\symelam64.cat

[2014/12/08 00:13:30 | 000,008,258 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\symds64.cat

[2014/12/08 00:13:30 | 000,008,194 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\ccsetx64.cat

[2014/12/08 00:13:30 | 000,008,188 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\srtspx64.cat

[2014/12/08 00:13:30 | 000,008,186 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\symefa64.cat

[2014/12/08 00:13:30 | 000,008,184 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\symnet64.cat

[2014/12/08 00:13:30 | 000,008,184 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\srtsp64.cat

[2014/12/08 00:13:30 | 000,008,176 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\iron.cat

[2014/12/08 00:13:30 | 000,003,434 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\symefa.inf

[2014/12/08 00:13:30 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\symds.inf

[2014/12/08 00:13:30 | 000,001,442 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\symnet.inf

[2014/12/08 00:13:30 | 000,001,439 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\srtsp64.inf

[2014/12/08 00:13:30 | 000,001,421 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\srtspx64.inf

[2014/12/08 00:13:30 | 000,001,098 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\symelam.inf

[2014/12/08 00:13:30 | 000,000,854 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\ccsetx64.inf

[2014/12/08 00:13:30 | 000,000,767 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\iron.inf

[2014/12/08 00:13:28 | 000,042,291 | ---- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\symvtcer.dat

[2014/12/08 00:13:28 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\isolate.ini

[2014/12/07 22:45:21 | 000,002,286 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/12/07 22:44:46 | 000,000,912 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/12/07 22:44:46 | 000,000,908 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/12/07 21:41:21 | 000,054,581 | ---- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\VT20141117.003

[2014/12/07 21:33:00 | 002,952,975 | ---- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\Cat.DB

[2014/12/07 21:32:59 | 000,008,214 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT

[2014/12/07 21:32:59 | 000,002,748 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security.lnk

[2014/12/07 21:32:59 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF

[2014/12/07 21:32:34 | 000,003,434 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\SymEFA.inf

[2014/12/07 21:32:34 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\SymDS.inf

[2014/12/07 21:32:34 | 000,001,442 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\SymNet.inf

[2014/12/07 21:32:34 | 000,001,439 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\srtsp64.inf

[2014/12/07 21:32:34 | 000,001,421 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\srtspx64.inf

[2014/12/07 21:32:34 | 000,001,098 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\symELAM.inf

[2014/12/07 21:32:34 | 000,000,854 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\ccSetx64.inf

[2014/12/07 21:32:34 | 000,000,767 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\Iron.inf

[2014/12/07 21:32:32 | 000,042,291 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\SymVTcer.dat

[2014/12/07 21:32:31 | 000,009,939 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\SymELAM64.cat

[2014/12/07 21:32:31 | 000,008,184 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\symnet64.cat

[2014/12/07 21:32:30 | 000,008,258 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\SymDS64.cat

[2014/12/07 21:32:30 | 000,008,194 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\ccSetx64.cat

[2014/12/07 21:32:30 | 000,008,188 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\srtspx64.cat

[2014/12/07 21:32:30 | 000,008,186 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\SymEFA64.cat

[2014/12/07 21:32:30 | 000,008,184 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\srtsp64.cat

[2014/12/07 21:32:30 | 000,008,176 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\iron.cat

[2014/12/07 21:32:29 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\isolate.ini

[2014/12/07 14:28:57 | 000,007,605 | ---- | C] () -- C:\Users\Deidra\AppData\Local\Resmon.ResmonCfg

[2014/12/04 15:28:52 | 004,036,720 | ---- | C] () -- C:\Users\Deidra\Documents\FS_Exercise_Guide.pdf

[2014/12/04 15:28:52 | 000,009,256 | ---- | C] () -- C:\Users\Deidra\Documents\House colors.odt

[2014/12/04 15:28:51 | 000,116,463 | ---- | C] () -- C:\Users\Deidra\Documents\2012 Year End Tax Package_02_11_2013.pdf

[2014/12/04 15:28:44 | 001,863,830 | ---- | C] () -- C:\Users\Deidra\Documents\p3_registration.bmp

[2014/12/04 15:28:44 | 001,050,446 | ---- | C] () -- C:\Users\Deidra\Documents\p1_feedback_1.bmp

[2014/12/04 15:28:44 | 001,046,654 | ---- | C] () -- C:\Users\Deidra\Documents\p1_feedback_2.bmp

[2014/12/04 15:28:44 | 000,465,846 | ---- | C] () -- C:\Users\Deidra\Documents\p1_registration.bmp

[2014/12/03 12:56:15 | 000,389,176 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml

[2014/12/03 12:52:10 | 000,002,302 | ---- | C] () -- C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

[2014/12/03 12:42:46 | 000,002,310 | ---- | C] () -- C:\Users\Deidra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2014/12/03 12:36:44 | 000,050,745 | ---- | C] () -- C:\windows\SysNative\srms.dat

[2014/12/03 12:01:03 | 000,001,447 | ---- | C] () -- C:\Users\Deidra\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2014/12/03 11:56:04 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf

[2014/12/03 11:48:23 | 000,001,453 | ---- | C] () -- C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2014/12/03 11:48:21 | 000,000,180 | ---- | C] () -- C:\windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

[2014/12/03 11:48:07 | 000,000,369 | ---- | C] () -- C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk

[2014/12/03 11:48:07 | 000,000,369 | ---- | C] () -- C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk

[2014/12/03 11:48:07 | 000,000,352 | ---- | C] () -- C:\Users\Deidra\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2014/12/03 11:48:07 | 000,000,334 | ---- | C] () -- C:\Users\Deidra\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2014/08/20 21:11:59 | 000,010,760 | ---- | C] () -- C:\windows\SysWow64\VisualDiscovery.ini

[2014/08/20 21:11:59 | 000,005,288 | ---- | C] () -- C:\windows\SysWow64\VisualDiscoveryOff.ini

[2014/08/20 21:07:05 | 000,001,137 | ---- | C] () -- C:\windows\PEIS_PreloadData.ini

[2014/08/20 20:50:27 | 000,863,592 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2014/08/20 20:48:56 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl

[2014/08/20 05:29:20 | 000,068,608 | ---- | C] () -- C:\windows\SysWow64\igfxexps32.dll

[2014/08/20 05:29:15 | 000,342,944 | ---- | C] () -- C:\windows\SysWow64\igdmd32.dll

[2014/08/20 05:29:11 | 000,183,296 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll

[2014/08/20 05:29:11 | 000,142,848 | ---- | C] () -- C:\windows\SysWow64\igdail32.dll

[2014/08/20 05:24:45 | 000,004,411 | ---- | C] () -- C:\windows\SysWow64\DptfInvalidPolicyRemover.ini

[2014/03/18 04:55:08 | 000,002,255 | ---- | C] () -- C:\windows\SysWow64\WimBootCompress.ini

[2014/03/18 04:54:44 | 000,103,936 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll

[2013/09/22 21:14:16 | 000,300,408 | ---- | C] () -- C:\windows\SysWow64\VCamPPage.dll

[2013/09/22 21:14:16 | 000,097,192 | ---- | C] () -- C:\windows\un_dext.exe

[2013/09/22 21:14:16 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe

[2013/09/22 21:14:16 | 000,014,478 | ---- | C] () -- C:\windows\TWAIN2080.ini

[2013/09/22 21:14:16 | 000,003,666 | ---- | C] () -- C:\windows\Dext_09.ini

[2013/09/22 21:14:16 | 000,003,044 | ---- | C] () -- C:\windows\Dext_04.ini

[2013/09/22 21:14:16 | 000,002,894 | ---- | C] () -- C:\windows\Dext_17.ini

[2013/09/22 21:14:16 | 000,002,836 | ---- | C] () -- C:\windows\Dext_2052.ini

[2013/09/22 21:14:16 | 000,002,443 | ---- | C] () -- C:\windows\remove.ini

[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat

[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT

[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2013/08/21 22:32:36 | 000,046,080 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll

[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

[2013/05/11 19:17:52 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014/08/30 19:15:33 | 021,197,152 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/08/30 17:59:13 | 018,723,112 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 04:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 21:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 04:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/12/03 12:42:45 | 000,000,000 | ---D | M] -- C:\Users\Deidra\AppData\Roaming\Hightail for Lenovo

[2014/12/08 13:47:23 | 000,000,000 | ---D | M] -- C:\Users\Deidra\AppData\Roaming\Nitro PDF

[2014/12/03 12:29:23 | 000,000,000 | ---D | M] -- C:\Users\Deidra\AppData\Roaming\Screensaver Factory

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\Users\Deidra\OneDrive:ms-properties

< End of report >

And here's the Extras.txt file:

OTL Extras logfile created on: 12/8/2014 3:09:08 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Deidra\Downloads

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17416)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 3.71 Gb Available Physical Memory | 46.91% Memory free

9.79 Gb Paging File | 4.15 Gb Available in Paging File | 42.42% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 195.93 Gb Total Space | 144.52 Gb Free Space | 73.76% Space Free | Partition Type: NTFS

Drive D: | 25.00 Gb Total Space | 21.60 Gb Free Space | 86.40% Space Free | Partition Type: NTFS

Computer Name: FLIPSY | User Name: Deidra | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]

"UpgradeTime" = [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]

"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{A9E923B1-4D02-4D4D-9913-5BA968596200}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

"{B803B192-D142-4876-9ED6-379EEB1E4492}" = lport=55100 | protocol=6 | dir=in | name=lenovo mobile phone wireless import |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{081C88C4-BC13-4599-909D-EFB694E152A5}" = dir=out | name=onenote |

"{0A052D64-506B-4A51-BED9-F5C9ED32402B}" = dir=out | name=dailymotion |

"{0B1B0AEB-40F7-41FD-90CD-63458B46E10A}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |

"{0CF6E358-D285-45F5-89B4-4F8F29D913B1}" = dir=out | name=tripadvisor hotels flights restaurants |

"{0D7D7FDE-3061-47FE-9724-4B689BD6E8CD}" = dir=out | name=evernote touch |

"{1126FAD0-B290-4688-B077-3A8D3F40C3DD}" = dir=in | name=mcafee® central for lenovo |

"{12918473-087A-459B-B87F-35C787975F58}" = dir=in | name=yoga phone companion |

"{12A6AEAD-A4BC-4FC5-BD55-E4E2071CDDCD}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{1455624C-4857-40C6-8470-78450986793E}" = dir=out | name=zinio |

"{1C9C765F-F5D1-4E38-A6F3-DC7259FA9E6C}" = dir=in | app=c:\program files (x86)\lenovo\lenovo photo master\photoplus.exe |

"{1CD73AB0-5AF2-4C80-9643-29D6882CC63C}" = dir=out | name=@{microsoft.bingweather_3.0.4.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |

"{1D76DF4E-C8DA-4E38-AB2D-9C430A7D504A}" = dir=out | name=yoga phone companion |

"{1E06092E-73A0-490E-98C0-B82799C7BB30}" = dir=out | name=@{microsoft.zunevideo_2.6.408.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |

"{2138A830-9484-4A38-80F3-C3CDF12A62CC}" = dir=out | name=kindle |

"{2F9DF80B-0942-40DB-BDA2-C5FE26B55143}" = dir=in | name=zinio |

"{321BF14C-029D-4768-9011-9A281D033A7A}" = dir=out | name=windows_ie_ac_001 |

"{3B5213C4-56BA-41E8-BC25-2776E76ACFD5}" = dir=out | name=intel® experience center |

"{40255A49-8C11-4BEB-9296-C6D007D0F670}" = dir=out | name=windows_ie_ac_001 |

"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |

"{4D073124-FF84-472E-8BFD-10E1235E9B44}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |

"{52F4C254-D44D-4631-92FE-AD1C8FDBFD6E}" = dir=out | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.115_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/whitelabel/app-name} |

"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |

"{5B0E98C2-9797-49C7-B9FA-62C9E4390A55}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\shareit\shareit.exe |

"{5C3DA8C8-4199-46CA-8C37-D3E5E9013135}" = dir=out | name=free online games for lenovo |

"{5EABC0AA-5DA7-4A94-B69B-594CE3677302}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |

"{6C9BFE23-29EE-45F8-94CF-20AA84971095}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |

"{6E06F9CF-BB8F-41A2-9C4B-A70AF5C73968}" = dir=in | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.115_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/whitelabel/app-name} |

"{7BD658E2-CA4E-4E76-A38E-A729AD9AFBDE}" = dir=out | name=skype |

"{7D8E0C59-BD68-476D-A674-C38A2D032622}" = dir=out | name=@{microsoft.zunemusic_2.6.476.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |

"{83D7DF47-FA03-47E1-928D-5699BBBA1FE4}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |

"{8E25FA38-1258-4789-8EDC-5DC8DCFCF0EC}" = dir=out | name=mcafee® central for lenovo |

"{8FA12A77-FFF0-4B35-B123-2D09811E8C20}" = dir=out | name=hightail for lenovo |

"{923B406E-43B5-47D3-A2AD-3E10D611A0C2}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |

"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{9F5A49F2-BA0F-4E06-A6C5-53A007874E9C}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\shareit\shareit.exe |

"{A4E76E4F-3AD9-4C69-941B-307F6CA57D30}" = dir=out | name=yoga picks |

"{A74654A1-CFAD-42B1-B674-0E85F5FCD994}" = dir=out | name=@{microsoft.bingfinance_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |

"{A9167C3D-40EA-40F9-8DD5-AEF47EDE7E36}" = dir=out | name=facebook |

"{A91ABB88-B8E0-4CAF-943D-EA086815401F}" = dir=out | name=amazon |

"{AA745C65-FE51-4492-A3A1-C889EB949369}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |

"{B1E7590E-DBE6-4CF1-A3B8-DF89CBAF0FF4}" = dir=out | name=yoga camera man |

"{B1EE6AFA-1D94-4636-9A4B-5F37FEB90C7F}" = dir=in | name=skype |

"{B89EA8A9-846F-4522-8359-EB12E49C687E}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |

"{B9190AC6-B60D-4A6F-A681-5564EA0DF59B}" = dir=out | name=yoga chef |

"{BE820CB5-2BF2-4E18-BB7E-59406D2737F0}" = dir=out | name=@{microsoft.bingtravel_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |

"{BEEC08A9-C1E2-4876-8DC0-C49B75F7A533}" = dir=in | app=c:\program files\cyberlink\powerdirector10\pdr10.exe |

"{CD231983-1D37-4965-8FED-B887FBC206C2}" = dir=out | name=ebay |

"{CD32567B-59F9-429B-99B3-6C905C8F2575}" = dir=out | name=the telegraph for lenovo |

"{CE463EAA-6198-48E1-B706-C1433578C365}" = protocol=6 | dir=out | app=c:\program files\lenovo photomasterimport\photomasterimport.exe |

"{D563A42F-A597-487C-8921-DC19B618172C}" = dir=out | name=the weather channel for lenovo |

"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |

"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |

"{DE2E294A-1140-4A78-A6FA-745CFD29FE14}" = dir=in | name=evernote touch |

"{E253E30A-2B04-4E08-A93D-22AEAF93EF45}" = dir=out | name=onecalendar |

"{E32A56FB-3B0F-4CA6-9707-241E382F01DC}" = dir=out | name=lenovo support |

"{E58586A3-2E4C-4C1F-AF38-26D445E5DE25}" = dir=in | app=c:\program files (x86)\lenovo\lenovo photo master\subsys\advphotoeditor\photodirector5.exe |

"{E6C2B246-AB32-4884-8F4F-D82F2C69D289}" = dir=out | name=companion |

"{E8B229E6-84C1-47C5-8E32-E4ED1AE5DEA6}" = dir=in | name=onenote |

"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |

"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |

"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |

"{F78CA17D-6980-49A2-A362-BFBD5E6560A0}" = dir=in | name=the telegraph for lenovo |

"{FF2DEC5A-980D-4F0C-9AA2-4310E6BFDD14}" = dir=out | name=@{microsoft.bingnews_3.0.4.213_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0788641D-D31A-478D-BB34-C41564AE9F93}" = Dependency Package Update

"{09888C31-E15A-4E69-AF26-4BFCEE55821B}" = Intel® Experience Center Driver

"{0bdfb86d-484e-40d5-9def-5ebde377e270}" = Intel® PRO/Wireless Driver

"{0FAB5672-2C64-4192-B173-107DCF22F4FD}" = Update for Microsoft en-us Dictionary

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}" = Hightail for Lenovo

"{302600C1-6BDF-4FD1-1405-148929CC1385}" = Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1419.2)

"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology

"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery

"{5252431C-288E-409D-ADCF-24407E0E6F70}" = Dependency Package Update

"{62DE858A-A2A5-452F-B067-C5F104358AD6}" = Intel® PROSet/Wireless WiFi Software

"{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}" = Nitro Pro 9

"{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}" = Dolby Digital Plus Home Theater

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89AFB053-A343-46EF-97E4-D593AD7184E6}" = Intel® Trusted Connect Service Client

"{92DA2455-E6C9-4EFF-9AFD-07C2C3B185DA}" = Intel® Smart Connect Technology

"{93F692D4-0C4D-4EED-9BFE-657C1D5959FE}" = Intel® Rapid Storage Technology

"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10

"{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}" = Dependency Package Update

"35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E" = Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776)

"6BCA401E9CBEED970D75F55FA5320F60D11984E9" = Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288)

"Lenovo Dependency Package_is1" = Lenovo Dependency Package

"Lenovo SmartVoice" = Lenovo Smart Voice

"Lenovo Transition" = Lenovo Transition

"Lenovo VeriFace" = Lenovo VeriFace

"LenovoExperienceImprovement" = Lenovo Experience Improvement

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03C682A4-05CD-4D22-B50A-B9C3C5F2B137}" = Lenovo Yoga 2 Demo

"{0B4726D2-6B18-47AE-91E3-64A304EE2A8A}" = Intel® Update Manager

"{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}" = Lenovo Yoga PhoneCompanion

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}" = Yoga Picks

"{2f4d8103-e601-4d48-b81d-d508d760aaba}" = Intel® PROSet/Wireless Software

"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030

"{3608ec0a-56b4-4d9d-b038-9b3e51d72582}" = Intel® Experience Center Desktop Software

"{4693847A-7139-4CF4-B274-916C046C9E50}" = Dragon Assistant 3

"{532A5345-1A42-4C55-B56E-CE753D0BAA02}" = Dragon Assistant 3 Language Data Pack en_US

"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC768037-7079-4658-AC24-2897650E0ABE}" = Energy Manager

"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030

"{BC94C56A-3649-420C-8756-2ADEBE399D33}" = Lenovo Photo Master

"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030

"{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}" = Metric Collection SDK 35

"{C73A16B7-AC35-4262-9BAF-DA9B2039A563}" = Intel Experience Center - Configuration

"{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}" = Lenovo Mobile Phone Wireless Import

"{E9325F15-6339-45E8-9DC4-C2D44B623039}" = Lenovo Motion Control

"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = User Manuals

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C" = Intel® Dynamic Platform and Thermal Framework

"Google Chrome" = Google Chrome

"InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}" = Lenovo Yoga PhoneCompanion

"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery

"InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}" = Energy Manager

"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10

"InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}" = Lenovo Photo Master

"InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}" = Lenovo Mobile Phone Wireless Import

"InstallShield_{E9325F15-6339-45E8-9DC4-C2D44B623039}" = Lenovo Motion Control

"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = User Manuals

"Lenovo FusionEngine" = Lenovo FusionEngine

"Lenovo SHAREit_is1" = Lenovo SHAREit

"LenovoBrowserGuard" = Lenovo Browser Guard

"NS" = Norton Security

"Sunplus SPUVCb" = Lenovo EasyCamera

"Superfish Inc. VisualDiscovery" = Superfish Inc. VisualDiscovery

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Pokki" = Host App Service

"Pokki_Start_Menu" = Start Menu

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 12/5/2014 9:32:43 PM | Computer Name = Flipsy | Source = Application Error | ID = 1000

Description = Faulting application name: HostAppServiceUpdater.exe, version: 1.0.0.0,

time stamp: 0x543d2d78 Faulting module name: HostAppServiceUpdater.exe, version:

1.0.0.0, time stamp: 0x543d2d78 Exception code: 0xc000041d Fault offset: 0x000000000005a753

Faulting

process id: 0x1a94 Faulting application start time: 0x01d00f791e54e84d Faulting application

path: C:\Users\Deidra\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe Faulting

module path: C:\Users\Deidra\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe

Report

Id: c57e4beb-7ce7-11e4-825c-e82aead02aea Faulting package full name: Faulting package-relative

application ID:

Error - 12/5/2014 10:01:09 PM | Computer Name = Flipsy | Source = .NET Runtime | ID = 1026

Description =

Error - 12/5/2014 10:01:09 PM | Computer Name = Flipsy | Source = Application Error | ID = 1000

Description = Faulting application name: Facebook.exe, version: 0.0.0.1, time stamp:

0x53e2b340 Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.17129, time

stamp: 0x5376eb9b Exception code: 0xc0000005 Fault offset: 0x00000000009353b3 Faulting

process id: 0x1774 Faulting application start time: 0x01d00f7a90b962f5 Faulting application

path: C:\Program Files\WindowsApps\Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt\Facebook.exe

Faulting

module path: C:\Windows\System32\Windows.UI.Xaml.dll Report Id: be83c425-7ceb-11e4-825c-e82aead02aea

Faulting

package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt Faulting package-relative

application ID: App

Error - 12/5/2014 10:01:11 PM | Computer Name = Flipsy | Source = Microsoft-Windows-Immersive-Shell | ID = 2486

Description = App Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt+App did not launch

within its allotted time.

Error - 12/7/2014 7:39:04 PM | Computer Name = Flipsy | Source = Microsoft-Windows-Immersive-Shell | ID = 2486

Description = App Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt+App did not launch

within its allotted time.

Error - 12/7/2014 7:39:23 PM | Computer Name = Flipsy | Source = Microsoft-Windows-Immersive-Shell | ID = 5973

Description = Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with

error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional

information.

Error - 12/7/2014 7:56:01 PM | Computer Name = Flipsy | Source = ISCTAgent | ID = 1000

Description = ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net

Detect Supported Error Getting Adapter List Error=0x80040302\n

Error - 12/7/2014 7:59:16 PM | Computer Name = Flipsy | Source = Application Hang | ID = 1002

Description = The program InstStub.exe version 4.1.0.28 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1eb4 Start

Time: 01d01279921428f8 Termination Time: 4294967295 Application Path: C:\Program

Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.1.0.28\InstStub.exe

Report

Id: 0c0a3ec2-7e6d-11e4-8260-da633b9451f8 Faulting package full name: Faulting package-relative

application ID:

Error - 12/7/2014 8:46:13 PM | Computer Name = Flipsy | Source = AVLogEvent | ID = 5003

Description =

Error - 12/7/2014 9:12:52 PM | Computer Name = Flipsy | Source = Application Hang | ID = 1002

Description = The program InstStub.exe version 4.1.0.28 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 3914 Start

Time: 01d01281e8766d75 Termination Time: 4294967295 Application Path: C:\Program

Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.1.0.28\InstStub.exe

Report

Id: 544fa352-7e77-11e4-8260-da633b9451f8 Faulting package full name: Faulting package-relative

application ID:

[ System Events ]

Error - 12/7/2014 7:55:40 PM | Computer Name = Flipsy | Source = Service Control Manager | ID = 7031

Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 0 milliseconds: Restart the service.

Error - 12/7/2014 7:55:40 PM | Computer Name = Flipsy | Source = Service Control Manager | ID = 7031

Description = The Windows Search service terminated unexpectedly. It has done this

1 time(s). The following corrective action will be taken in 30000 milliseconds:

Restart the service.

Error - 12/7/2014 7:55:40 PM | Computer Name = Flipsy | Source = Service Control Manager | ID = 7034

Description = The Bluetooth Device Monitor service terminated unexpectedly. It

has done this 1 time(s).

Error - 12/7/2014 7:55:40 PM | Computer Name = Flipsy | Source = Service Control Manager | ID = 7034

Description = The Bluetooth OBEX Service service terminated unexpectedly. It has

done this 1 time(s).

Error - 12/7/2014 7:55:40 PM | Computer Name = Flipsy | Source = Service Control Manager | ID = 7034

Description = The Intel® Rapid Storage Technology service terminated unexpectedly.

It has done this 1 time(s).

Error - 12/7/2014 7:55:40 PM | Computer Name = Flipsy | Source = Service Control Manager | ID = 7034

Description = The Intel® Dynamic Application Loader Host Interface Service service

terminated unexpectedly. It has done this 1 time(s).

Error - 12/7/2014 7:55:40 PM | Computer Name = Flipsy | Source = Service Control Manager | ID = 7034

Description = The Intel® Management and Security Application Local Management

Service service terminated unexpectedly. It has done this 1 time(s).

Error - 12/7/2014 7:56:00 PM | Computer Name = Flipsy | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003

Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll

Error - 12/7/2014 7:56:02 PM | Computer Name = Flipsy | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003

Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll

Error - 12/7/2014 7:56:02 PM | Computer Name = Flipsy | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003

Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll

< End of report >

Edited by Deevly, 08 December 2014 - 02:49 PM.

#2
Pyxis

Posted 09 December 2014 - 07:02 AM

Trusted Helper

Malware Removal
1,228 posts

Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world!

I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:

It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.

I hope you keep in mind these reminders. Let's get to work! :thumbsup:

Step 1

Download 'AdwCleaner by Xplode' and save it to your desktop.
- Simply double-click the program icon to run it. It will ask for administrator privileges.
- Read the Terms of Use and click I Agree.
- Click Scan and choose Clean after.
- Wait for it to finish. It won't take long.
- Click OK for the next prompts. Your system will automatically reboot.
- A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner\AdwCleaner[S*].txt.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

Step 2

Download 'Junkware Removal Tool by thisisu' and save it to your desktop.
- Ensure all programs and windows are closed before proceeding.
- Simply double-click the program icon to run it. It will ask for administrator privileges.
- A black window will appear. Press any key to continue.
- Wait for it to finish. It won't take long.
- A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

Step 3

If you haven't already, download 'Farbar Recovery Scan Tool by Farbar' and save it to your desktop.
- Simply double-click the program icon to run it. It will ask for administrator privileges.
- The program will initialize. Press Yes to accept the disclaimer.
- Put a check on Addition.
- Press the Scan button after.
- It will produce FRST.txt and Addition.txt on your desktop once done.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.

Logs to Post

In summary of the above, I will need you to post the following log(s):
- Addition.txt (Farbar Recovery Scan Tool)
- FRST.txt (Farbar Recovery Scan Tool)
- AdwCleaner[S*].txt (AdwCleaner)
- JRT.txt (Junkware Removal Tool)

#3
Deevly

Posted 09 December 2014 - 12:40 PM

Member

Topic Starter
Member
15 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2014

Ran by Deidra at 2014-12-09 13:34:41

Running from C:\Users\Deidra\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

AS: Norton Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Norton Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)

Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)

CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden

Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden

Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden

Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden

Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)

Dragon Assistant 3 (HKLM-x32\...\{4693847A-7139-4CF4-B274-916C046C9E50}) (Version: 3.1.30 - Nuance Communications, Inc.)

Dragon Assistant 3 Language Data Pack en_US (HKLM-x32\...\{532A5345-1A42-4C55-B56E-CE753D0BAA02}) (Version: 3.1.30 - Nuance Communications, Inc.)

Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.1.51 - Lenovo)

Energy Manager (x32 Version: 1.0.1.51 - Lenovo) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2857 - Hightail, Inc.)

HP Officejet 5740 series Basic Device Software (HKLM\...\{7FAA9D15-FF0B-4593-8D4A-0B941FD1977A}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)

Intel Experience Center - Configuration (x32 Version: 1.7.0.179 - Intel) Hidden

Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)

Intel® Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)

Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)

Intel® Smart Connect Technology (HKLM\...\{92DA2455-E6C9-4EFF-9AFD-07C2C3B185DA}) (Version: 4.2.41.2633 - Intel Corporation)

Intel® Update Manager (x32 Version: 1.6.2.69 - Intel Corporation) Hidden

Intel® PROSet/Wireless Software (HKLM-x32\...\{2f4d8103-e601-4d48-b81d-d508d760aaba}) (Version: 17.0.3 - Intel Corporation)

Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.16.50.5 - ClientConnect LTD)

Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)

Lenovo EasyCamera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.5.43 - SunplusIT)

Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.17.0 - Lenovo)

Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)

Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)

Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden

Lenovo Motion Control (HKLM-x32\...\InstallShield_{E9325F15-6339-45E8-9DC4-C2D44B623039}) (Version: 2.5.1.0224 - PointGrab)

Lenovo Motion Control (x32 Version: 2.5.1.0224 - PointGrab) Hidden

Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)

Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden

Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)

Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.4 - Lenovo)

Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.12271 - Lenovo)

Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)

Lenovo Yoga 2 Demo (HKLM-x32\...\{03C682A4-05CD-4D22-B50A-B9C3C5F2B137}) (Version: 1.0.7 - Lenovo)

Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.3 - Lenovo)

Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.3 - Lenovo) Hidden

Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)

Norton Security (HKLM-x32\...\NS) (Version: 22.0.2.17 - Symantec Corporation)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7058 - Realtek Semiconductor Corp.)

Start Menu (HKU\S-1-5-21-818984236-3831732592-3455439087-1001\...\Pokki_Start_Menu) (Version: 0.269.4.137 - Pokki)

Superfish Inc. VisualDiscovery (HKLM-x32\...\Superfish Inc. VisualDiscovery) (Version: 1.0.0.1 - Superfish)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.7 - Synaptics Incorporated)

User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)

User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden

Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)

Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.5.014.0106 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-818984236-3831732592-3455439087-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

03-12-2014 17:33:02 McAfee Vulnerability Scanner

05-12-2014 17:50:01 McAfee Vulnerability Scanner

07-12-2014 20:12:49 Removed Microsoft Office

08-12-2014 01:51:25 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02CB54FA-9273-4CAC-9C86-2EC426B20FFC} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)

Task: {25780E0B-6E43-4DDC-957F-034654611EF8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-07] (Google Inc.)

Task: {260412EB-AC49-4220-B580-5E0B0541DACB} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)

Task: {35ACD3E1-B471-4821-919C-E3F75F0FA80D} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.0.2.17\SymErr.exe [2014-09-08] (Symantec Corporation)

Task: {552B432F-3DE9-45F8-880A-639A1B5C54F7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-10-31] (Microsoft Corporation)

Task: {5C276670-BA19-45CF-B70A-EAC3E532BE40} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.0.2.17\WSCStub.exe [2014-10-15] (Symantec Corporation)

Task: {5FC5605C-A1EC-4A16-8DCA-C885A2E5DDA6} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2014-08-20] (Lenovo)

Task: {67CA2BF3-865F-4FC5-8F57-B6736DE8849A} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.0.2.17\SymErr.exe [2014-09-08] (Symantec Corporation)

Task: {8EA3C866-F401-4EF8-AF7C-3592AF8BE95E} - System32\Tasks\GoogleUpdateTaskMachineUA1d00f20798012ba => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-07] (Google Inc.)

Task: {8FA551CA-5EAB-42D4-90A5-47143600E071} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2014-12-03] (Lenovo)

Task: {9E6226A5-AEA1-48F7-8CA8-21DFF01496CB} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()

Task: {C60B6ABA-5013-4760-9F29-5584518E19AF} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)

Task: {DE7F333C-7AB1-4C04-AEA7-5AE04519AFAC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)

Task: {EA0EC87D-DC20-4D47-A53A-EEB8A4ABFF88} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-07] (Google Inc.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-07 19:12 - 2013-11-07 19:12 - 00198120 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe

2013-11-07 19:12 - 2013-11-07 19:12 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll

2013-11-07 19:12 - 2013-11-07 19:12 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll

2014-08-20 21:11 - 2012-04-24 05:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe

2014-08-20 21:11 - 2014-08-20 21:11 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe

2014-08-20 21:11 - 2014-08-20 21:11 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll

2014-08-20 21:11 - 2014-08-20 21:11 - 00062224 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll

2014-08-20 21:09 - 2014-01-06 17:14 - 00019440 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe

2014-08-20 21:11 - 2014-08-20 21:11 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe

2014-08-20 21:11 - 2014-08-20 21:11 - 00108304 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe

2014-08-20 05:29 - 2014-03-06 20:21 - 00080312 _____ () C:\windows\system32\igfxexps.dll

2014-02-24 18:39 - 2014-02-24 18:39 - 00013576 _____ () C:\Program Files (x86)\Lenovo\Motion Control\PointGrabDeviceAPI.dll

2014-08-20 21:11 - 2014-08-20 21:11 - 00102672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\3200\TransitionLib.dll

2014-08-20 21:11 - 2014-08-20 21:11 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll

2014-08-20 21:11 - 2014-08-20 21:11 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll

2014-08-20 20:46 - 2013-08-08 15:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Deidra\OneDrive:ms-properties

AlternateDataStreams: C:\Users\Deidra\Downloads\Facebook-20141203-121530.jpg:StreamedFileState

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VisualDiscovery => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Yoga PhoneCompanion"

HKLM\...\StartupApproved\Run32: => "ISUSPM"

HKLM\...\StartupApproved\Run32: => "Yoga Picks"

HKU\S-1-5-21-818984236-3831732592-3455439087-1001\...\StartupApproved\Run: => "Pokki"

========================= Accounts: ==========================

Administrator (S-1-5-21-818984236-3831732592-3455439087-500 - Administrator - Disabled)

Deidra (S-1-5-21-818984236-3831732592-3455439087-1001 - Administrator - Enabled) => C:\Users\Deidra

Guest (S-1-5-21-818984236-3831732592-3455439087-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

System errors:

=============

Error: (12/09/2014 01:34:32 PM) (Source: DCOM) (EventID: 10010) (User: FLIPSY)

Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/09/2014 01:34:02 PM) (Source: DCOM) (EventID: 10010) (User: FLIPSY)

Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Microsoft Office Sessions:

=========================

==================== Memory info ===========================

Processor: Intel® Core™ i7-4510U CPU @ 2.00GHz

Percentage of memory in use: 23%

Total physical RAM: 8104.27 MB

Available physical RAM: 6183.43 MB

Total Pagefile: 10024.27 MB

Available Pagefile: 7799.58 MB

Total Virtual: 131072 MB

Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:195.93 GB) (Free:142.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 238.5 GB) (Disk ID: 7EC13322)

Partition: GPT Partition Type.

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2014

Ran by Deidra (administrator) on FLIPSY on 09-12-2014 13:34:17

Running from C:\Users\Deidra\Downloads

Loaded Profile: Deidra (Available profiles: Deidra)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe

(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe

(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe

(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe

(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe

(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe

(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe

(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe

(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe

(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe

(Superfish, Inc.) C:\Program Files (x86)\Lenovo\VisualDiscovery\VisualDiscovery.exe

(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe

() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.0.2.17\ns.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.0.2.17\ns.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe

() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe

(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe

(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe

(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe

(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.3030.1024_x64__8wekyb3d8bbwe\onenoteim.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13656792 2013-10-04] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-09-26] (Realtek Semiconductor)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-02] (Intel Corporation)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-08-20] (Lenovo)

HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-08-20] ()

HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59923440 2014-08-20] (Lenovo(beijing) Limited)

HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-08-20] (Lenovo(beijing) Limited)

HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)

HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119280 2014-01-06] (Lenovo)

HKU\S-1-5-21-818984236-3831732592-3455439087-1001\...\Run: [HP Officejet 5740 series (NET)] => C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe [3483656 2014-08-22] (Hewlett-Packard Development Company, LP)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk

ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)

ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)

ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)

ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)

ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)

ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)

ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)

ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =

HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =

HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =

HKU\S-1-5-21-818984236-3831732592-3455439087-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB

HKU\S-1-5-21-818984236-3831732592-3455439087-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Norton Security\Engine64\22.0.2.17\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.0.2.17\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Norton Security\Engine64\22.0.2.17\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.0.2.17\coIEPlg.dll (Symantec Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF ProfilePath: C:\Users\Deidra\AppData\Roaming\Mozilla\Firefox\Profiles\qipkhwio.default

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.0.110\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.0.110\coFFPlgn [2014-12-07]

FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:

=======

CHR Profile: C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-03]

CHR Extension: (Google Docs) - C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-03]

CHR Extension: (Google Drive) - C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-03]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-03]

CHR Extension: (YouTube) - C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-03]

CHR Extension: (Google Search) - C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-03]

CHR Extension: (Google Sheets) - C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-03]

CHR Extension: (Google Wallet) - C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-03]

CHR Extension: (Gmail) - C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-03]

CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.0.2.17\Exts\Chrome.crx [2014-12-08]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.0.2.17\Exts\Chrome.crx [2014-12-08]

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DAMSvc; C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe [4260112 2014-04-08] (Nuance Communications, Inc.)

R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115632 2013-08-02] (Intel Corporation)

R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-02] (Intel Corporation)

R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148688 2013-08-02] (Intel Corporation)

R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124880 2013-08-02] (Intel Corporation)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-04-14] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)

R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-11-07] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)

S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)

R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)

R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-08-20] (Lenovo(beijing) Limited)

R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-08-20] (Lenovo)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()

R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)

R2 NS; C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.0.2.17\NS.exe [282568 2014-10-15] (Symantec Corporation)

R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-24] (PointGrab LTD)

R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-24] (PointGrab LTD)

R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [249872 2014-08-20] (Lenovo)

S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [328720 2014-08-20] (Lenovo)

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-13] (Realtek Semiconductor)

R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-08-20] ()

R2 VisualDiscovery; C:\Program Files (x86)\Lenovo\VisualDiscovery\VisualDiscovery.exe [1354296 2014-06-21] (Superfish, Inc.)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-08-20] (Lenovo)

R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2014-01-06] ()

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20141203.001\BHDrvx64.sys [1587416 2014-12-03] (Symantec Corporation)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)

S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)

R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1600020.011\ccSetx64.sys [165080 2014-09-09] (Symantec Corporation)

R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-02] (Intel Corporation)

R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-02] (Intel Corporation)

R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494272 2013-08-02] (Intel Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-08-27] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-07] (Symantec Corporation)

R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [192456 2014-05-09] (Intel Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20141208.001\IDSvia64.sys [637656 2014-12-05] (Symantec Corporation)

R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()

R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()

R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()

R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20141208.035\ENG64.SYS [129752 2014-12-07] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20141208.035\EX64.SYS [2137304 2014-12-07] (Symantec Corporation)

R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3443680 2014-06-01] (Intel Corporation)

S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)

R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)

R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)

R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1527712 2013-12-30] (Sunplus)

R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1600020.011\SRTSP64.SYS [1016024 2014-09-09] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1600020.011\SRTSPX64.SYS [42200 2014-09-09] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NSx64\1600020.011\SYMDS64.SYS [490712 2014-09-09] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NSx64\1600020.011\SYMEFA64.SYS [1151704 2014-09-09] (Symantec Corporation)

S0 SymELAM; C:\Windows\System32\drivers\NSx64\1600020.011\SymELAM.sys [23568 2014-09-09] (Symantec Corporation)

R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2014-12-07] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NSx64\1600020.011\Ironx64.SYS [271576 2014-09-09] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1600020.011\SYMNETS.SYS [565464 2014-09-09] (Symantec Corporation)

R2 VDWFP; C:\windows\system32\Drivers\VDWFP64.sys [39800 2014-05-12] (Superfish, Inc.)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 13:34 - 2014-12-09 13:34 - 00022544 _____ () C:\Users\Deidra\Downloads\FRST.txt

2014-12-09 13:33 - 2014-12-09 13:34 - 00000000 ____D () C:\FRST

2014-12-09 13:33 - 2014-12-09 13:33 - 02119680 _____ (Farbar) C:\Users\Deidra\Downloads\frst64.exe

2014-12-09 13:26 - 2014-12-09 13:26 - 00000623 _____ () C:\Users\Deidra\Desktop\JRT.txt

2014-12-09 13:23 - 2014-12-09 13:23 - 00000000 ____D () C:\windows\ERUNT

2014-12-09 13:22 - 2014-12-09 13:22 - 01707646 _____ (Thisisu) C:\Users\Deidra\Downloads\JRT.exe

2014-12-09 13:22 - 2014-12-09 13:22 - 00000000 ____D () C:\windows\System32\Tasks\Norton Security

2014-12-09 13:18 - 2014-12-09 13:18 - 00008884 _____ () C:\Users\Deidra\Desktop\AdwCleaner[S0].txt

2014-12-09 13:10 - 2014-12-09 13:10 - 00001166 _____ () C:\Users\Deidra\Desktop\AdwCleaner.exe - Shortcut.lnk

2014-12-09 13:09 - 2014-12-09 13:09 - 02166272 _____ () C:\Users\Deidra\Downloads\AdwCleaner.exe

2014-12-08 21:31 - 2014-12-08 21:31 - 00000057 _____ () C:\ProgramData\Ament.ini

2014-12-08 21:31 - 2014-12-08 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

2014-12-08 21:31 - 2014-12-08 21:31 - 00000000 ____D () C:\ProgramData\HP

2014-12-08 21:31 - 2014-12-08 21:31 - 00000000 ____D () C:\Program Files\HP

2014-12-08 21:31 - 2014-12-08 21:31 - 00000000 ____D () C:\Program Files (x86)\HP

2014-12-08 21:31 - 2014-08-22 05:12 - 00751624 ____N (Hewlett-Packard Development Company, LP) C:\windows\system32\HPDiscoPMCD11.dll

2014-12-08 21:29 - 2014-12-08 21:34 - 00000000 ____D () C:\Users\Deidra\AppData\Local\HP

2014-12-08 21:18 - 2014-12-08 21:25 - 188058456 _____ () C:\Users\Deidra\Downloads\OJ5740_117.exe

2014-12-08 15:11 - 2014-12-08 15:11 - 00157350 _____ () C:\Users\Deidra\Downloads\OTL.Txt

2014-12-08 15:11 - 2014-12-08 15:11 - 00055168 _____ () C:\Users\Deidra\Downloads\Extras.Txt

2014-12-08 15:08 - 2014-12-08 15:08 - 00602112 _____ (OldTimer Tools) C:\Users\Deidra\Downloads\OTL.exe

2014-12-08 13:22 - 2014-04-13 22:29 - 01018880 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll

2014-12-07 22:45 - 2014-12-07 22:45 - 00002286 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-12-07 22:45 - 2014-12-07 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-12-07 22:44 - 2014-12-09 13:17 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-07 22:44 - 2014-12-09 01:49 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-07 22:13 - 2014-12-07 22:15 - 00000000 ____D () C:\Users\Deidra\AppData\Roaming\Mozilla

2014-12-07 22:13 - 2014-12-07 22:15 - 00000000 ____D () C:\Users\Deidra\AppData\Local\Mozilla

2014-12-07 22:13 - 2014-12-07 22:13 - 00000000 ____D () C:\ProgramData\Mozilla

2014-12-07 21:45 - 2014-12-07 21:46 - 00000000 ____D () C:\Users\Deidra\AppData\Local\NPE

2014-12-07 21:33 - 2014-12-09 13:17 - 00003248 _____ () C:\windows\System32\Tasks\Norton WSC Integration

2014-12-07 21:33 - 2014-10-30 06:25 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

2014-12-07 21:32 - 2014-12-09 13:17 - 00002665 _____ () C:\Users\Public\Desktop\Norton Security.lnk

2014-12-07 21:32 - 2014-12-09 13:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security

2014-12-07 21:32 - 2014-12-09 13:17 - 00000000 ____D () C:\windows\system32\Drivers\NSx64

2014-12-07 21:32 - 2014-12-07 21:32 - 00102616 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS

2014-12-07 21:32 - 2014-12-07 21:32 - 00008214 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT

2014-12-07 21:05 - 2014-07-24 10:28 - 00419648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys

2014-12-07 21:05 - 2014-07-24 10:28 - 00412992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys

2014-12-07 21:05 - 2014-07-24 10:28 - 00280384 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pci.sys

2014-12-07 21:05 - 2014-07-24 10:28 - 00143680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys

2014-12-07 21:05 - 2014-07-24 10:23 - 00125472 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll

2014-12-07 21:05 - 2014-07-24 10:20 - 00645592 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll

2014-12-07 21:05 - 2014-07-24 10:20 - 00263400 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlows.exe

2014-12-07 21:05 - 2014-07-24 10:16 - 02574208 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL

2014-12-07 21:05 - 2014-07-24 10:16 - 00211216 _____ (Microsoft Corporation) C:\windows\system32\SndVol.exe

2014-12-07 21:05 - 2014-07-24 10:07 - 02009920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys

2014-12-07 21:05 - 2014-07-24 10:05 - 01660048 _____ (Microsoft Corporation) C:\windows\system32\winload.efi

2014-12-07 21:05 - 2014-07-24 10:05 - 01519560 _____ (Microsoft Corporation) C:\windows\system32\winload.exe

2014-12-07 21:05 - 2014-07-24 10:05 - 01488008 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi

2014-12-07 21:05 - 2014-07-24 10:05 - 01356840 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe

2014-12-07 21:05 - 2014-07-24 10:03 - 02141920 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll

2014-12-07 21:05 - 2014-07-24 10:03 - 00882136 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll

2014-12-07 21:05 - 2014-07-24 10:03 - 00360480 _____ (Microsoft Corporation) C:\windows\system32\mfreadwrite.dll

2014-12-07 21:05 - 2014-07-24 10:03 - 00233888 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll

2014-12-07 21:05 - 2014-07-24 10:03 - 00205512 _____ (Microsoft Corporation) C:\windows\system32\mftranscode.dll

2014-12-07 21:05 - 2014-07-24 08:50 - 00098048 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll

2014-12-07 21:05 - 2014-07-24 08:48 - 02410976 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL

2014-12-07 21:05 - 2014-07-24 08:48 - 00180208 _____ (Microsoft Corporation) C:\windows\SysWOW64\SndVol.exe

2014-12-07 21:05 - 2014-07-24 08:46 - 00477200 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll

2014-12-07 21:05 - 2014-07-24 08:36 - 02145472 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll

2014-12-07 21:05 - 2014-07-24 08:36 - 00707536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll

2014-12-07 21:05 - 2014-07-24 08:36 - 00355800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfreadwrite.dll

2014-12-07 21:05 - 2014-07-24 08:36 - 00180720 _____ (Microsoft Corporation) C:\windows\SysWOW64\mftranscode.dll

2014-12-07 21:05 - 2014-07-24 06:51 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\KBDRUM.DLL

2014-12-07 21:05 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL

2014-12-07 21:05 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTT102.DLL

2014-12-07 21:05 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL

2014-12-07 21:05 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL

2014-12-07 21:05 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL

2014-12-07 21:05 - 2014-07-24 06:51 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL

2014-12-07 21:05 - 2014-07-24 06:46 - 00079872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys

2014-12-07 21:05 - 2014-07-24 06:45 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys

2014-12-07 21:05 - 2014-07-24 06:44 - 00674816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys

2014-12-07 21:05 - 2014-07-24 06:43 - 00412160 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys

2014-12-07 21:05 - 2014-07-24 06:42 - 00446976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nwifi.sys

2014-12-07 21:05 - 2014-07-24 06:42 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\NdisImPlatform.sys

2014-12-07 21:05 - 2014-07-24 06:41 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthpan.sys

2014-12-07 21:05 - 2014-07-24 06:06 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\iasnap.dll

2014-12-07 21:05 - 2014-07-24 06:05 - 00287232 _____ (Microsoft Corporation) C:\windows\system32\usbmon.dll

2014-12-07 21:05 - 2014-07-24 06:05 - 00226816 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll

2014-12-07 21:05 - 2014-07-24 05:52 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL

2014-12-07 21:05 - 2014-07-24 05:52 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTT102.DLL

2014-12-07 21:05 - 2014-07-24 05:52 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL

2014-12-07 21:05 - 2014-07-24 05:51 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRUM.DLL

2014-12-07 21:05 - 2014-07-24 05:51 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL

2014-12-07 21:05 - 2014-07-24 05:51 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL

2014-12-07 21:05 - 2014-07-24 05:51 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL

2014-12-07 21:05 - 2014-07-24 05:49 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\WorkFoldersGPExt.dll

2014-12-07 21:05 - 2014-07-24 05:32 - 00207360 _____ (Microsoft Corporation) C:\windows\system32\powercfg.cpl

2014-12-07 21:05 - 2014-07-24 05:20 - 02050560 _____ (Microsoft Corporation) C:\windows\system32\SRH.dll

2014-12-07 21:05 - 2014-07-24 05:18 - 01089024 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll

2014-12-07 21:05 - 2014-07-24 05:12 - 00878592 _____ (Microsoft Corporation) C:\windows\system32\ActionCenter.dll

2014-12-07 21:05 - 2014-07-24 05:10 - 01844224 _____ (Microsoft Corporation) C:\windows\system32\Display.dll

2014-12-07 21:05 - 2014-07-24 05:10 - 00834560 _____ (Microsoft Corporation) C:\windows\system32\osk.exe

2014-12-07 21:05 - 2014-07-24 05:10 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll

2014-12-07 21:05 - 2014-07-24 05:10 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\iasnap.dll

2014-12-07 21:05 - 2014-07-24 05:05 - 00187392 _____ (Microsoft Corporation) C:\windows\system32\WorkFoldersShell.dll

2014-12-07 21:05 - 2014-07-24 04:52 - 00621056 _____ (Microsoft Corporation) C:\windows\system32\comdlg32.dll

2014-12-07 21:05 - 2014-07-24 04:44 - 16874496 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll

2014-12-07 21:05 - 2014-07-24 04:42 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\powercfg.cpl

2014-12-07 21:05 - 2014-07-24 04:40 - 00557056 _____ (Microsoft Corporation) C:\windows\system32\PrintDialogs.dll

2014-12-07 21:05 - 2014-07-24 04:39 - 00770048 _____ (Microsoft Corporation) C:\windows\system32\WorkfoldersControl.dll

2014-12-07 21:05 - 2014-07-24 04:33 - 01741824 _____ (Microsoft Corporation) C:\windows\SysWOW64\SRH.dll

2014-12-07 21:05 - 2014-07-24 04:32 - 01048064 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll

2014-12-07 21:05 - 2014-07-24 04:27 - 00779264 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe

2014-12-07 21:05 - 2014-07-24 04:25 - 00832512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ActionCenter.dll

2014-12-07 21:05 - 2014-07-24 04:24 - 01817088 _____ (Microsoft Corporation) C:\windows\SysWOW64\Display.dll

2014-12-07 21:05 - 2014-07-24 04:21 - 00134144 _____ (Microsoft Corporation) C:\windows\system32\browser.dll

2014-12-07 21:05 - 2014-07-24 04:18 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wlansvcpal.dll

2014-12-07 21:05 - 2014-07-24 04:16 - 12730880 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll

2014-12-07 21:05 - 2014-07-24 04:14 - 00443904 _____ (Microsoft Corporation) C:\windows\system32\wlansec.dll

2014-12-07 21:05 - 2014-07-24 04:12 - 00127488 _____ (Microsoft Corporation) C:\windows\system32\WiFiDisplay.dll

2014-12-07 21:05 - 2014-07-24 04:11 - 00356864 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe

2014-12-07 21:05 - 2014-07-24 04:11 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\wshbth.dll

2014-12-07 21:05 - 2014-07-24 04:10 - 00540672 _____ (Microsoft Corporation) C:\windows\SysWOW64\comdlg32.dll

2014-12-07 21:05 - 2014-07-24 04:04 - 00492032 _____ (Microsoft Corporation) C:\windows\SysWOW64\PrintDialogs.dll

2014-12-07 21:05 - 2014-07-24 04:04 - 00183808 _____ (Microsoft Corp.) C:\windows\system32\Defrag.exe

2014-12-07 21:05 - 2014-07-24 04:03 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll

2014-12-07 21:05 - 2014-07-24 04:02 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll

2014-12-07 21:05 - 2014-07-24 03:58 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\BluetoothApis.dll

2014-12-07 21:05 - 2014-07-24 03:53 - 01261056 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll

2014-12-07 21:05 - 2014-07-24 03:53 - 00449536 _____ (Microsoft Corporation) C:\windows\system32\defragsvc.dll

2014-12-07 21:05 - 2014-07-24 03:49 - 01287680 _____ (Microsoft Corporation) C:\windows\system32\mispace.dll

2014-12-07 21:05 - 2014-07-24 03:49 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\wlanapi.dll

2014-12-07 21:05 - 2014-07-24 03:48 - 00659968 _____ (Microsoft Corporation) C:\windows\system32\Windows.Devices.Bluetooth.dll

2014-12-07 21:05 - 2014-07-24 03:47 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll

2014-12-07 21:05 - 2014-07-24 03:43 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshbth.dll

2014-12-07 21:05 - 2014-07-24 03:39 - 02397184 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll

2014-12-07 21:05 - 2014-07-24 03:38 - 00371200 _____ (Microsoft Corporation) C:\windows\system32\wlanmsm.dll

2014-12-07 21:05 - 2014-07-24 03:36 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\BluetoothApis.dll

2014-12-07 21:05 - 2014-07-24 03:32 - 01532416 _____ (Microsoft Corporation) C:\windows\system32\wlansvc.dll

2014-12-07 21:05 - 2014-07-24 03:30 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanapi.dll

2014-12-07 21:05 - 2014-07-24 03:29 - 00439296 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Devices.Bluetooth.dll

2014-12-07 21:05 - 2014-07-24 03:28 - 00595456 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.dll

2014-12-07 21:05 - 2014-07-24 03:23 - 01404416 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll

2014-12-07 21:05 - 2014-07-24 03:22 - 00487936 _____ (Microsoft Corporation) C:\windows\system32\winspool.drv

2014-12-07 21:05 - 2014-07-24 03:21 - 01231872 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.dll

2014-12-07 21:05 - 2014-07-24 03:21 - 00302080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanmsm.dll

2014-12-07 21:05 - 2014-07-24 03:18 - 01144320 _____ (Microsoft Corporation) C:\windows\system32\wwanmm.dll

2014-12-07 21:05 - 2014-07-24 03:18 - 00795136 _____ (Microsoft Corporation) C:\windows\system32\spoolsv.exe

2014-12-07 21:05 - 2014-07-24 03:16 - 00505344 _____ (Microsoft Corporation) C:\windows\system32\VAN.dll

2014-12-07 21:05 - 2014-07-24 03:16 - 00084480 _____ (Microsoft Corporation) C:\windows\system32\wpdbusenum.dll

2014-12-07 21:05 - 2014-07-24 03:15 - 00721408 _____ (Microsoft Corporation) C:\windows\system32\twinapi.dll

2014-12-07 21:05 - 2014-07-24 03:15 - 00432128 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.dll

2014-12-07 21:05 - 2014-07-24 03:13 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\SndVolSSO.dll

2014-12-07 21:05 - 2014-07-24 03:10 - 00889344 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.dll

2014-12-07 21:05 - 2014-07-24 03:10 - 00371712 _____ (Microsoft Corporation) C:\windows\SysWOW64\winspool.drv

2014-12-07 21:05 - 2014-07-24 03:08 - 00321536 _____ (Microsoft Corporation) C:\windows\system32\stobject.dll

2014-12-07 21:05 - 2014-07-24 03:05 - 00448000 _____ (Microsoft Corporation) C:\windows\SysWOW64\VAN.dll

2014-12-07 21:05 - 2014-07-24 03:01 - 01992192 _____ (Microsoft Corporation) C:\windows\system32\XpsPrint.dll

2014-12-07 21:05 - 2014-07-24 03:00 - 02100736 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlowUI.dll

2014-12-07 21:05 - 2014-07-24 02:58 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\wwanconn.dll

2014-12-07 21:05 - 2014-07-24 02:58 - 00288768 _____ (Microsoft Corporation) C:\windows\SysWOW64\stobject.dll

2014-12-07 21:05 - 2014-07-24 02:54 - 01290752 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsPrint.dll

2014-12-07 21:05 - 2014-07-24 02:50 - 01182208 _____ (Microsoft Corporation) C:\windows\system32\printui.dll

2014-12-07 21:05 - 2014-07-24 02:47 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll

2014-12-07 21:05 - 2014-07-24 02:44 - 01057792 _____ (Microsoft Corporation) C:\windows\SysWOW64\printui.dll

2014-12-07 21:05 - 2014-07-24 02:41 - 00459264 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll

2014-12-07 21:05 - 2014-07-24 02:28 - 01600000 _____ (Microsoft Corporation) C:\windows\system32\workfolderssvc.dll

2014-12-07 21:05 - 2014-07-23 23:11 - 00513544 _____ () C:\windows\SysWOW64\locale.nls

2014-12-07 21:05 - 2014-07-23 23:11 - 00513544 _____ () C:\windows\system32\locale.nls

2014-12-07 21:05 - 2014-07-12 00:55 - 00268288 _____ (Microsoft Corporation) C:\windows\system32\wisp.dll

2014-12-07 21:05 - 2014-07-11 23:58 - 00210944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wisp.dll

2014-12-07 21:05 - 2014-07-04 07:59 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ks.sys

2014-12-07 21:05 - 2014-07-04 05:29 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\AppxSip.dll

2014-12-07 21:05 - 2014-07-04 05:20 - 01656832 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll

2014-12-07 21:05 - 2014-07-04 05:06 - 00095232 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppxSip.dll

2014-12-07 21:05 - 2014-07-04 05:00 - 01351168 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll

2014-12-07 21:05 - 2014-07-04 04:30 - 00544768 _____ (Microsoft Corporation) C:\windows\system32\AppxPackaging.dll

2014-12-07 21:05 - 2014-07-04 04:27 - 00474112 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppxPackaging.dll

2014-12-07 21:05 - 2014-06-27 01:22 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys

2014-12-07 21:05 - 2014-06-25 19:32 - 01029632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mispace.dll

2014-12-07 21:05 - 2014-06-25 19:29 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\dab.dll

2014-12-07 21:05 - 2014-06-19 18:37 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys

2014-12-07 21:05 - 2014-06-18 21:13 - 00310080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys

2014-12-07 21:05 - 2014-06-14 01:03 - 02389504 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll

2014-12-07 21:05 - 2014-06-14 00:46 - 02071552 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll

2014-12-07 21:05 - 2014-06-07 07:46 - 00216368 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll

2014-12-07 21:05 - 2014-06-07 05:20 - 00189016 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll

2014-12-07 21:05 - 2014-06-05 09:00 - 01118040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys

2014-12-07 21:05 - 2014-06-05 05:18 - 01018368 _____ (Microsoft Corporation) C:\windows\system32\aclui.dll

2014-12-07 21:05 - 2014-06-05 04:42 - 00889856 _____ (Microsoft Corporation) C:\windows\SysWOW64\aclui.dll

2014-12-07 21:05 - 2014-05-31 00:00 - 01463808 _____ (Microsoft Corporation) C:\windows\system32\wsecedit.dll

2014-12-07 21:05 - 2014-05-30 23:18 - 01319936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wsecedit.dll

2014-12-07 21:05 - 2014-05-29 01:23 - 00427008 _____ (Microsoft Corporation) C:\windows\system32\clusapi.dll

2014-12-07 21:05 - 2014-05-29 00:25 - 00313856 _____ (Microsoft Corporation) C:\windows\SysWOW64\clusapi.dll

2014-12-07 21:05 - 2014-05-26 02:26 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\AppxSysprep.dll

2014-12-07 21:05 - 2014-05-10 05:12 - 00387896 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll

2014-12-07 21:05 - 2014-05-10 03:46 - 00335680 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll

2014-12-07 21:05 - 2014-05-05 23:41 - 00486744 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll

2014-12-07 21:05 - 2014-05-05 19:55 - 00391000 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll

2014-12-07 21:05 - 2014-03-24 21:27 - 00160600 _____ (Microsoft Corporation) C:\windows\system32\winmmbase.dll

2014-12-07 21:05 - 2014-03-24 21:27 - 00123920 _____ (Microsoft Corporation) C:\windows\system32\winmm.dll

2014-12-07 21:05 - 2014-03-24 20:20 - 00128568 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmm.dll

2014-12-07 21:05 - 2014-03-24 20:20 - 00127544 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmmbase.dll

2014-12-07 20:56 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\windows\system32\consent.exe

2014-12-07 20:56 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\windows\system32\msi.dll

2014-12-07 20:56 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll

2014-12-07 20:56 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll

2014-12-07 20:56 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll

2014-12-07 20:56 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll

2014-12-07 20:56 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll

2014-12-07 20:56 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll

2014-12-07 19:34 - 2014-12-07 21:32 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared

2014-12-07 19:33 - 2014-12-07 21:32 - 00000000 ____D () C:\Program Files (x86)\Norton Security

2014-12-07 18:52 - 2014-12-09 13:16 - 00000000 ____D () C:\AdwCleaner

2014-12-07 18:52 - 2014-12-07 18:52 - 00000055 _____ () C:\AdwCleanerDebug.txt

2014-12-07 18:24 - 2014-12-07 21:32 - 00000000 ____D () C:\ProgramData\Norton

2014-12-07 18:24 - 2014-12-07 20:53 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan

2014-12-07 17:59 - 2014-12-07 20:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-07 17:59 - 2014-12-07 17:59 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-07 17:02 - 2014-12-07 17:02 - 00000000 __SHD () C:\Users\Deidra\AppData\Local\EmieBrowserModeList

2014-12-07 14:28 - 2014-12-07 14:40 - 00007605 _____ () C:\Users\Deidra\AppData\Local\Resmon.ResmonCfg

2014-12-04 22:24 - 2014-12-04 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices

2014-12-04 15:32 - 2014-12-08 21:38 - 00000000 ____D () C:\Users\Deidra\AppData\Roaming\Nitro PDF

2014-12-04 15:28 - 2014-12-04 15:28 - 00000000 ____D () C:\Users\Deidra\Documents\Medical Arts

2014-12-04 15:28 - 2014-12-04 15:28 - 00000000 ____D () C:\Users\Deidra\Documents\coop

2014-12-04 15:28 - 2009-10-04 15:16 - 00009256 _____ () C:\Users\Deidra\Documents\House colors.odt

2014-12-04 15:28 - 2006-10-12 18:26 - 00001948 _____ () C:\Users\Deidra\Documents\Family Birthdays.txt

2014-12-04 15:28 - 2003-04-11 00:49 - 00045568 _____ () C:\Users\Deidra\Documents\LionsPrint.xls

2014-12-04 15:28 - 2003-04-08 23:53 - 00046592 _____ () C:\Users\Deidra\Documents\LionsMaster.xls

2014-12-04 15:28 - 2003-03-18 17:36 - 00016384 _____ () C:\Users\Deidra\Documents\2002HomeCosts.xls

2014-12-04 15:28 - 2001-06-06 16:34 - 01863830 _____ () C:\Users\Deidra\Documents\p3_registration.bmp

2014-12-04 15:28 - 2001-04-03 16:53 - 01046654 _____ () C:\Users\Deidra\Documents\p1_feedback_2.bmp

2014-12-04 15:28 - 2001-04-03 16:50 - 01050446 _____ () C:\Users\Deidra\Documents\p1_feedback_1.bmp

2014-12-04 15:28 - 2001-04-03 13:17 - 00465846 _____ () C:\Users\Deidra\Documents\p1_registration.bmp

2014-12-04 15:28 - 1999-10-22 14:09 - 00016896 _____ () C:\Users\Deidra\Documents\Birthdays.xls

2014-12-04 15:28 - 1999-06-16 11:16 - 00039424 _____ () C:\Users\Deidra\Documents\The Wedding List.xls

2014-12-04 15:28 - 1999-02-27 11:19 - 00021504 _____ () C:\Users\Deidra\Documents\Financial Plan.xls

2014-12-04 15:28 - 1999-02-12 11:55 - 00020992 _____ () C:\Users\Deidra\Documents\Finances.xls

2014-12-04 15:28 - 1998-01-17 14:27 - 00017408 _____ () C:\Users\Deidra\Documents\Computer.xls

2014-12-04 15:28 - 1997-06-02 23:30 - 00027136 _____ () C:\Users\Deidra\Documents\Wedding Costs.xls

2014-12-03 22:27 - 2014-12-03 22:27 - 00000000 ____D () C:\Users\Deidra\AppData\Local\Lenovo

2014-12-03 13:10 - 2014-12-03 13:11 - 00000000 ____D () C:\windows\system32\MRT

2014-12-03 13:10 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-12-03 13:08 - 2014-12-03 13:09 - 00000000 ____D () C:\Users\Deidra\AppData\Local\CyberLink

2014-12-03 13:00 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2014-12-03 13:00 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll

2014-12-03 13:00 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll

2014-12-03 13:00 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll

2014-12-03 13:00 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll

2014-12-03 13:00 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll

2014-12-03 12:59 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys

2014-12-03 12:59 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys

2014-12-03 12:59 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys

2014-12-03 12:59 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll

2014-12-03 12:59 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll

2014-12-03 12:59 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll

2014-12-03 12:59 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\rfxvmt.dll

2014-12-03 12:59 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll

2014-12-03 12:59 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll

2014-12-03 12:59 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll

2014-12-03 12:59 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll

2014-12-03 12:59 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2014-12-03 12:59 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll

2014-12-03 12:58 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\packager.dll

2014-12-03 12:58 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll

2014-12-03 12:58 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll

2014-12-03 12:58 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll

2014-12-03 12:58 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll

2014-12-03 12:58 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll

2014-12-03 12:58 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll

2014-12-03 12:58 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe

2014-12-03 12:58 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll

2014-12-03 12:58 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll

2014-12-03 12:58 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll

2014-12-03 12:58 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll

2014-12-03 12:58 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2014-12-03 12:58 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll

2014-12-03 12:58 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll

2014-12-03 12:58 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll

2014-12-03 12:58 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll

2014-12-03 12:58 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll

2014-12-03 12:58 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll

2014-12-03 12:58 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll

2014-12-03 12:57 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-12-03 12:57 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe

2014-12-03 12:57 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe

2014-12-03 12:57 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe

2014-12-03 12:57 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll

2014-12-03 12:57 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe

2014-12-03 12:57 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2014-12-03 12:57 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\windows\system32\url.dll

2014-12-03 12:57 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2014-12-03 12:57 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2014-12-03 12:57 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2014-12-03 12:57 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec

2014-12-03 12:57 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll

2014-12-03 12:57 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2014-12-03 12:57 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2014-12-03 12:57 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll

2014-12-03 12:57 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2014-12-03 12:57 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll

2014-12-03 12:57 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2014-12-03 12:57 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2014-12-03 12:57 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2014-12-03 12:57 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2014-12-03 12:57 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2014-12-03 12:57 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll

2014-12-03 12:57 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2014-12-03 12:57 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2014-12-03 12:57 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll

2014-12-03 12:57 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx

2014-12-03 12:57 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll

2014-12-03 12:57 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2014-12-03 12:57 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2014-12-03 12:57 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll

2014-12-03 12:57 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll

2014-12-03 12:57 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2014-12-03 12:57 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll

2014-12-03 12:57 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll

2014-12-03 12:57 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll

2014-12-03 12:57 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2014-12-03 12:57 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2014-12-03 12:57 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2014-12-03 12:57 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2014-12-03 12:57 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2014-12-03 12:57 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2014-12-03 12:57 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll

2014-12-03 12:57 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2014-12-03 12:57 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll

2014-12-03 12:57 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2014-12-03 12:57 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe

2014-12-03 12:57 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe

2014-12-03 12:57 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe

2014-12-03 12:57 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll

2014-12-03 12:57 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe

2014-12-03 12:57 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2014-12-03 12:57 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll

2014-12-03 12:57 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2014-12-03 12:57 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec

2014-12-03 12:57 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll

2014-12-03 12:57 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll

2014-12-03 12:57 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2014-12-03 12:57 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2014-12-03 12:57 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2014-12-03 12:57 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2014-12-03 12:57 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll

2014-12-03 12:57 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2014-12-03 12:57 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll

2014-12-03 12:57 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll

2014-12-03 12:57 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2014-12-03 12:57 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2014-12-03 12:57 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll

2014-12-03 12:57 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2014-12-03 12:57 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-03 12:57 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll

2014-12-03 12:57 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll

2014-12-03 12:57 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx

2014-12-03 12:57 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2014-12-03 12:57 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll

2014-12-03 12:57 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2014-12-03 12:57 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll

2014-12-03 12:57 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2014-12-03 12:57 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll

2014-12-03 12:57 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2014-12-03 12:57 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll

2014-12-03 12:57 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll

2014-12-03 12:57 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2014-12-03 12:57 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2014-12-03 12:57 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2014-12-03 12:57 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2014-12-03 12:57 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll

2014-12-03 12:57 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll

2014-12-03 12:57 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2014-12-03 12:57 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2014-12-03 12:57 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2014-12-03 12:57 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2014-12-03 12:56 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys

2014-12-03 12:56 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys

2014-12-03 12:56 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS

2014-12-03 12:56 - 2014-09-07 17:08 - 00389176 _____ () C:\windows\system32\ApnDatabase.xml

2014-12-03 12:56 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll

2014-12-03 12:56 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll

2014-12-03 12:56 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll

2014-12-03 12:56 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll

2014-12-03 12:56 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll

2014-12-03 12:56 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll

2014-12-03 12:56 - 2014-09-03 19:10 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\winbici.dll

2014-12-03 12:56 - 2014-09-03 18:57 - 00921600 _____ (Microsoft Corporation) C:\windows\system32\MrmCoreR.dll

2014-12-03 12:56 - 2014-09-03 18:49 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\MrmCoreR.dll

2014-12-03 12:56 - 2014-08-30 19:17 - 00148800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS

2014-12-03 12:56 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll

2014-12-03 12:56 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll

2014-12-03 12:56 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\windows\system32\FXSCOMEX.dll

2014-12-03 12:56 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\FXSAPI.dll

2014-12-03 12:56 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll

2014-12-03 12:56 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSAPI.dll

2014-12-03 12:56 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll

2014-12-03 12:56 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2014-12-03 12:56 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll

2014-12-03 12:56 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll

2014-12-03 12:56 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll

2014-12-03 12:56 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll

2014-12-03 12:56 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll

2014-12-03 12:56 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll

2014-12-03 12:56 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll

2014-12-03 12:56 - 2014-07-24 06:22 - 00308736 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll

2014-12-03 12:56 - 2014-07-24 04:53 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\prnntfy.dll

2014-12-03 12:56 - 2014-07-24 04:13 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\prnntfy.dll

2014-12-03 12:56 - 2014-07-24 03:20 - 00187392 _____ (Microsoft Corporation) C:\windows\system32\puiapi.dll

2014-12-03 12:56 - 2014-07-24 03:08 - 00162816 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiapi.dll

2014-12-03 12:56 - 2014-07-24 02:49 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\DafPrintProvider.dll

2014-12-03 12:56 - 2014-07-24 02:43 - 00200192 _____ (Microsoft Corporation) C:\windows\SysWOW64\DafPrintProvider.dll

2014-12-03 12:54 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe

2014-12-03 12:54 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\wups.dll

2014-12-03 12:54 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll

2014-12-03 12:54 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll

2014-12-03 12:54 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll

2014-12-03 12:54 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll

2014-12-03 12:54 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe

2014-12-03 12:54 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll

2014-12-03 12:54 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll

2014-12-03 12:54 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll

2014-12-03 12:54 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll

2014-12-03 12:54 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll

2014-12-03 12:54 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll

2014-12-03 12:54 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe

2014-12-03 12:54 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll

2014-12-03 12:54 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll

2014-12-03 12:53 - 2014-12-03 12:53 - 00000000 ____D () C:\Users\Public\Pokki

2014-12-03 12:53 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\windows\system32\user32.dll

2014-12-03 12:53 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys

2014-12-03 12:53 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys

2014-12-03 12:53 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys

2014-12-03 12:53 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll

2014-12-03 12:53 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\winshfhc.dll

2014-12-03 12:53 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\winshfhc.dll

2014-12-03 12:53 - 2014-08-15 19:29 - 00249344 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-12-03 12:53 - 2014-08-15 19:22 - 00286208 _____ (Microsoft Corporation) C:\windows\system32\SkyDriveShell.dll

2014-12-03 12:53 - 2014-08-15 19:19 - 00189952 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-12-03 12:53 - 2014-08-15 19:14 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\SkyDriveShell.dll

2014-12-03 12:53 - 2014-08-15 19:11 - 00920064 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll

2014-12-03 12:53 - 2014-08-15 19:07 - 00756224 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll

2014-12-03 12:53 - 2014-07-24 10:28 - 00468288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS

2014-12-03 12:52 - 2014-12-07 21:18 - 00002302 _____ () C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

2014-12-03 12:52 - 2014-08-15 23:08 - 01507648 _____ (Microsoft Corporation) C:\windows\system32\propsys.dll

2014-12-03 12:52 - 2014-08-15 23:01 - 01710184 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll

2014-12-03 12:52 - 2014-08-15 22:58 - 01112512 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll

2014-12-03 12:52 - 2014-08-15 22:16 - 01205976 _____ (Microsoft Corporation) C:\windows\SysWOW64\propsys.dll

2014-12-03 12:52 - 2014-08-15 22:03 - 01467384 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll

2014-12-03 12:52 - 2014-08-15 20:31 - 00838144 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll

2014-12-03 12:52 - 2014-08-15 20:04 - 00359424 _____ (Microsoft Corporation) C:\windows\system32\Wldap32.dll

2014-12-03 12:52 - 2014-08-15 19:58 - 00287744 _____ (Microsoft Corporation) C:\windows\system32\SystemEventsBrokerServer.dll

2014-12-03 12:52 - 2014-08-15 19:53 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\httpprxm.dll

2014-12-03 12:52 - 2014-08-15 19:46 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\ProximityService.dll

2014-12-03 12:52 - 2014-08-15 19:45 - 00267776 _____ (Microsoft Corporation) C:\windows\system32\bisrv.dll

2014-12-03 12:52 - 2014-08-15 19:43 - 00321024 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wldap32.dll

2014-12-03 12:52 - 2014-08-15 19:43 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\adhsvc.dll

2014-12-03 12:52 - 2014-08-15 19:31 - 00914432 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll

2014-12-03 12:52 - 2014-08-15 19:31 - 00286208 _____ (Microsoft Corporation) C:\windows\system32\pcsvDevice.dll

2014-12-03 12:52 - 2014-08-15 19:23 - 01106432 _____ (Microsoft Corporation) C:\windows\system32\SearchFolder.dll

2014-12-03 12:52 - 2014-08-15 19:22 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\SkyDriveTelemetry.dll

2014-12-03 12:52 - 2014-08-15 19:18 - 04758528 _____ (Microsoft Corporation) C:\windows\system32\SyncEngine.dll

2014-12-03 12:52 - 2014-08-15 19:17 - 08757760 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Search.dll

2014-12-03 12:52 - 2014-08-15 19:13 - 06649344 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll

2014-12-03 12:52 - 2014-08-15 19:13 - 05902848 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Search.dll

2014-12-03 12:52 - 2014-08-15 19:13 - 00840192 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFolder.dll

2014-12-03 12:52 - 2014-08-15 19:10 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\SkyDrive.exe

2014-12-03 12:52 - 2014-08-15 19:08 - 05777408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll

2014-12-03 12:52 - 2014-07-24 06:42 - 01200640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys

2014-12-03 12:52 - 2014-07-24 06:41 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bridge.sys

2014-12-03 12:52 - 2014-07-24 05:09 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll

2014-12-03 12:52 - 2014-07-24 04:27 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll

2014-12-03 12:49 - 2014-12-07 21:04 - 00000000 ____D () C:\Users\Deidra\AppData\Local\CrashDumps

2014-12-03 12:42 - 2014-12-07 22:45 - 00000000 ____D () C:\Program Files (x86)\Google

2014-12-03 12:42 - 2014-12-07 22:44 - 00003884 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-12-03 12:42 - 2014-12-07 22:44 - 00003648 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-12-03 12:42 - 2014-12-03 12:42 - 00003884 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1d00f20798012ba

2014-12-03 12:42 - 2014-12-03 12:42 - 00000000 ____D () C:\Users\Deidra\AppData\Local\Google

2014-12-03 12:41 - 2014-12-07 22:44 - 00000000 ____D () C:\Users\Deidra\AppData\Local\Deployment

2014-12-03 12:41 - 2014-12-03 12:41 - 00000000 __SHD () C:\Users\Deidra\AppData\Local\EmieUserList

2014-12-03 12:41 - 2014-12-03 12:41 - 00000000 __SHD () C:\Users\Deidra\AppData\Local\EmieSiteList

2014-12-03 12:41 - 2014-12-03 12:41 - 00000000 ____D () C:\Users\Deidra\AppData\Local\Apps\2.0

2014-12-03 12:41 - 2014-09-03 19:12 - 00590336 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll

2014-12-03 12:41 - 2014-09-03 19:01 - 00514048 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll

2014-12-03 12:40 - 2014-06-09 17:13 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe

2014-12-03 12:40 - 2014-06-09 17:13 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe

2014-12-03 12:39 - 2014-08-23 02:48 - 02374784 _____ (Microsoft Corporation) C:\windows\explorer.exe

2014-12-03 12:39 - 2014-08-23 02:13 - 02084520 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe

2014-12-03 12:39 - 2014-08-23 01:10 - 00068096 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll

2014-12-03 12:39 - 2014-08-23 00:32 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll

2014-12-03 12:39 - 2014-08-22 23:33 - 00796672 _____ (Microsoft Corporation) C:\windows\system32\uDWM.dll

2014-12-03 12:39 - 2014-08-14 19:36 - 00146752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpioclx.sys

2014-12-03 12:39 - 2014-08-01 19:18 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll

2014-12-03 12:39 - 2014-07-29 20:56 - 00299520 _____ (Microsoft Corporation) C:\windows\system32\WSDMon.dll

2014-12-03 12:39 - 2014-07-29 00:22 - 00205824 _____ (Microsoft Corporation) C:\windows\system32\tcpmon.dll

2014-12-03 12:39 - 2014-07-23 22:20 - 00875688 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll

2014-12-03 12:39 - 2014-07-23 22:20 - 00869544 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll

2014-12-03 12:37 - 2014-08-06 21:12 - 01336624 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll

2014-12-03 12:37 - 2014-08-01 22:56 - 01064448 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll

2014-12-03 12:37 - 2014-07-15 13:16 - 03048880 _____ (Microsoft Corporation) C:\windows\system32\WpcMon.exe

2014-12-03 12:37 - 2014-07-15 03:29 - 03118080 _____ (Microsoft Corporation) C:\windows\system32\Wpc.dll

2014-12-03 12:37 - 2014-07-15 03:22 - 02861056 _____ (Microsoft Corporation) C:\windows\system32\WpcWebSync.dll

2014-12-03 12:37 - 2014-07-15 03:03 - 02344448 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wpc.dll

2014-12-03 12:37 - 2014-07-11 23:17 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\MDMAgent.exe

2014-12-03 12:37 - 2014-06-01 21:10 - 00423768 _____ (Microsoft Corporation) C:\windows\system32\hal.dll

2014-12-03 12:37 - 2014-05-31 05:07 - 00440664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys

2014-12-03 12:37 - 2014-05-31 05:07 - 00089944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys

2014-12-03 12:37 - 2014-05-31 05:07 - 00027480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys

2014-12-03 12:37 - 2014-05-31 01:30 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys

2014-12-03 12:37 - 2014-05-31 01:27 - 00110592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys

2014-12-03 12:37 - 2014-05-31 01:26 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys

2014-12-03 12:37 - 2014-05-30 23:01 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe

2014-12-03 12:37 - 2014-05-30 23:01 - 00209408 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll

2014-12-03 12:37 - 2014-05-30 23:01 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll

2014-12-03 12:37 - 2014-05-27 04:56 - 00323584 _____ (Microsoft Corporation) C:\windows\system32\DaOtpCredentialProvider.dll

2014-12-03 12:37 - 2014-05-27 04:53 - 00270848 _____ (Microsoft Corporation) C:\windows\SysWOW64\DaOtpCredentialProvider.dll

2014-12-03 12:37 - 2014-05-01 08:31 - 00055328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wpcfltr.sys

2014-12-03 12:36 - 2014-05-13 02:01 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\BulkOperationHost.exe

2014-12-03 12:36 - 2014-05-03 00:36 - 00997888 _____ (Microsoft Corporation) C:\windows\system32\reseteng.dll

2014-12-03 12:36 - 2014-05-03 00:19 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\ncobjapi.dll

2014-12-03 12:36 - 2014-05-03 00:08 - 00301056 _____ (Microsoft Corporation) C:\windows\system32\framedynos.dll

2014-12-03 12:36 - 2014-05-03 00:07 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\framedyn.dll

2014-12-03 12:36 - 2014-05-02 23:46 - 00052736 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncobjapi.dll

2014-12-03 12:36 - 2014-05-02 23:37 - 00235008 _____ (Microsoft Corporation) C:\windows\SysWOW64\framedynos.dll

2014-12-03 12:36 - 2014-05-02 23:37 - 00207360 _____ (Microsoft Corporation) C:\windows\SysWOW64\framedyn.dll

2014-12-03 12:36 - 2014-05-02 18:26 - 00050745 _____ () C:\windows\system32\srms.dat

2014-12-03 12:36 - 2014-04-30 01:43 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vwififlt.sys

2014-12-03 12:36 - 2014-04-30 01:41 - 00402432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys

2014-12-03 12:36 - 2014-04-30 01:41 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\agilevpn.sys

2014-12-03 12:36 - 2014-04-30 01:41 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vwifimp.sys

2014-12-03 12:36 - 2014-04-30 00:45 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\Robocopy.exe

2014-12-03 12:36 - 2014-04-29 23:48 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Robocopy.exe

2014-12-03 12:36 - 2014-04-29 23:24 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll

2014-12-03 12:36 - 2014-04-29 23:23 - 00353280 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore.dll

2014-12-03 12:36 - 2014-04-29 23:23 - 00271872 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll

2014-12-03 12:36 - 2014-04-29 23:23 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc.dll

2014-12-03 12:36 - 2014-04-29 23:14 - 00827392 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL

2014-12-03 12:36 - 2014-04-29 22:59 - 01063424 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL

2014-12-03 12:36 - 2014-04-29 22:46 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcore.dll

2014-12-03 12:36 - 2014-04-29 22:46 - 00229888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcore6.dll

2014-12-03 12:36 - 2014-04-29 22:46 - 00056320 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcsvc6.dll

2014-12-03 12:36 - 2014-04-29 22:45 - 00062976 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcsvc.dll

2014-12-03 12:36 - 2014-04-29 22:42 - 00403968 _____ (Microsoft Corporation) C:\windows\system32\vpnike.dll

2014-12-03 12:36 - 2014-04-28 17:40 - 00721408 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll

2014-12-03 12:36 - 2014-04-26 11:39 - 00339456 _____ (Microsoft Corporation) C:\windows\system32\bdesvc.dll

2014-12-03 12:36 - 2014-04-14 04:37 - 02125344 _____ (Microsoft Corporation) C:\windows\system32\d3d9.dll

2014-12-03 12:36 - 2014-04-14 03:08 - 01797896 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d9.dll

2014-12-03 12:36 - 2014-04-14 00:18 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d8thk.dll

2014-12-03 12:35 - 2014-06-19 20:48 - 01273184 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll

2014-12-03 12:35 - 2014-06-19 18:52 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll

2014-12-03 12:35 - 2014-06-12 20:15 - 00517528 _____ (Microsoft Corporation) C:\windows\system32\dxgi.dll

2014-12-03 12:35 - 2014-06-12 20:14 - 01557848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys

2014-12-03 12:35 - 2014-06-12 19:10 - 00406400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxgi.dll

2014-12-03 12:35 - 2014-06-06 06:34 - 02133504 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll

2014-12-03 12:34 - 2014-05-31 05:06 - 00555736 _____ (Microsoft Corporation) C:\windows\system32\twinapi.appcore.dll

2014-12-03 12:34 - 2014-05-30 21:37 - 01054208 _____ (Microsoft Corporation) C:\windows\system32\twinui.appcore.dll

2014-12-03 12:34 - 2014-05-30 21:35 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.appcore.dll

2014-12-03 12:33 - 2014-06-06 08:04 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll

2014-12-03 12:33 - 2014-06-06 07:18 - 00488960 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll

2014-12-03 12:33 - 2014-05-29 22:03 - 00563200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys

2014-12-03 12:33 - 2014-05-19 01:31 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\drvcfg.exe

2014-12-03 12:33 - 2014-05-19 01:21 - 00110592 _____ (Microsoft Corporation) C:\windows\system32\drvinst.exe

2014-12-03 12:33 - 2014-05-19 00:23 - 00098816 _____ (Microsoft Corporation) C:\windows\SysWOW64\drvinst.exe

2014-12-03 12:33 - 2014-05-01 00:24 - 02834944 _____ (Microsoft Corporation) C:\windows\system32\wpccpl.dll

2014-12-03 12:33 - 2014-04-29 23:43 - 01975296 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll

2014-12-03 12:33 - 2014-04-29 23:26 - 01345536 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll

2014-12-03 12:33 - 2014-04-29 22:47 - 01509888 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll

2014-12-03 12:29 - 2014-12-03 12:29 - 00000000 ____D () C:\Users\Deidra\AppData\Roaming\Screensaver Factory

2014-12-03 11:56 - 2014-12-03 12:42 - 00000000 ____D () C:\Users\Deidra\AppData\Roaming\Hightail for Lenovo

2014-12-03 11:56 - 2014-12-03 11:56 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf

2014-12-03 11:54 - 2014-12-09 13:17 - 00000000 ___DO () C:\Users\Deidra\OneDrive

2014-12-03 11:53 - 2014-12-09 13:29 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-818984236-3831732592-3455439087-1001

2014-12-03 11:49 - 2014-12-03 11:49 - 00000000 ____D () C:\Users\Deidra\AppData\Roaming\Intel Corporation

2014-12-03 11:48 - 2014-12-09 02:20 - 00000000 ____D () C:\Users\Deidra\AppData\Local\Pokki

2014-12-03 11:48 - 2014-12-08 21:03 - 00000000 ____D () C:\Users\Deidra\AppData\Local\Packages

2014-12-03 11:48 - 2014-12-07 20:55 - 00000000 ____D () C:\Users\Deidra

2014-12-03 11:48 - 2014-12-03 11:48 - 00001453 _____ () C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-12-03 11:48 - 2014-12-03 11:48 - 00000180 _____ () C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2014-12-03 11:48 - 2014-12-03 11:48 - 00000020 ___SH () C:\Users\Deidra\ntuser.ini

2014-12-03 11:48 - 2014-12-03 11:48 - 00000000 ____D () C:\Users\Deidra\AppData\Roaming\Macromedia

2014-12-03 11:48 - 2014-12-03 11:48 - 00000000 ____D () C:\Users\Deidra\AppData\Roaming\Intel

2014-12-03 11:48 - 2014-12-03 11:48 - 00000000 ____D () C:\Users\Deidra\AppData\Roaming\Adobe

2014-12-03 11:48 - 2014-12-03 11:48 - 00000000 ____D () C:\Users\Deidra\AppData\Local\VirtualStore

2014-12-03 11:48 - 2014-12-03 11:48 - 00000000 ____D () C:\Users\Deidra\AppData\Local\LenovoBrowserGuard

2014-12-03 11:48 - 2014-08-20 20:45 - 00000000 ___RD () C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-12-03 11:48 - 2014-03-18 05:05 - 00000000 ___RD () C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-12-03 11:48 - 2014-03-18 04:55 - 00000369 _____ () C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk

2014-12-03 11:48 - 2014-03-18 04:55 - 00000369 _____ () C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk

2014-12-03 11:48 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-12-03 11:48 - 2013-08-22 10:36 - 00000000 ____D () C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 13:22 - 2014-03-18 04:53 - 00865408 _____ () C:\windows\system32\PerfStringBackup.INI

2014-12-09 13:21 - 2014-08-20 20:41 - 01196518 _____ () C:\windows\WindowsUpdate.log

2014-12-09 13:17 - 2014-08-20 21:11 - 00010776 _____ () C:\windows\SysWOW64\VisualDiscovery.ini

2014-12-09 13:17 - 2014-08-20 21:11 - 00005296 _____ () C:\windows\SysWOW64\VisualDiscoveryOff.ini

2014-12-09 13:17 - 2014-08-20 21:11 - 00005296 _____ () C:\windows\system32\VisualDiscoveryOff.ini

2014-12-09 13:17 - 2014-08-20 21:11 - 00002560 _____ () C:\windows\system32\VfService.trf

2014-12-09 13:17 - 2014-03-18 04:44 - 00016862 _____ () C:\windows\PFRO.log

2014-12-09 13:17 - 2013-08-22 10:36 - 00000000 ___HD () C:\windows\ELAMBKUP

2014-12-09 13:17 - 2013-08-22 09:46 - 00024646 _____ () C:\windows\setupact.log

2014-12-09 13:17 - 2013-08-22 09:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-12-09 13:17 - 2013-08-22 08:25 - 00524288 ___SH () C:\windows\system32\config\BBI

2014-12-09 13:16 - 2014-03-18 04:38 - 00000000 ____D () C:\Program Files\Windows Journal

2014-12-09 13:16 - 2013-08-22 10:36 - 00000000 ___RD () C:\windows\ToastData

2014-12-09 13:16 - 2013-08-22 10:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel

2014-12-09 13:16 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-12-09 13:16 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-12-09 13:16 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\SysWOW64\setup

2014-12-09 13:16 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\SysWOW64\InputMethod

2014-12-09 13:16 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\setup

2014-12-09 13:16 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\AppReadiness

2014-12-09 13:16 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\oobe

2014-12-09 13:01 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sru

2014-12-08 14:37 - 2013-08-22 10:20 - 00000000 ____D () C:\windows\CbsTemp

2014-12-08 13:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2014-12-07 21:17 - 2014-08-20 21:09 - 00000000 ____D () C:\ProgramData\McAfee

2014-12-07 20:54 - 2014-08-20 21:11 - 00000000 ____D () C:\Program Files\Lenovo Yoga PhoneCompanion

2014-12-07 20:54 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\rescache

2014-12-07 20:54 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender

2014-12-07 20:54 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\Sysprep

2014-12-07 20:54 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\servicing

2014-12-07 20:53 - 2014-08-20 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hightail

2014-12-07 20:53 - 2014-08-20 21:07 - 00000000 ____D () C:\Users\Default\AppData\Local\Pokki

2014-12-07 20:53 - 2014-08-20 21:07 - 00000000 ____D () C:\Users\Default User\AppData\Local\Pokki

2014-12-07 20:53 - 2014-08-20 21:07 - 00000000 ____D () C:\ProgramData\Pokki

2014-12-07 20:53 - 2014-08-20 21:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office

2014-12-07 20:52 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\registration

2014-12-07 19:35 - 2013-08-22 08:25 - 00262144 ___SH () C:\windows\system32\config\ELAM

2014-12-03 23:15 - 2013-08-22 09:44 - 00346744 _____ () C:\windows\system32\FNTCACHE.DAT

2014-12-03 23:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-12-03 23:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-12-03 23:14 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\WinStore

2014-12-03 23:14 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\PolicyDefinitions

2014-12-03 23:14 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\MediaViewer

2014-12-03 23:14 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\FileManager

2014-12-03 23:14 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\Camera

2014-12-03 23:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-12-03 13:08 - 2014-08-20 21:12 - 00000000 ____D () C:\ProgramData\CyberLink

2014-12-03 11:55 - 2014-08-20 21:08 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo

2014-12-03 11:53 - 2014-08-20 20:48 - 00000000 ____D () C:\ProgramData\Intel

2014-12-03 11:52 - 2014-08-20 21:07 - 00000000 ____D () C:\ProgramData\Lenovo

2014-12-03 11:48 - 2014-08-20 21:38 - 00118107 ____H () C:\windows\modules.log

2014-12-03 11:48 - 2014-08-20 21:08 - 00000000 ____D () C:\Program Files (x86)\LenovoBrowserGuard

2014-12-03 11:48 - 2014-04-03 14:15 - 00000000 ____D () C:\windows\Panther

2014-11-20 15:51 - 2013-08-22 10:38 - 00714208 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-11-20 15:51 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:

====================

C:\Users\Deidra\AppData\Local\Temp\Quarantine.exe

C:\Users\Deidra\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-20 20:39

==================== End Of Log ============================

# AdwCleaner v4.104 - Report created 07/12/2014 at 18:55:39

# Updated 05/12/2014 by Xplode

# Database : 2014-12-07.1 [Live]

# Operating System : Windows 8.1 (64 bits)

# Username : Deidra - FLIPSY

# Running from : C:\Users\Deidra\AppData\Local\Microsoft\Windows\INetCache\IE\H3RO8K5Q\adwcleaner_4.104.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore

Folder Deleted : C:\Program Files (x86)\DriverRestore

Folder Deleted : C:\Users\Deidra\AppData\Local\Temp\Hold Page

Folder Deleted : C:\Users\Deidra\Documents\Optimizer Pro

File Deleted : C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal

File Deleted : C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D0232CC2-9906-451D-8D17-174CE262E070}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D0232CC2-9906-451D-8D17-174CE262E070}

Key Deleted : HKCU\Software\eSupport.com

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\DriverRestore

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\lenovobrowserguard\lenovobrowserguard\bin\spvc32loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v

[C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [4379 octets] - [07/12/2014 18:53:03]

AdwCleaner[S0].txt - [4085 octets] - [07/12/2014 18:55:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4145 octets] ##########

# AdwCleaner v4.105 - Report created 09/12/2014 at 13:16:07

# Updated 08/12/2014 by Xplode

# Database : 2014-12-08.2 [Live]

# Operating System : Windows 8.1 (64 bits)

# Username : Deidra - FLIPSY

# Running from : C:\Users\Deidra\Downloads\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

[#] Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

File Deleted : C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.best-deals-products.com_0.localstorage-journal

File Deleted : C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.best-deals-products.com_0.localstorage-journal

File Deleted : C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.best-deals-products.com_0.localstorage

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]

Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki

Key Deleted : HKCU\Software\Classes\Directory\shell\pokki

Key Deleted : HKCU\Software\Classes\Drive\shell\pokki

Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}