So, I wasn't paying attention last night and downloaded what I thought was Firefox from a non-Mozilla site, freegogo-download. I realized immediately what I'd done, and tried to remedy my mistake, probably rather ham-fistedly, and now I'm paranoid that there's something nasty lurking in the background. Here's what happened:
I tried to immediately uninstall the programs that downloaded: Driver Restore, PC Utility Pro, Optimizer Pro, Firefox Packages ... maybe something called Vosteran. That may not be a complete list of what I uninstalled because my notes were a bit panicky, and that last one may not have been something I uninstalled, but I saw it somewhere. (My notes aren't clear.) Everything appeared to uninstall okay, except "Firefox Packages," which would only give me a popup from an "uninstaller.exe" that didn't look legit.
I downloaded malwarebytes and adwcleaner, both of which found and quarantined a few things. I tried to download and use Norton Security Scan, but it just hung there and wouldn't work. Then I tried to download a 30-day trial of Norton Security, which seemed to be okay, but when I tried to scan, nothing happened. That's when I noticed that the security that came with this new laptop, McAfee and Windows Defender, were disabled and I couldn't enable them. So I did a system Restore.
I don't know how smart that was, but it appeared to get rid of everything I'd downloaded the last few days since I'd gotten the laptop. Appeared.
So I downloaded the 30-day trial of Norton Security again. And it worked this time. I ran a full scan and it found something called Bloodhound.MalPE.
Everything "seems" okay today, (apart from the fact that when I downloaded the real Firefox app for Windows 8.1, it didn't work.) but I really don't think I handled any of that properly and I just want to find out what I missed. I feel like there's something lurking. I got even more paranoid when I looked at the Norton history this afternoon and saw some "unauthorized access blocked" messages that may be perfectly normal, I don't know. If someone could take a look, I'd really appreciate it.
OTL created two text files, OTL.txt and Extras. txt. I'll post both.
OTL.txt:
OTL logfile created on: 12/8/2014 3:09:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Deidra\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17416)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.91 Gb Total Physical Memory | 3.71 Gb Available Physical Memory | 46.91% Memory free
9.79 Gb Paging File | 4.15 Gb Available in Paging File | 42.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.93 Gb Total Space | 144.52 Gb Free Space | 73.76% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 21.60 Gb Free Space | 86.40% Space Free | Partition Type: NTFS
Computer Name: FLIPSY | User Name: Deidra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/12/08 15:08:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Deidra\Downloads\OTL.exe
PRC - [2014/12/04 16:33:58 | 000,072,192 | ---- | M] () -- C:\Program Files\WindowsApps\Amazon.com.Amazon_3.1.2.7_neutral__343d40qqvtj1t\AmazonForWindowsWebview.exe
PRC - [2014/11/25 01:39:27 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/09/13 08:49:28 | 000,282,568 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.0.0.110\NS.exe
PRC - [2014/08/20 21:11:28 | 000,154,896 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
PRC - [2014/08/20 21:11:28 | 000,153,872 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
PRC - [2014/08/20 21:11:26 | 000,294,672 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
PRC - [2014/08/20 21:11:26 | 000,108,304 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
PRC - [2014/08/20 21:11:13 | 000,161,792 | ---- | M] () -- C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
PRC - [2014/08/20 21:11:10 | 000,249,872 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
PRC - [2014/06/21 13:13:06 | 001,354,296 | ---- | M] (Superfish, Inc.) -- C:\Program Files (x86)\Lenovo\VisualDiscovery\VisualDiscovery.exe
PRC - [2014/05/21 20:29:04 | 000,584,960 | ---- | M] (LENOVO INCORPORATED.) -- C:\Program Files\lenovo\iMController\SystemAgentService.exe
PRC - [2014/04/08 20:05:52 | 004,260,112 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe
PRC - [2014/03/26 14:37:04 | 001,165,688 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2014/03/26 14:36:30 | 001,206,648 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2014/03/18 04:55:25 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WWAHost.exe
PRC - [2014/02/24 18:39:42 | 001,479,944 | ---- | M] (PointGrab LTD) -- C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
PRC - [2014/02/24 18:39:40 | 000,512,776 | ---- | M] (PointGrab LTD) -- C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
PRC - [2013/12/12 20:57:54 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2013/11/07 19:12:28 | 005,545,448 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
PRC - [2013/08/08 15:25:18 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/08/08 15:25:12 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
PRC - [2013/08/07 16:24:00 | 000,287,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/08/07 16:24:00 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
========== Modules (No Company Name) ==========
MOD - [2014/12/08 13:28:02 | 000,869,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Web\e80741874129b38ff4bc85abedf8e4a2\Windows.Web.ni.dll
MOD - [2014/12/08 13:27:58 | 000,337,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Data\fe565d34d4335337c06264bb0d85e3b0\Windows.Data.ni.dll
MOD - [2014/12/08 13:27:45 | 000,797,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Networking\e1a2f3f274995f1f847c00f962657943\Windows.Networking.ni.dll
MOD - [2014/12/08 13:27:43 | 000,960,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI\6c2169e34bfb3814fa44f267572335f6\Windows.UI.ni.dll
MOD - [2014/12/08 13:27:42 | 000,228,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
MOD - [2014/12/08 13:27:42 | 000,133,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.System\7819e306c2c55c42f35a5fa10b93710f\Windows.System.ni.dll
MOD - [2014/12/08 13:27:39 | 000,808,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f0a2c10499402eff632a7a7df0b4afef\Windows.Storage.ni.dll
MOD - [2014/12/08 13:27:38 | 001,130,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\6e37f358bf8363dad51e2333292d61a9\Windows.ApplicationModel.ni.dll
MOD - [2014/12/08 13:27:37 | 003,530,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll
MOD - [2014/12/04 16:33:58 | 000,072,192 | ---- | M] () -- C:\Program Files\WindowsApps\Amazon.com.Amazon_3.1.2.7_neutral__343d40qqvtj1t\AmazonForWindowsWebview.exe
MOD - [2014/11/25 01:39:24 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
MOD - [2014/11/25 01:39:20 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
MOD - [2014/11/25 01:39:18 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
MOD - [2014/11/25 01:39:17 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
MOD - [2014/08/20 21:11:28 | 000,101,648 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll
MOD - [2014/08/20 21:11:26 | 000,294,672 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
MOD - [2014/08/20 21:11:26 | 000,108,304 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
MOD - [2014/08/20 21:11:26 | 000,102,672 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\3200\TransitionLib.dll
MOD - [2014/08/20 21:11:26 | 000,101,648 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
MOD - [2014/02/24 18:39:42 | 002,690,312 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterFilter.ax
========== Services (SafeList) ==========
SRV:64bit: - [2014/10/30 23:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/06 20:54:27 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/09/21 22:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/09/21 22:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/08/20 21:13:17 | 000,198,192 | ---- | M] (Lenovo(beijing) Limited) [Auto | Running] -- C:\Windows\SysNative\LenovoWiFiHotspotSvr.exe -- (LenovoWiFiHotspotSvr)
SRV:64bit: - [2014/08/20 21:11:10 | 000,328,720 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe -- (PhoneCompanionVap)
SRV:64bit: - [2014/08/20 21:11:10 | 000,249,872 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe -- (PhoneCompanionPusher)
SRV:64bit: - [2014/08/15 22:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/08/15 19:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/08/15 19:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/05/21 20:29:04 | 000,584,960 | ---- | M] (LENOVO INCORPORATED.) [Auto | Running] -- C:\Program Files\lenovo\iMController\SystemAgentService.exe -- (Lenovo System Agent Service)
SRV:64bit: - [2014/04/14 20:45:06 | 000,282,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV:64bit: - [2014/04/02 21:51:48 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/03/18 04:55:03 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/03/18 04:55:03 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/03/18 04:54:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/03/18 04:54:56 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/03/18 04:54:56 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/03/18 04:54:53 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/03/14 01:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/03/08 00:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/03/06 02:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/01/17 20:37:48 | 003,816,176 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2014/01/17 20:37:30 | 000,284,912 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2014/01/17 20:37:08 | 000,632,048 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2014/01/17 20:36:42 | 000,154,864 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2013/12/12 20:57:44 | 000,230,920 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe -- (NitroDriverReadSpool9)
SRV:64bit: - [2013/11/07 19:12:36 | 000,198,120 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV:64bit: - [2013/09/13 03:40:30 | 000,288,472 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2013/08/22 06:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 06:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 06:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 06:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 06:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 05:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 05:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 04:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 04:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 04:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 04:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 04:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 04:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 04:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 04:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/08/07 16:24:00 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2013/08/02 11:37:12 | 000,148,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyCriticalService.exe -- (DptfPolicyCriticalService)
SRV:64bit: - [2013/08/02 11:37:12 | 000,124,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyLpmService.exe -- (DptfPolicyLpmService)
SRV:64bit: - [2013/08/02 11:37:12 | 000,116,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService)
SRV:64bit: - [2013/08/02 11:37:12 | 000,115,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService)
SRV:64bit: - [2013/05/11 19:45:54 | 000,822,232 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/05/11 19:45:38 | 000,733,696 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/04/24 05:43:50 | 000,390,632 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV - [2014/10/15 07:46:07 | 000,282,568 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.0.2.17\NS.exe -- (NS)
SRV - [2014/08/20 21:11:28 | 000,070,416 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe -- (LsvUIService)
SRV - [2014/08/20 21:11:26 | 000,034,576 | ---- | M] (Lenovo) [Auto | Running] -- C:\ProgramData\LenovoTransition\Server\x64\ymc.exe -- (ymc)
SRV - [2014/08/20 21:11:25 | 000,068,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe -- (VeriFaceSrv)
SRV - [2014/08/15 22:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/06/21 13:13:06 | 001,354,296 | ---- | M] (Superfish, Inc.) [Auto | Running] -- C:\Program Files (x86)\Lenovo\VisualDiscovery\VisualDiscovery.exe -- (VisualDiscovery)
SRV - [2014/06/03 13:08:46 | 000,533,760 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe -- (Lenovo EasyPlus Hotspot)
SRV - [2014/04/14 20:45:10 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/04/08 20:05:52 | 004,260,112 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe -- (DAMSvc)
SRV - [2014/03/26 14:37:04 | 001,165,688 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2014/03/26 14:36:30 | 001,206,648 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2014/03/14 01:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/02/24 18:39:40 | 000,512,776 | ---- | M] (PointGrab LTD) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe -- (PG_Service_Launcher)
SRV - [2014/02/24 18:39:38 | 000,167,176 | ---- | M] (PointGrab LTD) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe -- (PGService)
SRV - [2014/01/06 17:14:12 | 000,019,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe -- (YogaPicks.AppService)
SRV - [2013/12/12 20:57:54 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2013/08/21 22:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 21:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/08/08 15:25:18 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/08/08 15:25:12 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/12/07 21:32:59 | 000,102,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/10/09 20:58:57 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/09/21 22:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/09/21 22:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/09/21 21:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/09/09 00:15:11 | 000,565,464 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NSx64\1600000.06E\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/09/09 00:15:10 | 001,151,704 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NSx64\1600020.011\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/09/09 00:15:10 | 000,023,568 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\NSx64\1600020.011\symelam.sys -- (SymELAM)
DRV:64bit: - [2014/09/09 00:15:09 | 000,490,712 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NSx64\1600020.011\symds64.sys -- (SymDS)
DRV:64bit: - [2014/09/09 00:05:40 | 000,271,576 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSx64\1600020.011\ironx64.sys -- (SymIRON)
DRV:64bit: - [2014/09/09 00:05:23 | 000,165,080 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSx64\1600020.011\ccsetx64.sys -- (ccSet_NS)
DRV:64bit: - [2014/09/09 00:05:05 | 001,016,024 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NSx64\1600000.06E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/09/09 00:05:05 | 000,042,200 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSx64\1600020.011\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2014/08/20 21:13:37 | 000,035,600 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2014/08/14 19:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/07/24 10:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/06/01 05:11:02 | 003,443,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwbw02.sys -- (NETwNb64)
DRV:64bit: - [2014/05/12 13:29:44 | 000,039,800 | ---- | M] (Superfish, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VDWFP64.sys -- (VDWFP)
DRV:64bit: - [2014/05/09 17:27:38 | 000,192,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibtusb.sys -- (ibtusb)
DRV:64bit: - [2014/05/01 08:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/04/22 13:47:46 | 001,424,184 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2014/04/01 01:23:41 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/03/26 14:37:38 | 000,140,600 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2014/03/19 22:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/18 04:54:57 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/03/18 04:54:54 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/03/18 04:54:43 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/03/18 04:54:43 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/03/18 04:54:42 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/03/18 04:54:42 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/03/18 04:54:42 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2014/03/18 04:54:42 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/03/18 04:54:42 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/03/18 04:54:42 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/03/18 04:54:42 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/03/18 04:54:42 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/03/18 04:38:02 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2014/03/13 07:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/08 15:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/03/06 20:26:42 | 000,450,520 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2014/03/06 20:18:22 | 003,729,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2014/03/01 15:32:31 | 000,038,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2014/03/01 15:32:31 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/12/30 22:27:36 | 001,527,712 | ---- | M] (Sunplus) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPUVCBv_x64.sys -- (SPUVCbv)
DRV:64bit: - [2013/08/28 22:42:56 | 000,524,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/08/28 22:42:56 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 07:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 07:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 07:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 06:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 06:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 06:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 06:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 06:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 06:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 06:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/08/08 19:06:40 | 000,021,920 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2013/08/08 19:06:40 | 000,021,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2013/08/08 15:25:14 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/08/07 19:01:32 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2013/08/07 19:01:24 | 000,029,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\INETMON.sys -- (INETMON)
DRV:64bit: - [2013/08/07 16:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/08/02 11:37:06 | 000,494,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfManager.sys -- (DptfManager)
DRV:64bit: - [2013/08/02 11:37:06 | 000,287,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevProc.sys -- (DptfDevProc)
DRV:64bit: - [2013/08/02 11:37:06 | 000,114,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevPch.sys -- (DptfDevPch)
DRV:64bit: - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/18 10:53:33 | 000,113,864 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88772.sys -- (AX88772)
DRV:64bit: - [2013/06/18 09:45:43 | 004,649,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwew02.sys -- (NETwNe64)
DRV:64bit: - [2013/06/18 09:45:26 | 000,460,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/06/13 19:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV - [2014/12/07 04:53:35 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20141207.020\ex64.sys -- (NAVEX15)
DRV - [2014/12/07 04:53:35 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/12/07 04:53:35 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20141207.020\eng64.sys -- (NAVENG)
DRV - [2014/12/05 18:33:54 | 000,637,656 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20141205.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/12/03 01:45:46 | 001,587,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20141203.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/08/27 01:08:34 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D0232CC2-9906-451D-8D17-174CE262E070}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D0232CC2-9906-451D-8D17-174CE262E070}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
http://home.lenovo.com [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {D0232CC2-9906-451D-8D17-174CE262E070}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.0.110\coFFPlgn\ [2014/12/07 22:46:00 | 000,000,000 | ---D | M]
[2014/12/07 22:15:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deidra\AppData\Roaming\mozilla\Extensions
========== Chrome ==========
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Deidra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013/08/22 08:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Norton Security\Engine64\22.0.0.110\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.0.0.110\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Norton Security\Engine64\22.0.0.110\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.0.0.110\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Norton Security\Engine64\22.0.0.110\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.0.0.110\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AutoStartTransition] C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe ()
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysNative\DptfPolicyLpmServiceHelper.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Energy Manager] C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo Utility] C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Yoga PhoneCompanion] C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe (Lenovo)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software LLC.)
O4 - HKLM..\Run: [Yoga Picks] C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe (Lenovo)
O4 - HKCU..\Run: [Pokki] "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69D4D24E-EABE-4D89-9D53-63772106FBD6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC7BA11C-B9A8-481A-B85E-8792CBC3E87C}: DhcpNameServer = 150.201.1.3
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll) - C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll (ClientConnect LTD)
O20 - AppInit_DLLs: (C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll) - C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll (ClientConnect LTD)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/12/08 00:13:30 | 001,151,704 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600020.011\symefa64.sys
[2014/12/08 00:13:30 | 001,016,024 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600020.011\srtsp64.sys
[2014/12/08 00:13:30 | 000,565,464 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600020.011\symnets.sys
[2014/12/08 00:13:30 | 000,490,712 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600020.011\symds64.sys
[2014/12/08 00:13:30 | 000,271,576 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600020.011\ironx64.sys
[2014/12/08 00:13:30 | 000,165,080 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600020.011\ccsetx64.sys
[2014/12/08 00:13:30 | 000,042,200 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600020.011\srtspx64.sys
[2014/12/08 00:13:30 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600020.011\symelam.sys
[2014/12/08 00:13:28 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NSx64\1600020.011
[2014/12/07 22:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/12/07 22:13:26 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Roaming\Mozilla
[2014/12/07 22:13:26 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\Mozilla
[2014/12/07 22:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/12/07 21:45:54 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\NPE
[2014/12/07 21:32:59 | 000,102,616 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/12/07 21:32:56 | 001,151,704 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600000.06E\SymEFA64.sys
[2014/12/07 21:32:56 | 001,016,024 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600000.06E\srtsp64.sys
[2014/12/07 21:32:56 | 000,565,464 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600000.06E\symnets.sys
[2014/12/07 21:32:56 | 000,490,712 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600000.06E\SymDS64.sys
[2014/12/07 21:32:56 | 000,271,576 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600000.06E\Ironx64.sys
[2014/12/07 21:32:56 | 000,165,080 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600000.06E\ccSetx64.sys
[2014/12/07 21:32:56 | 000,042,200 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600000.06E\srtspx64.sys
[2014/12/07 21:32:56 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSx64\1600000.06E\SymELAM.sys
[2014/12/07 21:32:29 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NSx64
[2014/12/07 21:32:29 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NSx64\1600000.06E
[2014/12/07 21:32:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
[2014/12/07 20:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/12/07 19:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2014/12/07 19:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security
[2014/12/07 18:52:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/12/07 18:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2014/12/07 18:24:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2014/12/07 18:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2014/12/07 18:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2014/12/07 17:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/12/07 17:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/12/07 17:38:16 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\Programs
[2014/12/07 17:02:00 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\AppData\Local\EmieBrowserModeList
[2014/12/04 22:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2014/12/04 15:32:31 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Roaming\Nitro PDF
[2014/12/04 15:28:48 | 000,000,000 | ---D | C] -- C:\Users\Deidra\Documents\Medical Arts
[2014/12/04 15:28:46 | 000,000,000 | ---D | C] -- C:\Users\Deidra\Documents\coop
[2014/12/03 22:27:09 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\Lenovo
[2014/12/03 13:10:05 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT
[2014/12/03 13:08:11 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\CyberLink
[2014/12/03 12:49:18 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\CrashDumps
[2014/12/03 12:42:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/12/03 12:42:05 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\Google
[2014/12/03 12:41:51 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\Deployment
[2014/12/03 12:41:51 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\Apps
[2014/12/03 12:41:29 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\AppData\Local\EmieUserList
[2014/12/03 12:41:29 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\AppData\Local\EmieSiteList
[2014/12/03 12:29:23 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Roaming\Screensaver Factory
[2014/12/03 11:56:58 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Roaming\Hightail for Lenovo
[2014/12/03 11:54:53 | 000,000,000 | ---D | C] -- C:\Users\Deidra\OneDrive
[2014/12/03 11:49:56 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Roaming\Intel Corporation
[2014/12/03 11:48:47 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Roaming\Macromedia
[2014/12/03 11:48:25 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\LenovoBrowserGuard
[2014/12/03 11:48:23 | 000,000,000 | R--D | C] -- C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/12/03 11:48:23 | 000,000,000 | R--D | C] -- C:\Users\Deidra\Searches
[2014/12/03 11:48:23 | 000,000,000 | R--D | C] -- C:\Users\Deidra\Contacts
[2014/12/03 11:48:23 | 000,000,000 | R--D | C] -- C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/12/03 11:48:23 | 000,000,000 | -H-D | C] -- C:\Users\Deidra\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/12/03 11:48:23 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\VirtualStore
[2014/12/03 11:48:23 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Roaming\Adobe
[2014/12/03 11:48:22 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\Packages
[2014/12/03 11:48:21 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\IntelGraphicsProfiles
[2014/12/03 11:48:21 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Roaming\Intel
[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\AppData\Local\Temporary Internet Files
[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\Templates
[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\Start Menu
[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\SendTo
[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\Recent
[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\PrintHood
[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\NetHood
[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\Documents\My Videos
[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\Documents\My Pictures
[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\Documents\My Music
[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\My Documents
[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\Local Settings
[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\AppData\Local\History
[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\Cookies
[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\Application Data
[2014/12/03 11:48:10 | 000,000,000 | -HSD | C] -- C:\Users\Deidra\AppData\Local\Application Data
[2014/12/03 11:48:07 | 000,000,000 | --SD | C] -- C:\Users\Deidra\AppData\Roaming\Microsoft
[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\Videos
[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\Saved Games
[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\Music
[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\Links
[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\Favorites
[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\Downloads
[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\Documents
[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\Desktop
[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/12/03 11:48:07 | 000,000,000 | R--D | C] -- C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/12/03 11:48:07 | 000,000,000 | -H-D | C] -- C:\Users\Deidra\AppData
[2014/12/03 11:48:07 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\Temp
[2014/12/03 11:48:07 | 000,000,000 | ---D | C] -- C:\Users\Deidra\Roaming
[2014/12/03 11:48:07 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\Pokki
[2014/12/03 11:48:07 | 000,000,000 | ---D | C] -- C:\Users\Deidra\Pictures
[2014/12/03 11:48:07 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Local\Microsoft
[2014/12/03 11:48:07 | 000,000,000 | ---D | C] -- C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
========== Files - Modified Within 30 Days ==========
[2014/12/08 14:49:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/08 14:45:14 | 150,994,944 | -HS- | M] () -- C:\swapfile.sys
[2014/12/08 14:37:36 | 002,952,975 | ---- | M] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\Cat.DB
[2014/12/08 13:00:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/12/07 22:49:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/07 22:48:53 | 000,865,408 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/12/07 22:48:53 | 000,738,346 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/12/07 22:48:53 | 000,138,624 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/12/07 22:45:21 | 000,002,310 | ---- | M] () -- C:\Users\Deidra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/12/07 22:45:21 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/07 22:43:49 | 2503,389,183 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/07 22:43:24 | 000,002,560 | ---- | M] () -- C:\windows\SysNative\VfService.trf
[2014/12/07 22:05:49 | 000,010,760 | ---- | M] () -- C:\windows\SysWow64\VisualDiscovery.ini
[2014/12/07 22:05:49 | 000,005,288 | ---- | M] () -- C:\windows\SysWow64\VisualDiscoveryOff.ini
[2014/12/07 22:05:49 | 000,005,288 | ---- | M] () -- C:\windows\SysNative\VisualDiscoveryOff.ini
[2014/12/07 21:32:59 | 000,102,616 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/12/07 21:32:59 | 000,008,214 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/12/07 21:32:59 | 000,002,748 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security.lnk
[2014/12/07 21:32:59 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/12/07 14:40:59 | 000,007,605 | ---- | M] () -- C:\Users\Deidra\AppData\Local\Resmon.ResmonCfg
[2014/12/03 23:15:42 | 000,346,744 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/12/03 12:01:03 | 000,001,447 | ---- | M] () -- C:\Users\Deidra\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/12/03 11:56:04 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/12/03 11:48:21 | 000,000,180 | ---- | M] () -- C:\windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2014/11/17 06:35:18 | 000,054,581 | ---- | M] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\VT20141117.003
========== Files Created - No Company Name ==========
[2014/12/08 00:13:30 | 000,009,939 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\symelam64.cat
[2014/12/08 00:13:30 | 000,008,258 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\symds64.cat
[2014/12/08 00:13:30 | 000,008,194 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\ccsetx64.cat
[2014/12/08 00:13:30 | 000,008,188 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\srtspx64.cat
[2014/12/08 00:13:30 | 000,008,186 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\symefa64.cat
[2014/12/08 00:13:30 | 000,008,184 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\symnet64.cat
[2014/12/08 00:13:30 | 000,008,184 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\srtsp64.cat
[2014/12/08 00:13:30 | 000,008,176 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\iron.cat
[2014/12/08 00:13:30 | 000,003,434 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\symefa.inf
[2014/12/08 00:13:30 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\symds.inf
[2014/12/08 00:13:30 | 000,001,442 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\symnet.inf
[2014/12/08 00:13:30 | 000,001,439 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\srtsp64.inf
[2014/12/08 00:13:30 | 000,001,421 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\srtspx64.inf
[2014/12/08 00:13:30 | 000,001,098 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\symelam.inf
[2014/12/08 00:13:30 | 000,000,854 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\ccsetx64.inf
[2014/12/08 00:13:30 | 000,000,767 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\iron.inf
[2014/12/08 00:13:28 | 000,042,291 | ---- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\symvtcer.dat
[2014/12/08 00:13:28 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NSx64\1600020.011\isolate.ini
[2014/12/07 22:45:21 | 000,002,286 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/07 22:44:46 | 000,000,912 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/07 22:44:46 | 000,000,908 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/07 21:41:21 | 000,054,581 | ---- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\VT20141117.003
[2014/12/07 21:33:00 | 002,952,975 | ---- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\Cat.DB
[2014/12/07 21:32:59 | 000,008,214 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/12/07 21:32:59 | 000,002,748 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security.lnk
[2014/12/07 21:32:59 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/12/07 21:32:34 | 000,003,434 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\SymEFA.inf
[2014/12/07 21:32:34 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\SymDS.inf
[2014/12/07 21:32:34 | 000,001,442 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\SymNet.inf
[2014/12/07 21:32:34 | 000,001,439 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\srtsp64.inf
[2014/12/07 21:32:34 | 000,001,421 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\srtspx64.inf
[2014/12/07 21:32:34 | 000,001,098 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\symELAM.inf
[2014/12/07 21:32:34 | 000,000,854 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\ccSetx64.inf
[2014/12/07 21:32:34 | 000,000,767 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\Iron.inf
[2014/12/07 21:32:32 | 000,042,291 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\SymVTcer.dat
[2014/12/07 21:32:31 | 000,009,939 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\SymELAM64.cat
[2014/12/07 21:32:31 | 000,008,184 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\symnet64.cat
[2014/12/07 21:32:30 | 000,008,258 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\SymDS64.cat
[2014/12/07 21:32:30 | 000,008,194 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\ccSetx64.cat
[2014/12/07 21:32:30 | 000,008,188 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\srtspx64.cat
[2014/12/07 21:32:30 | 000,008,186 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\SymEFA64.cat
[2014/12/07 21:32:30 | 000,008,184 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\srtsp64.cat
[2014/12/07 21:32:30 | 000,008,176 | R--- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\iron.cat
[2014/12/07 21:32:29 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NSx64\1600000.06E\isolate.ini
[2014/12/07 14:28:57 | 000,007,605 | ---- | C] () -- C:\Users\Deidra\AppData\Local\Resmon.ResmonCfg
[2014/12/04 15:28:52 | 004,036,720 | ---- | C] () -- C:\Users\Deidra\Documents\FS_Exercise_Guide.pdf
[2014/12/04 15:28:52 | 000,009,256 | ---- | C] () -- C:\Users\Deidra\Documents\House colors.odt
[2014/12/04 15:28:51 | 000,116,463 | ---- | C] () -- C:\Users\Deidra\Documents\2012 Year End Tax Package_02_11_2013.pdf
[2014/12/04 15:28:44 | 001,863,830 | ---- | C] () -- C:\Users\Deidra\Documents\p3_registration.bmp
[2014/12/04 15:28:44 | 001,050,446 | ---- | C] () -- C:\Users\Deidra\Documents\p1_feedback_1.bmp
[2014/12/04 15:28:44 | 001,046,654 | ---- | C] () -- C:\Users\Deidra\Documents\p1_feedback_2.bmp
[2014/12/04 15:28:44 | 000,465,846 | ---- | C] () -- C:\Users\Deidra\Documents\p1_registration.bmp
[2014/12/03 12:56:15 | 000,389,176 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2014/12/03 12:52:10 | 000,002,302 | ---- | C] () -- C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
[2014/12/03 12:42:46 | 000,002,310 | ---- | C] () -- C:\Users\Deidra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/12/03 12:36:44 | 000,050,745 | ---- | C] () -- C:\windows\SysNative\srms.dat
[2014/12/03 12:01:03 | 000,001,447 | ---- | C] () -- C:\Users\Deidra\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/12/03 11:56:04 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/12/03 11:48:23 | 000,001,453 | ---- | C] () -- C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/12/03 11:48:21 | 000,000,180 | ---- | C] () -- C:\windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2014/12/03 11:48:07 | 000,000,369 | ---- | C] () -- C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[2014/12/03 11:48:07 | 000,000,369 | ---- | C] () -- C:\Users\Deidra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[2014/12/03 11:48:07 | 000,000,352 | ---- | C] () -- C:\Users\Deidra\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/12/03 11:48:07 | 000,000,334 | ---- | C] () -- C:\Users\Deidra\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/08/20 21:11:59 | 000,010,760 | ---- | C] () -- C:\windows\SysWow64\VisualDiscovery.ini
[2014/08/20 21:11:59 | 000,005,288 | ---- | C] () -- C:\windows\SysWow64\VisualDiscoveryOff.ini
[2014/08/20 21:07:05 | 000,001,137 | ---- | C] () -- C:\windows\PEIS_PreloadData.ini
[2014/08/20 20:50:27 | 000,863,592 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/08/20 20:48:56 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/08/20 05:29:20 | 000,068,608 | ---- | C] () -- C:\windows\SysWow64\igfxexps32.dll
[2014/08/20 05:29:15 | 000,342,944 | ---- | C] () -- C:\windows\SysWow64\igdmd32.dll
[2014/08/20 05:29:11 | 000,183,296 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2014/08/20 05:29:11 | 000,142,848 | ---- | C] () -- C:\windows\SysWow64\igdail32.dll
[2014/08/20 05:24:45 | 000,004,411 | ---- | C] () -- C:\windows\SysWow64\DptfInvalidPolicyRemover.ini
[2014/03/18 04:55:08 | 000,002,255 | ---- | C] () -- C:\windows\SysWow64\WimBootCompress.ini
[2014/03/18 04:54:44 | 000,103,936 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/09/22 21:14:16 | 000,300,408 | ---- | C] () -- C:\windows\SysWow64\VCamPPage.dll
[2013/09/22 21:14:16 | 000,097,192 | ---- | C] () -- C:\windows\un_dext.exe
[2013/09/22 21:14:16 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe
[2013/09/22 21:14:16 | 000,014,478 | ---- | C] () -- C:\windows\TWAIN2080.ini
[2013/09/22 21:14:16 | 000,003,666 | ---- | C] () -- C:\windows\Dext_09.ini
[2013/09/22 21:14:16 | 000,003,044 | ---- | C] () -- C:\windows\Dext_04.ini
[2013/09/22 21:14:16 | 000,002,894 | ---- | C] () -- C:\windows\Dext_17.ini
[2013/09/22 21:14:16 | 000,002,836 | ---- | C] () -- C:\windows\Dext_2052.ini
[2013/09/22 21:14:16 | 000,002,443 | ---- | C] () -- C:\windows\remove.ini
[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2013/08/21 22:32:36 | 000,046,080 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2013/05/11 19:17:52 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
========== ZeroAccess Check ==========
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/08/30 19:15:33 | 021,197,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/30 17:59:13 | 018,723,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 04:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 21:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 04:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/12/03 12:42:45 | 000,000,000 | ---D | M] -- C:\Users\Deidra\AppData\Roaming\Hightail for Lenovo
[2014/12/08 13:47:23 | 000,000,000 | ---D | M] -- C:\Users\Deidra\AppData\Roaming\Nitro PDF
[2014/12/03 12:29:23 | 000,000,000 | ---D | M] -- C:\Users\Deidra\AppData\Roaming\Screensaver Factory
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 220 bytes -> C:\Users\Deidra\OneDrive:ms-properties
< End of report >
And here's the Extras.txt file:
OTL Extras logfile created on: 12/8/2014 3:09:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Deidra\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17416)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.91 Gb Total Physical Memory | 3.71 Gb Available Physical Memory | 46.91% Memory free
9.79 Gb Paging File | 4.15 Gb Available in Paging File | 42.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.93 Gb Total Space | 144.52 Gb Free Space | 73.76% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 21.60 Gb Free Space | 86.40% Space Free | Partition Type: NTFS
Computer Name: FLIPSY | User Name: Deidra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A9E923B1-4D02-4D4D-9913-5BA968596200}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{B803B192-D142-4876-9ED6-379EEB1E4492}" = lport=55100 | protocol=6 | dir=in | name=lenovo mobile phone wireless import |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{081C88C4-BC13-4599-909D-EFB694E152A5}" = dir=out | name=onenote |
"{0A052D64-506B-4A51-BED9-F5C9ED32402B}" = dir=out | name=dailymotion |
"{0B1B0AEB-40F7-41FD-90CD-63458B46E10A}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{0CF6E358-D285-45F5-89B4-4F8F29D913B1}" = dir=out | name=tripadvisor hotels flights restaurants |
"{0D7D7FDE-3061-47FE-9724-4B689BD6E8CD}" = dir=out | name=evernote touch |
"{1126FAD0-B290-4688-B077-3A8D3F40C3DD}" = dir=in | name=mcafee® central for lenovo |
"{12918473-087A-459B-B87F-35C787975F58}" = dir=in | name=yoga phone companion |
"{12A6AEAD-A4BC-4FC5-BD55-E4E2071CDDCD}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{1455624C-4857-40C6-8470-78450986793E}" = dir=out | name=zinio |
"{1C9C765F-F5D1-4E38-A6F3-DC7259FA9E6C}" = dir=in | app=c:\program files (x86)\lenovo\lenovo photo master\photoplus.exe |
"{1CD73AB0-5AF2-4C80-9643-29D6882CC63C}" = dir=out | name=@{microsoft.bingweather_3.0.4.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |
"{1D76DF4E-C8DA-4E38-AB2D-9C430A7D504A}" = dir=out | name=yoga phone companion |
"{1E06092E-73A0-490E-98C0-B82799C7BB30}" = dir=out | name=@{microsoft.zunevideo_2.6.408.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{2138A830-9484-4A38-80F3-C3CDF12A62CC}" = dir=out | name=kindle |
"{2F9DF80B-0942-40DB-BDA2-C5FE26B55143}" = dir=in | name=zinio |
"{321BF14C-029D-4768-9011-9A281D033A7A}" = dir=out | name=windows_ie_ac_001 |
"{3B5213C4-56BA-41E8-BC25-2776E76ACFD5}" = dir=out | name=intel® experience center |
"{40255A49-8C11-4BEB-9296-C6D007D0F670}" = dir=out | name=windows_ie_ac_001 |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{4D073124-FF84-472E-8BFD-10E1235E9B44}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{52F4C254-D44D-4631-92FE-AD1C8FDBFD6E}" = dir=out | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.115_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/whitelabel/app-name} |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{5B0E98C2-9797-49C7-B9FA-62C9E4390A55}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\shareit\shareit.exe |
"{5C3DA8C8-4199-46CA-8C37-D3E5E9013135}" = dir=out | name=free online games for lenovo |
"{5EABC0AA-5DA7-4A94-B69B-594CE3677302}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{6C9BFE23-29EE-45F8-94CF-20AA84971095}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{6E06F9CF-BB8F-41A2-9C4B-A70AF5C73968}" = dir=in | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.115_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/whitelabel/app-name} |
"{7BD658E2-CA4E-4E76-A38E-A729AD9AFBDE}" = dir=out | name=skype |
"{7D8E0C59-BD68-476D-A674-C38A2D032622}" = dir=out | name=@{microsoft.zunemusic_2.6.476.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{83D7DF47-FA03-47E1-928D-5699BBBA1FE4}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{8E25FA38-1258-4789-8EDC-5DC8DCFCF0EC}" = dir=out | name=mcafee® central for lenovo |
"{8FA12A77-FFF0-4B35-B123-2D09811E8C20}" = dir=out | name=hightail for lenovo |
"{923B406E-43B5-47D3-A2AD-3E10D611A0C2}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{9F5A49F2-BA0F-4E06-A6C5-53A007874E9C}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\shareit\shareit.exe |
"{A4E76E4F-3AD9-4C69-941B-307F6CA57D30}" = dir=out | name=yoga picks |
"{A74654A1-CFAD-42B1-B674-0E85F5FCD994}" = dir=out | name=@{microsoft.bingfinance_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{A9167C3D-40EA-40F9-8DD5-AEF47EDE7E36}" = dir=out | name=facebook |
"{A91ABB88-B8E0-4CAF-943D-EA086815401F}" = dir=out | name=amazon |
"{AA745C65-FE51-4492-A3A1-C889EB949369}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{B1E7590E-DBE6-4CF1-A3B8-DF89CBAF0FF4}" = dir=out | name=yoga camera man |
"{B1EE6AFA-1D94-4636-9A4B-5F37FEB90C7F}" = dir=in | name=skype |
"{B89EA8A9-846F-4522-8359-EB12E49C687E}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{B9190AC6-B60D-4A6F-A681-5564EA0DF59B}" = dir=out | name=yoga chef |
"{BE820CB5-2BF2-4E18-BB7E-59406D2737F0}" = dir=out | name=@{microsoft.bingtravel_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{BEEC08A9-C1E2-4876-8DC0-C49B75F7A533}" = dir=in | app=c:\program files\cyberlink\powerdirector10\pdr10.exe |
"{CD231983-1D37-4965-8FED-B887FBC206C2}" = dir=out | name=ebay |
"{CD32567B-59F9-429B-99B3-6C905C8F2575}" = dir=out | name=the telegraph for lenovo |
"{CE463EAA-6198-48E1-B706-C1433578C365}" = protocol=6 | dir=out | app=c:\program files\lenovo photomasterimport\photomasterimport.exe |
"{D563A42F-A597-487C-8921-DC19B618172C}" = dir=out | name=the weather channel for lenovo |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DE2E294A-1140-4A78-A6FA-745CFD29FE14}" = dir=in | name=evernote touch |
"{E253E30A-2B04-4E08-A93D-22AEAF93EF45}" = dir=out | name=onecalendar |
"{E32A56FB-3B0F-4CA6-9707-241E382F01DC}" = dir=out | name=lenovo support |
"{E58586A3-2E4C-4C1F-AF38-26D445E5DE25}" = dir=in | app=c:\program files (x86)\lenovo\lenovo photo master\subsys\advphotoeditor\photodirector5.exe |
"{E6C2B246-AB32-4884-8F4F-D82F2C69D289}" = dir=out | name=companion |
"{E8B229E6-84C1-47C5-8E32-E4ED1AE5DEA6}" = dir=in | name=onenote |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F78CA17D-6980-49A2-A362-BFBD5E6560A0}" = dir=in | name=the telegraph for lenovo |
"{FF2DEC5A-980D-4F0C-9AA2-4310E6BFDD14}" = dir=out | name=@{microsoft.bingnews_3.0.4.213_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0788641D-D31A-478D-BB34-C41564AE9F93}" = Dependency Package Update
"{09888C31-E15A-4E69-AF26-4BFCEE55821B}" = Intel® Experience Center Driver
"{0bdfb86d-484e-40d5-9def-5ebde377e270}" = Intel® PRO/Wireless Driver
"{0FAB5672-2C64-4192-B173-107DCF22F4FD}" = Update for Microsoft en-us Dictionary
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}" = Hightail for Lenovo
"{302600C1-6BDF-4FD1-1405-148929CC1385}" = Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1419.2)
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5252431C-288E-409D-ADCF-24407E0E6F70}" = Dependency Package Update
"{62DE858A-A2A5-452F-B067-C5F104358AD6}" = Intel® PROSet/Wireless WiFi Software
"{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}" = Nitro Pro 9
"{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}" = Dolby Digital Plus Home Theater
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89AFB053-A343-46EF-97E4-D593AD7184E6}" = Intel® Trusted Connect Service Client
"{92DA2455-E6C9-4EFF-9AFD-07C2C3B185DA}" = Intel® Smart Connect Technology
"{93F692D4-0C4D-4EED-9BFE-657C1D5959FE}" = Intel® Rapid Storage Technology
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}" = Dependency Package Update
"35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E" = Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776)
"6BCA401E9CBEED970D75F55FA5320F60D11984E9" = Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288)
"Lenovo Dependency Package_is1" = Lenovo Dependency Package
"Lenovo SmartVoice" = Lenovo Smart Voice
"Lenovo Transition" = Lenovo Transition
"Lenovo VeriFace" = Lenovo VeriFace
"LenovoExperienceImprovement" = Lenovo Experience Improvement
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03C682A4-05CD-4D22-B50A-B9C3C5F2B137}" = Lenovo Yoga 2 Demo
"{0B4726D2-6B18-47AE-91E3-64A304EE2A8A}" = Intel® Update Manager
"{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}" = Lenovo Yoga PhoneCompanion
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}" = Yoga Picks
"{2f4d8103-e601-4d48-b81d-d508d760aaba}" = Intel® PROSet/Wireless Software
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3608ec0a-56b4-4d9d-b038-9b3e51d72582}" = Intel® Experience Center Desktop Software
"{4693847A-7139-4CF4-B274-916C046C9E50}" = Dragon Assistant 3
"{532A5345-1A42-4C55-B56E-CE753D0BAA02}" = Dragon Assistant 3 Language Data Pack en_US
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC768037-7079-4658-AC24-2897650E0ABE}" = Energy Manager
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{BC94C56A-3649-420C-8756-2ADEBE399D33}" = Lenovo Photo Master
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}" = Metric Collection SDK 35
"{C73A16B7-AC35-4262-9BAF-DA9B2039A563}" = Intel Experience Center - Configuration
"{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}" = Lenovo Mobile Phone Wireless Import
"{E9325F15-6339-45E8-9DC4-C2D44B623039}" = Lenovo Motion Control
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = User Manuals
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C" = Intel® Dynamic Platform and Thermal Framework
"Google Chrome" = Google Chrome
"InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}" = Lenovo Yoga PhoneCompanion
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}" = Energy Manager
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}" = Lenovo Photo Master
"InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}" = Lenovo Mobile Phone Wireless Import
"InstallShield_{E9325F15-6339-45E8-9DC4-C2D44B623039}" = Lenovo Motion Control
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = User Manuals
"Lenovo FusionEngine" = Lenovo FusionEngine
"Lenovo SHAREit_is1" = Lenovo SHAREit
"LenovoBrowserGuard" = Lenovo Browser Guard
"NS" = Norton Security
"Sunplus SPUVCb" = Lenovo EasyCamera
"Superfish Inc. VisualDiscovery" = Superfish Inc. VisualDiscovery
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Pokki" = Host App Service
"Pokki_Start_Menu" = Start Menu
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/5/2014 9:32:43 PM | Computer Name = Flipsy | Source = Application Error | ID = 1000
Description = Faulting application name: HostAppServiceUpdater.exe, version: 1.0.0.0,
time stamp: 0x543d2d78 Faulting module name: HostAppServiceUpdater.exe, version:
1.0.0.0, time stamp: 0x543d2d78 Exception code: 0xc000041d Fault offset: 0x000000000005a753
Faulting
process id: 0x1a94 Faulting application start time: 0x01d00f791e54e84d Faulting application
path: C:\Users\Deidra\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe Faulting
module path: C:\Users\Deidra\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
Report
Id: c57e4beb-7ce7-11e4-825c-e82aead02aea Faulting package full name: Faulting package-relative
application ID:
Error - 12/5/2014 10:01:09 PM | Computer Name = Flipsy | Source = .NET Runtime | ID = 1026
Description =
Error - 12/5/2014 10:01:09 PM | Computer Name = Flipsy | Source = Application Error | ID = 1000
Description = Faulting application name: Facebook.exe, version: 0.0.0.1, time stamp:
0x53e2b340 Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.17129, time
stamp: 0x5376eb9b Exception code: 0xc0000005 Fault offset: 0x00000000009353b3 Faulting
process id: 0x1774 Faulting application start time: 0x01d00f7a90b962f5 Faulting application
path: C:\Program Files\WindowsApps\Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt\Facebook.exe
Faulting
module path: C:\Windows\System32\Windows.UI.Xaml.dll Report Id: be83c425-7ceb-11e4-825c-e82aead02aea
Faulting
package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt Faulting package-relative
application ID: App
Error - 12/5/2014 10:01:11 PM | Computer Name = Flipsy | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = App Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt+App did not launch
within its allotted time.
Error - 12/7/2014 7:39:04 PM | Computer Name = Flipsy | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = App Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt+App did not launch
within its allotted time.
Error - 12/7/2014 7:39:23 PM | Computer Name = Flipsy | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with
error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional
information.
Error - 12/7/2014 7:56:01 PM | Computer Name = Flipsy | Source = ISCTAgent | ID = 1000
Description = ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net
Detect Supported Error Getting Adapter List Error=0x80040302\n
Error - 12/7/2014 7:59:16 PM | Computer Name = Flipsy | Source = Application Hang | ID = 1002
Description = The program InstStub.exe version 4.1.0.28 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1eb4 Start
Time: 01d01279921428f8 Termination Time: 4294967295 Application Path: C:\Program
Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.1.0.28\InstStub.exe
Report
Id: 0c0a3ec2-7e6d-11e4-8260-da633b9451f8 Faulting package full name: Faulting package-relative
application ID:
Error - 12/7/2014 8:46:13 PM | Computer Name = Flipsy | Source = AVLogEvent | ID = 5003
Description =
Error - 12/7/2014 9:12:52 PM | Computer Name = Flipsy | Source = Application Hang | ID = 1002
Description = The program InstStub.exe version 4.1.0.28 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 3914 Start
Time: 01d01281e8766d75 Termination Time: 4294967295 Application Path: C:\Program
Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.1.0.28\InstStub.exe
Report
Id: 544fa352-7e77-11e4-8260-da633b9451f8 Faulting package full name: Faulting package-relative
application ID:
[ System Events ]
Error - 12/7/2014 7:55:40 PM | Computer Name = Flipsy | Source = Service Control Manager | ID = 7031
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 0 milliseconds: Restart the service.
Error - 12/7/2014 7:55:40 PM | Computer Name = Flipsy | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.
Error - 12/7/2014 7:55:40 PM | Computer Name = Flipsy | Source = Service Control Manager | ID = 7034
Description = The Bluetooth Device Monitor service terminated unexpectedly. It
has done this 1 time(s).
Error - 12/7/2014 7:55:40 PM | Computer Name = Flipsy | Source = Service Control Manager | ID = 7034
Description = The Bluetooth OBEX Service service terminated unexpectedly. It has
done this 1 time(s).
Error - 12/7/2014 7:55:40 PM | Computer Name = Flipsy | Source = Service Control Manager | ID = 7034
Description = The Intel® Rapid Storage Technology service terminated unexpectedly.
It has done this 1 time(s).
Error - 12/7/2014 7:55:40 PM | Computer Name = Flipsy | Source = Service Control Manager | ID = 7034
Description = The Intel® Dynamic Application Loader Host Interface Service service
terminated unexpectedly. It has done this 1 time(s).
Error - 12/7/2014 7:55:40 PM | Computer Name = Flipsy | Source = Service Control Manager | ID = 7034
Description = The Intel® Management and Security Application Local Management
Service service terminated unexpectedly. It has done this 1 time(s).
Error - 12/7/2014 7:56:00 PM | Computer Name = Flipsy | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll
Error - 12/7/2014 7:56:02 PM | Computer Name = Flipsy | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll
Error - 12/7/2014 7:56:02 PM | Computer Name = Flipsy | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll
< End of report >
Edited by Deevly, 08 December 2014 - 02:49 PM.