Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91981 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Possible Lingering Infection from Conduit and Quickshare...

malware infection

  • This topic is locked This topic is locked
5 replies to this topic

#1 her1994

her1994

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 17 December 2013 - 05:34 PM

I was looking for a file converter to convert music...I saw one on cnet downloads so I decided to download it since I usually download stuff from cnet...I downloaded the file and ran it...all of a sudden, programs started popping up on my laptop...like literally! Random icons I never saw before appeared...My laptop began to run slowly...the mouse icon would have a disc next to it, hinting that something was going on with the hard drive...The screen would freeze for a few seconds and then unfreeze. For sure, I knew my laptop was infected..I opened my internet browser and the honmepage and search engine were changed by the Movie Toolbar and Search which is a subset of Conduit. Conduit and Quickshare made my life miserable for the past three days. It slowed my system down so badly. As I bought this laptop earlier this year, it came with Norton. After the incident, my Norton stopped working...I click on it and it won't load. 

 

I looked at blogs and did a lot of crazy stuff. I scanned my laptop with adware cleaner, Junk Remover Tool, Malware Bytes and HitmanPro...I even ran a system restore...I scanned before and after the restore and got some files which I deleted. 

 

Still, I am paranoid..what if there are lingering infections since Norton is being uncooperative with me? 

_____________________________________________________________________________

OTL.txt

 

OTL logfile created on: 12/17/2013 3:15:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lisa\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.89 Gb Total Physical Memory | 6.23 Gb Available Physical Memory | 78.96% Memory free
9.08 Gb Paging File | 7.50 Gb Available in Paging File | 82.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 904.87 Gb Total Space | 835.38 Gb Free Space | 92.32% Space Free | Partition Type: NTFS
Drive D: | 25.87 Gb Total Space | 2.60 Gb Free Space | 10.06% Space Free | Partition Type: NTFS
 
Computer Name: SATELLITE | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lisa\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass\TouchControl.exe (AuthenTec Inc.)
PRC - C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe ()
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)
PRC - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7d7b887e33aafaadae040bb07fa959bb\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e6606a84f8a4cdc18c74e63ec807c689\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\79e8b7b183668471ab364d4132fb8018\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fc5d4ada42ed8e9a30b64912f5dc9767\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1b46657236c1f942f9dbaf6aac73bb49\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\624ad6159b6e241ad6d28bf4dca9f14b\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3603744988436295da5d16e76038e484\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\375a937eec7d6faa53ac11ab2973eb76\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\1fc03f9a739f1ac6b62134debfafd32b\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e3a9f3d64adfb3c69b49d37368bf454\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\d1ce70bf6cbab6ab838cbd8b50e902c1\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe ()
MOD - C:\Program Files (x86)\HP SimplePass\DownloadManager.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (valWBFPolicyService) -- C:\Windows\SysNative\valWBFPolicyService.exe ()
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (ISCTAgent) -- C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe ()
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (TrueService) -- C:\Program Files\Common Files\AuthenTec\TrueService.exe (AuthenTec, Inc.)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel® Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV - (HPWMISVC) -- c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Intel® -- C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Intel Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (WPRO_41_2001) -- C:\Windows\SysNative\Drivers\WPRO_41_2001.sys ()
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (NETwNe64) -- C:\Windows\SysNative\Drivers\NETwew00.sys (Intel Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symds64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symnets.sys (Symantec Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\Drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\Drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\Drivers\btmhsf.sys (Motorola Solutions, Inc.)
DRV:64bit: - (ISCT) -- C:\Windows\SysNative\Drivers\ISCTD64.sys ()
DRV:64bit: - (imsevent) -- C:\Windows\SysNative\Drivers\imsevent.sys ()
DRV:64bit: - (ikbevent) -- C:\Windows\SysNative\Drivers\ikbevent.sys ()
DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys (Synaptics Incorporated)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\Drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (XHCIPort) -- C:\Windows\SysNative\Drivers\xHCIPort.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (usb3Hub) -- C:\Windows\SysNative\Drivers\usb3Hub.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\Drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\Drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (RSP2STOR) -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\Drivers\btmaux.sys (Motorola Solutions, Inc.)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (WirelessButtonDriver) -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys (CyberLink)
DRV:64bit: - (SymELAM) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symelam.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131203.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131207.001\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131210.004\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131210.004\eng64.sys (Symantec Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@authentec.com/ffwloplugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Lisa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2013/12/15 11:20:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2013/12/15 11:20:00 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Simple Pass (Enabled) = C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
CHR - Extension: Google Docs = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Website Logon = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm\6.0.100_0\
CHR - Extension: Norton Identity Protection = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.2.3_0\
CHR - Extension: Google Wallet = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/07/25 21:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Lisa\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CD4B4D5-82D2-41E9-B370-C6F7F64D943F}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{36bbfca9-ef39-11e2-be7a-606c6697e978}\Shell - "" = AutoRun
O33 - MountPoints2\{36bbfca9-ef39-11e2-be7a-606c6697e978}\Shell\AutoRun\command - "" = "F:\LaunchU3.exe" -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/17 14:03:06 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Autorun
[2013/12/15 12:10:56 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/12/15 12:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/12/15 12:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/12/15 12:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/12/15 11:35:50 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/12/15 10:14:38 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes
[2013/12/15 10:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/15 10:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/15 10:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/15 10:01:58 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/15 09:46:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/14 22:28:41 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\NPE
[2013/12/14 22:09:29 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\EMCO
[2013/12/14 22:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCO
[2013/12/14 22:09:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EMCO
[2013/12/14 21:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/12/14 21:30:49 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\cache
[2013/12/14 21:28:02 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Programs
[2013/12/10 16:08:45 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/12/10 16:08:43 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/12/10 16:08:14 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/10 16:08:14 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/12/10 16:08:01 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/10 16:07:59 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013/12/10 16:07:28 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/10 16:07:26 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/10 16:07:16 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2013/12/10 16:07:16 | 000,773,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013/12/10 16:07:16 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2013/12/10 16:07:16 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\resutils.dll
[2013/12/10 16:07:16 | 000,488,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\resutils.dll
[2013/12/10 16:07:16 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\clusapi.dll
[2013/12/10 16:07:15 | 000,447,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2013/12/10 16:07:15 | 000,302,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\clusapi.dll
[2013/12/10 16:07:15 | 000,285,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys
[2013/12/10 16:07:14 | 001,622,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013/12/10 16:07:14 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2013/12/10 16:07:14 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2013/12/10 16:07:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013/12/10 16:07:14 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2013/12/10 16:07:14 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013/12/10 16:07:14 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2013/12/10 16:07:14 | 000,059,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013/12/10 16:07:14 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013/12/10 16:07:14 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2013/12/10 16:07:07 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrobj.dll
[2013/12/10 16:07:07 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/10 16:07:07 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrobj.dll
[2013/12/10 16:07:07 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/10 16:07:07 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/10 16:07:07 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/10 16:07:07 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/10 16:07:06 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/10 16:07:06 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/10 16:07:03 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/10 16:07:03 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/11/29 22:22:37 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\FreeAudioPack
[2013/11/29 22:22:26 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudFile.dll
[2013/11/29 22:22:26 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioInfos.dll
[2013/11/29 22:22:26 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudPlayer.dll
[2013/11/29 22:22:26 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\WMAFile.dll
[2013/11/29 22:22:26 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTL32.OCX
[2013/11/29 22:22:26 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6FR.DLL
[2013/11/29 22:22:26 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinet.OCX
[2013/11/29 22:22:26 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL
[2013/11/29 22:22:26 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTFR.DLL
[2013/11/29 22:22:26 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetfr.DLL
[2013/11/29 22:22:25 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomctl.ocx
[2013/11/29 22:22:25 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2013/11/29 22:22:25 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2013/11/29 22:22:25 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCFR.DLL
[2013/11/29 22:22:25 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mscc2fr.dll
[2013/11/29 22:22:25 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CMDLGFR.DLL
[2013/11/29 22:21:58 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\koyotesoftmoviestoolbarha
[2013/11/21 18:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013/11/21 18:49:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2013/11/19 18:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2013/11/19 18:32:05 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\AVS4YOU
[2013/11/19 18:29:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/17 15:11:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/17 14:47:11 | 000,942,930 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/17 14:47:11 | 000,784,932 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/17 14:47:11 | 000,158,904 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/17 14:43:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/17 14:42:31 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/17 14:42:18 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2013/12/17 14:41:54 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/12/17 14:41:51 | 2484,092,927 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/17 13:51:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4010294108-2334131078-565910296-1001UA.job
[2013/12/16 16:51:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4010294108-2334131078-565910296-1001Core.job
[2013/12/15 17:27:55 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLisa.job
[2013/12/15 12:10:56 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/12/15 12:05:09 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/12/15 11:46:02 | 000,432,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/15 11:35:52 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/10 16:03:21 | 002,719,223 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
[2013/12/05 17:13:02 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/03 16:53:54 | 000,694,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/03 16:53:54 | 000,078,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/22 22:43:58 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/11/22 21:05:01 | 000,368,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/15 12:05:09 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/12/15 11:45:51 | 000,432,288 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/15 11:35:52 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/10 16:07:14 | 000,385,528 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/11/29 22:22:26 | 000,116,296 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx
[2013/09/10 20:06:13 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/08/15 12:22:40 | 000,000,136 | ---- | C] () -- C:\Windows\qawin32.INI
[2013/03/19 21:32:02 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/03/19 21:32:00 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/03/19 21:29:26 | 019,586,560 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
[2012/12/10 13:12:50 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/08/03 14:40:09 | 000,959,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/26 00:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 00:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/25 23:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 17:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 12:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 12:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 12:22:56 | 000,733,840 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/07/25 12:22:56 | 000,492,340 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/07/25 12:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 12:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 12:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/06/02 06:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2013/04/20 08:45:41 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/01 22:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/01 21:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 19:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 19:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 19:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/12/15 11:17:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\EMCO
[2013/11/29 22:22:37 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FreeAudioPack
[2013/10/04 14:00:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\IDT
[2013/07/14 14:24:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Synaptics
[2013/07/26 07:09:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WebApp
[2013/11/06 22:15:59 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.0.LOCALSETTINGUNIT  >
[2013/12/17 15:13:47 | 000,000,363 | -HS- | M] () MD5=3D0365583FE86BC4107FC52A9245045B -- C:\Users\Lisa\AppData\Local\Microsoft\Windows\Live\Roaming\LocalCache\windows-explorer\Explorer.0.localsettingunit
 
< MD5 for: EXPLORER.ADML  >
[2012/07/25 23:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16384_en-us_7bca26f6f419a854\Explorer.adml
[2012/07/25 23:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16433_en-us_7bff382ef3f2006f\Explorer.adml
[2012/07/25 23:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16726_en-us_7c0d0eaaf3e727f8\Explorer.adml
[2012/07/25 23:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.20534_en-us_7c89d5440d0eb990\Explorer.adml
[2012/07/25 23:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.20837_en-us_7c8cdbd40d0bfd0a\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2012/06/02 06:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16384_none_6e8451187a9a1607\Explorer.admx
[2012/06/02 06:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16420_none_6ec1315e7a6d062c\Explorer.admx
[2012/06/02 06:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16433_none_6eb962507a726e22\Explorer.admx
[2012/06/02 06:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.20521_none_6f4bce739389bf4d\Explorer.admx
[2012/06/02 06:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.20534_none_6f43ff65938f2743\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2013/06/01 03:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\explorer.exe
[2013/06/01 03:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_aac334d9034c59e1\explorer.exe
[2013/08/03 20:07:11 | 000,193,351 | ---- | M] () MD5=40F1090D3F8710596260D34034F36713 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2013/08/03 20:07:21 | 000,190,101 | ---- | M] () MD5=71588483FEB001A0D8418CE3BFAFA339 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_b591aa9850d758e4\explorer.exe
[2013/07/30 20:38:03 | 000,221,955 | ---- | M] () MD5=7B0C49460F225C1D45327FA0589550C8 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2013/07/30 20:38:07 | 000,220,321 | ---- | M] () MD5=B34290AC927789614E4319EADA1ECA0F -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2013/07/30 20:38:05 | 000,220,310 | ---- | M] () MD5=C14C167928D2CD5A53F3FEEE7D585F60 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
[2013/08/03 20:07:14 | 000,191,911 | ---- | M] () MD5=CA27D8A185BE1BA6B419C98E472079A6 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2013/08/03 20:07:17 | 000,191,929 | ---- | M] () MD5=CD596ADDB366B33A5848C6620B4850C0 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2013/07/30 20:38:10 | 000,217,360 | ---- | M] () MD5=EAF85482EA33808804D4E3A6059CBF61 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_ab3d00461c7696e9\explorer.exe
[2013/06/01 02:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\SysWOW64\explorer.exe
[2013/06/01 02:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_b517df2b37ad1bdc\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2012/07/25 23:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\en-US\explorer.exe.mui
[2012/07/25 23:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2012/07/25 23:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_5ebc2e81fd6600eb\explorer.exe.mui
[2012/07/25 23:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_6910d8d431c6c2e6\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-03C49D11.PF  >
[2013/12/17 13:19:56 | 000,365,324 | ---- | M] () MD5=2F75C84891D0A39469B428A298A9B24B -- C:\Windows\Prefetch\EXPLORER.EXE-03C49D11.pf
 
< MD5 for: IEXPLORE.BAT  >
[2013/10/15 14:05:47 | 000,031,414 | ---- | M] () MD5=75C9C20DD9839BF287B43B0E179822DC -- C:\Users\Lisa\AppData\Local\Temp\jrt\iexplore.bat
 
< MD5 for: IEXPLORE.EXE  >
[2013/02/21 03:11:26 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=0A1FC149D1F01AEE5D66D42953CDD751 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20861_none_2b57ad3f3a4a8d28\iexplore.exe
[2013/11/28 08:36:48 | 000,000,400 | ---- | M] () MD5=148809C9A9FC71F68ED7E3AE2DFC34FB -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16721_none_422c229f209eac26\iexplore.exe
[2013/11/28 08:36:35 | 000,005,019 | ---- | M] () MD5=1720F8B07E97E3F77B645203BB001E28 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16433_none_424d651d2085a4ec\iexplore.exe
[2013/11/28 08:37:05 | 000,005,039 | ---- | M] () MD5=33E94E64AC362CBDBA976EBCEB3CF76B -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20848_none_2b550d333a4d0de1\iexplore.exe
[2013/11/28 08:36:52 | 000,005,024 | ---- | M] () MD5=432BA0AB1F35086D90119CF095B8C0BE -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20534_none_2b74d7cd3a353a33\iexplore.exe
[2013/11/28 08:36:59 | 000,005,022 | ---- | M] () MD5=4A3E31C9332D9EBAD385FB2EABB2A890 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20544_none_2b75d8173a34538a\iexplore.exe
[2013/11/26 18:47:42 | 000,000,383 | ---- | M] () MD5=5083E284D17ED01D0D09D7894EBBB5D4 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16721_none_37d7784cec3dea2b\iexplore.exe
[2013/11/26 18:47:45 | 000,005,624 | ---- | M] () MD5=64F62FBBE46B64E37DD99DF0EA54B581 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20544_none_21212dc505d3918f\iexplore.exe
[2013/02/21 04:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/02/21 04:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16736_none_37d806aeec3d83a7\iexplore.exe
[2013/02/21 04:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16750_none_37da8ff2ec3b1c8f\iexplore.exe
[2013/11/26 18:47:40 | 000,006,281 | ---- | M] () MD5=6AA7B8945701510EF8027BAEBBAF0440 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16433_none_37f8bacaec24e2f1\iexplore.exe
[2013/11/28 08:36:44 | 000,005,080 | ---- | M] () MD5=6FA2B5E7EDDB15B12B3515256241AF04 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16442_none_424e7c2f2084a4a2\iexplore.exe
[2013/11/28 08:36:28 | 000,006,706 | ---- | M] () MD5=8AE3E3ABB7B956C0F071BBE8160B5248 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16384_none_425d1fb32079214f\iexplore.exe
[2013/11/26 18:47:46 | 000,003,063 | ---- | M] () MD5=918190FD10268788E6FA3E388556D7A1 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20848_none_210062e105ec4be6\iexplore.exe
[2013/11/26 18:47:42 | 000,005,635 | ---- | M] () MD5=92AF6CF044F8DABDBDBF8CA9DAA639EB -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16442_none_37f9d1dcec23e2a7\iexplore.exe
[2013/10/12 08:33:28 | 000,005,039 | ---- | M] () MD5=A0438600105EFD16574AF8CC8B12EC17 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20831_none_2b54ac613a4d4123\iexplore.exe
[2013/10/12 08:24:30 | 000,003,063 | ---- | M] () MD5=B16764C4B0D6FF7262200C5BE84BFE95 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20831_none_2100020f05ec7f28\iexplore.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2013/11/26 18:47:39 | 000,006,786 | ---- | M] () MD5=BA663D697035497066529C1455A15EAF -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16384_none_38087560ec185f54\iexplore.exe
[2013/11/26 18:47:44 | 000,006,230 | ---- | M] () MD5=D21513ECD8581FBF5F771F7E71B4E2D1 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20534_none_21202d7b05d47838\iexplore.exe
[2013/02/21 03:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/02/21 03:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16736_none_422cb101209e45a2\iexplore.exe
[2013/02/21 03:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16750_none_422f3a45209bde8a\iexplore.exe
[2013/02/21 05:13:16 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=E61732C1203A6BCA2FFB91022CA48AC6 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20861_none_210302ed05e9cb2d\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2012/07/25 23:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2012/07/25 23:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2012/07/25 23:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_en-us_31b50ad823c5a03b\iexplore.exe.mui
[2012/07/25 23:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_en-us_3c09b52a58266236\iexplore.exe.mui
 
< MD5 for: IEXPLORE.EXE-7A9337F2.PF  >
[2013/12/17 13:51:49 | 000,145,706 | ---- | M] () MD5=68AA13A884B6FA04F57AD4A22AB57974 -- C:\Windows\Prefetch\IEXPLORE.EXE-7A9337F2.pf
 
< MD5 for: IEXPLORE.EXE-F4FB5D2F.PF  >
[2013/12/17 13:52:00 | 000,378,880 | ---- | M] () MD5=60CEB82DBEFDA4C3EF5756EA3F840F77 -- C:\Windows\Prefetch\IEXPLORE.EXE-F4FB5D2F.pf
 
< MD5 for: SERVICES  >
[2012/07/25 21:26:47 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.2.9200.16384_none_8e0944daeed62829\services
 
< MD5 for: SERVICES.DAT  >
[2013/11/05 14:18:20 | 000,003,117 | ---- | M] () MD5=5F3B95A58780ADA3F223F004CDEE9967 -- C:\Users\Lisa\AppData\Local\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2013/08/01 11:38:22 | 000,001,252 | ---- | M] () MD5=7DCB0592ACC14090E844BE0C2E9FB871 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea2e9f571eb2\services.exe
[2013/04/20 08:36:50 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\SysNative\services.exe
[2013/04/20 08:36:50 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d19863a6591\services.exe
[2013/08/01 11:38:21 | 000,038,189 | ---- | M] () MD5=BF5EE96FC30D9CC4A05294ABF8ACCB35 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26cd38667756c\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2012/07/25 23:50:12 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\Windows\SysNative\en-US\services.exe.mui
[2012/07/25 23:50:12 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_en-us_c2c6ee7bafb963b8\services.exe.mui
 
< MD5 for: SERVICES.JS  >
[2013/07/15 16:27:16 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingSports_2.0.0.310_x64__8wekyb3d8bbwe\common\js\services.js
[2013/02/05 12:47:46 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.7.0.38_x64__8wekyb3d8bbwe\common\js\services.js
[2013/02/05 12:43:08 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.7.0.38_x64__8wekyb3d8bbwe\common\js\services.js
[2013/01/02 14:23:16 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_1.7.0.26_x64__8wekyb3d8bbwe\common\js\services.js
[2013/01/02 14:54:24 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_1.7.0.26_x64__8wekyb3d8bbwe\common\js\services.js
[2013/02/05 12:43:26 | 000,069,359 | ---- | M] () MD5=80CE8A6918A7BDB5328F93F4A3BB26B0 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.8.0.51_x64__8wekyb3d8bbwe\common\js\services.js
 
< MD5 for: SERVICES.LNK  >
[2012/07/25 12:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 12:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 12:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2012/06/02 06:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2012/06/02 06:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\services.mof
 
< MD5 for: SERVICES.MSC  >
[2012/07/25 23:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\en-US\services.msc
[2012/06/02 06:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\services.msc
[2012/07/25 23:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2012/06/02 06:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2012/07/25 23:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_fd08be678622fdab\services.msc
[2012/06/02 06:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.msc
[2012/06/02 06:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_3282345b03dfdcd5\services.msc
[2012/07/25 23:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_a0ea22e3cdc58c75\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2012/07/25 12:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2012/07/25 12:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\Services.ptxml
 
< MD5 for: WINLOGON.ADML  >
[2012/07/25 23:50:44 | 000,008,017 | ---- | M] () MD5=C270056255498A723E7331EFF1AA162F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.2.9200.16384_en-us_edcdb8ec66a62fc0\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2012/06/02 06:34:22 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.2.9200.16384_none_d3d704270306719d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2013/08/01 22:20:14 | 000,053,876 | ---- | M] () MD5=5229AAF776543F43B9D850FACAB6335A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2013/08/01 22:20:15 | 000,053,884 | ---- | M] () MD5=6126E0297D1DD8348EB43861D35CD2CD -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2013/08/01 22:20:15 | 000,001,620 | ---- | M] () MD5=9ED16A9330B55AAC2C401A25A8FFCC9B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2013/04/20 08:49:31 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SysNative\winlogon.exe
[2013/04/20 08:49:31 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2013/08/01 22:20:14 | 000,053,889 | ---- | M] () MD5=FCDEF63C2DA0E25746A33E6E1BAE6E8E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2012/07/25 23:50:31 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2012/07/25 23:50:31 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.2.9200.16384_en-us_23c238ef8ddaa831\winlogon.exe.mui
 
< MD5 for: WINLOGON.EXE-0D9AB72B.PF  >
[2013/12/17 13:19:42 | 000,025,096 | ---- | M] () MD5=6EA9C82E8EFB3629384BF4BDA2F76EA2 -- C:\Windows\Prefetch\WINLOGON.EXE-0D9AB72B.pf
 
< MD5 for: WINLOGON.MFL  >
[2012/07/25 23:50:31 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2012/07/25 23:50:31 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.2.9200.16384_en-us_81848abaa91301c6\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2012/07/25 12:30:16 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2012/07/25 12:30:16 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.2.9200.16384_none_d9027134ffac135f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2012/07/25 19:44:30 | 000,398,156 | RHS- | M] () -- C:\bootmgr
[2012/06/02 06:30:55 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
[2012/08/03 15:21:37 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013/12/17 14:41:51 | 2484,092,927 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/15 12:23:27 | 000,921,654 | ---- | M] () -- C:\image.bmp
[2013/12/17 14:41:54 | 1275,068,416 | -HS- | M] () -- C:\pagefile.sys
[2013/12/17 14:41:54 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/12/15 17:23:55 | 000,232,384 | ---- | M] () -- C:\TDSSKiller.3.0.0.19_15.12.2013_17.22.54_log.txt
[2013/12/16 18:20:36 | 000,231,910 | ---- | M] () -- C:\TDSSKiller.3.0.0.19_16.12.2013_18.19.38_log.txt
 
< %systemroot%\Fonts\*.com >
[2012/08/03 14:37:24 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2012/08/03 14:37:24 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2012/08/03 14:37:24 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2012/08/03 14:37:24 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2012/07/26 00:11:41 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2012/09/12 14:57:44 | 000,322,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2012/07/26 00:11:35 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is Windows
 Volume Serial Number is 8601-2E83
 Directory of C:\
07/25/2012  11:22 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/25/2012  11:22 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/25/2012  11:22 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/25/2012  11:22 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/25/2012  11:22 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/25/2012  11:22 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/25/2012  11:22 PM    <SYMLINKD>     All Users [C:\ProgramData]
07/25/2012  11:22 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator
08/14/2013  11:09 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Roaming]
08/14/2013  11:09 AM    <JUNCTION>     Cookies [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies]
08/14/2013  11:09 AM    <JUNCTION>     Local Settings [C:\Users\Administrator\AppData\Local]
08/14/2013  11:09 AM    <JUNCTION>     My Documents [C:\Users\Administrator\Documents]
08/14/2013  11:09 AM    <JUNCTION>     NetHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/14/2013  11:09 AM    <JUNCTION>     PrintHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/14/2013  11:09 AM    <JUNCTION>     Recent [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent]
08/14/2013  11:09 AM    <JUNCTION>     SendTo [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo]
08/14/2013  11:09 AM    <JUNCTION>     Start Menu [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu]
08/14/2013  11:09 AM    <JUNCTION>     Templates [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\AppData\Local
08/14/2013  11:09 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
08/14/2013  11:09 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
08/14/2013  11:09 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\Documents
08/14/2013  11:09 AM    <JUNCTION>     My Music [C:\Users\Administrator\Music]
08/14/2013  11:09 AM    <JUNCTION>     My Pictures [C:\Users\Administrator\Pictures]
08/14/2013  11:09 AM    <JUNCTION>     My Videos [C:\Users\Administrator\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/25/2012  11:22 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/25/2012  11:22 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/25/2012  11:22 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/25/2012  11:22 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/25/2012  11:22 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/25/2012  11:22 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/25/2012  11:22 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/25/2012  11:22 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/25/2012  11:22 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/25/2012  11:22 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/25/2012  11:22 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/25/2012  11:22 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/25/2012  11:22 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/25/2012  11:22 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/25/2012  11:22 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/25/2012  11:22 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/25/2012  11:22 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/25/2012  11:22 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/25/2012  11:22 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/25/2012  11:22 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/25/2012  11:22 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Lisa
07/14/2013  02:23 PM    <JUNCTION>     Application Data [C:\Users\Lisa\AppData\Roaming]
07/14/2013  02:23 PM    <JUNCTION>     Cookies [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2013  02:23 PM    <JUNCTION>     Local Settings [C:\Users\Lisa\AppData\Local]
07/14/2013  02:23 PM    <JUNCTION>     My Documents [C:\Users\Lisa\Documents]
07/14/2013  02:23 PM    <JUNCTION>     NetHood [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2013  02:23 PM    <JUNCTION>     PrintHood [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2013  02:23 PM    <JUNCTION>     Recent [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2013  02:23 PM    <JUNCTION>     SendTo [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2013  02:23 PM    <JUNCTION>     Start Menu [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2013  02:23 PM    <JUNCTION>     Templates [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Lisa\AppData\Local
07/14/2013  02:23 PM    <JUNCTION>     Application Data [C:\Users\Lisa\AppData\Local]
07/14/2013  02:23 PM    <JUNCTION>     History [C:\Users\Lisa\AppData\Local\Microsoft\Windows\History]
07/14/2013  02:23 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Lisa\Documents
07/14/2013  02:23 PM    <JUNCTION>     My Music [C:\Users\Lisa\Music]
07/14/2013  02:23 PM    <JUNCTION>     My Pictures [C:\Users\Lisa\Pictures]
07/14/2013  02:23 PM    <JUNCTION>     My Videos [C:\Users\Lisa\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/25/2012  11:22 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/25/2012  11:22 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/25/2012  11:22 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              64 Dir(s)  896,815,943,680 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/07/14 14:30:43 | 000,000,223 | -HS- | M] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< End of report >

OTL logfile created on: 12/17/2013 3:15:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lisa\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.89 Gb Total Physical Memory | 6.23 Gb Available Physical Memory | 78.96% Memory free
9.08 Gb Paging File | 7.50 Gb Available in Paging File | 82.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 904.87 Gb Total Space | 835.38 Gb Free Space | 92.32% Space Free | Partition Type: NTFS
Drive D: | 25.87 Gb Total Space | 2.60 Gb Free Space | 10.06% Space Free | Partition Type: NTFS
 
Computer Name: SATELLITE | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lisa\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass\TouchControl.exe (AuthenTec Inc.)
PRC - C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe ()
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)
PRC - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7d7b887e33aafaadae040bb07fa959bb\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e6606a84f8a4cdc18c74e63ec807c689\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\79e8b7b183668471ab364d4132fb8018\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fc5d4ada42ed8e9a30b64912f5dc9767\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1b46657236c1f942f9dbaf6aac73bb49\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\624ad6159b6e241ad6d28bf4dca9f14b\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3603744988436295da5d16e76038e484\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\375a937eec7d6faa53ac11ab2973eb76\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\1fc03f9a739f1ac6b62134debfafd32b\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e3a9f3d64adfb3c69b49d37368bf454\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\d1ce70bf6cbab6ab838cbd8b50e902c1\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe ()
MOD - C:\Program Files (x86)\HP SimplePass\DownloadManager.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (valWBFPolicyService) -- C:\Windows\SysNative\valWBFPolicyService.exe ()
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (ISCTAgent) -- C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe ()
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (TrueService) -- C:\Program Files\Common Files\AuthenTec\TrueService.exe (AuthenTec, Inc.)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel® Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV - (HPWMISVC) -- c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Intel® -- C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Intel Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (WPRO_41_2001) -- C:\Windows\SysNative\Drivers\WPRO_41_2001.sys ()
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (NETwNe64) -- C:\Windows\SysNative\Drivers\NETwew00.sys (Intel Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symds64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symnets.sys (Symantec Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\Drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\Drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\Drivers\btmhsf.sys (Motorola Solutions, Inc.)
DRV:64bit: - (ISCT) -- C:\Windows\SysNative\Drivers\ISCTD64.sys ()
DRV:64bit: - (imsevent) -- C:\Windows\SysNative\Drivers\imsevent.sys ()
DRV:64bit: - (ikbevent) -- C:\Windows\SysNative\Drivers\ikbevent.sys ()
DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys (Synaptics Incorporated)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\Drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (XHCIPort) -- C:\Windows\SysNative\Drivers\xHCIPort.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (usb3Hub) -- C:\Windows\SysNative\Drivers\usb3Hub.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\Drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\Drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (RSP2STOR) -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\Drivers\btmaux.sys (Motorola Solutions, Inc.)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (WirelessButtonDriver) -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys (CyberLink)
DRV:64bit: - (SymELAM) -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symelam.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131203.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131207.001\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131210.004\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131210.004\eng64.sys (Symantec Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@authentec.com/ffwloplugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Lisa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2013/12/15 11:20:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2013/12/15 11:20:00 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Simple Pass (Enabled) = C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
CHR - Extension: Google Docs = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Website Logon = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm\6.0.100_0\
CHR - Extension: Norton Identity Protection = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.2.3_0\
CHR - Extension: Google Wallet = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/07/25 21:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Lisa\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CD4B4D5-82D2-41E9-B370-C6F7F64D943F}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{36bbfca9-ef39-11e2-be7a-606c6697e978}\Shell - "" = AutoRun
O33 - MountPoints2\{36bbfca9-ef39-11e2-be7a-606c6697e978}\Shell\AutoRun\command - "" = "F:\LaunchU3.exe" -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/17 14:03:06 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Autorun
[2013/12/15 12:10:56 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/12/15 12:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/12/15 12:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/12/15 12:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/12/15 11:35:50 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/12/15 10:14:38 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes
[2013/12/15 10:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/15 10:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/15 10:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/15 10:01:58 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/15 09:46:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/14 22:28:41 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\NPE
[2013/12/14 22:09:29 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\EMCO
[2013/12/14 22:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCO
[2013/12/14 22:09:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EMCO
[2013/12/14 21:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/12/14 21:30:49 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\cache
[2013/12/14 21:28:02 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Programs
[2013/12/10 16:08:45 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/12/10 16:08:43 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/12/10 16:08:14 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/10 16:08:14 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/12/10 16:08:01 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/10 16:07:59 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013/12/10 16:07:28 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/10 16:07:26 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/10 16:07:16 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2013/12/10 16:07:16 | 000,773,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013/12/10 16:07:16 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2013/12/10 16:07:16 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\resutils.dll
[2013/12/10 16:07:16 | 000,488,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\resutils.dll
[2013/12/10 16:07:16 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\clusapi.dll
[2013/12/10 16:07:15 | 000,447,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2013/12/10 16:07:15 | 000,302,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\clusapi.dll
[2013/12/10 16:07:15 | 000,285,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys
[2013/12/10 16:07:14 | 001,622,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013/12/10 16:07:14 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2013/12/10 16:07:14 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2013/12/10 16:07:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013/12/10 16:07:14 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2013/12/10 16:07:14 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013/12/10 16:07:14 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2013/12/10 16:07:14 | 000,059,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013/12/10 16:07:14 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013/12/10 16:07:14 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2013/12/10 16:07:07 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrobj.dll
[2013/12/10 16:07:07 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/10 16:07:07 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrobj.dll
[2013/12/10 16:07:07 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/10 16:07:07 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/10 16:07:07 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/10 16:07:07 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/10 16:07:06 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/10 16:07:06 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/10 16:07:03 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/10 16:07:03 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/11/29 22:22:37 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\FreeAudioPack
[2013/11/29 22:22:26 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudFile.dll
[2013/11/29 22:22:26 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioInfos.dll
[2013/11/29 22:22:26 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudPlayer.dll
[2013/11/29 22:22:26 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\WMAFile.dll
[2013/11/29 22:22:26 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTL32.OCX
[2013/11/29 22:22:26 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6FR.DLL
[2013/11/29 22:22:26 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinet.OCX
[2013/11/29 22:22:26 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL
[2013/11/29 22:22:26 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTFR.DLL
[2013/11/29 22:22:26 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetfr.DLL
[2013/11/29 22:22:25 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomctl.ocx
[2013/11/29 22:22:25 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2013/11/29 22:22:25 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2013/11/29 22:22:25 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCFR.DLL
[2013/11/29 22:22:25 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mscc2fr.dll
[2013/11/29 22:22:25 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CMDLGFR.DLL
[2013/11/29 22:21:58 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\koyotesoftmoviestoolbarha
[2013/11/21 18:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013/11/21 18:49:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2013/11/19 18:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2013/11/19 18:32:05 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\AVS4YOU
[2013/11/19 18:29:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/17 15:11:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/17 14:47:11 | 000,942,930 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/17 14:47:11 | 000,784,932 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/17 14:47:11 | 000,158,904 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/17 14:43:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/17 14:42:31 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/17 14:42:18 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2013/12/17 14:41:54 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/12/17 14:41:51 | 2484,092,927 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/17 13:51:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4010294108-2334131078-565910296-1001UA.job
[2013/12/16 16:51:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4010294108-2334131078-565910296-1001Core.job
[2013/12/15 17:27:55 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLisa.job
[2013/12/15 12:10:56 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/12/15 12:05:09 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/12/15 11:46:02 | 000,432,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/15 11:35:52 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/10 16:03:21 | 002,719,223 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
[2013/12/05 17:13:02 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/03 16:53:54 | 000,694,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/03 16:53:54 | 000,078,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/22 22:43:58 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/11/22 21:05:01 | 000,368,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/15 12:05:09 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/12/15 11:45:51 | 000,432,288 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/15 11:35:52 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/10 16:07:14 | 000,385,528 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/11/29 22:22:26 | 000,116,296 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx
[2013/09/10 20:06:13 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/08/15 12:22:40 | 000,000,136 | ---- | C] () -- C:\Windows\qawin32.INI
[2013/03/19 21:32:02 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/03/19 21:32:00 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/03/19 21:29:26 | 019,586,560 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
[2012/12/10 13:12:50 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/08/03 14:40:09 | 000,959,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/26 00:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 00:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/25 23:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 17:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 12:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 12:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 12:22:56 | 000,733,840 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/07/25 12:22:56 | 000,492,340 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/07/25 12:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 12:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 12:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/06/02 06:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2013/04/20 08:45:41 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/01 22:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/01 21:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 19:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 19:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 19:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/12/15 11:17:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\EMCO
[2013/11/29 22:22:37 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FreeAudioPack
[2013/10/04 14:00:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\IDT
[2013/07/14 14:24:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Synaptics
[2013/07/26 07:09:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WebApp
[2013/11/06 22:15:59 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.0.LOCALSETTINGUNIT  >
[2013/12/17 15:13:47 | 000,000,363 | -HS- | M] () MD5=3D0365583FE86BC4107FC52A9245045B -- C:\Users\Lisa\AppData\Local\Microsoft\Windows\Live\Roaming\LocalCache\windows-explorer\Explorer.0.localsettingunit
 
< MD5 for: EXPLORER.ADML  >
[2012/07/25 23:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16384_en-us_7bca26f6f419a854\Explorer.adml
[2012/07/25 23:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16433_en-us_7bff382ef3f2006f\Explorer.adml
[2012/07/25 23:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16726_en-us_7c0d0eaaf3e727f8\Explorer.adml
[2012/07/25 23:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.20534_en-us_7c89d5440d0eb990\Explorer.adml
[2012/07/25 23:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.20837_en-us_7c8cdbd40d0bfd0a\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2012/06/02 06:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16384_none_6e8451187a9a1607\Explorer.admx
[2012/06/02 06:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16420_none_6ec1315e7a6d062c\Explorer.admx
[2012/06/02 06:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16433_none_6eb962507a726e22\Explorer.admx
[2012/06/02 06:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.20521_none_6f4bce739389bf4d\Explorer.admx
[2012/06/02 06:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.20534_none_6f43ff65938f2743\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2013/06/01 03:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\explorer.exe
[2013/06/01 03:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_aac334d9034c59e1\explorer.exe
[2013/08/03 20:07:11 | 000,193,351 | ---- | M] () MD5=40F1090D3F8710596260D34034F36713 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2013/08/03 20:07:21 | 000,190,101 | ---- | M] () MD5=71588483FEB001A0D8418CE3BFAFA339 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_b591aa9850d758e4\explorer.exe
[2013/07/30 20:38:03 | 000,221,955 | ---- | M] () MD5=7B0C49460F225C1D45327FA0589550C8 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2013/07/30 20:38:07 | 000,220,321 | ---- | M] () MD5=B34290AC927789614E4319EADA1ECA0F -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2013/07/30 20:38:05 | 000,220,310 | ---- | M] () MD5=C14C167928D2CD5A53F3FEEE7D585F60 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
[2013/08/03 20:07:14 | 000,191,911 | ---- | M] () MD5=CA27D8A185BE1BA6B419C98E472079A6 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2013/08/03 20:07:17 | 000,191,929 | ---- | M] () MD5=CD596ADDB366B33A5848C6620B4850C0 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2013/07/30 20:38:10 | 000,217,360 | ---- | M] () MD5=EAF85482EA33808804D4E3A6059CBF61 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_ab3d00461c7696e9\explorer.exe
[2013/06/01 02:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\SysWOW64\explorer.exe
[2013/06/01 02:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_b517df2b37ad1bdc\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2012/07/25 23:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\en-US\explorer.exe.mui
[2012/07/25 23:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2012/07/25 23:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_5ebc2e81fd6600eb\explorer.exe.mui
[2012/07/25 23:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_6910d8d431c6c2e6\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-03C49D11.PF  >
[2013/12/17 13:19:56 | 000,365,324 | ---- | M] () MD5=2F75C84891D0A39469B428A298A9B24B -- C:\Windows\Prefetch\EXPLORER.EXE-03C49D11.pf
 
< MD5 for: IEXPLORE.BAT  >
[2013/10/15 14:05:47 | 000,031,414 | ---- | M] () MD5=75C9C20DD9839BF287B43B0E179822DC -- C:\Users\Lisa\AppData\Local\Temp\jrt\iexplore.bat
 
< MD5 for: IEXPLORE.EXE  >
[2013/02/21 03:11:26 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=0A1FC149D1F01AEE5D66D42953CDD751 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20861_none_2b57ad3f3a4a8d28\iexplore.exe
[2013/11/28 08:36:48 | 000,000,400 | ---- | M] () MD5=148809C9A9FC71F68ED7E3AE2DFC34FB -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16721_none_422c229f209eac26\iexplore.exe
[2013/11/28 08:36:35 | 000,005,019 | ---- | M] () MD5=1720F8B07E97E3F77B645203BB001E28 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16433_none_424d651d2085a4ec\iexplore.exe
[2013/11/28 08:37:05 | 000,005,039 | ---- | M] () MD5=33E94E64AC362CBDBA976EBCEB3CF76B -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20848_none_2b550d333a4d0de1\iexplore.exe
[2013/11/28 08:36:52 | 000,005,024 | ---- | M] () MD5=432BA0AB1F35086D90119CF095B8C0BE -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20534_none_2b74d7cd3a353a33\iexplore.exe
[2013/11/28 08:36:59 | 000,005,022 | ---- | M] () MD5=4A3E31C9332D9EBAD385FB2EABB2A890 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20544_none_2b75d8173a34538a\iexplore.exe
[2013/11/26 18:47:42 | 000,000,383 | ---- | M] () MD5=5083E284D17ED01D0D09D7894EBBB5D4 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16721_none_37d7784cec3dea2b\iexplore.exe
[2013/11/26 18:47:45 | 000,005,624 | ---- | M] () MD5=64F62FBBE46B64E37DD99DF0EA54B581 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20544_none_21212dc505d3918f\iexplore.exe
[2013/02/21 04:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/02/21 04:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16736_none_37d806aeec3d83a7\iexplore.exe
[2013/02/21 04:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16750_none_37da8ff2ec3b1c8f\iexplore.exe
[2013/11/26 18:47:40 | 000,006,281 | ---- | M] () MD5=6AA7B8945701510EF8027BAEBBAF0440 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16433_none_37f8bacaec24e2f1\iexplore.exe
[2013/11/28 08:36:44 | 000,005,080 | ---- | M] () MD5=6FA2B5E7EDDB15B12B3515256241AF04 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16442_none_424e7c2f2084a4a2\iexplore.exe
[2013/11/28 08:36:28 | 000,006,706 | ---- | M] () MD5=8AE3E3ABB7B956C0F071BBE8160B5248 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16384_none_425d1fb32079214f\iexplore.exe
[2013/11/26 18:47:46 | 000,003,063 | ---- | M] () MD5=918190FD10268788E6FA3E388556D7A1 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20848_none_210062e105ec4be6\iexplore.exe
[2013/11/26 18:47:42 | 000,005,635 | ---- | M] () MD5=92AF6CF044F8DABDBDBF8CA9DAA639EB -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16442_none_37f9d1dcec23e2a7\iexplore.exe
[2013/10/12 08:33:28 | 000,005,039 | ---- | M] () MD5=A0438600105EFD16574AF8CC8B12EC17 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20831_none_2b54ac613a4d4123\iexplore.exe
[2013/10/12 08:24:30 | 000,003,063 | ---- | M] () MD5=B16764C4B0D6FF7262200C5BE84BFE95 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20831_none_2100020f05ec7f28\iexplore.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2013/11/26 18:47:39 | 000,006,786 | ---- | M] () MD5=BA663D697035497066529C1455A15EAF -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16384_none_38087560ec185f54\iexplore.exe
[2013/11/26 18:47:44 | 000,006,230 | ---- | M] () MD5=D21513ECD8581FBF5F771F7E71B4E2D1 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20534_none_21202d7b05d47838\iexplore.exe
[2013/02/21 03:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/02/21 03:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16736_none_422cb101209e45a2\iexplore.exe
[2013/02/21 03:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16750_none_422f3a45209bde8a\iexplore.exe
[2013/02/21 05:13:16 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=E61732C1203A6BCA2FFB91022CA48AC6 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20861_none_210302ed05e9cb2d\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2012/07/25 23:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2012/07/25 23:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2012/07/25 23:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_en-us_31b50ad823c5a03b\iexplore.exe.mui
[2012/07/25 23:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C724BBF739D40D8AA3023943F3450A7 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_en-us_3c09b52a58266236\iexplore.exe.mui
 
< MD5 for: IEXPLORE.EXE-7A9337F2.PF  >
[2013/12/17 13:51:49 | 000,145,706 | ---- | M] () MD5=68AA13A884B6FA04F57AD4A22AB57974 -- C:\Windows\Prefetch\IEXPLORE.EXE-7A9337F2.pf
 
< MD5 for: IEXPLORE.EXE-F4FB5D2F.PF  >
[2013/12/17 13:52:00 | 000,378,880 | ---- | M] () MD5=60CEB82DBEFDA4C3EF5756EA3F840F77 -- C:\Windows\Prefetch\IEXPLORE.EXE-F4FB5D2F.pf
 
< MD5 for: SERVICES  >
[2012/07/25 21:26:47 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.2.9200.16384_none_8e0944daeed62829\services
 
< MD5 for: SERVICES.DAT  >
[2013/11/05 14:18:20 | 000,003,117 | ---- | M] () MD5=5F3B95A58780ADA3F223F004CDEE9967 -- C:\Users\Lisa\AppData\Local\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2013/08/01 11:38:22 | 000,001,252 | ---- | M] () MD5=7DCB0592ACC14090E844BE0C2E9FB871 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea2e9f571eb2\services.exe
[2013/04/20 08:36:50 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\SysNative\services.exe
[2013/04/20 08:36:50 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d19863a6591\services.exe
[2013/08/01 11:38:21 | 000,038,189 | ---- | M] () MD5=BF5EE96FC30D9CC4A05294ABF8ACCB35 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26cd38667756c\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2012/07/25 23:50:12 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\Windows\SysNative\en-US\services.exe.mui
[2012/07/25 23:50:12 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_en-us_c2c6ee7bafb963b8\services.exe.mui
 
< MD5 for: SERVICES.JS  >
[2013/07/15 16:27:16 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingSports_2.0.0.310_x64__8wekyb3d8bbwe\common\js\services.js
[2013/02/05 12:47:46 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.7.0.38_x64__8wekyb3d8bbwe\common\js\services.js
[2013/02/05 12:43:08 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.7.0.38_x64__8wekyb3d8bbwe\common\js\services.js
[2013/01/02 14:23:16 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_1.7.0.26_x64__8wekyb3d8bbwe\common\js\services.js
[2013/01/02 14:54:24 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_1.7.0.26_x64__8wekyb3d8bbwe\common\js\services.js
[2013/02/05 12:43:26 | 000,069,359 | ---- | M] () MD5=80CE8A6918A7BDB5328F93F4A3BB26B0 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.8.0.51_x64__8wekyb3d8bbwe\common\js\services.js
 
< MD5 for: SERVICES.LNK  >
[2012/07/25 12:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 12:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 12:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2012/06/02 06:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2012/06/02 06:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\services.mof
 
< MD5 for: SERVICES.MSC  >
[2012/07/25 23:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\en-US\services.msc
[2012/06/02 06:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\services.msc
[2012/07/25 23:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2012/06/02 06:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2012/07/25 23:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_fd08be678622fdab\services.msc
[2012/06/02 06:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.msc
[2012/06/02 06:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_3282345b03dfdcd5\services.msc
[2012/07/25 23:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_a0ea22e3cdc58c75\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2012/07/25 12:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2012/07/25 12:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\Services.ptxml
 
< MD5 for: WINLOGON.ADML  >
[2012/07/25 23:50:44 | 000,008,017 | ---- | M] () MD5=C270056255498A723E7331EFF1AA162F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.2.9200.16384_en-us_edcdb8ec66a62fc0\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2012/06/02 06:34:22 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.2.9200.16384_none_d3d704270306719d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2013/08/01 22:20:14 | 000,053,876 | ---- | M] () MD5=5229AAF776543F43B9D850FACAB6335A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2013/08/01 22:20:15 | 000,053,884 | ---- | M] () MD5=6126E0297D1DD8348EB43861D35CD2CD -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2013/08/01 22:20:15 | 000,001,620 | ---- | M] () MD5=9ED16A9330B55AAC2C401A25A8FFCC9B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2013/04/20 08:49:31 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SysNative\winlogon.exe
[2013/04/20 08:49:31 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2013/08/01 22:20:14 | 000,053,889 | ---- | M] () MD5=FCDEF63C2DA0E25746A33E6E1BAE6E8E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2012/07/25 23:50:31 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2012/07/25 23:50:31 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.2.9200.16384_en-us_23c238ef8ddaa831\winlogon.exe.mui
 
< MD5 for: WINLOGON.EXE-0D9AB72B.PF  >
[2013/12/17 13:19:42 | 000,025,096 | ---- | M] () MD5=6EA9C82E8EFB3629384BF4BDA2F76EA2 -- C:\Windows\Prefetch\WINLOGON.EXE-0D9AB72B.pf
 
< MD5 for: WINLOGON.MFL  >
[2012/07/25 23:50:31 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2012/07/25 23:50:31 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.2.9200.16384_en-us_81848abaa91301c6\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2012/07/25 12:30:16 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2012/07/25 12:30:16 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.2.9200.16384_none_d9027134ffac135f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2012/07/25 19:44:30 | 000,398,156 | RHS- | M] () -- C:\bootmgr
[2012/06/02 06:30:55 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
[2012/08/03 15:21:37 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013/12/17 14:41:51 | 2484,092,927 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/15 12:23:27 | 000,921,654 | ---- | M] () -- C:\image.bmp
[2013/12/17 14:41:54 | 1275,068,416 | -HS- | M] () -- C:\pagefile.sys
[2013/12/17 14:41:54 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/12/15 17:23:55 | 000,232,384 | ---- | M] () -- C:\TDSSKiller.3.0.0.19_15.12.2013_17.22.54_log.txt
[2013/12/16 18:20:36 | 000,231,910 | ---- | M] () -- C:\TDSSKiller.3.0.0.19_16.12.2013_18.19.38_log.txt
 
< %systemroot%\Fonts\*.com >
[2012/08/03 14:37:24 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2012/08/03 14:37:24 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2012/08/03 14:37:24 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2012/08/03 14:37:24 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2012/07/26 00:11:41 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2012/09/12 14:57:44 | 000,322,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2012/07/26 00:11:35 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is Windows
 Volume Serial Number is 8601-2E83
 Directory of C:\
07/25/2012  11:22 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/25/2012  11:22 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/25/2012  11:22 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/25/2012  11:22 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/25/2012  11:22 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/25/2012  11:22 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/25/2012  11:22 PM    <SYMLINKD>     All Users [C:\ProgramData]
07/25/2012  11:22 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator
08/14/2013  11:09 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Roaming]
08/14/2013  11:09 AM    <JUNCTION>     Cookies [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies]
08/14/2013  11:09 AM    <JUNCTION>     Local Settings [C:\Users\Administrator\AppData\Local]
08/14/2013  11:09 AM    <JUNCTION>     My Documents [C:\Users\Administrator\Documents]
08/14/2013  11:09 AM    <JUNCTION>     NetHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/14/2013  11:09 AM    <JUNCTION>     PrintHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/14/2013  11:09 AM    <JUNCTION>     Recent [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent]
08/14/2013  11:09 AM    <JUNCTION>     SendTo [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo]
08/14/2013  11:09 AM    <JUNCTION>     Start Menu [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu]
08/14/2013  11:09 AM    <JUNCTION>     Templates [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\AppData\Local
08/14/2013  11:09 AM    <JUNCTION>     Application Data [C:\Users\Administrator\AppData\Local]
08/14/2013  11:09 AM    <JUNCTION>     History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
08/14/2013  11:09 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator\Documents
08/14/2013  11:09 AM    <JUNCTION>     My Music [C:\Users\Administrator\Music]
08/14/2013  11:09 AM    <JUNCTION>     My Pictures [C:\Users\Administrator\Pictures]
08/14/2013  11:09 AM    <JUNCTION>     My Videos [C:\Users\Administrator\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/25/2012  11:22 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/25/2012  11:22 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/25/2012  11:22 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/25/2012  11:22 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/25/2012  11:22 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/25/2012  11:22 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/25/2012  11:22 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/25/2012  11:22 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/25/2012  11:22 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/25/2012  11:22 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/25/2012  11:22 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/25/2012  11:22 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/25/2012  11:22 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/25/2012  11:22 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/25/2012  11:22 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/25/2012  11:22 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/25/2012  11:22 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/25/2012  11:22 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/25/2012  11:22 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/25/2012  11:22 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/25/2012  11:22 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Lisa
07/14/2013  02:23 PM    <JUNCTION>     Application Data [C:\Users\Lisa\AppData\Roaming]
07/14/2013  02:23 PM    <JUNCTION>     Cookies [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2013  02:23 PM    <JUNCTION>     Local Settings [C:\Users\Lisa\AppData\Local]
07/14/2013  02:23 PM    <JUNCTION>     My Documents [C:\Users\Lisa\Documents]
07/14/2013  02:23 PM    <JUNCTION>     NetHood [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2013  02:23 PM    <JUNCTION>     PrintHood [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2013  02:23 PM    <JUNCTION>     Recent [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2013  02:23 PM    <JUNCTION>     SendTo [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2013  02:23 PM    <JUNCTION>     Start Menu [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2013  02:23 PM    <JUNCTION>     Templates [C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Lisa\AppData\Local
07/14/2013  02:23 PM    <JUNCTION>     Application Data [C:\Users\Lisa\AppData\Local]
07/14/2013  02:23 PM    <JUNCTION>     History [C:\Users\Lisa\AppData\Local\Microsoft\Windows\History]
07/14/2013  02:23 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Lisa\Documents
07/14/2013  02:23 PM    <JUNCTION>     My Music [C:\Users\Lisa\Music]
07/14/2013  02:23 PM    <JUNCTION>     My Pictures [C:\Users\Lisa\Pictures]
07/14/2013  02:23 PM    <JUNCTION>     My Videos [C:\Users\Lisa\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/25/2012  11:22 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/25/2012  11:22 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/25/2012  11:22 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              64 Dir(s)  896,815,943,680 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/07/14 14:30:43 | 000,000,223 | -HS- | M] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< End of report >
_________________________________________________________________________
 

OTL Extras

 

OTL Extras logfile created on: 12/17/2013 3:15:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lisa\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.89 Gb Total Physical Memory | 6.23 Gb Available Physical Memory | 78.96% Memory free
9.08 Gb Paging File | 7.50 Gb Available in Paging File | 82.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 904.87 Gb Total Space | 835.38 Gb Free Space | 92.32% Space Free | Partition Type: NTFS
Drive D: | 25.87 Gb Total Space | 2.60 Gb Free Space | 10.06% Space Free | Partition Type: NTFS
 
Computer Name: SATELLITE | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3DC332DE-758E-4C21-AB40-3EDC316C1C90}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A30A2770-D288-4FDF-A86A-09CC5D82E8C7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E3DC168D-75D1-4789-AE01-E8EC1EDEA9EB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0058C0CE-B6B4-4052-9919-B3C677C73ACD}" = dir=out | name=norton studio | 
"{00995CB6-2AEF-4143-91CE-A56BD140B760}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{023CD94F-366A-4E67-83CB-1D2A0F914437}" = dir=in | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{037BA702-3F42-4371-8929-7EEACD23CCC6}" = dir=out | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{057A6F8E-C9CA-49BA-BDA5-583253685FC1}" = dir=in | app=c:\users\lisa\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{0A8E05AC-AB8D-4508-B33F-967D338AC8B3}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{0C3E33C4-8237-418A-B24E-0B30DFF0B308}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0E1641A2-FFC6-4DBE-9513-D390A7C24ED3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0E73424B-BB9B-43D5-980E-2F525B672427}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{100BCEBE-A209-42C3-AA73-ED422C3172A6}" = dir=out | name=box | 
"{137A07B2-4019-48CF-9BC4-72E4220359E5}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 | 
"{19E572E7-B1B6-4420-A961-3D5532F69B09}" = dir=out | name=getting started with windows 8 | 
"{1C2FD6E7-64FA-4219-8B7A-54443195E4E6}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{1EE74662-FCCA-47D6-9B47-3D284AD75331}" = dir=in | name=box | 
"{1F9984DF-D695-414E-9FCC-D897AEE39F2C}" = dir=out | name=youcam for hp | 
"{216D86B3-61DE-415D-8E8F-54745EE7A27B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{227A7FCD-4E66-4C4E-8339-3BE4C3FC5308}" = dir=out | name=microsoft solitaire collection | 
"{2561F5AD-8461-4493-ABBC-F952A9122F82}" = dir=out | name=google search | 
"{277EFFFD-7414-49C6-A224-E89C548055E6}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{27D4386F-9285-4D02-BA16-9A278ED0BEB3}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{321E9324-C149-4CBA-B3CE-51039BC0800D}" = dir=out | name=microsoft mahjong | 
"{32444CA9-696F-4178-B88B-E8A4A3C31611}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | 
"{338245C4-9379-4B43-8BEE-B965CF786ACC}" = dir=out | name=getting started with windows 8 | 
"{3557FAFE-A818-4A93-96BD-DCB64EEFED5F}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{399BB673-852E-403F-BF19-CFAE98E97641}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{3AE9F6BF-1A1E-4095-B790-8C1B36325F6E}" = dir=out | name=netflix | 
"{3B82BFE8-1B01-45AE-840B-55F613D4DABB}" = dir=in | name=hp connected photo powered by snapfish | 
"{438D4247-1EA2-4258-9438-930584A15A03}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{472D6057-D1EC-4710-87CF-126D83D53565}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{4A7B783C-60E8-4A68-9FF2-28DF8514740D}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{4BC7B09D-44A4-45B2-8E20-4B5607F429B0}" = dir=out | name=hp connected photo powered by snapfish | 
"{543D3769-B0C1-4C25-BC99-925D840E5BDC}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{578EDF0B-6F0C-42BB-A72F-96E14E1A55D0}" = dir=out | name=microsoft solitaire collection | 
"{579248A4-AD14-44F3-AF96-2DE65A60D428}" = dir=in | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe | 
"{5B362DCE-55F6-4E7C-92E2-812320D88713}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{5DEF7419-337B-4C54-A328-DB836FA3F0D0}" = dir=out | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{5F684380-13B2-4156-B302-70DA26EC69CF}" = dir=out | name=box | 
"{61CDBA36-71F9-484B-A100-A478B3B0CCE8}" = dir=out | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe | 
"{652C1617-2342-49D9-B15A-1E53C3060654}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{65EF33E0-E199-49A7-B20B-779CF3CAE8E2}" = dir=out | name=norton studio | 
"{67BDF136-4262-4D11-8F72-B361210DCECA}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{7326C964-7A49-4BBC-8D4B-F560113C58A0}" = dir=out | name=hp registration | 
"{74D6CE52-F8EE-4155-A05E-210694FFDFAF}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{75EBC208-C9D0-478E-9315-8DB3DE788548}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe | 
"{7745FAD6-65F0-4AEC-A05B-AB1E8F6D60F8}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{7ADEF403-2AA3-4FD3-99C7-14E25ECF1E6C}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{7ED25C6D-9A35-4EAF-BC67-858B7AA0D4FF}" = dir=out | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe | 
"{80810979-6CD2-4F6D-AE29-FE8059C18B75}" = dir=in | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{836DF370-DB4B-4219-A1FA-A2293D18A6C1}" = dir=out | name=youcam for hp | 
"{847CC52B-B833-42C9-97BB-FB29E29D8E39}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{84CCF2C7-5DA5-4B0F-9529-FD1DEC198FD5}" = dir=out | name=hp connected photo powered by snapfish | 
"{8D625BD5-7FC6-4395-8724-72EC79C49335}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{8FEC37EE-DA2D-4900-944F-57841D5027AF}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{90256FBD-FDF9-4299-ACF7-D01B72765B57}" = dir=in | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe | 
"{965C60F5-DF4E-42B3-8D5F-E8E8FB82359F}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{A2FF9167-80CA-4540-80DA-30A92120B0C0}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{B455FA16-2655-4073-BAEC-44895BD2DD51}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{BF378945-C7DC-4CEC-B0E7-CF531AD59DE1}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{C0429302-2CB8-4A31-9470-A5B57BF48211}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{C1E78895-69C9-41B9-9115-8C49C4CD4919}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{C3D7021A-D5E4-4D31-B7C2-1B2588000239}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{C40A02F2-EF6C-4D09-824A-979C2B9BD5C4}" = dir=out | name=windows_ie_ac_001 | 
"{C410A9FC-9F8B-461B-BDAD-B93D9304EE7A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe | 
"{C679C0BE-3B40-48EB-B769-88630B79D41C}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{CC13E2EC-8263-41DE-A2E8-F651FD51B5BB}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{CEBBAF8D-F3B8-40EE-9B74-D4062B1E03E9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D4156F29-76AD-45A4-9718-E3FFF3A8CB53}" = dir=out | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe | 
"{D41BBBFA-67F5-429C-B1B9-127D7AFE3137}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{D6162E9E-A06A-4193-8439-5AB81AB04E18}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{D68EB5F6-7AF8-4363-8FCE-B8C2CD25583E}" = dir=in | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe | 
"{E1180D11-5933-4092-B9D8-8C8B1FD60A52}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{E41623F5-7AD2-4050-A34F-3CFA8AEF2B5C}" = dir=out | name=microsoft mahjong | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E894C134-C2D3-48B1-BBC5-75D7CF73F3DD}" = dir=in | name=hp connected photo powered by snapfish | 
"{E9309853-901D-4D71-8D1C-48D6470AEAD5}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{EAD53AA3-457D-4556-B210-218781114CB6}" = dir=in | name=box | 
"{EF50D955-0823-4526-AB55-2994B56DDC2C}" = dir=out | name=hp registration | 
"{F070C6D6-C433-470B-84EA-11B4E865CE27}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{F9F33DE2-DA13-4C05-A92C-F709670C33E0}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{FE2AA75C-6DE6-4D2C-A43A-6FCE7184EA9B}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe | 
"{FEEAC48C-56AA-4BFC-A723-D3639233AB52}" = dir=out | name=netflix | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1334eac7-d6ef-4177-8780-05c963853cd3}" = Intel® PRO/Wireless Driver
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{302600C1-6BDF-4FD1-1303-148929CC1385}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5D1D65C3-E6D3-4751-AEFD-CAB4E3EB85F2}" = Intel® Smart Connect Technology 4.0 x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62E7C369-64FF-452C-8F46-6BE9B77FF097}" = Intel® WiDi
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{73237EBB-B26F-4628-8754-4EFE563D72E9}" = HP Utility Center
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D859F0D-B405-4B1F-9084-13BBF5D3DB32}" = Intel® Rapid Storage Technology
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B80C52A3-7666-4068-A371-7867F51E68EB}" = Validity WBF DDK
"{D1E8F2D7-7794-4245-B286-87ED86C1893C}" = HP Registration Service
"{D61F48DA-627B-404E-9315-32A651B18B64}" = Intel® PROSet/Wireless WiFi Software
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EBC0CC3F-B7A1-4FC8-8014-4C7BFD3925E8}" = AuthenTec TrueAPI 64-bit
"{FA00A3CC-7440-4938-A271-F186F50DD40D}" = Intel® Trusted Connect Service Client
"HitmanPro37" = HitmanPro 3.7
"O365HomePremRetail - en-us" = Microsoft Office 365 Home Premium - en-us
"SynTPDeinstKey" = Synaptics ClickPad Driver
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{07F6DC37-0857-4B68-A675-4E35989E85E3}" = HP 3D DriveGuard
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02}" = HP CoolSense
"{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}" = Realtek PCIE Card Reader
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1AE37508-089E-41AC-95BD-99FF06887C2F}" = HP Recovery Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = oZone3D.Net FurMark v1.8.2
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30B2D1D8-0A07-4B71-9553-0710C5D31E35}" = HP Wireless Button Driver
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = Cyberlink PhotoDirector
"{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}" = HP SimplePass
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{574F0207-8E98-46CD-8F79-318348C98C46}" = HP Quick Start
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7F265322-43A2-4C06-925B-F32F938B102C}" = HP Documentation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89704656-98FA-4EB0-9CC9-9C9839255FA0}" = Intel® Update Manager
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}" = HP System Event Utility
"{c9967fbd-e3c3-4ed0-992a-5b33260f2944}" = Intel® PROSet/Wireless Software
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = Cyberlink PhotoDirector
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NIS" = Norton Internet Security
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-06a33330-bc46-4ecc-bc22-bff0eda4f879" = Farm Frenzy
"WTA-0dc044b1-13b1-4fae-ba3e-b41057a578b1" = House of 1000 Doors: Family Secrets
"WTA-11856d00-34ec-4673-b4c2-fc1f1cd314af" = Bejeweled 3
"WTA-1415ef9b-7aab-4268-bd2c-19e7361de47e" = Cradle Of Egypt Collector's Edition
"WTA-33a21169-87e3-4445-8d81-ac7969dee86d" = Azteca
"WTA-363d1ebf-e4e2-4dae-9326-6bb6c72e9272" = Vacation Quest™ - Australia
"WTA-3f349362-1cf4-4044-aee6-f8abf25d9c8e" = Roads of Rome 3
"WTA-47775bd9-a441-4a7f-b8bd-1aa9974ac35e" = Delicious: Emily's Childhood Memories Premium Edition
"WTA-48524263-a819-4e65-b1e1-39390310ec1a" = Luxor Evolved
"WTA-6255dc46-fce9-4983-9405-885dd599e1b4" = Youda Jewel Shop
"WTA-733fbc4c-cfe5-46a2-bde8-a1e74c71931c" = Peggle Nights
"WTA-7bbb14f9-2652-4562-9f58-e7374df6fba0" = Tales of Lagoona
"WTA-7ebe1ed4-3c13-4449-b269-c5fe4119665f" = Airport Mania
"WTA-92aef3b4-fe54-4643-905a-22c634ac4639" = Governor of Poker 2 Premium Edition
"WTA-9fc76c27-b713-48d9-aff6-183ceec2f5f4" = Bounce Symphony
"WTA-a4cdf92a-719a-4316-9710-e070c42b2b9f" = Jewel Match 3
"WTA-a5279b5e-7f99-4647-8b70-c14d70189a60" = Mah Jong Medley
"WTA-a8754e61-1315-40da-93ac-17e70abaecd5" = Mystery P.I. - Curious Case of Counterfeit Cove
"WTA-b4a0254c-456c-4816-a155-8dc5a084c8fb" = Mahjongg Dimensions Deluxe: Tiles in Time
"WTA-bac05641-f347-432d-b3b6-93183ff76e63" = Cradle of Rome 2
"WTA-c3df6667-7145-47d2-b95a-e07da974fae5" = 4 Elements II
"WTA-c72822a1-96bd-4cbd-b5e1-296accb43ad0" = Royal Envoy 2 Collector's Edition
"WTA-dd87a1be-c22e-460d-a4c1-e95bc83cf673" = Polar Bowler
"WTA-e79081b0-044a-4f82-bc4e-ae7c109ddd5c" = Zuma's Revenge
"WTA-f059448d-7e2e-4ce7-a4d5-ffc579c88996" = Build-a-lot
"WTA-f48d2b4c-fb00-406f-a245-50494c2c67f7" = Plants vs. Zombies - Game of the Year
"WTA-fa99293c-5392-4fc7-a82c-e7f2ba9401a7" = Curse at Twilight
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HPConnectedMusic" = HP Connected Music (Meridian - player)
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Hewlett-Packard Events ]
Error - 7/17/2013 1:36:19 AM | Computer Name = Satellite | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 8081
Ram
 Utilization: 30  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
 
 
Error - 7/17/2013 2:36:41 AM | Computer Name = Satellite | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 8081
Ram
 Utilization: 30  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
 
 
Error - 7/17/2013 2:36:54 AM | Computer Name = Satellite | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 8081
Ram
 Utilization: 30  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
 
 
Error - 7/17/2013 3:37:01 AM | Computer Name = Satellite | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 8081
Ram
 Utilization: 30  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
 
 
Error - 7/17/2013 12:35:12 PM | Computer Name = Satellite | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 8081
Ram
 Utilization: 20  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
 
 
[ System Events ]
Error - 12/17/2013 6:37:44 PM | Computer Name = Satellite | Source = DCOM | ID = 10005
Description = 
 
Error - 12/17/2013 6:37:47 PM | Computer Name = Satellite | Source = DCOM | ID = 10005
Description = 
 
Error - 12/17/2013 6:37:49 PM | Computer Name = Satellite | Source = DCOM | ID = 10005
Description = 
 
Error - 12/17/2013 6:38:36 PM | Computer Name = Satellite | Source = DCOM | ID = 10005
Description = 
 
Error - 12/17/2013 6:39:16 PM | Computer Name = Satellite | Source = Service Control Manager | ID = 7001
Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the
 DHCP Client service which failed to start because of the following error:   %%1068
 
Error - 12/17/2013 6:39:26 PM | Computer Name = Satellite | Source = DCOM | ID = 10005
Description = 
 
Error - 12/17/2013 6:39:27 PM | Computer Name = Satellite | Source = DCOM | ID = 10005
Description = 
 
Error - 12/17/2013 6:40:16 PM | Computer Name = Satellite | Source = Service Control Manager | ID = 7001
Description = The WinHTTP Web Proxy Auto-Discovery Service service depends on the
 DHCP Client service which failed to start because of the following error:   %%1068
 
Error - 12/17/2013 6:40:32 PM | Computer Name = Satellite | Source = DCOM | ID = 10005
Description = 
 
Error - 12/17/2013 6:41:25 PM | Computer Name = Satellite | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
 

 


    Advertisements

Register to Remove


#2 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 26 December 2013 - 03:05 AM

:welcome:

Hello her1994,

my name is Jo and I will help you with your computer problems.


Please be advised that I am currently in training, so my responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. It may cause a delay in my replies.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
I will return as soon as possible with more instructions.



***


Graduate of the WTT Classroom
Cheers,
Jo

#3 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 26 December 2013 - 09:01 AM

Hello her1994,

1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***

2. Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***

3. Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo

#4 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 28 December 2013 - 03:43 PM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.
Graduate of the WTT Classroom
Cheers,
Jo

#5 her1994

her1994

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 29 December 2013 - 05:36 PM

Hi, Jo. It's okay. Thank you. I have already reset my laptop so it's okay now. 



#6 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 30 December 2013 - 04:46 AM

Since this issue is resolved this topic is now closed.  Thanks for using WhattheTech


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

Related Topics




Also tagged with one or more of these keywords: malware infection

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users