Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware has inactivated antivirus and firewall

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware has inactivated antivirus and firewall

Unread postby jlissemore » January 1st, 2014, 1:49 pm

I appear to have picked up malware, possibly from one of the these websites: www.vipboxus.co, livetv.sx, www.fanslounge.tv

I received messages that my firewall has been inactivated (Symantec Endpoint Protection) and I was unable to re-install the SEP program.

When I tried to run DDS, I received this error message: DDS is not meant to run in 'Compatibiliby Mode'. The program shall now exit.

I appreciate any help anyone can offer. Many thanks and Happy New Year.
jlissemore
Regular Member
 
Posts: 25
Joined: January 1st, 2014, 1:43 pm
Advertisement
Register to Remove

Re: Malware has inactivated antivirus and firewall

Unread postby pgmigg » January 1st, 2014, 1:55 pm

Hello jlissemore,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Malware has inactivated antivirus and firewall

Unread postby jlissemore » January 1st, 2014, 2:04 pm

Thank you for the quick reply and I look foward to further instructions.
jlissemore
Regular Member
 
Posts: 25
Joined: January 1st, 2014, 1:43 pm

Re: Malware has inactivated antivirus and firewall

Unread postby pgmigg » January 1st, 2014, 2:08 pm

Hello jlissemore,

When I tried to run DDS, I received this error message: DDS is not meant to run in 'Compatibiliby Mode'. The program shall now exit.
Please tell me a little bit more about your computer: which version of Operating System do you use: Windows XP, Windows Vista, Windows 7, Windows 8?
Then please try to open a command prompt window with admin rights - hopefully the DDS will run from there...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Malware has inactivated antivirus and firewall

Unread postby jlissemore » January 1st, 2014, 2:14 pm

Windows 8.1 is my operating system.

I can open a command prompt window but I need instructions on how to run dds DDS from there. Thank you.
jlissemore
Regular Member
 
Posts: 25
Joined: January 1st, 2014, 1:43 pm

Re: Malware has inactivated antivirus and firewall

Unread postby jlissemore » January 1st, 2014, 3:16 pm

Figured out how to run DDS from command prompt. Here are the DDS and attach files:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16384 BrowserJavaVersion: 10.45.2
Run by jlissemore at 14:13:12 on 2014-01-01
Microsoft Windows 8.1 6.3.9600.0.1252.1.1033.18.8053.5763 [GMT -5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\WINDOWS\SysWOW64\RunDll32.exe
C:\Program Files (x86)\USB Camera2\VM332STI.EXE
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\splwow64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://lenovo13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Citrix URL-Redirection Helper: {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332STI.EXE
mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 - vpnweb.cab
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.co ... 5.15.0.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{2BC92EAC-FD23-482A-9769-BA92CFD97AE0} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{C1689F97-4670-4177-9CE4-05856FA5FE79} : DHCPNameServer = 10.0.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-Run: [SynLenovoGestureMgr] "C:\Program Files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe" /m
x64-Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jlissemore\AppData\Roaming\Mozilla\Firefox\Profiles\jedpc8xz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dll
FF - plugin: C:\Program Files (x86)\FreeRide Games\npExentControl.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2012-9-18 645952]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2013-12-21 39768]
R0 LHDmgr;LHDmgr;C:\WINDOWS\System32\drivers\LhdX64.sys [2012-9-18 39008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2013-8-22 76800]
R1 ctxusbm;Citrix USB Monitor Driver;C:\WINDOWS\System32\drivers\ctxusbm.sys [2013-9-24 97768]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2012-9-18 2451456]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-9-18 128896]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-9-18 165760]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-7-16 69640]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-9-13 1153368]
R2 Start8;Stardock Start8;C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [2013-10-14 142960]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-9-18 364416]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-9-22 645048]
R2 X5XSEx_Pr148;X5XSEx_Pr148;C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.sys [2012-9-18 56136]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\WINDOWS\System32\drivers\AcpiVpc.sys [2012-5-15 33560]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\WINDOWS\System32\drivers\bcbtums.sys [2013-9-4 170712]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2013-8-22 224768]
R3 btwampfl;btwampfl;C:\WINDOWS\System32\drivers\btwampfl.sys [2013-9-4 166104]
R3 btwl2cap;Bluetooth L2CAP Service;C:\WINDOWS\System32\drivers\btwl2cap.sys [2012-9-18 40248]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2012-8-22 342528]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2013-9-30 27032]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2013-8-22 16384]
R3 NETwNe64;@netwew00.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\WINDOWS\System32\drivers\NETwew00.sys [2013-8-22 3344352]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\drivers\RtsUVStor.sys [2012-9-18 315536]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\drivers\Rt630x64.sys [2013-8-22 591360]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2012-8-22 43832]
R3 vm332avs;Lenovo Camera2;C:\WINDOWS\System32\drivers\vm332avs.sys [2012-9-18 981112]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2013-8-22 124256]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2013-8-22 346872]
S2 BcmBtRSupport;Bluetooth Driver Management Service;C:\WINDOWS\System32\BtwRSupportService.exe [2013-9-4 2252504]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2013-8-22 782176]
S3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;C:\WINDOWS\System32\drivers\AmpPal.sys [2013-4-11 165344]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2013-8-22 37768]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2013-8-22 37768]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2013-8-22 17624]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2013-8-22 24568]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2013-8-22 99320]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2013-8-22 651248]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2013-11-14 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2013-9-30 39320]
S3 lfsvc;Windows Location Framework Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2013-8-22 37768]
S3 LSI_SAS3;LSI_SAS3;C:\WINDOWS\System32\drivers\lsi_sas3.sys [2013-8-22 81760]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc63.sys [2013-8-22 87040]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2013-8-22 924512]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2013-12-21 146776]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2013-8-22 37768]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2013-11-14 57176]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2013-8-22 26976]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2013-8-22 37768]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2013-8-22 37768]
S3 wsvd;wsvd;C:\WINDOWS\System32\drivers\wsvd.sys [2012-9-18 102376]
S3 XHCIPort;USB-IF xHCI USB Host Controller;C:\WINDOWS\System32\drivers\xHCIPort.sys [2012-8-9 188384]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]
.
=============== Created Last 30 ================
.
2014-01-01 19:12:41 688992 ------r- C:\dds.scr
2014-01-01 18:34:36 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DC917852-0105-40F0-B81E-D4791B1BC704}\mpengine.dll
2014-01-01 17:22:28 -------- d-----w- C:\Program Files (x86)\Symantec
2014-01-01 16:12:15 965000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9BBA0221-EC65-47D5-95FD-4A6DAD15393B}\gapaengine.dll
2014-01-01 16:12:15 941720 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NisBackup\gapaengine.dll
2013-12-28 05:42:11 236208 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10229.bin
2013-12-21 20:58:59 -------- d-sh--w- C:\Recovery
2013-12-21 20:58:51 -------- dc----w- C:\WINDOWS\Panther
2013-12-21 20:58:02 -------- d-----w- C:\Windows.old
2013-12-21 20:56:53 922624 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2013-12-21 20:53:02 35480 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2013-12-21 20:53:02 102608 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-12-21 20:53:01 778936 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2013-12-21 20:53:00 35480 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2013-12-21 20:53:00 124112 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2013-12-21 20:52:59 1166520 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2013-12-21 18:01:59 -------- d-----w- C:\Program Files (x86)\USB Camera2
2013-12-21 18:01:35 64000 ----a-w- C:\WINDOWS\System32\OpenCL.DLL
2013-12-21 18:01:35 60416 ----a-w- C:\WINDOWS\SysWow64\OpenCL.DLL
2013-12-21 18:01:18 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2013-12-21 18:01:07 -------- d-----w- C:\Program Files\Synaptics
2013-12-21 18:01:00 -------- d-----w- C:\WINDOWS\SysWow64\RTCOM
2013-12-21 18:01:00 -------- d-----w- C:\Program Files\Realtek
2013-12-21 16:52:58 -------- d-----w- C:\Program Files\iPod
2013-12-21 16:52:57 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-21 16:52:57 -------- d-----w- C:\Program Files\iTunes
2013-12-21 16:52:57 -------- d-----w- C:\Program Files (x86)\iTunes
2013-12-03 01:37:17 -------- d-----w- C:\Users\jlissemore\AppData\Roaming\WebApp
2013-12-03 01:36:33 -------- d-----w- C:\Users\jlissemore\AppData\Roaming\Lenovo
2013-12-03 01:36:32 -------- d-----w- C:\ProgramData\Lenovo
.
==================== Find3M ====================
.
2014-01-01 17:28:41 56272 ----a-w- C:\WINDOWS\System32\snacnp.dll
2013-12-21 20:56:53 86872 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2013-12-21 20:52:47 303104 ----a-w- C:\WINDOWS\apppatch\apppatch64\AcGenral.dll
2013-12-21 20:52:46 2415104 ----a-w- C:\WINDOWS\apppatch\AcGenral.dll
2013-12-04 00:05:48 693240 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-12-04 00:05:48 105464 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-11-14 07:38:19 18577408 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2013-11-14 07:38:19 13925888 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2013-11-14 07:36:41 872840 ----a-w- C:\WINDOWS\System32\mfplat.dll
2013-11-14 07:36:41 698232 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll
2013-11-14 07:33:33 869888 ----a-w- C:\WINDOWS\SysWow64\twinui.appcore.dll
2013-11-14 07:33:33 2801664 ----a-w- C:\WINDOWS\System32\actxprxy.dll
2013-11-14 07:33:33 1085952 ----a-w- C:\WINDOWS\System32\twinui.appcore.dll
2013-11-14 07:33:33 1019392 ----a-w- C:\WINDOWS\SysWow64\actxprxy.dll
2013-11-14 07:31:09 688640 ----a-w- C:\WINDOWS\System32\MrmIndexer.dll
2013-11-14 07:31:09 669184 ----a-w- C:\WINDOWS\System32\SkyDriveTelemetry.dll
2013-11-14 07:31:09 515072 ----a-w- C:\WINDOWS\SysWow64\MrmIndexer.dll
2013-11-14 07:28:59 92672 ----a-w- C:\WINDOWS\System32\dafBth.dll
2013-11-14 07:27:27 977408 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Streaming.dll
2013-11-14 07:27:27 1217024 ----a-w- C:\WINDOWS\System32\Windows.Media.Streaming.dll
2013-11-14 07:27:26 294400 ----a-w- C:\WINDOWS\System32\Windows.Devices.Sensors.dll
2013-11-14 07:27:26 225792 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.Sensors.dll
2013-11-14 07:27:26 1286552 ----a-w- C:\WINDOWS\System32\msctf.dll
2013-11-14 07:27:26 1018960 ----a-w- C:\WINDOWS\SysWow64\msctf.dll
2013-11-14 07:23:30 1341288 ----a-w- C:\WINDOWS\System32\gdi32.dll
2013-11-14 07:23:30 1067008 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
2013-11-14 07:23:27 1943536 ----a-w- C:\WINDOWS\System32\crypt32.dll
2013-11-14 07:23:27 1581968 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll
2013-11-14 07:23:24 828416 ----a-w- C:\WINDOWS\System32\BFE.DLL
2013-11-14 07:23:24 136536 ----a-w- C:\WINDOWS\System32\drivers\wfplwfs.sys
2013-11-14 07:23:24 1104384 ----a-w- C:\WINDOWS\System32\IKEEXT.DLL
2013-11-14 07:17:01 788480 ----a-w- C:\WINDOWS\System32\mblctr.exe
2013-11-14 07:17:01 289280 ----a-w- C:\WINDOWS\System32\umrdp.dll
2013-11-14 07:17:00 45056 ----a-w- C:\WINDOWS\System32\RotMgr.dll
2013-11-14 07:17:00 40960 ----a-w- C:\WINDOWS\System32\hwrcomp.exe
2013-11-14 07:17:00 267528 ----a-w- C:\WINDOWS\SysWow64\rdpendp.dll
2013-11-14 07:17:00 2129408 ----a-w- C:\WINDOWS\System32\SensorsCpl.dll
2013-11-14 07:17:00 184832 ----a-w- C:\WINDOWS\System32\hwrreg.exe
2013-11-14 07:14:23 5632 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\ndiscap.sys.mui
2013-11-14 07:14:23 11264 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\NdisImPlatform.sys.mui
2013-11-14 07:14:22 7680 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\fwpkclnt.sys.mui
2013-11-14 07:14:22 2560 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\wfplwfs.sys.mui
2013-10-08 11:50:37 96168 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2013-10-04 04:42:58 526848 ----a-w- C:\WINDOWS\System32\igfxrplk.lrc
.
============= FINISH: 14:13:51.37 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8.1
Boot Device: \Device\HarddiskVolume2
Install Date: 12/21/2013 3:23:28 PM
System Uptime: 1/1/2014 12:18:34 PM (2 hours ago)
.
Motherboard: LENOVO | | Lenovo
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz | CPU Socket - U3E1 | 1200/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 651 GiB total, 602.855 GiB free.
D: is FIXED (NTFS) - 25 GiB total, 24.856 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Description: USB-IF xHCI USB Host Controller
Device ID: ROOT\UOIP_BUS_DRIVER\0000
Manufacturer: Intel Corporation
Name: USB-IF xHCI USB Host Controller
PNP Device ID: ROOT\UOIP_BUS_DRIVER\0000
Service: XHCIPort
.
==== System Restore Points ===================
.
RP2: 12/23/2013 10:28:22 AM - Windows Update
RP3: 1/1/2014 10:21:59 AM - Restore Operation
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Chromas Lite 2.1.1
Cisco AnyConnect VPN Client
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dolby Home Theater v4
Energy Management
FreeRide Games
Google Chrome
Google Update Helper
Intel AppUp(SM) center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) WiDi
Intel® PROSet/Wireless Software
Intel® Trusted Connect Service Client
Intelligent Touchpad
iTunes
Java 7 Update 45
Java Auto Updater
Lenovo Bluetooth with Enhanced Data Rate Software
Lenovo EasyCamera
Lenovo MuteSync
Lenovo OneKey Recovery
Lenovo Photos
Lenovo PowerDVD10
Lenovo YouCam
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework 2.0 Core Components (x64) ENU
Microsoft Sync Framework 2.0 Provider Services (x64) ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
Onekey Theater
Online Plug-in
Photo Common
Photo Gallery
Picasa 3
Power2Go
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Secure Download Manager
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 64-Bit Edition
Self-service Plug-in
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Skype Click to Call
Skype™ 6.11
Spybot - Search & Destroy
SpywareBlaster 5.0
Stardock Start8
SugarSync Manager
Synaptics Pointing Device Driver
SyncToy 2.1 (x64)
System Requirements Lab for Intel
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition
UserGuide
VLC media player 2.0.5
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinZip 17.5
.
==== Event Viewer Messages From Past Week ========
.
12/31/2013 10:21:27 PM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
12/30/2013 10:37:14 PM, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
1/1/2014 2:12:12 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.0.9. The computer with the IP address 10.0.0.8 did not allow the name to be claimed by this computer.
1/1/2014 12:22:19 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
1/1/2014 12:19:45 PM, Error: Service Control Manager [7000] - The Windows Defender Service service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
1/1/2014 12:18:40 PM, Error: Teefer2 [5005] - Register filter driver fail : Has encountered an internal error and has failed.
1/1/2014 12:14:26 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.0.0.5 with the system having network hardware address 98-4B-E1-84-EC-76. Network operations on this system may be disrupted as a result.
1/1/2014 10:37:05 AM, Error: SRTSP [4] -
1/1/2014 1:31:37 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JIM-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2BC92EAC-FD23-482A-9769-BA92CFD97AE0}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================


I apologize for the delay and for my lack of computer know-how.
jlissemore
Regular Member
 
Posts: 25
Joined: January 1st, 2014, 1:43 pm

Re: Malware has inactivated antivirus and firewall

Unread postby nunped » January 2nd, 2014, 2:35 pm

Hi jlissemore,

pgmigg will be unavailable for the next few days, so I'll help you with your malware problems, if that's OK to you! :)

I'll review your logs and provide further instructions as soon as I can.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Malware has inactivated antivirus and firewall

Unread postby jlissemore » January 2nd, 2014, 3:20 pm

Thanks very much nunped.
jlissemore
Regular Member
 
Posts: 25
Joined: January 1st, 2014, 1:43 pm

Re: Malware has inactivated antivirus and firewall

Unread postby nunped » January 3rd, 2014, 5:45 am

Hi jlissemore,

Is this computer used for business purposes? Are you connected to a network?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Malware has inactivated antivirus and firewall

Unread postby jlissemore » January 3rd, 2014, 9:16 am

This is a home laptop connected to my home wireless network.
jlissemore
Regular Member
 
Posts: 25
Joined: January 1st, 2014, 1:43 pm

Re: Malware has inactivated antivirus and firewall

Unread postby nunped » January 3rd, 2014, 10:05 am

Hi jlissemore!

Thanks for the answer!

I need a few more scans:
Step 1 - AdwCleaner - Scan Only
Please download AdwCleaner by Xplode, save it to your desktop.
  1. Close ALL open programs, including your Internet browsers.
  2. Right click on adwcleaner.exe and select "Run as administrator" to run it.
  3. Click on Scan.
    When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  4. Press the Report button to produce the scan report.
  5. A logfile C:\AdwCleaner[Rn].txt will automatically open. ([Rn] n = number of run)
  6. Please post the content of the C:\AdwCleaner[Rn].txt logfile in your next reply.

Step 2 - OTL
Please download OTL by Old Timer. Save it to your Desktop.
If you can't download the exe file, try these links:
http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
  • Right-click OTL.exe (or OTL.com or OTL.scr) and select "Run as Administrator" to launch the program.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Step 3 - TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select "run as administrator" to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  • Click the Start Scan button. Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C: ).
  • Copy and paste the contents of that file in your next reply.

Due to answer length restrictions, please post the logs on separate replies.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Malware has inactivated antivirus and firewall

Unread postby jlissemore » January 3rd, 2014, 10:45 am

Thanks, nunped! Scans completed and I will attach results in three separate replies. Here are the AdwCleaner results:

# AdwCleaner v3.016 - Report created 03/01/2014 at 09:33:36
# Updated 23/12/2013 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : jlissemore - LISSEMORE
# Running from : C:\Users\jlissemore\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\jlissemore\AppData\Roaming\Mozilla\Firefox\Profiles\jedpc8xz.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\jlissemore\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1800 octets] - [03/01/2014 09:31:47]
AdwCleaner[R1].txt - [1708 octets] - [03/01/2014 09:33:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1768 octets] ##########
jlissemore
Regular Member
 
Posts: 25
Joined: January 1st, 2014, 1:43 pm

Re: Malware has inactivated antivirus and firewall

Unread postby jlissemore » January 3rd, 2014, 10:48 am

OTL.txt file:

OTL logfile created on: 1/3/2014 9:35:26 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jlissemore\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.86 Gb Total Physical Memory | 5.81 Gb Available Physical Memory | 73.91% Memory free
9.11 Gb Paging File | 6.71 Gb Available in Paging File | 73.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 650.96 Gb Total Space | 602.96 Gb Free Space | 92.63% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 24.86 Gb Free Space | 99.42% Space Free | Partition Type: NTFS

Computer Name: LISSEMORE | User Name: jlissemore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/03 09:27:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jlissemore\Desktop\OTL.exe
PRC - [2013/12/07 18:12:36 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/10/01 18:09:06 | 000,928,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2013/10/01 18:08:24 | 000,153,992 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
PRC - [2013/10/01 18:08:04 | 000,395,656 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2013/10/01 14:29:04 | 001,505,608 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
PRC - [2013/08/09 12:53:42 | 000,054,152 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/19 14:08:23 | 000,142,960 | ---- | M] (Stardock Software, Inc) -- C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
PRC - [2012/07/27 13:52:44 | 000,167,024 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2012/07/27 13:52:44 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2012/07/17 19:10:34 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 19:10:32 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/07/17 19:10:26 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/07/17 19:10:18 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/07/16 02:49:52 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2012/03/28 20:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
PRC - [2012/03/20 16:42:32 | 000,548,864 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332STI.EXE
PRC - [2011/09/22 12:43:30 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/21 20:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 20:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/12/21 15:56:53 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2013/11/14 02:29:02 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/11/14 02:29:02 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/14 02:29:01 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/11/14 02:28:59 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/11/14 02:25:27 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/11/14 02:25:27 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/11/14 02:25:26 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/11/14 02:25:26 | 000,261,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/09/04 18:12:54 | 002,252,504 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2013/08/22 07:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/08/22 07:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 07:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 06:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 06:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 06:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 06:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 06:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 05:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 05:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 05:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 04:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 04:58:42 | 000,280,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/08/22 04:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 04:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 04:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 04:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 04:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 04:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 04:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 04:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 04:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 04:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/08/17 12:23:08 | 000,953,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2012/04/20 16:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2013/12/10 14:54:03 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/14 02:25:25 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/03 23:43:02 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/10/02 07:04:12 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/22 07:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 22:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 21:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/08/14 10:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/19 14:08:23 | 000,142,960 | ---- | M] (Stardock Software, Inc) [Auto | Running] -- C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe -- (Start8)
SRV - [2012/07/17 19:10:34 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 19:10:32 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/17 19:10:26 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/07/17 19:10:18 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/07/16 02:49:52 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012/07/13 04:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/09/22 12:43:30 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/21 15:56:53 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/12/21 15:56:53 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/12/21 15:56:53 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/12/21 15:56:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/12/21 15:56:53 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/14 02:28:58 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/11/14 02:25:25 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/11/14 02:25:25 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/11/14 02:25:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/11/14 02:23:24 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/11/14 02:16:57 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/11/14 02:16:54 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/10/03 23:42:44 | 004,185,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/09/26 04:08:22 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/09/26 04:08:22 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/09/24 06:10:34 | 000,097,768 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2013/09/04 18:12:52 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2013/09/04 18:12:38 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 07:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 07:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 07:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 07:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 07:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013/08/22 07:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2013/08/22 07:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 07:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 07:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/08/22 07:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/08/22 07:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/08/22 06:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013/08/22 06:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 06:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 06:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 06:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 06:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 06:36:37 | 000,224,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 06:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 06:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 06:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/08 13:37:41 | 003,344,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2013/06/18 09:46:17 | 000,591,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/04/18 06:31:40 | 011,524,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64)
DRV:64bit: - [2013/04/11 01:13:20 | 000,165,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/09/18 19:28:48 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012/09/18 19:28:48 | 000,033,560 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012/08/24 20:10:12 | 000,981,112 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/16 14:24:06 | 000,447,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/16 01:24:06 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/09 21:29:52 | 000,188,384 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xHCIPort.sys -- (XHCIPort)
DRV:64bit: - [2012/07/26 21:18:26 | 000,040,248 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012/07/25 23:09:22 | 000,186,680 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012/07/25 23:09:20 | 000,212,792 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012/07/25 23:09:16 | 000,022,328 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012/07/09 15:43:12 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/02 17:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/19 09:40:52 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/15 00:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012/06/13 19:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2011/09/22 12:29:20 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV - [2012/08/02 17:57:30 | 000,056,136 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.sys -- (X5XSEx_Pr148)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {61CF189C-44A3-4954-AF2E-B11AF0936EAC}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{61CF189C-44A3-4954-AF2E-B11AF0936EAC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {61CF189C-44A3-4954-AF2E-B11AF0936EAC}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{61CF189C-44A3-4954-AF2E-B11AF0936EAC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2147095363-1574057819-792747057-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
IE - HKU\S-1-5-21-2147095363-1574057819-792747057-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com [binary data]
IE - HKU\S-1-5-21-2147095363-1574057819-792747057-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com [binary data]
IE - HKU\S-1-5-21-2147095363-1574057819-792747057-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2147095363-1574057819-792747057-1001\..\SearchScopes,DefaultScope = {CA444C9B-2347-4844-AE3F-E3FE8812BB66}
IE - HKU\S-1-5-21-2147095363-1574057819-792747057-1001\..\SearchScopes\{CA444C9B-2347-4844-AE3F-E3FE8812BB66}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2147095363-1574057819-792747057-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2147095363-1574057819-792747057-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: readability%40readability.com:2.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentControl,version=7.1.0.1: C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/09/30 15:47:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/09 08:26:09 | 000,000,000 | ---D | M]

[2013/02/23 19:52:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jlissemore\AppData\Roaming\mozilla\Extensions
[2013/10/02 07:12:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jlissemore\AppData\Roaming\mozilla\Firefox\Profiles\jedpc8xz.default\extensions
[2013/05/21 14:45:47 | 000,260,810 | ---- | M] () (No name found) -- C:\Users\jlissemore\AppData\Roaming\mozilla\firefox\profiles\jedpc8xz.default\extensions\readability@readability.com.xpi
[2013/09/07 19:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/09/07 19:51:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/07 19:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/07 19:51:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/02 07:04:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://lenovo13.msn.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files (x86)\FreeRide Games\npExentControl.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
CHR - Extension: Google Docs = C:\Users\jlissemore\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\jlissemore\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\jlissemore\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\jlissemore\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\jlissemore\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0\
CHR - Extension: Google Wallet = C:\Users\jlissemore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Readability = C:\Users\jlissemore\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi\3.0.14_0\
CHR - Extension: Gmail = C:\Users\jlissemore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/09/13 21:37:19 | 000,450,636 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Citrix URL-Redirection Helper) - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynLenovoGestureMgr] C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332STI.EXE (Vimicro)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe (Lenovo)
O4 - HKLM..\Run: [Redirector] C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2147095363-1574057819-792747057-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} (ExentInf1 Class)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.co ... 5.15.0.cab (SysInfo Class)
O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BC92EAC-FD23-482A-9769-BA92CFD97AE0}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1689F97-4670-4177-9CE4-05856FA5FE79}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/03 09:30:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/03 09:28:02 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\jlissemore\Desktop\tdsskiller.exe
[2014/01/03 09:27:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jlissemore\Desktop\OTL.exe
[2014/01/01 14:12:41 | 000,688,992 | R--- | C] (Swearware) -- C:\dds.scr
[2014/01/01 12:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
[2014/01/01 12:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec
[2013/12/21 15:58:59 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/12/21 15:58:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2013/12/21 15:58:02 | 000,000,000 | ---D | C] -- C:\Windows.old
[2013/12/21 15:57:57 | 000,075,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\imagehlp.dll
[2013/12/21 15:57:51 | 000,393,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPhoto.dll
[2013/12/21 15:57:51 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPhoto.dll
[2013/12/21 15:57:47 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\scrrun.dll
[2013/12/21 15:57:47 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\scrrun.dll
[2013/12/21 15:57:43 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDMAgent.exe
[2013/12/21 15:57:43 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mdmregistration.dll
[2013/12/21 15:57:43 | 000,240,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mdmregistration.dll
[2013/12/21 15:57:27 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2013/12/21 15:57:27 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2013/12/21 15:57:27 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2013/12/21 15:57:27 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2013/12/21 15:57:27 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2013/12/21 15:57:27 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2013/12/21 15:57:08 | 004,105,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2013/12/21 15:57:08 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe
[2013/12/21 15:56:53 | 013,177,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2013/12/21 15:56:53 | 011,674,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2013/12/21 15:56:53 | 007,399,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2013/12/21 15:56:53 | 002,896,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll
[2013/12/21 15:56:53 | 002,570,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll
[2013/12/21 15:56:53 | 002,266,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll
[2013/12/21 15:56:53 | 002,143,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2013/12/21 15:56:53 | 002,140,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2013/12/21 15:56:53 | 001,843,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll
[2013/12/21 15:56:53 | 001,816,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll
[2013/12/21 15:56:53 | 001,765,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2013/12/21 15:56:53 | 001,765,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2013/12/21 15:56:53 | 001,756,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPDMC.exe
[2013/12/21 15:56:53 | 001,642,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2013/12/21 15:56:53 | 001,506,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2013/12/21 15:56:53 | 001,476,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2013/12/21 15:56:53 | 001,391,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPDMC.exe
[2013/12/21 15:56:53 | 001,345,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2013/12/21 15:56:53 | 001,302,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2013/12/21 15:56:53 | 000,922,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2013/12/21 15:56:53 | 000,840,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2013/12/21 15:56:53 | 000,747,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidcli.dll
[2013/12/21 15:56:53 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll
[2013/12/21 15:56:53 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2013/12/21 15:56:53 | 000,637,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe
[2013/12/21 15:56:53 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll
[2013/12/21 15:56:53 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll
[2013/12/21 15:56:53 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidcli.dll
[2013/12/21 15:56:53 | 000,516,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2013/12/21 15:56:53 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe
[2013/12/21 15:56:53 | 000,382,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2013/12/21 15:56:53 | 000,372,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2013/12/21 15:56:53 | 000,358,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dcomp.dll
[2013/12/21 15:56:53 | 000,325,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2013/12/21 15:56:53 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2013/12/21 15:56:53 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/12/21 15:56:53 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dcomp.dll
[2013/12/21 15:56:53 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2013/12/21 15:56:53 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/12/21 15:56:53 | 000,146,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\SerCx2.sys
[2013/12/21 15:56:53 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winbici.dll
[2013/12/21 15:56:53 | 000,086,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pdc.sys
[2013/12/21 15:56:53 | 000,039,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\intelpep.sys
[2013/12/21 15:56:53 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredentialMigrationHandler.dll
[2013/12/21 15:56:53 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredentialMigrationHandler.dll
[2013/12/21 15:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2013/12/21 15:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2013/12/21 15:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/12/21 15:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/12/21 15:53:02 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/12/21 15:53:02 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TsWpfWrp.exe
[2013/12/21 15:53:01 | 000,778,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
[2013/12/21 15:53:00 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/12/21 15:53:00 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TsWpfWrp.exe
[2013/12/21 15:52:59 | 001,166,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationNative_v0300.dll
[2013/12/21 15:23:39 | 000,000,000 | ---D | C] -- C:\Users\jlissemore\AppData\Roaming\Identities
[2013/12/21 13:06:12 | 000,000,000 | --SD | C] -- C:\Users\jlissemore\AppData\Roaming\Microsoft
[2013/12/21 13:06:12 | 000,000,000 | R--D | C] -- C:\Users\jlissemore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/12/21 13:06:12 | 000,000,000 | R--D | C] -- C:\Users\jlissemore\Favorites
[2013/12/21 13:06:12 | 000,000,000 | R--D | C] -- C:\Users\jlissemore\Documents
[2013/12/21 13:06:12 | 000,000,000 | R--D | C] -- C:\Users\jlissemore\Desktop
[2013/12/21 13:06:12 | 000,000,000 | R--D | C] -- C:\Users\jlissemore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/12/21 13:06:12 | 000,000,000 | R--D | C] -- C:\Users\jlissemore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/12/21 13:06:12 | 000,000,000 | -HSD | C] -- C:\Users\jlissemore\AppData\Local\Temporary Internet Files
[2013/12/21 13:06:12 | 000,000,000 | -HSD | C] -- C:\Users\jlissemore\Templates
[2013/12/21 13:06:12 | 000,000,000 | -HSD | C] -- C:\Users\jlissemore\Start Menu
[2013/12/21 13:06:12 | 000,000,000 | -HSD | C] -- C:\Users\jlissemore\SendTo
[2013/12/21 13:06:12 | 000,000,000 | -HSD | C] -- C:\Users\jlissemore\Recent
[2013/12/21 13:06:12 | 000,000,000 | -HSD | C] -- C:\Users\jlissemore\PrintHood
[2013/12/21 13:06:12 | 000,000,000 | -HSD | C] -- C:\Users\jlissemore\NetHood
[2013/12/21 13:06:12 | 000,000,000 | -HSD | C] -- C:\Users\jlissemore\Documents\My Videos
[2013/12/21 13:06:12 | 000,000,000 | -HSD | C] -- C:\Users\jlissemore\Documents\My Pictures
[2013/12/21 13:06:12 | 000,000,000 | -HSD | C] -- C:\Users\jlissemore\Documents\My Music
[2013/12/21 13:06:12 | 000,000,000 | -HSD | C] -- C:\Users\jlissemore\My Documents
[2013/12/21 13:06:12 | 000,000,000 | -HSD | C] -- C:\Users\jlissemore\Local Settings
[2013/12/21 13:06:12 | 000,000,000 | -HSD | C] -- C:\Users\jlissemore\AppData\Local\History
[2013/12/21 13:06:12 | 000,000,000 | -HSD | C] -- C:\Users\jlissemore\Cookies
[2013/12/21 13:06:12 | 000,000,000 | -HSD | C] -- C:\Users\jlissemore\Application Data
[2013/12/21 13:06:12 | 000,000,000 | -HSD | C] -- C:\Users\jlissemore\AppData\Local\Application Data
[2013/12/21 13:06:12 | 000,000,000 | -H-D | C] -- C:\Users\jlissemore\AppData
[2013/12/21 13:06:12 | 000,000,000 | ---D | C] -- C:\Users\jlissemore\AppData\Local\Temp
[2013/12/21 13:06:12 | 000,000,000 | ---D | C] -- C:\Users\jlissemore\AppData\Local\Microsoft
[2013/12/21 13:06:12 | 000,000,000 | ---D | C] -- C:\Users\jlissemore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/12/21 13:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Camera2
[2013/12/21 13:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/12/21 13:01:35 | 000,064,000 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.DLL
[2013/12/21 13:01:35 | 000,060,416 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.DLL
[2013/12/21 13:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013/12/21 13:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/12/21 13:01:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\RTCOM
[2013/12/21 13:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/12/21 13:00:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/12/21 11:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/12/21 11:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/12/21 11:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/12/21 11:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/12/21 11:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/01/31 06:07:46 | 000,253,680 | ---- | C] (Synaptics Incorporated) -- C:\Users\jlissemore\Setup.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/03 09:28:24 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\jlissemore\Desktop\tdsskiller.exe
[2014/01/03 09:27:57 | 001,233,962 | ---- | M] () -- C:\Users\jlissemore\Desktop\AdwCleaner.exe
[2014/01/03 09:27:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jlissemore\Desktop\OTL.exe
[2014/01/03 09:17:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/03 08:52:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/03 08:14:47 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/01 18:17:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/01 13:02:29 | 000,863,592 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/01/01 13:02:29 | 000,731,650 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/01/01 13:02:29 | 000,135,726 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/01/01 12:36:40 | 000,688,992 | R--- | M] (Swearware) -- C:\dds.scr
[2014/01/01 12:28:41 | 000,056,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SysNative\snacnp.dll
[2014/01/01 12:18:50 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/01/01 12:18:49 | 2460,299,263 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/21 15:57:57 | 000,075,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\imagehlp.dll
[2013/12/21 15:57:51 | 000,393,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPhoto.dll
[2013/12/21 15:57:51 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPhoto.dll
[2013/12/21 15:57:47 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\scrrun.dll
[2013/12/21 15:57:47 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\scrrun.dll
[2013/12/21 15:57:43 | 000,615,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDMAgent.exe
[2013/12/21 15:57:43 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mdmregistration.dll
[2013/12/21 15:57:43 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mdmregistration.dll
[2013/12/21 15:57:27 | 005,769,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2013/12/21 15:57:27 | 001,995,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2013/12/21 15:57:27 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2013/12/21 15:57:27 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2013/12/21 15:57:27 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2013/12/21 15:57:27 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2013/12/21 15:57:08 | 004,105,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2013/12/21 15:57:08 | 000,568,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe
[2013/12/21 15:56:53 | 013,177,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2013/12/21 15:56:53 | 011,674,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2013/12/21 15:56:53 | 007,399,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2013/12/21 15:56:53 | 002,896,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll
[2013/12/21 15:56:53 | 002,570,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll
[2013/12/21 15:56:53 | 002,266,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll
[2013/12/21 15:56:53 | 002,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2013/12/21 15:56:53 | 002,140,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2013/12/21 15:56:53 | 001,843,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll
[2013/12/21 15:56:53 | 001,816,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll
[2013/12/21 15:56:53 | 001,765,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2013/12/21 15:56:53 | 001,765,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2013/12/21 15:56:53 | 001,756,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPDMC.exe
[2013/12/21 15:56:53 | 001,642,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2013/12/21 15:56:53 | 001,506,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2013/12/21 15:56:53 | 001,476,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2013/12/21 15:56:53 | 001,391,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPDMC.exe
[2013/12/21 15:56:53 | 001,345,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2013/12/21 15:56:53 | 001,302,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2013/12/21 15:56:53 | 000,922,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2013/12/21 15:56:53 | 000,840,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2013/12/21 15:56:53 | 000,747,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidcli.dll
[2013/12/21 15:56:53 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll
[2013/12/21 15:56:53 | 000,701,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2013/12/21 15:56:53 | 000,637,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe
[2013/12/21 15:56:53 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll
[2013/12/21 15:56:53 | 000,566,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll
[2013/12/21 15:56:53 | 000,544,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidcli.dll
[2013/12/21 15:56:53 | 000,516,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2013/12/21 15:56:53 | 000,479,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe
[2013/12/21 15:56:53 | 000,382,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2013/12/21 15:56:53 | 000,372,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2013/12/21 15:56:53 | 000,358,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dcomp.dll
[2013/12/21 15:56:53 | 000,325,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2013/12/21 15:56:53 | 000,254,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2013/12/21 15:56:53 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/12/21 15:56:53 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dcomp.dll
[2013/12/21 15:56:53 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2013/12/21 15:56:53 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/12/21 15:56:53 | 000,146,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\SerCx2.sys
[2013/12/21 15:56:53 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winbici.dll
[2013/12/21 15:56:53 | 000,086,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pdc.sys
[2013/12/21 15:56:53 | 000,039,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\intelpep.sys
[2013/12/21 15:56:53 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredentialMigrationHandler.dll
[2013/12/21 15:56:53 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredentialMigrationHandler.dll
[2013/12/21 13:25:01 | 000,024,768 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2013/12/21 13:25:01 | 000,024,768 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2013/12/21 13:24:41 | 000,022,744 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2013/12/21 13:14:17 | 000,474,816 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013/12/21 13:01:51 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job
[2013/12/21 13:01:51 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/12/21 13:01:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2013/12/21 11:54:00 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/03 09:27:48 | 001,233,962 | ---- | C] () -- C:\Users\jlissemore\Desktop\AdwCleaner.exe
[2013/12/21 15:23:43 | 000,001,453 | ---- | C] () -- C:\Users\jlissemore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/12/21 13:24:41 | 000,022,744 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2013/12/21 13:10:37 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013/12/21 13:06:12 | 000,000,352 | ---- | C] () -- C:\Users\jlissemore\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/12/21 13:06:12 | 000,000,334 | ---- | C] () -- C:\Users\jlissemore\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/12/21 13:06:04 | 000,024,768 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2013/12/21 13:06:04 | 000,024,768 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2013/12/21 13:01:51 | 000,000,264 | ---- | C] () -- C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job
[2013/12/21 13:01:51 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/12/21 13:01:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2013/12/21 11:54:00 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/03 23:42:46 | 000,343,040 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013/10/03 23:42:40 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013/10/03 23:42:38 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 22:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 22:17:46 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/08/06 10:34:47 | 000,028,935 | ---- | C] () -- C:\Users\jlissemore\AppData\Local\WiDiSetupLog.20130806.113447.wdl
[2012/09/18 19:11:30 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012/09/18 19:09:35 | 000,001,915 | ---- | C] () -- C:\WINDOWS\vm332Rmv.ini
[2012/09/18 19:09:35 | 000,001,915 | ---- | C] () -- C:\WINDOWS\SysWow64\vm332Rmv.ini
[2012/07/25 15:22:56 | 000,267,284 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2012/07/25 15:22:54 | 000,963,376 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
[2012/04/20 15:59:44 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll
[2006/08/17 11:54:30 | 000,000,029 | ---- | C] () -- C:\Users\jlissemore\Autorun.inf

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/11/14 02:38:19 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/14 02:38:19 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 04:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 21:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 04:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:8C35AEA7
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
jlissemore
Regular Member
 
Posts: 25
Joined: January 1st, 2014, 1:43 pm

Re: Malware has inactivated antivirus and firewall

Unread postby jlissemore » January 3rd, 2014, 10:49 am

Extras.txt file:

OTL Extras logfile created on: 1/3/2014 9:35:26 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jlissemore\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.86 Gb Total Physical Memory | 5.81 Gb Available Physical Memory | 73.91% Memory free
9.11 Gb Paging File | 6.71 Gb Available in Paging File | 73.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 650.96 Gb Total Space | 602.96 Gb Free Space | 92.63% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 24.86 Gb Free Space | 99.42% Space Free | Partition Type: NTFS

Computer Name: LISSEMORE | User Name: jlissemore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2147095363-1574057819-792747057-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lenovo Photos] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Lenovo Photos.exe" "%1" ()
Directory [Photo Show] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Photo Show.exe" -d "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lenovo Photos] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Lenovo Photos.exe" "%1" ()
Directory [Photo Show] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Photo Show.exe" -d "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3DCF7357-3D8B-49A2-B23C-AC9F8DC5D9DC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9062AE85-A244-4032-93A9-1A181B5332BB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{DF84B098-CF71-4868-88C9-313792E34CA3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041D659B-05E3-4B07-95AE-E1398646C0CE}" = dir=in | name=evernote touch |
"{07D59EF1-BA8F-42E5-9864-58BA5F813E7A}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{0F28C8F7-B0B7-4551-8A0D-729E2B8F9E93}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.2015.2015.105\bin64\smc.exe |
"{0FB5D2BE-7DDB-4E54-977A-C4D507701BCF}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{15F0D081-6780-4DEF-AC11-F56E7B4A2543}" = dir=in | name=f5 vpn |
"{1CA67AC3-EDA0-4E90-99ED-721E7B52305E}" = dir=in | name=juniper networks junos pulse |
"{1DA8EA61-B10D-4B7B-ADC2-5AA9B77574AF}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{289821B3-2D4D-47DB-9C5C-2932804B796B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{29413C49-80DC-47DB-AE40-1B1630CC7144}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{31FA7E2B-CB44-4729-9EF5-0ACA0AF67EFD}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.335_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{3F0394CC-F432-4DA9-943A-8749A18DAD8A}" = dir=out | name=juniper networks junos pulse |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{441BBFE0-92B0-418D-880C-82CFC60B0B3B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4877402D-0D8E-44D7-A416-876373C31572}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{4A428E67-FC00-418F-81A7-0AE237124384}" = dir=out | name=hp printer control |
"{4A6DB84C-E02C-4593-B649-71CBACCFFB30}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{4AB774D0-917F-4704-B36B-A0A0B3E49013}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4D4219DA-C0E6-4813-B02E-A8540DF2506C}" = dir=out | name=check point vpn |
"{4EB4A319-B934-4BE8-8DBF-C634538E44C9}" = dir=out | name=microsoft solitaire collection |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{54B8887F-A723-434B-B67A-999C44E7486B}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{55FB2355-02F0-46A4-AEBB-8A109E381293}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.337_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{56AD0CAE-5C60-40FE-BC69-81D074A93AE6}" = dir=out | name=lenovo support |
"{5912FA7E-438B-466A-8271-E3D314B99A39}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{5B9F2937-57B6-4541-A788-60811709164A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{65D69011-FA6F-4651-A7A7-5E471E042904}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{68855474-30A4-4B8C-BD4D-B386FA1169B1}" = dir=out | name=@{microsoft.bingnews_3.0.1.321_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/apptitle} |
"{6987F516-70E4-41E3-95EA-F029596E486B}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{6D116FFD-1921-425E-A18D-25D895104106}" = dir=out | name=powerdvd for lenovo idea |
"{6E3BFEA3-E054-488E-9282-6B7B16B4654B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{714FA8B4-FF5D-4410-8441-22AC05455862}" = dir=out | name=@{microsoft.bingmaps_2.0.2210.2401_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{76314268-AF77-47B6-8204-A356FDC66E15}" = dir=out | name=@{microsoft.zunemusic_2.2.339.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{7BF85A67-5FDB-4A31-BB0B-F23AC734E1E6}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{853AB98D-421D-42CA-92D1-E9ECA09440E7}" = dir=out | name=@{microsoft.bingfinance_3.0.1.299_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{8A82AFE2-1413-4DD7-84C0-4E408EF5D8D5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9A9A1F39-1429-4BD9-BF0B-F2CCD497EF8B}" = dir=in | name=microsoft solitaire collection |
"{9AAF2EB0-3922-4528-9CB0-8CD492B49701}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A4436751-07BB-4139-B732-E76B4D6654C6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{A611CD16-536A-47BD-B781-B935C5F0F722}" = dir=in | name=check point vpn |
"{A77E5516-3933-40E0-8A49-E6C3484193A5}" = dir=in | name=skype |
"{A7F5BE31-8DBB-4C8E-9039-970D92A8190F}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.2015.2015.105\bin64\snac64.exe |
"{A8698870-5DAC-4672-B8F6-A3109DF8454B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A95F81A5-8A92-4875-B6CE-BF0C822B37FC}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.2015.2015.105\bin64\smc.exe |
"{AA9AA8FF-6F8C-400B-904C-80E4A5E3C7C9}" = dir=out | name=@{microsoft.bingsports_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{B74A7A9B-C839-4612-8B37-3154162A6E0B}" = dir=out | name=evernote touch |
"{B7562400-F718-4956-877E-02E332ABE37C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BB9DE5B0-5318-4B0D-B2C1-5C5A45572934}" = dir=out | name=@{microsoft.bingweather_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{BBC4660C-4714-4D47-9FB0-0D8B7FF482A8}" = dir=out | name=f5 vpn |
"{BD5238A0-C00C-46C7-B652-7306DAB0DA77}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BD6EA13E-B1A5-4229-911C-5D8AAED7507A}" = dir=out | name=sonicwall mobile connect |
"{C209EEF8-66CF-4C36-B3AF-99ACA407CE5B}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd10.exe |
"{CA0A3779-970B-43D3-8E8C-AEC0C2B23834}" = dir=out | name=windows_ie_ac_001 |
"{CAB60466-270C-40DD-95EB-17221E321563}" = dir=out | name=skype |
"{CE149F26-48ED-4ABD-979C-5CE83200C9EB}" = dir=in | name=powerdvd for lenovo idea |
"{CFB1EECE-B2EC-42E7-814A-EF9995757856}" = dir=in | name=sonicwall mobile connect |
"{D5C05F58-14E6-4D41-B9BB-110120D00490}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{DB4B3075-8E7E-467B-8CAA-45D3339E8620}" = dir=out | name=@{microsoft.bingtravel_3.0.1.202_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DB868E4C-7E33-4F96-B32B-92BADC43747D}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{DE94108A-0182-4E23-845F-182E9BCB9192}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.2015.2015.105\bin64\snac64.exe |
"{E45994AE-7D8B-44FF-B5C8-6A6F8E12A41F}" = dir=in | name=hp printer control |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{EE5DF773-C55B-41C5-9CF1-85D17D0732F0}" = dir=out | name=@{microsoft.zunevideo_2.2.338.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F6B6819F-CDC3-4B0A-901C-60BA6CB48883}" = dir=out | name=windows_ie_ac_001 |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{FA38778A-0967-477C-BA1D-CCB58A6FFC54}" = dir=out | name=windows_ie_ac_001 |
"TCP Query User{96602AFA-FE83-47F1-86F6-A6670E31B356}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{CE01B351-03DB-407D-BFD0-8CCCB759CBC3}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DB}" = WinZip 17.5
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}" = Intel(R) WiDi
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42" = Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1)
"8A223E56FB1ED4F697B54E5BF96F1EB63B512684" = Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{012C59CF-074A-43DA-8085-B6E636733B59}" = Citrix Receiver(Aero)
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0E1C5B43-1837-4F98-A96B-79A8A0A5955F}" = Citrix Receiver(USB)
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{16D5D9E9-C8DE-4014-A09C-B9B5ABA0F7FA}" = Lenovo MuteSync
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{47117FCA-0D00-4B6D-9D68-00B763629463}" = Self-service Plug-in
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{53C63F43-B827-42D9-8886-4698D91EA33B}" = System Requirements Lab for Intel
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{5E8AC853-65BB-4C99-A09E-19B81851E14C}" = Citrix Receiver Updater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6C26A305-4549-4A8A-9F03-25719C03B0FB}" = FreeRide Games
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{718B4606-2FEF-411B-B96E-4FC53B91EBC0}" = Secure Download Manager
"{7240A69A-AC53-46A1-9039-1281DDBBE452}" = Cisco AnyConnect VPN Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}" = Onekey Theater
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{ADE8A83D-BB70-4FB5-BA19-26C47EA31894}" = Citrix Receiver(DV)
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C4E28723-0663-4012-9BDC-E21A14C1316C}" = Citrix Receiver (HDX Flash Redirection)
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{CA55005D-94AC-4596-9646-679D6CC0D620}" = Citrix Authentication Manager
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D9EE360A-7C19-47EC-93C7-97DEFF64804B}" = Citrix Receiver Inside
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DD7D6D84-93AB-48CA-A759-94324E341CBA}" = Intelligent Touchpad
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{e6d17d96-ddaa-476f-bb07-db601024ffb1}" = Intel® PROSet/Wireless Software
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F390D923-76F1-458E-8218-8C0C156CDCFD}" = Online Plug-in
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE35A45A-2F1B-4193-B7FC-1CBF7EB349F0}" = Online Plug-in
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Chromas Lite" = Chromas Lite 2.1.1
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Intel AppUp(SM) center 33057" = Intel AppUp(SM) center
"Lenovo Photos" = Lenovo Photos
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Stardock Start8" = Stardock Start8
"SugarSync" = SugarSync Manager
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/1/2014 12:41:07 PM | Computer Name = Lissemore | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on
line 2. The manifest file root element must be assembly.

Error - 1/1/2014 1:28:41 PM | Computer Name = Lissemore | Source = MsiInstaller | ID = 11708
Description =

Error - 1/1/2014 1:31:32 PM | Computer Name = Lissemore | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 1/1/2014 2:10:04 PM | Computer Name = Lissemore | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 1/1/2014 2:22:55 PM | Computer Name = Lissemore | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 1/1/2014 2:25:15 PM | Computer Name = Lissemore | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on
line 2. The manifest file root element must be assembly.

Error - 1/2/2014 4:41:57 AM | Computer Name = Lissemore | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 1/2/2014 4:43:13 AM | Computer Name = Lissemore | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on
line 2. The manifest file root element must be assembly.

Error - 1/3/2014 9:25:18 AM | Computer Name = Lissemore | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 1/3/2014 9:25:28 AM | Computer Name = Lissemore | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on
line 2. The manifest file root element must be assembly.

[ Cisco AnyConnect VPN Client Events ]
Error - 1/3/2014 10:40:45 AM | Computer Name = Lissemore | Source = vpnagent | ID = 67108866
Description = Function: CVAMgr::disableHostMgr File: .\VAMgr.cpp Line: 832 Invoked
Function: CVirtualAdapter Return Code: 0 (0x00000000) Description: unknown

Error - 1/3/2014 10:40:45 AM | Computer Name = Lissemore | Source = vpnagent | ID = 67108866
Description = Function: CVAMgr::CVAMgr File: .\VAMgr.cpp Line: 149 Invoked Function:
disable Return Code: -32964594 (0xFE09000E) Description: VAMGR_ERROR_CVIRTUALADAPTER_FAILED


Error - 1/3/2014 10:40:45 AM | Computer Name = Lissemore | Source = vpnagent | ID = 67108866
Description = Function: CVAMgr::disableHostMgr File: .\VAMgr.cpp Line: 832 Invoked
Function: CVirtualAdapter Return Code: 0 (0x00000000) Description: unknown

Error - 1/3/2014 10:40:45 AM | Computer Name = Lissemore | Source = vpnagent | ID = 67108866
Description = Function: CVAMgr::~CVAMgr File: .\VAMgr.cpp Line: 175 Invoked Function:
CVAMgr::disable Return Code: -32964594 (0xFE09000E) Description: VAMGR_ERROR_CVIRTUALADAPTER_FAILED


Error - 1/3/2014 10:40:50 AM | Computer Name = Lissemore | Source = vpnagent | ID = 67108866
Description = Function: CVirtualAdapter::OpenCVirtADevice File: .\WindowsVirtualAdapter.cpp
Line:
521 Invoked Function: SetDeviceInfoData Return Code: 0 (0x00000000) Description: unknown


Error - 1/3/2014 10:40:50 AM | Computer Name = Lissemore | Source = vpnagent | ID = 67108866
Description = Function: CVirtualAdapter::CVirtualAdapter File: .\WindowsVirtualAdapter.cpp
Line:
262 Invoked Function: OpenCVirtADevice Return Code: 0 (0x00000000) Description: unknown


Error - 1/3/2014 10:40:50 AM | Computer Name = Lissemore | Source = vpnagent | ID = 67108866
Description = Function: CVAMgr::disableHostMgr File: .\VAMgr.cpp Line: 832 Invoked
Function: CVirtualAdapter Return Code: 0 (0x00000000) Description: unknown

Error - 1/3/2014 10:40:50 AM | Computer Name = Lissemore | Source = vpnagent | ID = 67108866
Description = Function: CVAMgr::CVAMgr File: .\VAMgr.cpp Line: 149 Invoked Function:
disable Return Code: -32964594 (0xFE09000E) Description: VAMGR_ERROR_CVIRTUALADAPTER_FAILED


Error - 1/3/2014 10:40:50 AM | Computer Name = Lissemore | Source = vpnagent | ID = 67108866
Description = Function: CVAMgr::disableHostMgr File: .\VAMgr.cpp Line: 832 Invoked
Function: CVirtualAdapter Return Code: 0 (0x00000000) Description: unknown

Error - 1/3/2014 10:40:50 AM | Computer Name = Lissemore | Source = vpnagent | ID = 67108866
Description = Function: CVAMgr::~CVAMgr File: .\VAMgr.cpp Line: 175 Invoked Function:
CVAMgr::disable Return Code: -32964594 (0xFE09000E) Description: VAMGR_ERROR_CVIRTUALADAPTER_FAILED


[ System Events ]
Error - 12/21/2013 2:25:30 PM | Computer Name = Lissemore | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 12/21/2013 4:36:12 PM | Computer Name = Lissemore | Source = DCOM | ID = 10010
Description =

Error - 12/21/2013 4:36:18 PM | Computer Name = Lissemore | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%1062

Error - 12/21/2013 4:36:47 PM | Computer Name = Lissemore | Source = Teefer2 | ID = 5005
Description = Register filter driver fail : Has encountered an internal error and
has failed.

Error - 12/21/2013 4:41:28 PM | Computer Name = Lissemore | Source = DCOM | ID = 10016
Description =

Error - 12/22/2013 2:55:44 PM | Computer Name = Lissemore | Source = DCOM | ID = 10016
Description =

Error - 12/22/2013 6:41:00 PM | Computer Name = Lissemore | Source = DCOM | ID = 10010
Description =

Error - 12/22/2013 6:41:30 PM | Computer Name = Lissemore | Source = DCOM | ID = 10010
Description =

Error - 12/22/2013 9:34:26 PM | Computer Name = Lissemore | Source = DCOM | ID = 10010
Description =

Error - 12/22/2013 9:34:56 PM | Computer Name = Lissemore | Source = DCOM | ID = 10010
Description =


< End of report >
jlissemore
Regular Member
 
Posts: 25
Joined: January 1st, 2014, 1:43 pm

Re: Malware has inactivated antivirus and firewall

Unread postby jlissemore » January 3rd, 2014, 10:52 am

TDSSKiller report was too long to post into this window so I have included it here as an attachment.
You do not have the required permissions to view the files attached to this post.
jlissemore
Regular Member
 
Posts: 25
Joined: January 1st, 2014, 1:43 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 145 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware