1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Possible malware virus

Discussion in 'Malware and Virus Removal Archive' started by franbiaggi, 2014/04/27.

Page 2 of 2
  1. 2014/05/04
    franbiaggi

    franbiaggi Inactive Thread Starter

    Joined:
    2014/04/26
    Messages:
    48
    Likes Received:
    0
    I had to start my laptop in safe mode. It never stopped, and never loaded. What do I do next?
     
    franbiaggi,
    #21
  2. 2014/05/05
    franbiaggi

    franbiaggi Inactive Thread Starter

    Joined:
    2014/04/26
    Messages:
    48
    Likes Received:
    0
    Hi, I don't know what happened last night but as stated in my earlier post yesterday. I started my computer in safe mode, and than shut it down properly. I was waiting on advice from you before doing anything. This morning I started the laptop up normally and it is back to normal now.

    Can you explain what happened, before I proceed to the next step.

    I do have a report that was created and it is below, but I am still worried. This laptop is only 1 month old.

    # AdwCleaner v3.207 - Report created 04/05/2014 at 22:02:43
    # Updated 05/05/2014 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : Fran - FRANCES
    # Running from : C:\Users\Fran\Downloads\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : qknfd

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files (x86)\Optimizer Pro
    Folder Deleted : C:\Users\Fran\Documents\Optimizer Pro
    File Deleted : C:\Users\Fran\AppData\Roaming\Mozilla\Firefox\Profiles\RluKgP.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
    File Deleted : C:\Users\Fran\AppData\Roaming\Mozilla\Firefox\Profiles\RluKgP.default\searchplugins\Mysearchdial.xml
    File Deleted : C:\Users\Fran\AppData\Roaming\Mozilla\Firefox\Profiles\RluKgP.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BrowseMark_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BrowseMark_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseMark_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseMark_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17041

    Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Mozilla Firefox v28.0 (en-US)

    [ File : C:\Users\Fran\AppData\Roaming\Mozilla\Firefox\Profiles\RluKgP.default\prefs.js ]

    Line Deleted : user_pref( "browser.search.order.1 ", "Mysearchdial ");
    Line Deleted : user_pref( "extensions.mysearchdial.AL ", 2);
    Line Deleted : user_pref( "extensions.mysearchdial.aflt ", "suma_14_15_ff ");
    Line Deleted : user_pref( "extensions.mysearchdial.appId ", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} ");
    Line Deleted : user_pref( "extensions.mysearchdial.cd ", "2XzuyEtN2Y1L1QzuyB0EyB0AzytCtC0EyBzytDyDzy0E0BtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByE0A0DtCzyyCzztGtCyBzzy[...]
    Line Deleted : user_pref( "extensions.mysearchdial.cntry ", "US ");
    Line Deleted : user_pref( "extensions.mysearchdial.cr ", "1327208569 ");
    Line Deleted : user_pref( "extensions.mysearchdial.dfltLng ", " ");
    Line Deleted : user_pref( "extensions.mysearchdial.dfltSrch ", true);
    Line Deleted : user_pref( "extensions.mysearchdial.dnsErr ", true);
    Line Deleted : user_pref( "extensions.mysearchdial.dpkLst ", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
    Line Deleted : user_pref( "extensions.mysearchdial.excTlbr ", false);
    Line Deleted : user_pref( "extensions.mysearchdial.hdrMd5 ", "0EC23D411BDF023C05C06033E5A987F8 ");
    Line Deleted : user_pref( "extensions.mysearchdial.hmpg ", true);
    Line Deleted : user_pref( "extensions.mysearchdial.hmpgUrl ", "hxxp://start.mysearchdial.com/?f=1&a=suma_14_15_ff&cd=2XzuyEtN2Y1L1QzuyB0EyB0AzytCtC0EyBzytDyDzy0E0BtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyE[...]
    Line Deleted : user_pref( "extensions.mysearchdial.id ", "7E7A911E79059EB2 ");
    Line Deleted : user_pref( "extensions.mysearchdial.instlDay ", "16174 ");
    Line Deleted : user_pref( "extensions.mysearchdial.instlRef ", "140305_a ");
    Line Deleted : user_pref( "extensions.mysearchdial.lastB ", "hxxp://start.mysearchdial.com/?f=1&a=suma_14_15_ff&cd=2XzuyEtN2Y1L1QzuyB0EyB0AzytCtC0EyBzytDyDzy0E0BtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtD[...]
    Line Deleted : user_pref( "extensions.mysearchdial.lastVrsnTs ", "1.8.29.04:10:16 ");
    Line Deleted : user_pref( "extensions.mysearchdial.newTabUrl ", "hxxp://start.mysearchdial.com/?f=2&a=suma_14_15_ff&cd=2XzuyEtN2Y1L1QzuyB0EyB0AzytCtC0EyBzytDyDzy0E0BtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutC[...]
    Line Deleted : user_pref( "extensions.mysearchdial.pnu_base ", "{\ "newVrsn\ ":\ "95\ ",\ "lastVrsn\ ":\ "95\ ",\ "vrsnLoad\ ":\ "\ ",\ "showMsg\ ":\ "false\ ",\ "showSilent\ ":\ "false\ ",\ "msgTs\ ":0,\ "lstMsgTs\ ":\ "0\ "} ");
    Line Deleted : user_pref( "extensions.mysearchdial.prdct ", "mysearchdial ");
    Line Deleted : user_pref( "extensions.mysearchdial.prtnrId ", "mysearchdial ");
    Line Deleted : user_pref( "extensions.mysearchdial.sg ", "none ");
    Line Deleted : user_pref( "extensions.mysearchdial.srchPrvdr ", "Mysearchdial ");
    Line Deleted : user_pref( "extensions.mysearchdial.tlbrId ", "base ");
    Line Deleted : user_pref( "extensions.mysearchdial.tlbrSrchUrl ", "hxxp://start.mysearchdial.com/?f=3&a=suma_14_15_ff&cd=2XzuyEtN2Y1L1QzuyB0EyB0AzytCtC0EyBzytDyDzy0E0BtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1Czu[...]
    Line Deleted : user_pref( "extensions.mysearchdial.vrsn ", "1.8.29.0 ");
    Line Deleted : user_pref( "extensions.mysearchdial.vrsni ", "1.8.29.0 ");
    Line Deleted : user_pref( "extensions.mysearchdial_i.newTab ", false);
    Line Deleted : user_pref( "extensions.mysearchdial_i.smplGrp ", "none ");
    Line Deleted : user_pref( "extensions.mysearchdial_i.vrsnTs ", "1.8.29.04:10:16 ");

    *************************

    AdwCleaner[R0].txt - [6187 octets] - [04/05/2014 22:02:09]
    AdwCleaner[S0].txt - [5717 octets] - [04/05/2014 22:02:43]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5777 octets] ##########
     
    franbiaggi,
    #22


  3. to hide this advert.

  4. 2014/05/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go on...
     
    broni,
    #23
  5. 2014/05/05
    franbiaggi

    franbiaggi Inactive Thread Starter

    Joined:
    2014/04/26
    Messages:
    48
    Likes Received:
    0
    Will do.
     
    franbiaggi,
    #24
  6. 2014/05/05
    franbiaggi

    franbiaggi Inactive Thread Starter

    Joined:
    2014/04/26
    Messages:
    48
    Likes Received:
    0
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Professional x64
    Ran by Fran on Mon 05/05/2014 at 18:07:17.00
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{03FD5B61-3A48-441D-92F2-A1410D72B58F}



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\Fran\AppData\Roaming\mozilla\firefox\profiles\RluKgP.default\minidumps [5 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 05/05/2014 at 18:13:42.02
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    franbiaggi,
    #25
  7. 2014/05/05
    franbiaggi

    franbiaggi Inactive Thread Starter

    Joined:
    2014/04/26
    Messages:
    48
    Likes Received:
    0
    OTL logfile created on: 5/5/2014 6:20:00 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fran\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17041)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.69 Gb Total Physical Memory | 5.38 Gb Available Physical Memory | 69.88% Memory free
    15.39 Gb Paging File | 12.82 Gb Available in Paging File | 83.32% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 449.38 Gb Total Space | 374.35 Gb Free Space | 83.30% Space Free | Partition Type: NTFS
    Drive Q: | 14.91 Gb Total Space | 3.53 Gb Free Space | 23.65% Space Free | Partition Type: NTFS

    Computer Name: FRANCES | User Name: Fran | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/05/05 18:19:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fran\Downloads\OTL.exe
    PRC - [2014/04/17 21:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Fran\AppData\Local\Akamai\netsession_win.exe
    PRC - [2014/02/28 13:47:32 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    PRC - [2014/02/28 13:38:22 | 005,545,328 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    PRC - [2014/02/28 13:36:20 | 000,271,728 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/09/27 02:03:32 | 001,720,696 | ---- | M] (SunplusIT, Inc.) -- C:\Program Files (x86)\Integrated Camera\Monitor.exe
    PRC - [2013/08/15 18:35:26 | 000,292,848 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    PRC - [2013/07/17 21:41:12 | 000,199,160 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
    PRC - [2013/07/17 21:41:04 | 000,074,232 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    PRC - [2013/07/17 21:41:02 | 000,296,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
    PRC - [2013/07/17 21:40:26 | 000,059,896 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
    PRC - [2013/07/17 10:02:00 | 001,668,904 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
    PRC - [2013/07/17 10:02:00 | 000,127,784 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
    PRC - [2013/07/16 18:21:02 | 000,059,384 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe
    PRC - [2013/07/16 18:21:00 | 000,056,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\QuickControl\QuickControlInput.exe
    PRC - [2013/07/16 18:20:56 | 000,237,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
    PRC - [2013/07/16 18:20:52 | 000,138,744 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
    PRC - [2013/07/10 14:23:10 | 001,694,080 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
    PRC - [2013/07/02 18:33:26 | 000,140,016 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
    PRC - [2013/06/28 18:32:46 | 000,100,712 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    PRC - [2013/06/25 12:01:18 | 001,132,920 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    PRC - [2013/06/18 14:24:30 | 000,366,552 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2013/06/18 14:24:18 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    PRC - [2013/06/17 22:08:56 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
    PRC - [2013/05/20 16:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
    PRC - [2013/05/16 00:06:24 | 000,568,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    PRC - [2013/04/23 18:50:50 | 001,366,392 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    PRC - [2013/04/23 18:50:46 | 001,153,400 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2013/03/07 00:49:22 | 000,110,144 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    PRC - [2012/12/05 11:04:40 | 000,125,504 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
    PRC - [2012/09/23 08:08:44 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
    PRC - [2012/08/25 15:33:26 | 000,127,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
    PRC - [2012/05/15 19:45:22 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
    PRC - [2011/06/16 17:00:28 | 000,315,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    PRC - [2010/10/25 14:53:46 | 000,145,920 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
    PRC - [2010/10/25 14:40:08 | 000,058,936 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/04/19 03:03:31 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
    MOD - [2014/04/19 03:03:29 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
    MOD - [2014/04/19 03:03:28 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
    MOD - [2014/04/19 03:03:28 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
    MOD - [2014/04/19 03:03:27 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
    MOD - [2014/04/19 03:03:27 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
    MOD - [2014/04/19 03:03:23 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
    MOD - [2014/04/12 05:09:31 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
    MOD - [2014/04/12 04:27:27 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b34b348a9935338b1282fd0c9309eb1f\System.ServiceProcess.ni.dll
    MOD - [2014/04/12 04:27:21 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll
    MOD - [2014/04/12 04:27:17 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
    MOD - [2014/04/12 04:27:02 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\553e7bfc9cac5e4feaa83d8ee1e187bd\System.Runtime.Serialization.Formatters.Soap.ni.dll
    MOD - [2014/04/12 04:27:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
    MOD - [2014/04/12 04:26:57 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7c233151b685c540524f87931632423a\System.Deployment.ni.dll
    MOD - [2014/04/12 04:26:57 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
    MOD - [2014/04/12 04:26:54 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
    MOD - [2014/04/12 04:26:51 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
    MOD - [2014/04/12 04:26:41 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
    MOD - [2014/04/12 04:26:36 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
    MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2013/03/07 00:52:00 | 000,015,424 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    MOD - [2013/03/07 00:49:06 | 000,626,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    MOD - [2012/05/30 02:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
    MOD - [2010/10/25 14:36:22 | 000,119,864 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\NativeUtils.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Lenovo\Fingerprint Manager Pro\cachesrvr.exe -- (Cachedrv server)
    SRV:64bit: - [2014/04/01 23:54:01 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2014/03/30 03:43:28 | 002,211,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
    SRV:64bit: - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2014/02/27 02:52:12 | 000,068,440 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
    SRV:64bit: - [2014/02/20 10:27:00 | 000,088,064 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe -- (omniserv)
    SRV:64bit: - [2014/02/19 20:29:40 | 001,662,424 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe -- (LSCWinService)
    SRV:64bit: - [2013/10/28 05:31:56 | 000,040,848 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\valWBFPolicyService.exe -- (valWBFPolicyService)
    SRV:64bit: - [2013/10/11 16:42:42 | 003,671,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
    SRV:64bit: - [2013/10/11 16:42:20 | 000,284,912 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2013/10/11 16:41:56 | 000,631,024 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2013/10/11 16:41:28 | 000,154,864 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2013/07/17 21:41:12 | 000,199,160 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM)
    SRV:64bit: - [2013/07/17 21:41:04 | 000,074,232 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
    SRV:64bit: - [2013/07/17 21:40:26 | 000,059,896 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
    SRV:64bit: - [2013/06/20 19:49:36 | 000,049,920 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
    SRV:64bit: - [2013/06/17 22:08:50 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
    SRV:64bit: - [2013/05/16 00:09:02 | 000,125,432 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
    SRV:64bit: - [2013/05/11 20:45:54 | 000,822,232 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
    SRV:64bit: - [2013/05/11 20:45:38 | 000,733,696 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
    SRV:64bit: - [2013/04/15 18:45:08 | 000,182,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
    SRV:64bit: - [2012/12/05 11:04:40 | 000,125,504 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
    SRV:64bit: - [2012/09/26 20:27:57 | 000,126,880 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
    SRV:64bit: - [2012/08/25 15:33:26 | 000,127,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
    SRV:64bit: - [2012/08/10 23:49:38 | 000,136,288 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2014/04/29 12:36:12 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/04/18 08:39:35 | 000,148,272 | ---- | M] (Nok Nok Labs Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe -- (omaham)
    SRV - [2014/04/18 08:39:35 | 000,148,272 | ---- | M] (Nok Nok Labs Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe -- (omaha)
    SRV - [2014/03/15 04:40:31 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/02/28 13:47:32 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
    SRV - [2014/02/28 13:36:20 | 000,271,728 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
    SRV - [2014/02/28 11:32:36 | 000,174,368 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe -- (iumsvc)
    SRV - [2014/02/21 13:39:52 | 000,024,120 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
    SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/08/18 15:57:02 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
    SRV - [2013/07/17 10:02:00 | 001,668,904 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
    SRV - [2013/07/17 10:02:00 | 001,664,808 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
    SRV - [2013/07/17 10:02:00 | 000,320,576 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
    SRV - [2013/07/16 18:21:02 | 000,059,384 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe -- (QuickControlMasterSvc)
    SRV - [2013/07/16 18:20:52 | 000,138,744 | ---- | M] (Lenovo Group Limited) [On_Demand | Running] -- C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe -- (QuickControlService)
    SRV - [2013/07/02 18:33:26 | 000,140,016 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService)
    SRV - [2013/06/25 12:01:18 | 001,132,920 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
    SRV - [2013/06/18 14:24:30 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2013/06/18 14:24:18 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
    SRV - [2013/06/17 22:08:56 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
    SRV - [2013/05/20 16:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
    SRV - [2013/04/23 18:50:50 | 001,366,392 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
    SRV - [2013/04/23 18:50:46 | 001,153,400 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/09/23 08:08:44 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)
    SRV - [2010/10/25 14:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2014/05/05 06:27:59 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
    DRV:64bit: - [2014/04/02 00:38:05 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2014/03/16 22:41:40 | 000,553,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2014/03/16 22:41:38 | 000,031,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
    DRV:64bit: - [2014/02/27 02:52:12 | 000,057,144 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
    DRV:64bit: - [2013/10/14 07:24:06 | 003,599,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw02.sys -- (NETwNs64)
    DRV:64bit: - [2013/10/09 05:00:06 | 001,515,256 | ---- | M] (Sunplus) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPUVCBv_x64.sys -- (SPUVCbv)
    DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2013/08/28 15:03:28 | 000,114,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibtusb.sys -- (ibtusb)
    DRV:64bit: - [2013/08/18 15:56:56 | 004,448,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2013/08/18 15:56:44 | 000,452,088 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2013/08/15 18:34:44 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
    DRV:64bit: - [2013/08/15 18:34:38 | 000,790,000 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
    DRV:64bit: - [2013/08/15 18:34:36 | 000,368,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
    DRV:64bit: - [2013/08/08 16:26:50 | 001,385,272 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
    DRV:64bit: - [2013/08/01 22:40:04 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
    DRV:64bit: - [2013/08/01 22:39:58 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
    DRV:64bit: - [2013/07/26 15:24:22 | 000,035,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
    DRV:64bit: - [2013/07/26 15:24:22 | 000,025,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
    DRV:64bit: - [2013/07/24 18:53:12 | 000,423,128 | ---- | M] (Realsil Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPer.sys -- (RTSPER)
    DRV:64bit: - [2013/07/17 10:02:00 | 000,029,512 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
    DRV:64bit: - [2013/07/17 10:02:00 | 000,020,736 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
    DRV:64bit: - [2013/07/02 18:33:26 | 000,056,048 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Fastboot.sys -- (Fastboot)
    DRV:64bit: - [2013/06/20 22:36:54 | 000,206,744 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb3Hub.sys -- (usb3Hub)
    DRV:64bit: - [2013/06/20 19:49:36 | 000,150,272 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
    DRV:64bit: - [2013/06/20 19:49:36 | 000,025,856 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
    DRV:64bit: - [2013/06/18 14:24:20 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2013/05/22 17:25:28 | 001,139,800 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\SymEFA64.sys -- (SymEFA)
    DRV:64bit: - [2013/05/20 17:02:00 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\SymDS64.sys -- (SymDS)
    DRV:64bit: - [2013/05/15 17:02:14 | 000,796,760 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2013/05/06 19:44:24 | 000,495,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1d62x64.sys -- (e1dexpress)
    DRV:64bit: - [2013/04/24 12:43:56 | 000,433,752 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS)
    DRV:64bit: - [2013/04/23 18:50:24 | 000,132,920 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
    DRV:64bit: - [2013/04/15 18:38:30 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
    DRV:64bit: - [2013/04/15 18:38:30 | 000,021,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
    DRV:64bit: - [2013/04/15 18:38:30 | 000,021,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
    DRV:64bit: - [2013/04/15 14:41:14 | 000,169,048 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccSetx64.sys -- (ccSet_NIS)
    DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2013/03/04 13:40:08 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\Ironx64.sys -- (SymIRON)
    DRV:64bit: - [2013/03/04 13:21:36 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2013/02/11 15:12:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2013/02/11 15:12:41 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2013/02/11 14:51:41 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/08/10 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2011/12/26 05:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
    DRV:64bit: - [2011/12/08 13:59:52 | 000,027,432 | ---- | M] (ThinkVantage Communications Utility) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvtvcamd.sys -- (tvtvcamd)
    DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2014/04/10 16:27:42 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20140502.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2014/04/10 04:59:18 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20140504.023\ex64.sys -- (NAVEX15)
    DRV - [2014/04/10 04:59:18 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2014/04/10 04:59:18 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2014/04/10 04:59:18 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20140504.023\eng64.sys -- (NAVENG)
    DRV - [2014/03/19 01:34:28 | 001,525,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20140409.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2013/07/22 13:52:00 | 000,014,776 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\omnismi.sys -- (OMNISMI)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {03FD5B61-3A48-441D-92F2-A1410D72B58F}
    IE:64bit: - HKLM\..\SearchScopes\{03FD5B61-3A48-441D-92F2-A1410D72B58F}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=suma_14_15_ff&cd=2XzuyEtN2Y1L1QzuyB0EyB0AzytCtC0EyBzytDyDzy0E0BtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByE0A0DtCzyyCzztGtCyBzzyBtGtA0E0AtBtGyB0B0DzytGyEyEzyyBzzyD0AyC0B0AtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AzyyDyCyByDtCtG0DtCzztCtG0EtDtAtAtGtA0B0AtBtGyD0F0FyEtD0ByB0FtBtAyCyE2Q&cr=1327208569&ir=
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{03FD5B61-3A48-441D-92F2-A1410D72B58F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-4065321461-2584107650-4023800129-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com [binary data]
    IE - HKU\S-1-5-21-4065321461-2584107650-4023800129-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-4065321461-2584107650-4023800129-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-4065321461-2584107650-4023800129-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4065321461-2584107650-4023800129-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
    FF - prefs.js..network.proxy.type: 1
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
    FF - HKLM\Software\MozillaPlugins\@update.noknok.com/Nok Nok Labs MFACUpdater;version=3: C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll (Nok Nok Labs Inc.)
    FF - HKLM\Software\MozillaPlugins\@update.noknok.com/Nok Nok Labs MFACUpdater;version=9: C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll (Nok Nok Labs Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FIDOaddon@noknok.com: C:\PROGRAM FILES\NOK NOK LABS\MULTIFACTOR AUTHENTICATION CLIENT\BIN\FIREFOX\X86\FIDOADDON [2014/04/18 08:39:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFF [2014/04/11 20:54:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\ [2014/05/05 06:27:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FIDOaddon@noknok.com: C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon [2014/04/18 08:39:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions
     
    franbiaggi,
    #26
  8. 2014/05/05
    franbiaggi

    franbiaggi Inactive Thread Starter

    Joined:
    2014/04/26
    Messages:
    48
    Likes Received:
    0
    2nd half

    \\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2014/04/11 00:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fran\AppData\Roaming\Mozilla\Extensions
    [2014/05/04 22:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fran\AppData\Roaming\Mozilla\Firefox\Profiles\RluKgP.default\extensions
    [2014/04/14 05:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2014/04/11 00:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2014/04/11 00:55:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    O1 HOSTS File: ([2014/05/02 16:50:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
    O4:64bit: - HKLM..\Run: [MFACApp] C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe (Nok Nok Labs, Inc.)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
    O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo)
    O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
    O4 - HKLM..\Run: [Integrated Camera_Monitor] C:\Program Files (x86)\Integrated Camera\monitor.exe (SunplusIT, Inc.)
    O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
    O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
    O4 - HKLM..\Run: [ToolboxFX] C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
    O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.)
    O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
    O4 - HKU\S-1-5-21-4065321461-2584107650-4023800129-1000..\Run: [Akamai NetSession Interface] C:\Users\Fran\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4065321461-2584107650-4023800129-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4065321461-2584107650-4023800129-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
    O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6169C3F1-4983-4C51-BCD0-1679CAEA0B87}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\osf - No CLSID value found
    O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/05/05 18:07:13 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/05/04 22:02:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/05/04 21:11:25 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Word Labels
    [2014/05/04 21:11:24 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Wedding Backs & Fronts
    [2014/05/04 21:11:23 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Vincent Resume
    [2014/05/04 21:11:23 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Taxes2014
    [2014/05/04 21:11:23 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Tax Docs 2013
    [2014/05/04 21:11:23 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Sugar Scrubs
    [2014/05/04 21:10:47 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\soap pictures
    [2014/05/04 21:10:46 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\scotts resume
    [2014/05/04 21:10:42 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Savys Recital
    [2014/05/04 21:10:39 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Pink
    [2014/05/04 21:10:38 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Pictures for Invites
    [2014/05/04 21:09:36 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Paper Digital
    [2014/05/04 21:09:35 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Originals
    [2014/05/04 21:09:31 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Old pictures
    [2014/05/04 21:09:30 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Old Pics 2
    [2014/05/04 21:09:21 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\New Soap Pics
    [2014/05/04 21:09:21 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\mikes resumes
    [2014/05/04 21:09:09 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Mikes New REsumes
    [2014/05/04 21:08:48 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Lucinda Basset Sessions 1 8
    [2014/05/04 21:08:39 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Logo
    [2014/05/04 21:08:39 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Labels
    [2014/05/04 21:08:27 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Green Essentials
    [2014/05/04 21:08:22 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\fran images
    [2014/05/04 21:08:11 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Fran
    [2014/05/04 21:08:10 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Fonts
    [2014/05/04 21:08:08 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Document
    [2014/05/04 21:08:07 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Car Crash
    [2014/05/04 21:08:07 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Aromo HangerPNG
    [2014/05/04 21:08:07 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\ADS
    [2014/05/04 20:01:45 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\ElevatedDiagnostics
    [2014/05/02 16:52:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/05/02 16:41:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/05/02 16:41:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/05/02 16:41:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/05/02 16:33:08 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/05/02 16:32:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2014/04/30 10:52:30 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Roaming\Apple Computer
    [2014/04/30 10:52:30 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\Apple Computer
    [2014/04/30 10:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2014/04/30 10:52:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
    [2014/04/30 10:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2014/04/30 10:52:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2014/04/30 10:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2014/04/30 10:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2014/04/30 10:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2014/04/30 10:05:36 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\Apple
    [2014/04/30 10:05:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2014/04/30 10:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2014/04/30 10:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2014/04/30 10:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2014/04/30 10:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
    [2014/04/30 10:05:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
    [2014/04/30 07:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2014/04/30 07:13:21 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/04/30 07:12:30 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/04/30 07:12:28 | 000,000,000 | ---D | C] -- C:\Users\Fran\Desktop\mbar
    [2014/04/30 07:08:42 | 000,000,000 | -HSD | C] -- C:\Users\Fran\AppData\Local\EmieUserList
    [2014/04/30 07:08:42 | 000,000,000 | -HSD | C] -- C:\Users\Fran\AppData\Local\EmieSiteList
    [2014/04/30 07:01:06 | 000,000,000 | ---D | C] -- C:\Users\Fran\Desktop\RK_Quarantine
    [2014/04/29 07:27:28 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\Apps
    [2014/04/27 07:55:44 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Roaming\Malwarebytes
    [2014/04/27 07:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2014/04/27 07:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/04/27 07:55:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2014/04/27 07:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2014/04/26 10:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
    [2014/04/26 10:39:02 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
    [2014/04/19 09:04:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
    [2014/04/18 08:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nok Nok Labs
    [2014/04/18 08:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Nok Nok Labs
    [2014/04/16 19:23:48 | 000,000,000 | ---D | C] -- C:\Windows\Migration
    [2014/04/15 22:26:34 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Roaming\HpUpdate
    [2014/04/15 22:26:33 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Roaming\Hewlett-Packard Company
    [2014/04/15 22:25:57 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
    [2014/04/15 22:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
    [2014/04/15 22:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
    [2014/04/15 22:24:40 | 000,305,664 | ---- | C] (Hewlett Packard Corporation) -- C:\Windows\SysWow64\hpcc3103.dll
    [2014/04/15 22:23:17 | 000,000,000 | ---D | C] -- C:\CP1520_Series_Full_Solution
    [2014/04/15 22:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
    [2014/04/15 22:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    [2014/04/15 22:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
    [2014/04/15 22:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
    [2014/04/15 22:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2014/04/15 22:13:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
    [2014/04/15 22:13:21 | 000,000,000 | ---D | C] -- C:\LJP1100_P1560_P1600_Full_Solution
    [2014/04/15 21:42:46 | 000,000,000 | ---D | C] -- C:\Users\Fran\Documents\Custom Office Templates
    [2014/04/15 21:39:03 | 000,000,000 | R--D | C] -- C:\MSOCache
    [2014/04/14 20:52:43 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Roaming\Nitro
    [2014/04/14 20:52:43 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Roaming\FileOpen
    [2014/04/14 20:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
    [2014/04/14 05:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
    [2014/04/14 05:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
    [2014/04/14 04:10:48 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\IsolatedStorage
    [2014/04/14 04:10:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0D840360-FAC8-45E3-8244-E235EB1E30AA}
    [2014/04/13 20:35:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
    [2014/04/12 20:59:39 | 000,000,000 | ---D | C] -- C:\Users\Fran\Desktop\WD Programs
    [2014/04/12 05:51:14 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\Western Digital
    [2014/04/12 05:51:10 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\Western_Digital_Technolog
    [2014/04/12 05:51:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloads
    [2014/04/12 05:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Western Digital
    [2014/04/12 05:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
    [2014/04/12 05:50:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
    [2014/04/12 05:50:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Western Digital
    [2014/04/12 05:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
    [2014/04/12 05:25:41 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Roaming\LSC
    [2014/04/12 05:13:11 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Roaming\Nitro PDF
    [2014/04/12 04:57:04 | 000,000,000 | ---D | C] -- C:\drivers
    [2014/04/12 04:54:43 | 000,000,000 | ---D | C] -- C:\Users\Fran\Desktop\Biaggi
    [2014/04/12 04:48:31 | 000,000,000 | ---D | C] -- C:\Users\Fran\Desktop\Paper Digital
    [2014/04/12 04:47:27 | 000,000,000 | ---D | C] -- C:\Users\Fran\Desktop\Mikes New REsumes
    [2014/04/12 04:39:28 | 000,000,000 | ---D | C] -- C:\Users\Fran\Desktop\Photoshop
    [2014/04/12 04:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
    [2014/04/12 04:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2014/04/12 04:29:02 | 000,056,336 | ---- | C] (Corel Corporation) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
    [2014/04/12 04:29:02 | 000,011,376 | ---- | C] (Corel Corporation) -- C:\Windows\SysNative\drivers\cdralw2k.sys
    [2014/04/12 04:29:02 | 000,010,864 | ---- | C] (Corel Corporation) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
    [2014/04/12 04:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
    [2014/04/12 04:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
    [2014/04/12 04:18:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
    [2014/04/12 04:18:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
    [2014/04/12 04:02:21 | 000,000,000 | ---D | C] -- C:\Users\Fran\Desktop\Adobe Photoshop Elements 11
    [2014/04/12 03:58:48 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\Akamai
    [2014/04/12 03:19:00 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\CrashDumps
    [2014/04/11 21:47:24 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\Macromedia
    [2014/04/11 21:01:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
    [2014/04/11 21:01:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2014/04/11 20:53:03 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Roaming\SoapMakerData
    [2014/04/11 20:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoapMaker3
    [2014/04/11 20:52:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoapMaker3
    [2014/04/11 20:51:50 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\Downloaded Installations
    [2014/04/11 20:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
    [2014/04/11 20:43:07 | 000,000,000 | R--D | C] -- C:\Users\Fran\SkyDrive
    [2014/04/11 20:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
    [2014/04/11 20:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2014/04/11 20:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    [2014/04/11 20:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
    [2014/04/11 01:08:50 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Roaming\PwrMgr
    [2014/04/11 01:00:28 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\Adobe
    [2014/04/11 01:00:13 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\LSC
    [2014/04/11 00:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Validity Sensors
    [2014/04/11 00:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
    [2014/04/11 00:57:10 | 000,553,200 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
    [2014/04/11 00:57:10 | 000,254,192 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
    [2014/04/11 00:57:10 | 000,208,112 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo20.dll
    [2014/04/11 00:57:03 | 000,404,720 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCom.dll
    [2014/04/11 00:57:01 | 000,031,472 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys
    [2014/04/11 00:55:58 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\Mozilla
    [2014/04/11 00:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2014/04/11 00:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2014/04/11 00:55:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2014/04/11 00:55:31 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\Programs
    [2014/04/11 00:50:18 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\Lenovo
    [2014/04/11 00:50:16 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Roaming\Leadertech
    [2014/04/11 00:50:13 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Roaming\Mozilla
    [2014/04/11 00:50:12 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\Nok Nok Labs
    [2014/04/11 00:50:11 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Roaming\Lenovo
    [2014/04/11 00:49:56 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Roaming\Adobe
    [2014/04/11 00:49:52 | 000,000,000 | R--D | C] -- C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2014/04/11 00:49:52 | 000,000,000 | R--D | C] -- C:\Users\Fran\Searches
    [2014/04/11 00:49:52 | 000,000,000 | R--D | C] -- C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2014/04/11 00:49:52 | 000,000,000 | -H-D | C] -- C:\Users\Fran\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2014/04/11 00:49:44 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Roaming\Identities
    [2014/04/11 00:49:43 | 000,000,000 | R--D | C] -- C:\Users\Fran\Contacts
    [2014/04/11 00:49:41 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\VirtualStore
    [2014/04/11 00:47:20 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\Power2Go
    [2014/04/11 00:47:09 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\Packages
    [2014/04/11 00:46:21 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Roaming\Intel
    [2014/04/11 00:46:20 | 000,000,000 | -HSD | C] -- C:\Users\Fran\AppData\Local\Temporary Internet Files
    [2014/04/11 00:46:20 | 000,000,000 | -HSD | C] -- C:\Users\Fran\Templates
    [2014/04/11 00:46:20 | 000,000,000 | -HSD | C] -- C:\Users\Fran\Start Menu
    [2014/04/11 00:46:20 | 000,000,000 | -HSD | C] -- C:\Users\Fran\SendTo
    [2014/04/11 00:46:20 | 000,000,000 | -HSD | C] -- C:\Users\Fran\Recent
    [2014/04/11 00:46:20 | 000,000,000 | -HSD | C] -- C:\Users\Fran\PrintHood
    [2014/04/11 00:46:20 | 000,000,000 | -HSD | C] -- C:\Users\Fran\NetHood
    [2014/04/11 00:46:20 | 000,000,000 | -HSD | C] -- C:\Users\Fran\Documents\My Videos
    [2014/04/11 00:46:20 | 000,000,000 | -HSD | C] -- C:\Users\Fran\Documents\My Pictures
    [2014/04/11 00:46:20 | 000,000,000 | -HSD | C] -- C:\Users\Fran\Documents\My Music
    [2014/04/11 00:46:20 | 000,000,000 | -HSD | C] -- C:\Users\Fran\My Documents
    [2014/04/11 00:46:20 | 000,000,000 | -HSD | C] -- C:\Users\Fran\Local Settings
    [2014/04/11 00:46:20 | 000,000,000 | -HSD | C] -- C:\Users\Fran\AppData\Local\History
    [2014/04/11 00:46:20 | 000,000,000 | -HSD | C] -- C:\Users\Fran\Cookies
    [2014/04/11 00:46:20 | 000,000,000 | -HSD | C] -- C:\Users\Fran\Application Data
    [2014/04/11 00:46:20 | 000,000,000 | -HSD | C] -- C:\Users\Fran\AppData\Local\Application Data
    [2014/04/11 00:46:19 | 000,000,000 | --SD | C] -- C:\Users\Fran\AppData\Roaming\Microsoft
    [2014/04/11 00:46:19 | 000,000,000 | R--D | C] -- C:\Users\Fran\Videos
    [2014/04/11 00:46:19 | 000,000,000 | R--D | C] -- C:\Users\Fran\Saved Games
    [2014/04/11 00:46:19 | 000,000,000 | R--D | C] -- C:\Users\Fran\Pictures
    [2014/04/11 00:46:19 | 000,000,000 | R--D | C] -- C:\Users\Fran\Music
    [2014/04/11 00:46:19 | 000,000,000 | R--D | C] -- C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2014/04/11 00:46:19 | 000,000,000 | R--D | C] -- C:\Users\Fran\Links
    [2014/04/11 00:46:19 | 000,000,000 | R--D | C] -- C:\Users\Fran\Favorites
    [2014/04/11 00:46:19 | 000,000,000 | R--D | C] -- C:\Users\Fran\Downloads
    [2014/04/11 00:46:19 | 000,000,000 | R--D | C] -- C:\Users\Fran\Documents
    [2014/04/11 00:46:19 | 000,000,000 | R--D | C] -- C:\Users\Fran\Desktop
    [2014/04/11 00:46:19 | 000,000,000 | R--D | C] -- C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2014/04/11 00:46:19 | 000,000,000 | -H-D | C] -- C:\Users\Fran\AppData
    [2014/04/11 00:46:19 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\Temp
    [2014/04/11 00:46:19 | 000,000,000 | ---D | C] -- C:\Users\Fran\Roaming
    [2014/04/11 00:46:19 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Local\Microsoft
    [2014/04/11 00:46:19 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Roaming\Media Center Programs
    [2014/04/11 00:46:19 | 000,000,000 | ---D | C] -- C:\Users\Fran\AppData\Roaming\Macromedia
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/05/05 18:05:52 | 000,781,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/05/05 18:05:52 | 000,662,310 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/05/05 18:05:52 | 000,122,146 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/05/05 18:02:52 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\Nok Nok LabsMFACUpdaterTaskMachineUA.job
    [2014/05/05 18:02:52 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/05/05 18:02:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/05/05 08:44:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\Nok Nok LabsMFACUpdaterTaskMachineCore.job
    [2014/05/05 06:35:35 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/05/05 06:35:35 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/05/05 06:27:59 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
    [2014/05/05 06:27:58 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat
    [2014/05/05 06:27:04 | 1901,821,951 | -HS- | M] () -- C:\hiberfil.sys
    [2014/05/04 20:08:29 | 000,000,213 | ---- | M] () -- C:\Windows\SysNative\AddPort.ini
    [2014/05/02 16:50:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2014/05/02 09:00:29 | 002,002,978 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
    [2014/04/30 10:52:27 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2014/04/30 07:13:21 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/04/30 07:12:30 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/04/29 19:02:28 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1405000.01C\isolate.ini
    [2014/04/27 08:48:14 | 000,007,598 | ---- | M] () -- C:\Users\Fran\AppData\Local\Resmon.ResmonCfg
    [2014/04/27 07:55:17 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/04/26 11:21:28 | 629,727,232 | -HS- | M] () -- C:\Windows\lenovo_fastboot.img
    [2014/04/24 03:19:27 | 002,024,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/04/22 19:03:23 | 000,001,456 | ---- | M] () -- C:\Users\Fran\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2014/04/19 03:01:45 | 000,774,404 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2014/04/17 08:55:54 | 000,000,132 | ---- | M] () -- C:\Users\Fran\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2014/04/15 21:14:36 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
    [2014/04/14 20:10:49 | 000,007,168 | -H-- | M] () -- C:\Users\Fran\Desktop\photothumb.db
    [2014/04/14 20:10:38 | 000,006,144 | -H-- | M] () -- C:\Users\Fran\Documents\photothumb.db
    [2014/04/14 05:04:29 | 000,001,046 | ---- | M] () -- C:\Users\Fran\Desktop\PhotoScape.lnk
    [2014/04/13 21:37:18 | 000,013,081 | ---- | M] () -- C:\Users\Fran\Desktop\Downloads - Shortcut.lnk
    [2014/04/12 05:29:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
    [2014/04/12 04:57:51 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
    [2014/04/12 04:29:05 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 11.lnk
    [2014/04/12 04:02:03 | 1059,868,077 | ---- | M] () -- C:\Users\Fran\PhotoshopElements_11_LS15.7z
    [2014/04/12 03:14:12 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2014/04/12 03:14:12 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2014/04/11 20:52:26 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\SoapMaker 3.lnk
    [2014/04/11 20:44:57 | 000,002,412 | ---- | M] () -- C:\Users\Fran\Desktop\Word 2013.lnk
    [2014/04/11 03:42:07 | 000,041,450 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2014/04/11 03:42:07 | 000,041,450 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2014/04/11 00:59:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_wbf_vfs_lvcmn_01_09_00.Wdf
    [2014/04/11 00:55:50 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2014/04/11 00:53:30 | 000,001,422 | ---- | M] () -- C:\Users\Fran\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2014/04/11 00:46:50 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\drivers\17AA_Lenovo_ThinkPad_T440p_20ANCTO1WW.MRK
    [2014/04/11 00:46:25 | 000,000,000 | ---- | M] () -- C:\Windows\firstboot.dat
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/05/04 21:11:26 | 005,612,108 | ---- | C] () -- C:\Users\Fran\Documents\Dani and Lizzy - Dancing in the Sky.mp3
    [2014/05/04 21:11:26 | 001,935,668 | ---- | C] () -- C:\Users\Fran\Documents\AquaTrol-Troubleshooting-Guide.pdf
    [2014/05/04 21:11:26 | 000,417,910 | ---- | C] () -- C:\Users\Fran\Documents\DSC_0219.JPG
    [2014/05/04 21:11:26 | 000,135,747 | ---- | C] () -- C:\Users\Fran\Documents\il_570xN.403604208_c1wt.jpg
    [2014/05/04 21:11:26 | 000,113,120 | ---- | C] () -- C:\Users\Fran\Documents\il_570xN.301638095.jpg
    [2014/05/04 21:11:26 | 000,099,508 | ---- | C] () -- C:\Users\Fran\Documents\Coffe Roaster.JPG
    [2014/05/04 21:11:26 | 000,019,928 | ---- | C] () -- C:\Users\Fran\Documents\19141_1202522545189_8099195_n.jpg
    [2014/05/04 21:08:07 | 001,335,376 | ---- | C] () -- C:\Users\Fran\Documents\Savy.jpg
    [2014/05/04 21:08:07 | 000,104,508 | ---- | C] () -- C:\Users\Fran\Documents\photo.JPG
    [2014/05/04 21:08:06 | 000,263,320 | ---- | C] () -- C:\Users\Fran\Documents\Jmimmys Defensive Driving.pdf
    [2014/05/04 21:08:06 | 000,221,904 | ---- | C] () -- C:\Users\Fran\Documents\Invitation Shower Roses.jpg
    [2014/05/04 21:08:06 | 000,133,822 | ---- | C] () -- C:\Users\Fran\Documents\il_570xN.416723538_3a4f.jpg
    [2014/05/04 21:08:06 | 000,084,013 | ---- | C] () -- C:\Users\Fran\Documents\il_570xN.540943772_trgn.jpg
    [2014/05/04 21:08:06 | 000,073,313 | ---- | C] () -- C:\Users\Fran\Documents\invite 2.jpg
    [2014/05/04 21:08:06 | 000,073,313 | ---- | C] () -- C:\Users\Fran\Documents\il_570xN.442247710_ka9z.jpg
    [2014/05/02 16:41:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/05/02 16:41:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/05/02 16:41:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/05/02 16:41:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/05/02 16:41:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/04/30 10:52:27 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2014/04/30 10:05:34 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2014/04/27 08:48:14 | 000,007,598 | ---- | C] () -- C:\Users\Fran\AppData\Local\Resmon.ResmonCfg
    [2014/04/27 07:55:17 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/04/21 19:16:47 | 000,000,213 | ---- | C] () -- C:\Windows\SysNative\AddPort.ini
    [2014/04/20 12:19:01 | 000,001,456 | ---- | C] () -- C:\Users\Fran\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2014/04/17 08:55:54 | 000,000,132 | ---- | C] () -- C:\Users\Fran\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2014/04/15 22:18:29 | 001,696,256 | ---- | C] () -- C:\Windows\SysNative\HP1100SM.EXE
    [2014/04/15 22:18:29 | 000,350,720 | ---- | C] () -- C:\Windows\SysNative\mvhlewsi.DLL
    [2014/04/15 22:18:29 | 000,049,664 | R--- | C] () -- C:\Windows\SysNative\HP1100SMs.dll
    [2014/04/15 22:18:28 | 000,288,768 | ---- | C] () -- C:\Windows\SysNative\HP1100LM.DLL
    [2014/04/15 21:14:36 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    [2014/04/15 21:14:36 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
    [2014/04/14 05:07:52 | 000,007,168 | -H-- | C] () -- C:\Users\Fran\Desktop\photothumb.db
    [2014/04/14 05:07:43 | 000,006,144 | -H-- | C] () -- C:\Users\Fran\Documents\photothumb.db
    [2014/04/14 05:04:29 | 000,001,046 | ---- | C] () -- C:\Users\Fran\Desktop\PhotoScape.lnk
    [2014/04/13 21:37:18 | 000,013,081 | ---- | C] () -- C:\Users\Fran\Desktop\Downloads - Shortcut.lnk
    [2014/04/12 05:50:59 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat
    [2014/04/12 05:29:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
    [2014/04/12 04:57:51 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
    [2014/04/12 04:55:27 | 000,041,801 | ---- | C] () -- C:\Users\Fran\Documents\Hooker Desk.jpg
    [2014/04/12 04:54:11 | 001,335,376 | ---- | C] () -- C:\Users\Fran\Desktop\Savy.jpg
    [2014/04/12 04:29:05 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 11.lnk
    [2014/04/12 04:29:05 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 11.lnk
    [2014/04/12 03:59:35 | 1059,868,077 | ---- | C] () -- C:\Users\Fran\PhotoshopElements_11_LS15.7z
    [2014/04/12 03:14:12 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2014/04/12 03:14:12 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2014/04/11 21:01:47 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/04/11 20:52:26 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\SoapMaker 3.lnk
    [2014/04/11 20:44:57 | 000,002,412 | ---- | C] () -- C:\Users\Fran\Desktop\Word 2013.lnk
    [2014/04/11 20:43:07 | 000,002,168 | ---- | C] () -- C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
    [2014/04/11 00:59:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_wbf_vfs_lvcmn_01_09_00.Wdf
    [2014/04/11 00:57:01 | 000,001,741 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Ultranav (Touchpad Clickpad Trackpad TrackPoint Mouse).lnk
    [2014/04/11 00:55:50 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2014/04/11 00:55:48 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2014/04/11 00:53:30 | 000,001,422 | ---- | C] () -- C:\Users\Fran\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2014/04/11 00:49:56 | 000,001,428 | ---- | C] () -- C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2014/04/11 00:46:25 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
    [2014/04/11 00:46:19 | 000,000,290 | ---- | C] () -- C:\Users\Fran\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2014/04/11 00:46:19 | 000,000,272 | ---- | C] () -- C:\Users\Fran\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2014/04/02 00:32:04 | 000,014,776 | ---- | C] () -- C:\Windows\SysWow64\drivers\omnismi.sys
    [2014/04/02 00:25:04 | 019,587,072 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
    [2014/04/02 00:25:04 | 000,241,152 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2014/04/02 00:25:04 | 000,109,056 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
    [2014/04/02 00:23:30 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
    [2014/04/02 00:11:56 | 000,774,404 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/10/09 04:28:44 | 000,005,868 | ---- | C] () -- C:\Windows\remove.ini
    [2013/05/11 20:17:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
    [2013/03/10 23:06:34 | 000,295,800 | ---- | C] () -- C:\Windows\SysWow64\VCamPPage.dll
    [2012/11/23 00:01:14 | 000,003,724 | ---- | C] () -- C:\Windows\Dext_30.ini
    [2012/11/22 23:58:32 | 000,003,864 | ---- | C] () -- C:\Windows\Dext_24.ini
    [2012/11/22 23:45:32 | 000,003,862 | ---- | C] () -- C:\Windows\Dext_02.ini
    [2012/08/07 04:13:06 | 000,094,584 | ---- | C] () -- C:\Windows\SPRemove_x64.exe

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    " " = C:\Windows\SysNative\shell32.dll -- [2014/04/01 23:57:13 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    " " = %SystemRoot%\system32\shell32.dll -- [2014/04/01 23:57:13 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    " " = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    " " = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    " " = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2014/04/14 20:52:43 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\FileOpen
    [2014/04/11 00:50:16 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\Leadertech
    [2014/04/11 00:50:11 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\Lenovo
    [2014/04/12 05:25:42 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\LSC
    [2014/04/14 20:52:43 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\Nitro
    [2014/05/05 06:37:16 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\Nitro PDF
    [2014/04/11 01:08:50 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\PwrMgr
    [2014/04/11 20:53:03 | 000,000,000 | ---D | M] -- C:\Users\Fran\AppData\Roaming\SoapMakerData

    ========== Purity Check ==========



    < End of report >
     
    franbiaggi,
    #27
  9. 2014/05/05
    franbiaggi

    franbiaggi Inactive Thread Starter

    Joined:
    2014/04/26
    Messages:
    48
    Likes Received:
    0
    OTL Extras logfile created on: 5/5/2014 6:20:00 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fran\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17041)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.69 Gb Total Physical Memory | 5.38 Gb Available Physical Memory | 69.88% Memory free
    15.39 Gb Paging File | 12.82 Gb Available in Paging File | 83.32% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 449.38 Gb Total Space | 374.35 Gb Free Space | 83.30% Space Free | Partition Type: NTFS
    Drive Q: | 14.91 Gb Total Space | 3.53 Gb Free Space | 23.65% Space Free | Partition Type: NTFS

    Computer Name: FRANCES | User Name: Fran | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-4065321461-2584107650-4023800129-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0912E26E-9298-4EC6-80AE-9CD4E5EAC21F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{0E398522-0A3E-4D07-B85C-5E798F5FCA48}" = lport=445 | protocol=6 | dir=in | app=system |
    "{12BB0C7F-D122-4DC8-BA89-6BCAEB4E4678}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{1E7EF8D5-F7FB-42BA-BED8-56799287B984}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4C8A7286-B0A8-4D87-9DD6-C4ED198419CA}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port |
    "{662020EB-5977-46DC-9749-54B609800FDE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6F034A83-2EBA-4869-AD61-95F4DB4FBF65}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{79BF9EEC-5068-47A3-88A2-28EA5A6696D7}" = rport=138 | protocol=17 | dir=out | app=system |
    "{857AB9F0-742B-4EBB-B06C-F49F6AF78FC3}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port |
    "{904549B6-B2FE-4BB3-BE7B-B2C52002EDE8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{97B9731B-94EF-4E07-838B-382AC10BFC23}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{9CD51B5E-E911-4272-B044-6630E7A81471}" = lport=137 | protocol=17 | dir=in | app=system |
    "{9EAD9F54-BD8B-41B4-9734-F26FB71C9785}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A47DD184-3BEE-462F-AE6E-7BB9607A8D10}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C1F67994-EC4E-455D-8155-BBD4475CE381}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{C3E80706-1698-44CE-8E2E-E4E3BB1EA05D}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port |
    "{C5B4B88B-44C6-4250-B3C9-E29EC6E3E270}" = rport=137 | protocol=17 | dir=out | app=system |
    "{C8F44273-D48D-4F10-97E8-74864E9B4C80}" = lport=139 | protocol=6 | dir=in | app=system |
    "{D2D94897-8EAC-45F8-8956-124769DD3D49}" = lport=138 | protocol=17 | dir=in | app=system |
    "{D71DA6C9-2EB8-461F-8807-83DE6E80887C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D7CCC585-5E79-4F67-A24A-E67FE53D2E29}" = rport=139 | protocol=6 | dir=out | app=system |
    "{E7E0A53A-93B7-4668-801E-9A4F87C6F3B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F25DE2FF-7AD1-4C9C-809E-1B0289C6F180}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{F947C804-C1DC-4C09-AD95-1CD456D0BC93}" = rport=445 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0CDD1213-F829-44FA-BE3A-DDC217F622BE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{0FD600FE-CDCF-419E-8B74-8B942F19501A}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{1971432F-5DA0-42F7-BF92-8393C1CFCDFF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{1D8AA200-FB65-4E69-B399-56B8D83BB485}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1E8BB5EF-3650-42D5-B2B4-31D2095C6113}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{2294E76B-BD76-4D05-AA4E-AC714A88CD91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{2A7B3706-097F-41B9-8C02-E45F6CA67278}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
    "{2FDADB72-1483-401B-A41D-55163B8CA28B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{38D92002-203D-4D65-BFC4-DE95C8821A7C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{39DA0FA6-B85D-42B5-BE20-3C873CFD6FBE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3C8755CD-C3BD-4A50-BA2E-AFC51F845DBA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
    "{3FE1B0BC-3BD8-4177-8718-F86FA123EC5F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{3FF3318D-169B-4BCB-844B-D299A56C0E8A}" = protocol=17 | dir=in | app=c:\ljp1100_p1560_p1600_full_solution\productinst64.exe |
    "{4AAB011D-A6AB-42C2-8AD1-3DC950CDB03E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{5582FDA3-0A48-44EB-A1C7-07A259CC038D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{56802F81-5269-41C2-946D-466B88887A58}" = protocol=6 | dir=out | app=system |
    "{59415D8C-6865-4C06-B7E5-8D85FCA3A5C8}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{60773E59-CFB4-4B53-BC0F-01CBAD45D033}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
    "{69633C16-801E-405E-95D0-D87FEC648F6E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{71D133EE-B803-401B-8533-2DC78C352FEA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{7495AA20-80EA-473C-BCD5-88416740D713}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{7A12F5B4-75B9-4912-B4CE-82F3CEA54819}" = dir=in | app=c:\users\fran\appdata\local\microsoft\skydrive\skydrive.exe |
    "{7B215C07-A90A-4C1C-BDAE-D211F25BCEC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{7F555CB1-929A-48CE-803D-E971BB24866C}" = dir=out | app=c:\program files (x86)\lenovo\quickcontrol\quickcontrolservice.exe |
    "{8BC97199-0507-4D14-9C11-21766AD977A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{91862B34-54F8-4B39-B726-D26C6BF7E6B6}" = dir=in | app=c:\program files (x86)\lenovo\quickcontrol\quickcontrolservice.exe |
    "{92EEEAE8-30FF-411C-B05D-1747227AC720}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{95E46C73-80A2-49B5-8C74-84C546B4867D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9BB6288F-EBB8-4E69-B274-8C8B6806DFC1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{AB9B4D49-ECB5-4732-A345-DAECE2136081}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{B6028B70-26F0-41F3-9562-A91F8B7D5A8E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{BEDF29E5-C0A2-45A3-AB2C-C5AB9B71EF61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{D2700C52-2422-4159-875E-E278A8CD36D9}" = protocol=6 | dir=in | app=c:\ljp1100_p1560_p1600_full_solution\productinst64.exe |
    "{D570F8C5-7F34-4C59-AC8D-35B228852C48}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{DAC31593-6CCD-40E5-8811-6EC65DF3A5ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DBA23DE1-26AB-40D2-A1E9-6EF51613B8E3}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
    "{EE48F31F-12CC-4B5E-A455-F54F065F34F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{A95ED553-F50D-4468-9BC2-DF128DF50473}C:\users\fran\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\fran\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{DFDEF27B-DFED-4098-AFF2-0CD1DB477212}C:\users\fran\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\fran\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{5AA19491-2657-49B6-97C3-C534939836F5}C:\users\fran\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\fran\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{CC86AEEF-C0E1-4D9E-AB3B-B8CB8C519B34}C:\users\fran\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\fran\appdata\local\akamai\netsession_win.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{07E55FB8-966C-4FA5-815D-D1F5AC8B1D87}" = Nitro Pro 8
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{201B03D6-FDDA-4C70-8A15-887F5B3CE365}" = Intel(R) WiDi
    "{302600C1-6BDF-4FD1-1307-148929CC1385}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1335.3)
    "{314FAD12-F785-4471-BCE8-AB506642B9A1}" = Lenovo Fingerprint Manager Pro
    "{3181229B-05DA-46F9-B8D4-4966BDA99A74}" = Intel® PROSet/Wireless WiFi Software
    "{34C6812E-E231-4B13-9DAC-21E06ECA864A}" = WD SmartWare
    "{3849486C-FF09-4F5D-B491-3E179D58EE15}" = Message Center Plus
    "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
    "{49A09C2C-FFF4-478E-B397-5E0979F67F5D}" = Lenovo Patch Utility 64 bit
    "{4D70781C-36A9-4335-9568-565C6F61B5EB}" = Validity WBF DDK 5011
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
    "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
    "{878F6913-7421-4713-97F7-0A736EE2A188}" = Inst5676
    "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
    "{89AFB053-A343-46EF-97E4-D593AD7184E6}" = Intel® Trusted Connect Service Client
    "{89F955AF-7274-4C60-B5ED-3530AFB88163}" = Multifactor Authentication Client
    "{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
    "{C51863E5-EB09-43A5-9D43-26A32587EEAC}" = Lenovo Solution Center
    "{c7565395-3662-4b78-8c42-e7cf02c6edd7}" = Intel(R) PRO/Wireless Driver
    "{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
    "{DBECAE94-4C04-40AC-9AFB-FA9953258EAF}" = Intel(R) Smart Connect Technology 4.1 x64
    "{FF5E324F-1FFF-49D4-8F71-0D25EDF12764}" = Validity WBF DDK 5011
    "32E5297F56D26E63AACC9ECF485A4A8F5C5AE4CF" = Windows Driver Package - Intel (e1dexpress) Net (05/06/2013 12.6.51.9427)
    "501BE079073436E85BE52C0D894F47B1D5DE0DDF" = Windows Driver Package - Synaptics (SmbDrv) System (12/17/2013 17.0.12.60)
    "907DA143458FE258EFEB416B946DE8DF2B87A0BA" = Windows Driver Package - Lenovo 1.67.00.02 (04/17/2013 1.67.00.02)
    "91EE9E9E8BE498009A8470749C90E3C7AE3963FB" = Windows Driver Package - Synaptics (SynTP) Mouse (12/17/2013 17.0.12.60)
    "C8A921233C0C441A4E4EAABC2AB08C872FD77A6E" = Windows Driver Package - Intel Corporation (iaStorA) HDC (08/01/2013 12.8.0.1016)
    "DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7/8
    "EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
    "HomeStudentRetail - en-us" = Microsoft Office Home and Student 2013 - en-us
    "HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
    "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
    "OnScreenDisplay" = On Screen Display
    "Power Management Driver" = Lenovo Power Management Driver
    "SynTPDeinstKey" = ThinkPad UltraNav Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR
    "{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppP1100P1560P1600SeriesLaserJetService
    "{105fa5c4-72e1-41f2-a82c-884d8aa4b381}" = Intel® PROSet/Wireless Software
    "{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}" = Intel(R) Update Manager
    "{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{1D181764-DCD0-41B8-AA7B-0A599F027A72}" = Adobe Photoshop Elements 11
    "{1ec9e03a-452b-48fb-8e1b-27ee0477985f}" = WD SmartWare Installer
    "{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
    "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
    "{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
    "{2B58AB2C-D980-47FD-8633-E360314BA662}" = WD Security
    "{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome
    "{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = WaveEditor
    "{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go 7
    "{4855C42F-5197-4AAD-A50D-5066D2CC4647}" = Lenovo QuickControl
    "{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
    "{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
    "{5C069542-CA13-4f1b-B90C-28C6430F4992}" = HP LaserJet Professional CP1520 Series
    "{63911503-7EA4-4685-B2FD-D391EF622FB9}" = WD Quick View
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{853F464A-B2B8-404E-BA3E-B98FF6862C41}" = hppusgP1100P1560P1600Series
    "{8D7EF158-BBDF-4FFD-822A-FF6B4B7157CB}" = SoapMaker3
    "{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
    "{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
    "{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer 5.5
    "{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
    "{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}" = Elements 11 Organizer
    "{D6E853EC-8960-4D44-AF03-7361BB93227C}" = PowerDVD Create 10
    "{D7708A7D-8909-4DDA-8DC7-8778570B2B44}" = hppTLBXFXCP1520
    "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Power Manager
    "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "{E15C68A1-9CA5-44AC-A7F7-6C0673F196A8}" = HPLaserJetHelp_LearnCenter
    "{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}" = Lenovo Patch Utility
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}" = WD Drive Utilities
    "{FC5CFF48-C9B9-4666-BE72-3F9453E435DA}" = hppCP1520LaserJetService
    "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
    "{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
    "Adobe Photoshop Elements 11" = Adobe Photoshop Elements 11
    "Fastboot" = RapidBoot HDD Accelerator
    "InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}" = Lenovo Fingerprint Manager Pro
    "InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}" = PowerDVD Create
    "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "Lenovo QuickCast_is1" = Lenovo QuickCast
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NIS" = Norton Internet Security
    "PhotoScape" = PhotoScape
    "SugarSync" = SugarSync Manager
    "Sunplus SPUVCb" = Integrated Camera

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4065321461-2584107650-4023800129-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "SkyDriveSetup.exe" = Microsoft SkyDrive

    ========== Last 20 Event Log Errors ==========

    [ Lenovo-Message Center Plus/Admin Events ]
    Error - 4/23/2014 7:39:49 AM | Computer Name = Frances | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Message = No such host is known -> Exception message: No such host
    is known

    Error - 4/23/2014 7:39:51 AM | Computer Name = Frances | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Message = No such host is known -> Exception message: No such host
    is known

    Error - 4/23/2014 7:39:53 AM | Computer Name = Frances | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Message = No such host is known -> Exception message: No such host
    is known

    Error - 5/2/2014 6:46:27 PM | Computer Name = Frances | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Message = A device attached to the system is not functioning -> Exception
    message: A device attached to the system is not functioning

    Error - 5/3/2014 7:48:15 AM | Computer Name = Frances | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Message = A device attached to the system is not functioning -> Exception
    message: A device attached to the system is not functioning

    Error - 5/3/2014 3:30:47 PM | Computer Name = Frances | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Message = A device attached to the system is not functioning -> Exception
    message: A device attached to the system is not functioning

    Error - 5/4/2014 7:28:03 AM | Computer Name = Frances | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Message = A device attached to the system is not functioning -> Exception
    message: A device attached to the system is not functioning

    Error - 5/4/2014 11:47:47 AM | Computer Name = Frances | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Message = A device attached to the system is not functioning -> Exception
    message: A device attached to the system is not functioning

    Error - 5/4/2014 7:43:30 PM | Computer Name = Frances | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Message = A device attached to the system is not functioning -> Exception
    message: A device attached to the system is not functioning


    < End of report >
     
    franbiaggi,
    #28
  10. 2014/05/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    [​IMG] Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
    Code:
    :OTL
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Lenovo\Fingerprint Manager Pro\cachesrvr.exe -- (Cachedrv server)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {03FD5B61-3A48-441D-92F2-A1410D72B58F}
IE:64bit: - HKLM\..\SearchScopes\{03FD5B61-3A48-441D-92F2-A1410D72B58F}:  "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=suma_14_15_ff&cd=2XzuyEtN2Y1L1QzuyB0EyB0AzytCtC0EyBzytDyDzy0E0BtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByE0A0DtCzyyCzztGtCyBzzyBtGtA0E0AtBtGyB0B0DzytGyEyEzyyBzzyD0AyC0B0AtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AzyyDyCyByDtCtG0DtCzztCtG0EtDtAtAtGtA0B0AtBtGyD0F0FyEtD0ByB0FtBtAyCyE2Q&cr=1327208569&ir=
IE - HKU\S-1-5-21-4065321461-2584107650-4023800129-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = <local>;*.local
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan ".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #29
  11. 2014/05/05
    franbiaggi

    franbiaggi Inactive Thread Starter

    Joined:
    2014/04/26
    Messages:
    48
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    Service Cachedrv server stopped successfully!
    Service Cachedrv server deleted successfully!
    File C:\Program Files\Lenovo\Fingerprint Manager Pro\cachesrvr.exe not found.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{03FD5B61-3A48-441D-92F2-A1410D72B58F}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03FD5B61-3A48-441D-92F2-A1410D72B58F}\ not found.
    HKU\S-1-5-21-4065321461-2584107650-4023800129-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ .
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\FRST not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 57311 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Fran
    ->Temp folder emptied: 3459640 bytes
    ->Temporary Internet Files folder emptied: 86005204 bytes
    ->FireFox cache emptied: 112395961 bytes
    ->Flash cache emptied: 61127 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 94656 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4445549 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 197.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Fran

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Fran
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 05052014_224845

    Files\Folders moved on Reboot...
    C:\Users\Fran\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Fran\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    C:\Windows\SysNative\WPRO_41_2001woem.tmp moved successfully.
    C:\Windows\temp\FRANCES-20140505-0627.log moved successfully.
    File\Folder C:\Windows\temp\officeclicktorun.exe_c2ruidll(20140505062726700).log not found!
    File\Folder C:\Windows\temp\officeclicktorun.exe_streamserver(20140505062726700).log not found!
    File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
    franbiaggi,
    #30
  12. 2014/05/05
    franbiaggi

    franbiaggi Inactive Thread Starter

    Joined:
    2014/04/26
    Messages:
    48
    Likes Received:
    0
    Results of screen317's Security Check version 0.99.82
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Enabled!
    Norton Internet Security
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.75.0.1300
    Adobe Flash Player 13.0.0.206
    Adobe Reader XI
    Mozilla Firefox (28.0)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 3%
    ````````````````````End of Log``````````````````````
     
    franbiaggi,
    #31
  13. 2014/05/06
    franbiaggi

    franbiaggi Inactive Thread Starter

    Joined:
    2014/04/26
    Messages:
    48
    Likes Received:
    0
    Did rest of scans, nothing to report.
     
    franbiaggi,
    #32
  14. 2014/05/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I still need Farbar Service Scanner (FSS) log.
     
    broni,
    #33
  15. 2014/05/07
    franbiaggi

    franbiaggi Inactive Thread Starter

    Joined:
    2014/04/26
    Messages:
    48
    Likes Received:
    0
    Sorry missed this one.

    Farbar Service Scanner Version: 03-05-2014
    Ran by Fran (administrator) on 07-05-2014 at 07:35:11
    Running from "C:\Users\Fran\Downloads "
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
    franbiaggi,
    #34
  16. 2014/05/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update Firefox to the current 29.0 version.

    ===================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
    broni,
    #35
  17. 2014/05/08
    franbiaggi

    franbiaggi Inactive Thread Starter

    Joined:
    2014/04/26
    Messages:
    48
    Likes Received:
    0
    Thank you for all your help. I have donated, and I will donate again as thanks for all you have helped me with. Your help is greatly appreciated. My compute is running fine now. I have followed your instructions and downloaded all the necessary tools.

    I have a two of questions:

    1. Some of the programs like JRT,, AdwCleaner, TFC are exe files and not actually programs that reside on the computer (I could not find them in the "Program" button). I downloaded them, but do not see a program file only the exe file. I put them on my desktop, is this correct?

    2. The computer came with Norton Security, and it is time to buy it? Is this the best Virus scanner, I don't mind paying for protection.
     
    franbiaggi,
    #36
  18. 2014/05/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. If DelFix missed something you can simply delete any leftovers.

    2. You don't have to pay for Norton.
    You can remove it using this tool: http://www.majorgeeks.com/files/details/norton_removal_tool.html and install some free AV program...

    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

    - free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
    Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
    You can keep it or you have to disable it before installing another AV program. How to...

    - free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

    Good luck and stay safe :)
     
    broni,
    #37
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...