Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AdChoice; Mouse not working; Critical Stop Alarm going off; Memory borked


  • This topic is locked This topic is locked
19 replies to this topic

#1 Pixielala

Pixielala

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 17 October 2014 - 08:40 PM

Aloha. I now have AdChoice all over Chrome, despite AdBlock--which is why I noticed something was off. Then the Windows Critical Stop alarm started going off every few minutes. Then the mouse stopped working--I tried that on another machine w/no problem, so it's not the mouse. 

 

With Event Viewer, I saw that Service Control Manager errors were being generated and causing the Critical Stop beep--but no associated program or service. Then the Shadow Volume buffer was being overflowed? Yes, memory problems. 

 

I've run everything recommended. Twice, to no avail. I need some serious help. Right now I've got the firewall and defensive programs down so that they didn't interfere w/any scans, but they're usually up and did not catch this. I've also got FRST, JRT and AdwCleaner logs if you'd like me to post them next--no fixes were had that way. 

 

Thanks for your time...

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16575
Run by Laurel at 20:58:48 on 2014-10-17
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8140.4748 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Laurel\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\taskmgr.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRAM FILES (X86)\ITUNES\ITUNESHELPER.EXE
C:\PROGRAM FILES\FRESCO LOGIC\FRESCO LOGIC USB3.0 HOST CONTROLLER\AMD64_HOST\FLXHCIM.EXE
C:\Program Files\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRAM FILES (X86)\EVERNOTE\EVERNOTE\EVERNOTECLIPPER.EXE
C:\Windows\system32\taskhost.exe
C:\Users\Laurel\AppData\Local\Temp\tz_exec.tmp130\Procmon.exe
C:\Users\Laurel\AppData\Local\Temp\Procmon64.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
C:\Windows\system32\mmc.exe
C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\bin\VzDetectAgent.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: ArcPluginIEBHO Class: {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Ads Removal: {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [f.lux] "C:\Users\Laurel\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
uRunOnce: [Application Restart #2] C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe "C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe" "C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe" "C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe" 
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: MaxRecentDocs = dword:8
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: LastPass - C:\Users\Laurel\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Laurel\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{34C7ACB5-A636-45B8-80C0-5EFB78AB8696} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{34C7ACB5-A636-45B8-80C0-5EFB78AB8696}\24A4444533 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{34C7ACB5-A636-45B8-80C0-5EFB78AB8696}\84F4D454D283734323 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{34C7ACB5-A636-45B8-80C0-5EFB78AB8696}\876696E696479777966696 : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: {10921475-03CE-4E04-90CE-E2E7EF20C814} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\
FF - prefs.js: browser.startup.homepage - cloud.feedly.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
FF - ExtSQL: 2014-09-27 21:08; ascsurfingprotection@iobit.com; C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\extensions\ascsurfingprotection@iobit.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-2-16 21184]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2014-2-26 893216]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-11-2 89600]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 23552]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-13 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-1-13 2413056]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 358984]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-8-21 342336]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-13 2656536]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-1-10 219648]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-1-10 65024]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-7-20 452088]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2014-7-20 34848]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2014-3-6 359128]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-9-5 941272]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\Windows\System32\drivers\rtwlane.sys [2014-4-27 3073752]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-4-27 33008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-11-20 2282272]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-29 1871160]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ArcService;Arc Service;C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [2014-9-18 88400]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 125584]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-13 19456]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-1-13 1145448]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-15 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-13 30208]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2014-7-20 23016]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-18 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2013-7-11 14544]
S4 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2014-7-20 23048]
S4 IObitUnlocker;IObitUnlocker;C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2013-5-10 36920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 60 ================
.
2014-10-17 18:09:10 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CCF5F922-27FD-40E1-8BD5-DB7261DCE6D4}\mpengine.dll
2014-10-16 18:10:23 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-16 02:39:34 -------- d-----w- C:\Windows\ERUNT
2014-10-16 02:34:02 -------- d-----w- C:\FRST
2014-10-16 02:16:59 -------- d-----w- C:\AdwCleaner
2014-10-02 03:38:57 1188440 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3EE80CA7-2BFF-4762-B6BB-A636CB058834}\gapaengine.dll
2014-09-30 21:52:58 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-30 21:52:58 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-29 06:59:30 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-29 06:58:53 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-29 06:58:53 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-29 06:58:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-25 07:49:47 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-25 07:49:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-12 15:15:01 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-09-12 15:15:01 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-09-12 15:15:01 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-09-12 15:15:01 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-09-12 09:47:20 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-12 09:47:20 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-12 09:44:15 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-12 09:44:15 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-12 09:44:09 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-12 09:44:08 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-12 09:41:46 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-12 09:41:46 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-12 09:41:46 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-12 09:41:45 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-12 09:41:45 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-06 00:23:52 941272 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2014-09-06 00:23:52 73800 ----a-w- C:\Windows\System32\RtNicProp64.dll
2014-09-06 00:23:49 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-09-06 00:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-09-06 00:23:48 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-09-04 12:50:16 188304 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find6M  ====================
.
2014-10-18 00:58:23 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2014-10-01 15:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-24 18:00:05 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-24 18:00:04 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-06 00:23:53 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2014-08-15 15:35:56 2339328 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-15 15:31:16 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-08-15 15:30:08 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-15 15:30:00 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-15 15:29:33 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-15 15:28:50 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-15 15:28:47 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-08-15 14:42:27 1810432 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-15 14:37:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-15 14:36:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-15 14:35:47 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-15 14:35:34 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-15 14:34:49 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-08-15 14:34:47 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 06:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-20 19:00:47 107552 ----a-w- C:\Windows\System32\SET3739.tmp
2014-07-20 18:59:30 452088 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys
2014-07-17 22:05:06 269008 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2014-07-17 22:05:06 125584 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 20:46:59 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-07-09 20:46:59 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-07-09 20:46:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-07-09 20:46:59 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-07-09 20:46:59 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-07-09 20:46:59 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-07-09 20:46:59 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-07-09 20:46:59 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-07-09 20:46:59 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-07-09 20:46:59 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-07-09 20:46:59 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-07-09 20:46:58 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-07-09 20:45:20 692736 ----a-w- C:\Windows\System32\osk.exe
2014-07-09 20:45:20 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-07-09 20:45:09 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-07-09 20:45:09 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-07-09 20:44:47 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-06-12 07:52:08 986560 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 06:16:07 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-06-06 06:12:57 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-06-04 19:17:14 21184 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2014-06-04 19:17:12 128288 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll
2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-05-14 16:21:04 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-05-14 16:20:45 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-05-14 16:17:10 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-05-14 13:23:04 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-05-14 13:23:04 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-05-14 13:20:46 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-05-14 13:17:14 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-05-04 21:31:13 100312 ----a-w- C:\Windows\System32\drivers\TeeDriverx64.sys
2014-04-28 00:08:20 107552 ----a-w- C:\Windows\System32\SET3D52.tmp
2014-04-28 00:08:06 16896 ----a-w- C:\Windows\System32\SETE3AB.tmp
2014-04-28 00:07:45 33008 ----a-w- C:\Windows\System32\drivers\Smb_driver_Intel.sys
2014-04-28 00:07:30 43840 ----a-w- C:\Windows\System32\drivers\Accelerometer.sys
2014-04-28 00:07:30 31040 ----a-w- C:\Windows\System32\SET4432.tmp
2014-04-28 00:07:30 31040 ----a-w- C:\Windows\System32\drivers\hpdskflt.sys
2014-04-28 00:07:30 21312 ----a-w- C:\Windows\System32\SET4472.tmp
2014-04-28 00:07:30 18240 ----a-w- C:\Windows\System32\SET44C1.tmp
2014-04-28 00:07:15 3073752 ----a-w- C:\Windows\System32\drivers\rtwlane.sys
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-02-21 06:03:24 14845952 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 21:00:06.62 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:22 PM

Posted 20 October 2014 - 06:30 AM

:welcome:

Hello Pixielala,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

---


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

---


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.



---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Pixielala

Pixielala
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 22 October 2014 - 09:25 PM

Thank for the help! I've currently got my anti-virus stuff all turned off, so that checks could be run unimpeded. 

I ran FRST several days ago. I'll run it a 2nd time, and post both logs in a separate reply. 

 

Here is Security Check's log:

 Results of screen317's Security Check version 
 
0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is 
 
disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall 
 
Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for 
 
antivirus!  
`````````Anti-malware/Other Utilities 
 
Check:````````` 
 Adobe Flash Player 15.0.0.152  
 Adobe Reader 10.1.12 Adobe Reader 
 
out of Date!  
 Mozilla Firefox 30.0 Firefox out of 
 
Date!  
 Google Chrome 37.0.2062.120  
````````Process Check: objlist.exe by 
 
Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Laurel Desktop Virus Removal SecurityCheck.exe 
 IObit IObit Malware Fighter IMFsrv.exe  
`````````````````System Health 
 
check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of 
 
Log`````````````````````` 


#4 Pixielala

Pixielala
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 22 October 2014 - 10:43 PM

This site says that my FRST logs are too long, so I attached them as text files. 

 

Thanks!

Attached Files



#5 Jo*

Jo*

  • Malware Response Team
  • 3,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:22 PM

Posted 23 October 2014 - 05:24 AM

Hello Pixielala,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

---


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 Pixielala

Pixielala
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 23 October 2014 - 09:46 PM

I ran AdwCleaner on 10/15, and Conduit was found--I know that it's not technically a virus, but it sure acts like one! The mouse not working thing, and the constant critical stop beeping is making me freaking crazy. 

 

Here's the first log:

 

# AdwCleaner v4.000 - Report created 15/10/2014 at 22:17:16
# Updated 12/10/2014 by Xplode
# Database : 2014-10-15.7
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Laurel - XENO
# Running from : C:\Users\Laurel\Downloads\adwcleaner_4.000.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\user.js
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Web Protect
Folder Found : C:\ProgramData\StarApp
Folder Found : C:\Users\Laurel\AppData\Local\Conduit
Folder Found : C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
Folder Found : C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
Folder Found : C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
Folder Found : C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdnblnolcinnndenjnollpiplgkbjcn
Folder Found : C:\Users\Laurel\AppData\LocalLow\Conduit
Folder Found : C:\Users\Laurel\AppData\Roaming\SendSpace
 
***** [ Scheduled Tasks ] *****
 
Task Found : Driver Booster Scan
Task Found : Driver Booster Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
Key Found : HKLM\SOFTWARE\WebProtect
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16575
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
 
-\\ Google Chrome v37.0.2062.120
 
 
*************************
 
AdwCleaner[R0].txt - [4294 octets] - [15/10/2014 22:17:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4354 octets] ##########
 
I'll run another AdwCleaner after the Rootkit inspector, and we'll see if we can't get rid of this thing once and for all-- I am so sick of all the advertising!


#7 Pixielala

Pixielala
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 23 October 2014 - 11:20 PM

MalwareBytes Rootkit scan did not find anything. :\

 

And here's tonight's AdwCleaner scan, showing the Conduit is still hanging out in my registry keys, apparently MalwareBytes doesn't register that as malware? 

 

# AdwCleaner v4.001 - Report created 24/10/2014 at 00:12:37
# Updated 20/10/2014 by Xplode
# Database : 2014-10-23.2
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Laurel - XENO
# Running from : C:\Users\Laurel\Desktop\Virus Removal\adwcleaner_4.001.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Program Files (x86)\Web Protect
Folder Found : C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
Folder Found : C:\Users\Laurel\AppData\Roaming\SendSpace
 
***** [ Scheduled Tasks ] *****
 
Task Found : Driver Booster Scan
Task Found : Driver Booster Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
Key Found : HKLM\SOFTWARE\WebProtect
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16575
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
 
-\\ Google Chrome v37.0.2062.120
 
 
*************************
 
AdwCleaner[R0].txt - [4466 octets] - [15/10/2014 22:17:16]
AdwCleaner[R1].txt - [2844 octets] - [24/10/2014 00:12:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2904 octets] ##########
vb

Edited by Pixielala, 23 October 2014 - 11:21 PM.


#8 Jo*

Jo*

  • Malware Response Team
  • 3,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:22 PM

Posted 24 October 2014 - 03:13 AM

Hello Pixielala,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

---


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


---


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 Pixielala

Pixielala
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 24 October 2014 - 03:53 AM

I did all these steps on the 15th, again on the 17th and again tonight. You've seen the logs from earlier...nothing's changed. 

 

I'll do it a fourth time. 



#10 Jo*

Jo*

  • Malware Response Team
  • 3,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:22 PM

Posted 24 October 2014 - 04:06 AM

I need the logs we've asked for with post #8 and your feedback.

Otherwise we cannot help and close this thread.

Edited by Jo*, 24 October 2014 - 04:11 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 Pixielala

Pixielala
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 24 October 2014 - 11:22 AM

Notice that it was 5 am EST for me--that's not my usual awake time, so you'll have to be patient. Threatening to close a thread because I didn't post the 3rd, and 4th sets of logs in a few hours isn't helpful for anyone involved--at least a day is usually allowed for followup, thank you. 

 

# AdwCleaner v4.001 - Report created 24/10/2014 at 04:54:06
# DB v2014-10-23.2
# Updated 20/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Laurel - XENO
# Running from : C:\Users\Laurel\Desktop\Virus Removal\adwcleaner_4.001.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Laurel\AppData\Roaming\SendSpace
Folder Deleted : C:\Program Files (x86)\Web Protect
Folder Deleted : C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Driver Booster Scan
Task Deleted : Driver Booster Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\WebProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16575
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
 
-\\ Google Chrome v37.0.2062.120
 
 
*************************
 
AdwCleaner[R0].txt - [4466 octets] - [15/10/2014 22:17:16]
AdwCleaner[R1].txt - [3012 octets] - [24/10/2014 00:12:37]
AdwCleaner[S0].txt - [2798 octets] - [24/10/2014 04:54:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2858 octets] ##########


#12 Pixielala

Pixielala
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 24 October 2014 - 11:26 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014
Ran by Laurel (administrator) on XENO on 24-10-2014 12:22:20
Running from C:\Users\Laurel\Downloads
Loaded Profile: Laurel (Available profiles: Laurel & GuestUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Flux Software LLC) C:\Users\Laurel\AppData\Local\FluxSoftware\Flux\flux.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1601856 2014-05-23] (IObit)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1351574453-3469030950-3211343381-1001\...\Run: [f.lux] => C:\Users\Laurel\AppData\Local\FluxSoftware\Flux\flux.exe [1012616 2013-10-13] (Flux Software LLC)
HKU\S-1-5-21-1351574453-3469030950-3211343381-1001\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
HKU\S-1-5-21-1351574453-3469030950-3211343381-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe [865280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1351574453-3469030950-3211343381-1001\...\Policies\Explorer: [MaxRecentDocs] 8
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * SmartDefragBootTime.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default
FF Homepage: cloud.feedly.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Ads Removal - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\adremoveext@adremoveext.net [2014-09-12]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\ascsurfingprotection@iobit.com [2014-09-28]
FF Extension: Xmarks - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\foxmarks@kei.com [2014-09-07]
FF Extension: LastPass - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\support@lastpass.com [2014-03-23]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-11-20]
FF Extension: YouTube Enhancer Plus - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2013-11-23]
FF Extension: Reddit Enhancement Suite - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2013-11-23]
FF Extension: Memory Restart - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\memoryrestart@teamextension.com.xpi [2013-11-20]
FF Extension: Restart Button - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\restartbutton@strk.jp.xpi [2013-11-20]
FF Extension: Undo Closed Tabs Button - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2013-12-08]
FF Extension: redditreveal - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\{2a43f346-13de-4aad-adeb-00b61e5bcde3}.xpi [2013-11-23]
FF Extension: BBCodeXtra - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi [2013-12-07]
FF Extension: Adblock Plus - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-20]
FF Extension: Tab Mix Plus - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-11-20]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-24]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.feedly.com/home
CHR StartupUrls: Default -> "cloud.feedly.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-17]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-09-17]
CHR Extension: (Download Button) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\alakoggmijiicdlcjjeakffojoinhlpg [2014-09-17]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2014-09-17]
CHR Extension: (Google Docs) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-17]
CHR Extension: (Google Drive) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-17]
CHR Extension: (YouTube) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-17]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-09-17]
CHR Extension: (Adblock Plus) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-25]
CHR Extension: (AdBlock+) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmimgmjdabgiilljdjfbonifbhiglao [2014-09-17]
CHR Extension: (Webpage Screenshot) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-09-17]
CHR Extension: (Google Search) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-17]
CHR Extension: (Search by Image (by Google)) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-09-17]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2014-09-17]
CHR Extension: (Chromebleed) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-09-17]
CHR Extension: (Facebook Disconnect) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2014-09-25]
CHR Extension: (Google Sheets) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-17]
CHR Extension: (Switch to Tab) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbfhhcljihbgcobpfnceegfmooomhhli [2014-09-17]
CHR Extension: (Hide Facebook Ads) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\giidodbaphhffolmjaainibnmohpalmb [2014-09-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-09-25]
CHR Extension: (Keep My Opt-Outs) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2014-09-17]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-09-17]
CHR Extension: (BeeLine Reader) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifjafammaookpiajfbedmacfldaiamgg [2014-09-17]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-09-17]
CHR Extension: (The Great Suspender) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2014-09-17]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-09-17]
CHR Extension: (Reddit Check) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllceaiaedaingchlgolnfiibippgkmj [2014-09-17]
CHR Extension: (Ghostery) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-09-25]
CHR Extension: (feedly) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja [2014-09-17]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2014-09-17]
CHR Extension: (Google Wallet) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (autoConvert - Auto Currency & Unit Converter) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbghjbbdfkjffaalmcfgelakmeckapnd [2014-09-17]
CHR Extension: (Evernote Web Clipper) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-09-17]
CHR Extension: (Gmail) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-17]
CHR HKCU\...\Chrome\Extension: [apjkpjchfbckhjhokinlgdbmibpbbjak] - C:\Users\Laurel\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx []
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2014-02-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-09-30] (Perfect World Entertainment Inc)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2014-01-24] (Fork Ltd.) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [358984 2014-05-21] (Verizon) [File not signed]
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [65024 2012-01-10] (Fresco Logic)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36920 2013-04-03] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-24] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-05-04] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3073752 2014-04-27] (Realtek Semiconductor Corporation                           )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2014-04-27] (Synaptics Incorporated)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Accelerometer.sys 899B7E724BF19F17978B6A37B864A277
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 80B9412C4DE09147581FC935FB4C97AB
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 9E84A931DBEE0292E38ED672F6293A99
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\clwvd.sys 50F92C943F18B070F166D019DFAB3D9A
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys F59E2FE2687A5C30598F9099F318EB73
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys D409D4A4517865131999FAC96D366CBF
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\FLxHCIc.sys BFDA4D45D7C3E278D46F5BB0E5348C56
C:\Windows\System32\DRIVERS\FLxHCIh.sys 7DAB83E54F868806D919384AC3DEF762
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hpdskflt.sys D104FF402FC3DDB686E6DEF00334DB26
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 2FDAEC4B02729C48C0FD1B0B4695995B
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 8C44E6B688790E2AD3846C97661C54F1
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\IntcDAud.sys EEE7376243CD8A4B49B885EF122D25E5
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys B2ADA4EB20649839A54DB078FA6BB1BD
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\MBAMSwissArmy.sys 26C43960C99EE861A5D0EDC4DCF3B1C3
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TeeDriverx64.sys EB1D78140D6634C32A46AB1006105EDC
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 6439D1E559D08BD8A1465A8943357053
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys F9EEFFC65C68A45001D1349E652B8B6F
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvm62x64.sys A85B4F2EF3A7304A5399EF0526423040
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys 946010CDFA91469351B22E2620CEBCD8
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys 5623E2CC4F1F6DE24BE9DB3319E42D23
C:\Windows\System32\DRIVERS\RtsPStor.sys D23399622ED6692BF6AA1D30322345FC
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 439F755B450CF66B139742CA32AACF9F
C:\Windows\System32\DRIVERS\rtl8192Ce.sys F33E70E48A54A7A1BFBEEB4F3B273E4A
C:\Windows\System32\DRIVERS\rtwlane.sys 44E8D0259F3B2C94CD0D418853E14805
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SmartDefragDriver.sys E77CB3736A702D46A6FB15FB4A9894E3
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys 153CC85FF9B2D5D9A3103EB7202B2A9C
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys 7E89F65EB250463EE8665CFE19566FC3
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys AC3CC98B1BDB6540021D3FFB105AC2B9
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys 893A6B67C8AA502648AD946CF50DDFD1
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys 0C0195C48B6B8582FA6F6373032118DA
C:\Windows\System32\DRIVERS\WinUSB.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-24 05:01 - 2014-10-24 05:06 - 00000112 _____ () C:\Windows\setupact.log
2014-10-24 05:01 - 2014-10-24 05:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-24 05:00 - 2014-10-24 05:00 - 00007986 _____ () C:\Windows\PFRO.log
2014-10-24 04:58 - 2014-10-24 04:58 - 00000000 _____ () C:\asc_rdflag
2014-10-24 00:35 - 2014-10-24 00:35 - 00000000 ____D () C:\Users\Public\Documents\Arc
2014-10-24 00:35 - 2014-10-24 00:35 - 00000000 ____D () C:\ProgramData\Documents\Arc
2014-10-23 22:56 - 2014-10-24 00:10 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-22 22:24 - 2014-10-22 22:24 - 00000000 ____D () C:\Users\Laurel\Downloads\FRST-OlderVersion
2014-10-17 20:59 - 2014-10-24 00:12 - 00000000 ____D () C:\Users\Laurel\Desktop\Virus Removal
2014-10-17 20:57 - 2014-10-17 20:57 - 00688992 ____R (Swearware) C:\Users\Laurel\Downloads\dds.com
2014-10-15 22:39 - 2014-10-15 22:39 - 00048309 _____ () C:\Users\Laurel\Downloads\Addition.txt
2014-10-15 22:39 - 2014-10-15 22:39 - 00000000 ____D () C:\Windows\ERUNT
2014-10-15 22:38 - 2014-10-24 12:22 - 00046335 _____ () C:\Users\Laurel\Downloads\FRST.txt
2014-10-15 22:34 - 2014-10-24 12:22 - 00000000 ____D () C:\FRST
2014-10-15 22:31 - 2014-10-22 22:24 - 02112000 _____ (Farbar) C:\Users\Laurel\Downloads\FRST64.exe
2014-10-15 22:30 - 2014-10-15 22:30 - 01705698 _____ (Thisisu) C:\Users\Laurel\Downloads\JRT.exe
2014-10-15 22:16 - 2014-10-24 05:19 - 00000000 ____D () C:\AdwCleaner
2014-10-15 14:46 - 2014-10-15 14:46 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 14:46 - 2014-10-15 14:46 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 14:45 - 2014-10-15 14:45 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 14:45 - 2014-10-15 14:45 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 14:41 - 2014-10-15 14:41 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 14:41 - 2014-10-15 14:41 - 00638888 _____ (Oracle Corporation) C:\Users\Laurel\Downloads\chromeinstall-8u25.exe
2014-10-15 14:40 - 2014-10-15 14:40 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 14:40 - 2014-10-15 14:40 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 14:39 - 2014-10-15 14:39 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 14:39 - 2014-10-15 14:39 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 14:39 - 2014-10-15 14:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 14:39 - 2014-10-15 14:39 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 14:39 - 2014-10-15 14:39 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 14:39 - 2014-10-15 14:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 14:39 - 2014-10-15 14:39 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-15 14:39 - 2014-10-15 14:39 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 14:39 - 2014-10-15 14:39 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-15 14:37 - 2014-10-15 14:37 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 14:35 - 2014-10-15 14:35 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 14:35 - 2014-10-15 14:35 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 14:35 - 2014-10-15 14:35 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 14:35 - 2014-10-15 14:35 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 14:35 - 2014-10-15 14:35 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 14:35 - 2014-10-15 14:35 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 14:35 - 2014-10-15 14:35 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 14:35 - 2014-10-15 14:35 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 14:35 - 2014-10-15 14:35 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 14:35 - 2014-10-15 14:35 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 14:35 - 2014-10-15 14:35 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 14:30 - 2014-10-15 14:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 14:30 - 2014-10-15 14:30 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 14:24 - 2014-10-15 14:24 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 14:24 - 2014-10-15 14:24 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 14:24 - 2014-10-15 14:24 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 14:24 - 2014-10-15 14:24 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 14:24 - 2014-10-15 14:24 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 14:24 - 2014-10-15 14:24 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 14:22 - 2014-10-15 14:22 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 14:22 - 2014-10-15 14:22 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 14:22 - 2014-10-15 14:22 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 14:22 - 2014-10-15 14:22 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 14:22 - 2014-10-15 14:22 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 14:22 - 2014-10-15 14:22 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 14:22 - 2014-10-15 14:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 14:22 - 2014-10-15 14:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 14:11 - 2014-10-15 14:43 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-15 14:10 - 2014-10-15 14:43 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-15 14:10 - 2014-10-15 14:43 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-15 14:07 - 2014-03-06 23:53 - 02510528 _____ (Sysinternals - www.sysinternals.com) C:\Users\Laurel\Desktop\Procmon.exe
2014-10-15 14:06 - 2014-10-15 14:06 - 01121208 _____ () C:\Users\Laurel\Downloads\ProcessMonitor.zip
2014-10-15 12:54 - 2014-10-15 12:54 - 00001140 _____ () C:\Users\Laurel\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-10-05 15:09 - 2014-10-05 15:09 - 00006576 ____N () C:\bootsqm.dat
2014-09-30 17:52 - 2014-09-30 17:52 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 17:52 - 2014-09-30 17:52 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-29 02:59 - 2014-10-24 11:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-29 02:59 - 2014-10-15 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-29 02:58 - 2014-10-23 22:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-29 02:58 - 2014-10-15 20:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-29 02:58 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-29 02:41 - 2014-09-29 02:41 - 00001260 _____ () C:\Users\Laurel\Desktop\Startup Manager.lnk
2014-09-28 01:08 - 2014-09-28 01:08 - 00001192 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-09-28 01:08 - 2014-09-28 01:08 - 00001192 _____ () C:\ProgramData\Desktop\IObit Uninstaller.lnk
2014-09-28 01:02 - 2014-09-28 01:02 - 38662680 _____ (IObit ) C:\Users\Laurel\Downloads\ASC setup 927.exe
2014-09-27 08:56 - 2014-09-27 08:56 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-09-27 08:56 - 2014-09-27 08:56 - 00001979 _____ () C:\ProgramData\Desktop\Adobe Reader X.lnk
2014-09-25 23:27 - 2014-09-25 23:27 - 00002219 _____ () C:\Users\Laurel\Desktop\Google Chrome.lnk
2014-09-25 03:49 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 03:49 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-24 12:06 - 2012-09-06 09:54 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-10-24 11:59 - 2014-06-29 00:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-24 11:43 - 2013-04-24 03:40 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-24 08:24 - 2012-01-18 23:16 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{545BAAE0-16ED-4F63-899A-83E8D6C9C695}
2014-10-24 08:11 - 2012-01-13 04:26 - 01049607 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 05:18 - 2013-04-24 03:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 05:18 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-24 05:14 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 05:14 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 05:06 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-24 05:03 - 2013-11-20 02:12 - 00000000 ____D () C:\ProgramData\ProductData
2014-10-24 05:01 - 2009-07-14 00:45 - 00343728 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-24 04:58 - 2013-12-28 05:48 - 43958272 _____ () C:\Windows\system32\config\components.iodefrag.bak
2014-10-24 04:58 - 2013-12-05 02:27 - 80228352 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-10-24 04:58 - 2013-12-05 02:27 - 00978944 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-10-24 04:58 - 2013-12-05 02:27 - 00061440 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-10-24 04:58 - 2013-12-05 02:27 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-10-24 04:58 - 2012-01-18 23:12 - 00000000 ____D () C:\Users\Laurel
2014-10-24 04:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-24 04:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-18 02:38 - 2013-04-24 03:40 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 02:38 - 2013-04-24 03:40 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 14:09 - 2012-01-18 22:18 - 00000000 ____D () C:\Users\Laurel\AppData\Local\CrashDumps
2014-10-17 00:37 - 2012-05-22 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-10-16 21:53 - 2012-08-25 01:02 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLaurel
2014-10-16 21:53 - 2012-08-25 01:02 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForLaurel.job
2014-10-15 14:42 - 2013-10-16 01:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-15 14:42 - 2012-02-22 01:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-15 13:58 - 2009-07-14 01:08 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-15 13:55 - 2014-05-22 16:31 - 00000000 ____D () C:\Users\Laurel\AppData\Roaming\ProductData
2014-10-15 13:55 - 2014-02-26 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-10-15 13:55 - 2012-01-18 22:18 - 00000000 ____D () C:\ProgramData\IObit
2014-10-15 13:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-15 13:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-15 13:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-10-14 18:39 - 2013-08-21 23:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-05 15:02 - 2013-04-03 20:23 - 00007605 _____ () C:\Users\Laurel\AppData\Local\Resmon.ResmonCfg
2014-10-03 00:57 - 2012-10-07 14:02 - 00000000 ____D () C:\Users\Laurel\Desktop\Princess
2014-10-01 11:11 - 2012-01-23 00:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-30 02:29 - 2012-01-24 00:31 - 00000000 ____D () C:\Users\Laurel\Desktop\Game Info
2014-09-29 02:59 - 2012-01-23 00:26 - 00000000 ____D () C:\Users\Laurel\AppData\Roaming\Malwarebytes
2014-09-29 02:58 - 2012-01-23 00:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-29 02:58 - 2012-01-23 00:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-29 02:43 - 2012-01-18 22:18 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-09-28 01:08 - 2014-05-22 16:30 - 00003096 _____ () C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
2014-09-28 01:08 - 2014-02-26 14:59 - 00002888 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-09-28 01:07 - 2014-02-26 14:58 - 00002856 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_Laurel
2014-09-27 08:56 - 2011-11-09 13:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-25 23:30 - 2012-01-18 20:15 - 00000000 ____D () C:\Users\Laurel\AppData\Local\Google
2014-09-24 14:00 - 2014-06-29 00:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 14:00 - 2012-04-10 00:44 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 14:00 - 2011-11-09 13:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some content of TEMP:
====================
C:\Users\Laurel\AppData\Local\Temp\Quarantine.exe
C:\Users\Laurel\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {current}
resumeobject            {158181c0-9a00-11db-8a1d-b11d19fd3102}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
customactions           0x1000085000001
                        0x5400000f
custom:5400000f         {48bfe1b7-3dbe-11e1-9653-905ab170b8fa}
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {48bfe1b7-3dbe-11e1-9653-905ab170b8fa}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {158181c0-9a00-11db-8a1d-b11d19fd3102}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {48bfe1b7-3dbe-11e1-9653-905ab170b8fa}
device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{48bfe1b8-3dbe-11e1-9653-905ab170b8fa}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{48bfe1b8-3dbe-11e1-9653-905ab170b8fa}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {572bcd60-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             Microsoft Windows PE 2.0 
osdevice                ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
detecthal               Yes
winpe                   Yes
ems                     Yes
 
Resume from Hibernate
---------------------
identifier              {158181c0-9a00-11db-8a1d-b11d19fd3102}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {48bfe1b8-3dbe-11e1-9653-905ab170b8fa}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             Ramdisk Options
ramdisksdidevice        boot
ramdisksdipath          \boot\boot.sdi
 
 
 
LastRegBack: 2014-04-09 03:39
 
==================== End Of Log ============================

Edited by Pixielala, 24 October 2014 - 11:30 AM.


#13 Pixielala

Pixielala
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 24 October 2014 - 11:29 AM

This is from the first time I ran FRST, a week ago. The original *.txt file is posted above as an attachment. 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2014 02
Ran by Laurel at 2014-10-15 22:39:29
Running from C:\Users\Laurel\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.1.30017 - BitTorrent Inc.)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{8985824A-20E6-499F-97E1-6D20D9ECD869}) (Version: 0.9.24 - Kovid Goyal)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cool Timer 5.1.5.0 (HKLM-x32\...\Cool Timer_is1) (Version:  - Harmony Hollow Software)
CopyTrans Suite Remove Only (HKCU\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.0.4528 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
deep-spacie.themepack (HKLM-x32\...\deep-spacie_folder) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Digital Media Downloader (HKLM-x32\...\{1A20FED2-E77E-4331-9296-EB031BBEE7D8}) (Version: 2.9.3 - Tekked)
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.5 - IObit)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 5.5.3 (HKLM-x32\...\{B1A0F908-1448-11E4-8684-00163E98E7D0}) (Version: 5.5.3.4236 - Evernote Corp.)
f.lux (HKCU\...\Flux) (Version:  - )
Fresco Logic USB3.0 Host Controller (HKLM\...\{104898A0-CA37-4BB4-AC27-46B6FE3280DD}) (Version: 3.3.44.0 - Fresco Logic Inc.)
galaxy.themepack (HKLM-x32\...\galaxy_folder) (Version:  - )
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Drive (HKLM-x32\...\{C2D4CD4A-AE20-40B3-8726-8ED1C03E8C15}) (Version: 1.11.4865.2530 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{4268BF51-DFDF-4178-8B8D-5D5752FCAA58}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{1AB4DB8C-4123-45DC-B896-C67990F76DA4}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Documentation (HKLM-x32\...\{9BCA64E3-D180-4F13-8014-5E62947150C1}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP MovieStore (x32 Version: 2.1.091 - Hewlett-Packard) Hidden
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
HP Security Assistant (HKLM\...\{0576788F-2993-455F-80CD-980114095103}) (Version: 1.0.11 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
IHA_MessageCenter (HKLM-x32\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.4 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.9.2622 - IObit)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.0 - IObit)
iTunes (HKLM\...\{37D0157F-45C6-4DB2-9AE5-489DD98CE169}) (Version: 11.1.2.31 - Apple Inc.)
Jing (HKLM-x32\...\{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}) (Version: 2.4.10231 - TechSmith Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.3.0.18537 - LeapFrog)
LeapFrog Connect (x32 Version: 5.3.0.18537 - LeapFrog) Hidden
LeapFrog My Pals Plugin (x32 Version: 5.1.26.18340 - LeapFrog) Hidden
LimeWire 4.12.6 (HKLM-x32\...\LimeWire) (Version: 4.12.6 - Lime Wire, LLC)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.1 - Pando Networks Inc.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.1 - )
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Puzzle Pirates (HKCU\...\Puzzle Pirates) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
RUSH Demo (HKLM-x32\...\Steam App 38730) (Version:  - Two Tribes)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
Spotify (HKCU\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TUGZip 3.5 (HKLM-x32\...\TUGZip_is1) (Version:  - Christian Kindahl)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM-x32\...\MyPalsPlugin) (Version:  - LeapFrog)
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VIP Access SDK (1.0.1.2)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.63.0 - Verizon)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinImage (HKCU\...\WinImage) (Version:  - )
YTD Video Downloader 4.0 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.0 - GreenTree Applications SRL)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1351574453-3469030950-3211343381-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Laurel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1351574453-3469030950-3211343381-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Laurel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1351574453-3469030950-3211343381-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Laurel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1351574453-3469030950-3211343381-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Laurel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1351574453-3469030950-3211343381-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Laurel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
06-10-2014 19:24:29 Windows Update
10-10-2014 19:22:47 Windows Update
12-10-2014 23:00:25 Windows Backup
14-10-2014 22:26:28 Windows Update
15-10-2014 05:50:37 Installed Java 7 Update 71
15-10-2014 07:07:49 IObit Uninstaller restore point
15-10-2014 14:37:18 IObit Uninstaller restore point
15-10-2014 17:46:12 Restore Operation
15-10-2014 18:06:32 Installed Java 7 Update 71
15-10-2014 18:18:07 Windows Modules Installer
15-10-2014 19:02:14 Windows Update
16-10-2014 00:42:58 Removed Java 7 Update 71
16-10-2014 00:44:38 Removed Java 8 Update 25
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {15C86094-966F-43DB-8F31-D1987FFE1321} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
Task: {3FF180EE-7A75-4D61-8E3B-8012803474F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {537296F2-EA74-4238-9726-03B614BDBEE7} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-03] (IObit)
Task: {53B695C7-41F3-4C43-AD8A-B7B8DCC5D012} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-07-02] (IObit)
Task: {7AEBB075-24AD-45F6-8589-A4AD7FE91F26} - System32\Tasks\Driver Booster SkipUAC (Laurel) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-08-06] (IObit)
Task: {84065EB5-9C32-4038-8BC7-667F6A1A1530} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit)
Task: {848DB659-B21D-4FE6-AD9A-CAC5E5303F6D} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-08-01] (IObit)
Task: {8F64B3E8-519D-4B70-AEAD-124F0B733FDE} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {9A463DB8-3C91-4FA3-B60C-42A8FD5ECBE7} - System32\Tasks\ASC7_SkipUac_Laurel => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit)
Task: {A5AAE7A2-F92E-4F7F-A1E8-FEFA079CA165} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {BD02180F-187A-4A21-B8F2-9CA07D1C4DF0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-24] (Google Inc.)
Task: {BD35D928-859E-44B2-9E65-1C1006E3A6D4} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2013-07-11] ()
Task: {C803DA21-1DA8-4CA4-8073-9357AF8C54A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-24] (Google Inc.)
Task: {CE3DFA09-4BB3-4DAF-A943-6015C0DDB057} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-08-06] (IObit)
Task: {D5D6CE9B-67C3-473B-BF57-8BA2988E2291} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-08-01] (IObit)
Task: {DD521422-61A1-4FB7-BB79-ED84451B8918} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DF7F86D2-CA75-4A51-A08A-7C76C247B5B0} - System32\Tasks\HPCeeScheduleForLaurel => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {E4CEFF53-FE1C-46AD-B124-A7F4E5C22A5F} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2014-08-20] (IObit)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLaurel.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-01-13 04:22 - 2011-08-10 02:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-26 14:58 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-16 19:48 - 2014-06-04 15:17 - 00892288 _____ () C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll
2014-02-26 14:58 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madExcept_.bpl
2014-02-26 14:58 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madBasic_.bpl
2014-02-26 14:58 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madDisAsm_.bpl
2014-02-26 14:58 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
2014-09-12 12:41 - 2014-09-12 12:41 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9d1b7fd98fc2ebea8f9e3dd5b726d7a9\IsdiInterop.ni.dll
2012-01-13 04:22 - 2011-05-20 14:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-10-21 18:54 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Driver Booster\madExcept_.bpl
2013-10-21 18:54 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Driver Booster\madBasic_.bpl
2013-10-21 18:54 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Driver Booster\madDisAsm_.bpl
2014-02-16 19:49 - 2014-01-07 14:16 - 00893248 _____ () C:\Program Files (x86)\IObit\Driver Booster\webres.dll
2013-10-21 18:54 - 2012-02-16 10:16 - 00516440 _____ () C:\Program Files (x86)\IObit\Driver Booster\sqlite3.dll
2014-07-25 16:22 - 2014-07-25 16:22 - 00436576 _____ () C:\PROGRAM FILES (X86)\EVERNOTE\EVERNOTE\libxml2.dll
2014-07-25 16:22 - 2014-07-25 16:22 - 00318304 _____ () C:\PROGRAM FILES (X86)\EVERNOTE\EVERNOTE\libtidy.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
MSCONFIG\startupreg: F.lux => 
MSCONFIG\startupreg: FLxHCIm64 => c:\program files\fresco logic\fresco logic usb3.0 host controller\amd64_host\flxhcim.exe
MSCONFIG\startupreg: GoogleChromeAutoLaunch_068A9A9B47C654306B2A1586887 => "c:\users\laurel\appdata\local\google\chrome\application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP CoolSense => c:\program files (x86)\hewlett-packard\hp coolsense\coolsense.exe -byrunkey
MSCONFIG\startupreg: HP Quick Launch => c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe
MSCONFIG\startupreg: HP Software Update => c:\program files (x86)\hp\hp software update\hpwuschd2.exe
MSCONFIG\startupreg: HPOSD => c:\program files (x86)\hewlett-packard\hp on screen display\hposd.exe
MSCONFIG\startupreg: HPQuickWebProxy => c:\program files (x86)\hewlett-packard\hp quickweb\hpqwutils.exe
MSCONFIG\startupreg: IAStorIcon => c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe
MSCONFIG\startupreg: iTunesHelper => c:\program files (x86)\itunes\ituneshelper.exe
MSCONFIG\startupreg: Monitor => c:\program files (x86)\leapfrog\leapfrog connect\monitor.exe
MSCONFIG\startupreg: msnmsgr => "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: SetDefault => c:\program files\hewlett-packard\hp launchbox\setdefault.exe
MSCONFIG\startupreg: Spotify Web Helper => c:\users\laurel\appdata\roaming\spotify\data\spotifywebhelper.exe
MSCONFIG\startupreg: Steam => "c:\program files (x86)\steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => c:\program files (x86)\common files\java\java update\jusched.exe
MSCONFIG\startupreg: SynTPEnh => %programfiles%\synaptics\syntp\syntpenh.exe
MSCONFIG\startupreg: SysTrayApp => c:\program files\idt\wdm\sttray64.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1351574453-3469030950-3211343381-500 - Administrator - Disabled)
Guest (S-1-5-21-1351574453-3469030950-3211343381-501 - Limited - Disabled)
GuestUser (S-1-5-21-1351574453-3469030950-3211343381-1003 - Limited - Enabled) => C:\Users\GuestUser
HomeGroupUser$ (S-1-5-21-1351574453-3469030950-3211343381-1002 - Limited - Enabled)
Laurel (S-1-5-21-1351574453-3469030950-3211343381-1001 - Administrator - Enabled) => C:\Users\Laurel
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/15/2014 04:40:42 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Workflow.Activities, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
 
Error: (10/15/2014 02:01:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/15/2014 01:09:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/15/2014 00:51:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/15/2014 05:27:06 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Data.Services.Client, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil . Error code = 0x80070020
 
Error: (10/15/2014 05:26:16 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Management.Automation, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
 
Error: (10/15/2014 05:25:55 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: MIGUIControls, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
 
Error: (10/15/2014 05:25:51 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: Microsoft.ManagementConsole, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
 
Error: (10/15/2014 05:25:35 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Runtime.Serialization, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020
 
Error: (10/15/2014 05:24:09 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: MIGUIControls, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
 
 
System errors:
=============
Error: (10/15/2014 10:37:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (10/15/2014 10:36:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (10/15/2014 10:30:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (10/15/2014 10:29:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (10/15/2014 10:23:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (10/15/2014 10:22:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (10/15/2014 10:16:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (10/15/2014 10:15:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (10/15/2014 10:09:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (10/15/2014 10:08:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (10/15/2014 04:40:42 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Workflow.Activities, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020 
System.Workflow.Activities, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
 
Error: (10/15/2014 02:01:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/15/2014 01:09:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/15/2014 00:51:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/15/2014 05:27:06 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Data.Services.Client, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil . Error code = 0x80070020 
System.Data.Services.Client, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil
 
Error: (10/15/2014 05:26:16 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Management.Automation, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020 
System.Management.Automation, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
 
Error: (10/15/2014 05:25:55 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: MIGUIControls, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020 
MIGUIControls, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
 
Error: (10/15/2014 05:25:51 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: Microsoft.ManagementConsole, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020 
Microsoft.ManagementConsole, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
 
Error: (10/15/2014 05:25:35 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Runtime.Serialization, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020 
System.Runtime.Serialization, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
 
Error: (10/15/2014 05:24:09 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: MIGUIControls, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020 
MIGUIControls, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 30%
Total physical RAM: 8139.6 MB
Available physical RAM: 5645.2 MB
Total Pagefile: 16277.38 MB
Available Pagefile: 13505.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:673.38 GB) (Free:428.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:21.09 GB) (Free:2.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:0.01 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 4A73C3CB)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=673.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End Of Log ============================


#14 Pixielala

Pixielala
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 24 October 2014 - 11:35 AM

Again, with whitelisted items removed:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014
Ran by Laurel (administrator) on XENO on 24-10-2014 12:32:18
Running from C:\Users\Laurel\Downloads
Loaded Profile: Laurel (Available profiles: Laurel & GuestUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Flux Software LLC) C:\Users\Laurel\AppData\Local\FluxSoftware\Flux\flux.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
 
 
==================== Registry (All) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [172016 2014-02-16] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [399856 2014-02-16] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [442352 2014-02-16] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1601856 2014-05-23] (IObit)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [30720 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [2871808 2011-11-09] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [2616320 2011-11-09] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [ForceActiveDesktopOn] 0
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1351574453-3469030950-3211343381-1001\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-1351574453-3469030950-3211343381-1001\...\Run: [f.lux] => C:\Users\Laurel\AppData\Local\FluxSoftware\Flux\flux.exe [1012616 2013-10-13] (Flux Software LLC)
HKU\S-1-5-21-1351574453-3469030950-3211343381-1001\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
HKU\S-1-5-21-1351574453-3469030950-3211343381-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe [865280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1351574453-3469030950-3211343381-1001\...\Policies\system: [DisableRegistryTools] 0
HKU\S-1-5-21-1351574453-3469030950-3211343381-1001\...\Policies\system: [DisableTaskMgr] 0
HKU\S-1-5-21-1351574453-3469030950-3211343381-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1351574453-3469030950-3211343381-1001\...\Policies\Explorer: [MaxRecentDocs] 8
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\system32\EhStorShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => C:\Windows\system32\ntshrui.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\SysWOW64\EhStorShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation)
BootExecute: autocheck autochk * SmartDefragBootTime.exe
AlternateShell: cmd.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (All) ===========================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
URLSearchHook: HKCU - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKCU - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll (Microsoft Corporation)
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} -  No File
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -  No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
Handler-x32: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
Winsock: Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Winsock: Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Winsock: Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog5-x64 01 %SystemRoot%\system32\NLAapi.dll [70656] (Microsoft Corporation)
Winsock: Catalog5-x64 02 %SystemRoot%\system32\napinsp.dll [68096] (Microsoft Corporation)
Winsock: Catalog5-x64 03 %SystemRoot%\system32\pnrpnsp.dll [86016] (Microsoft Corporation)
Winsock: Catalog5-x64 04 %SystemRoot%\system32\pnrpnsp.dll [86016] (Microsoft Corporation)
Winsock: Catalog5-x64 05 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog5-x64 06 %SystemRoot%\System32\winrnr.dll [28672] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
Winsock: Catalog9-x64 01 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 02 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 03 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 04 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 05 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 06 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 07 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 08 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 09 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Winsock: Catalog9-x64 10 %SystemRoot%\system32\mswsock.dll [327168] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default
FF Homepage: cloud.feedly.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bing.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\google.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\twitter.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo.xml
FF Extension: Ads Removal - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\adremoveext@adremoveext.net [2014-09-12]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\ascsurfingprotection@iobit.com [2014-09-28]
FF Extension: Xmarks - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\foxmarks@kei.com [2014-09-07]
FF Extension: LastPass - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\support@lastpass.com [2014-03-23]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-11-20]
FF Extension: YouTube Enhancer Plus - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2013-11-23]
FF Extension: Reddit Enhancement Suite - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2013-11-23]
FF Extension: Memory Restart - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\memoryrestart@teamextension.com.xpi [2013-11-20]
FF Extension: Restart Button - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\restartbutton@strk.jp.xpi [2013-11-20]
FF Extension: Undo Closed Tabs Button - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2013-12-08]
FF Extension: redditreveal - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\{2a43f346-13de-4aad-adeb-00b61e5bcde3}.xpi [2013-11-23]
FF Extension: BBCodeXtra - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi [2013-12-07]
FF Extension: Adblock Plus - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-20]
FF Extension: Tab Mix Plus - C:\Users\Laurel\AppData\Roaming\Mozilla\Firefox\Profiles\69co7mva.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-11-20]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-24]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2014-06-24]
FF HKLM-x32\...\Mozilla Firefox 30.0\Extensions: [Components] - C:\Program Files (x86)\Mozilla Firefox\components
FF HKLM-x32\...\Mozilla Firefox 30.0\Extensions: [Plugins] - C:\Program Files (x86)\Mozilla Firefox\plugins
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
FF StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.feedly.com/home
CHR StartupUrls: Default -> "cloud.feedly.com"
CHR DefaultSearchKeyword: Default -> google.com
CHR DefaultSearchURL: Default -> {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}
CHR DefaultNewTabURL: Default -> {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-17]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-09-17]
CHR Extension: (Download Button) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\alakoggmijiicdlcjjeakffojoinhlpg [2014-09-17]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2014-09-17]
CHR Extension: (Google Docs) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-17]
CHR Extension: (Google Drive) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-17]
CHR Extension: (YouTube) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-17]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-09-17]
CHR Extension: (Adblock Plus) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-25]
CHR Extension: (AdBlock+) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmimgmjdabgiilljdjfbonifbhiglao [2014-09-17]
CHR Extension: (Webpage Screenshot) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-09-17]
CHR Extension: (Google Search) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-17]
CHR Extension: (Search by Image (by Google)) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-09-17]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2014-09-17]
CHR Extension: (Chromebleed) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-09-17]
CHR Extension: (Facebook Disconnect) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2014-09-25]
CHR Extension: (Google Sheets) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-17]
CHR Extension: (Switch to Tab) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbfhhcljihbgcobpfnceegfmooomhhli [2014-09-17]
CHR Extension: (Hide Facebook Ads) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\giidodbaphhffolmjaainibnmohpalmb [2014-09-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-09-25]
CHR Extension: (Keep My Opt-Outs) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2014-09-17]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-09-17]
CHR Extension: (BeeLine Reader) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifjafammaookpiajfbedmacfldaiamgg [2014-09-17]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-09-17]
CHR Extension: (The Great Suspender) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2014-09-17]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-09-17]
CHR Extension: (Reddit Check) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllceaiaedaingchlgolnfiibippgkmj [2014-09-17]
CHR Extension: (Ghostery) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-09-25]
CHR Extension: (feedly) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja [2014-09-17]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2014-09-17]
CHR Extension: (Google Wallet) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (autoConvert - Auto Currency & Unit Converter) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbghjbbdfkjffaalmcfgelakmeckapnd [2014-09-17]
CHR Extension: (Evernote Web Clipper) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-09-17]
CHR Extension: (Gmail) - C:\Users\Laurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-17]
CHR HKCU\...\Chrome\Extension: [apjkpjchfbckhjhokinlgdbmibpbbjak] - C:\Users\Laurel\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx []
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2014-02-21]
CHR StartMenuInternet: Google Chrome - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
 
==================== Services (All) ========================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64704 2014-09-04] (Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2014-09-24] (Adobe Systems Incorporated)
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-13] (Microsoft Corporation)
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2012-11-02] (Andrea Electronics Corporation)
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation)
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2014-10-15] (Microsoft Corporation)
S3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2013-02-27] (Microsoft Corporation)
R2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624 2013-09-07] (Apple Inc.)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-09-30] (Perfect World Entertainment Inc)
S4 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [51808 2013-09-11] (Microsoft Corporation)
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [679424 2014-10-15] (Microsoft Corporation)
R2 AudioSrv; C:\Windows\System32\Audiosrv.dll [679424 2014-10-15] (Microsoft Corporation)
S4 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] (Microsoft Corporation)
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation)
R2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] (Microsoft Corporation)
R3 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [462184 2011-08-31] (Apple Inc.)
R3 Browser; C:\Windows\System32\browser.dll [136704 2012-07-04] (Microsoft Corporation)
S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation)
S4 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [67224 2014-03-20] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [105144 2013-09-11] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [124088 2013-09-11] (Microsoft Corporation)
S3 COMSysApp; C:\Windows\system32\dllhost.exe [9728 2009-07-13] (Microsoft Corporation)
S3 COMSysApp; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
S3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [279024 2014-02-16] (Intel Corporation)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2014-01-24] (Fork Ltd.) [File not signed]
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [187904 2014-10-15] (Microsoft Corporation)
R2 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [143872 2014-10-15] (Microsoft Corporation)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation)
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation)
R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation)
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-11-09] (Microsoft Corporation)
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation)
R2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] (Microsoft Corporation)
R3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation)
S3 EFS; C:\Windows\System32\lsass.exe [31232 2014-04-11] (Microsoft Corporation)
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation)
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation)
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation)
R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-13] (Microsoft Corporation)
R2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-13] (Microsoft Corporation)
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation)
S4 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation)
S4 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation)
R2 FontCache; C:\Windows\system32\FntCache.dll [1175552 2013-01-13] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation)
R2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-20] (Microsoft Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-04-24] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-04-24] (Google Inc.)
S3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation)
S3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-13] (Microsoft Corporation)
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation)
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation)
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation)
S3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2010-11-20] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86072 2011-09-09] (Hewlett-Packard Company)
R2 HPClientSvc; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [346168 2010-10-11] (Hewlett-Packard Company)
S3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [994176 2012-03-14] (Hewlett-Packard Company)
R2 hpsrv; C:\Windows\system32\Hpservice.exe [30520 2011-05-27] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [35200 2012-03-05] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [13592 2011-05-20] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [859280 2014-06-30] (Microsoft Corporation)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [358984 2014-05-21] (Verizon) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-11-13] (Microsoft Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation)
S4 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation)
R3 iPod Service; C:\Program Files\iPod\bin\iPodService.exe [641352 2013-10-19] (Apple Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [212944 2011-02-24] (Intel Corporation)
R3 KeyIso; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation)
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation)
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [236032 2010-11-20] (Microsoft Corporation)
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation)
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [325912 2011-08-09] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation)
R2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-06-24] (Mozilla Foundation)
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation)
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation)
S4 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [128000 2010-11-20] (Microsoft Corporation)
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S4 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation)
S4 Netlogon; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation)
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation)
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation)
R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-13] (Microsoft Corporation)
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303104 2012-10-03] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4925184 2010-01-09] (Microsoft Corporation)
S4 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
S4 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-13] (Microsoft Corporation)
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [188416 2014-10-15] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-20] (Microsoft Corporation)
S3 pla; C:\Windows\SysWOW64\pla.dll [1508864 2010-11-20] (Microsoft Corporation)
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2011-11-09] (Microsoft Corporation)
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation)
S4 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
R3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-20] (Microsoft Corporation)
R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-13] (Microsoft Corporation)
R2 ProfSvc; C:\Windows\system32\profsvc.dll [209920 2012-05-01] (Microsoft Corporation)
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation)
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation)
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation)
S3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-13] (Microsoft Corporation)
S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation)
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-13] (Microsoft Corporation)
R2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)
R2 SamSs; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation)
S4 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation)
R2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2010-11-20] (Microsoft Corporation)
S4 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation)
R3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation)
S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-20] (Microsoft Corporation)
R2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation)
R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-13] (Microsoft Corporation)
S4 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation)
S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation)
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S4 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation)
R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-11] (Microsoft Corporation)
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation)
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation)
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] (Microsoft Corporation)
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-11-02] (IDT, Inc.)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [489256 2012-11-19] (Valve Corporation)
S2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] (Microsoft Corporation)
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation)
R2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2010-11-20] (Microsoft Corporation)
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation)
S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation)
S3 TermService; C:\Windows\System32\termsrv.dll [681984 2014-10-15] (Microsoft Corporation)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation)
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
S4 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation)
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation)
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation)
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2656536 2011-08-09] (Intel Corporation)
S3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation)
S3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-13] (Microsoft Corporation)
R2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation)
R3 VaultSvc; C:\Windows\system32\lsass.exe [31232 2014-04-11] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation)
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation)
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-13] (Microsoft Corporation)
S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2012-01-18] (Microsoft Corporation)
S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-20] (Microsoft Corporation)
S2 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation)
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] (Microsoft Corporation)
S3 wcncsvc; C:\Windows\SysWOW64\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-13] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768 2009-07-13] (Microsoft Corporation)
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)
R3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [76288 2009-07-13] (Microsoft Corporation)
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)
S3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [76288 2009-07-13] (Microsoft Corporation)
S4 WebClient; C:\Windows\System32\webclnt.dll [259584 2013-07-04] (Microsoft Corporation)
S4 WebClient; C:\Windows\SysWOW64\webclnt.dll [205824 2013-07-04] (Microsoft Corporation)
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-13] (Microsoft Corporation)
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] (Microsoft Corporation)
S4 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-11] (Microsoft Corporation)
S4 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444416 2010-11-20] (Microsoft Corporation)
S4 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [351232 2010-11-20] (Microsoft Corporation)
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation)
S4 WinRM; C:\Windows\system32\WsmSvc.dll [2018304 2010-11-20] (Microsoft Corporation)
S4 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1175040 2010-11-20] (Microsoft Corporation)
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13] (Microsoft Corporation)
S4 wlcrasvc; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [57184 2010-09-22] (Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292096 2011-03-29] (Microsoft Corp.)
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation)
S4 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-20] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation)
S4 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation)
R2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-13] (Microsoft Corporation)
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2011-11-09] (Microsoft Corporation)
R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2011-11-09] (Microsoft Corporation)
R3 wuauserv; C:\Windows\system32\wuaueng.dll [2477536 2014-05-14] (Microsoft Corporation)
R3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-25] (Microsoft Corporation)
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [228864 2014-01-27] (Microsoft Corporation)
 
==================== Drivers (All) ==========================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation)
R3 Accelerometer; C:\Windows\System32\DRIVERS\Accelerometer.sys [43840 2014-04-27] (Hewlett-Packard Company)
R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-20] (Microsoft Corporation)
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-20] (Microsoft Corporation)
S3 adp94xx; C:\Windows\system32\drivers\adp94xx.sys [491088 2009-07-13] (Adaptec, Inc.)
S3 adpahci; C:\Windows\system32\drivers\adpahci.sys [339536 2009-07-13] (Adaptec, Inc.)
S3 adpu320; C:\Windows\system32\drivers\adpu320.sys [182864 2009-07-13] (Adaptec, Inc.)
R1 AFD; C:\Windows\system32\drivers\afd.sys [497152 2014-07-09] (Microsoft Corporation)
S3 agp440; C:\Windows\system32\drivers\agp440.sys [61008 2009-07-13] (Microsoft Corporation)
S3 aliide; C:\Windows\system32\drivers\aliide.sys [15440 2009-07-13] (Acer Laboratories Inc.)
S3 amdide; C:\Windows\system32\drivers\amdide.sys [15440 2009-07-13] (Microsoft Corporation)
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [64512 2009-07-13] (Microsoft Corporation)
S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [60928 2009-07-13] (Microsoft Corporation)
S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [107904 2011-11-09] (Advanced Micro Devices)
S3 amdsbs; C:\Windows\system32\drivers\amdsbs.sys [194128 2009-07-13] (AMD Technologies Inc.)
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-11-09] (Advanced Micro Devices)
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2014-10-15] (Microsoft Corporation)
S3 arc; C:\Windows\system32\drivers\arc.sys [87632 2009-07-13] (Adaptec, Inc.)
S3 arcsas; C:\Windows\system32\drivers\arcsas.sys [97856 2009-07-13] (Adaptec, Inc.)
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-13] (Microsoft Corporation)
R0 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-13] (Microsoft Corporation)
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-13] (Microsoft Corporation)
S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [1311232 2009-06-10] (Broadcom Corporation)
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13] (Microsoft Corporation)
R1 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [45056 2009-07-13] (Microsoft Corporation)
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-11-09] (Microsoft Corporation)
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.)
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.)
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.)
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.)
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192 2009-07-13] (Microsoft Corporation)
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation)
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-20] (Microsoft Corporation)
S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-13] (Microsoft Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-13] (Microsoft Corporation)
R3 clwvd; C:\Windows\System32\DRIVERS\clwvd.sys [31088 2010-07-28] (CyberLink Corporation)
R3 CmBatt; C:\Windows\system32\drivers\CmBatt.sys [17664 2009-07-13] (Microsoft Corporation)
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-13] (CMD Technology, Inc.)
R0 CNG; C:\Windows\System32\Drivers\cng.sys [458712 2013-11-13] (Microsoft Corporation)
R0 Compbatt; C:\Windows\System32\drivers\compbatt.sys [21584 2009-07-13] (Microsoft Corporation)
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-20] (Microsoft Corporation)
S4 crcdisk; C:\Windows\system32\drivers\crcdisk.sys [24144 2009-07-13] (Microsoft Corporation)
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-20] (Microsoft Corporation)
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation)
R0 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-13] (Microsoft Corporation)
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2009-07-13] (Microsoft Corporation)
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [986560 2014-06-12] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 elxstor; C:\Windows\system32\drivers\elxstor.sys [530496 2009-07-13] (Emulex)
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-13] (Microsoft Corporation)
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] (Microsoft Corporation)
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] (Microsoft Corporation)
S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-13] (Microsoft Corporation)
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-13] (Microsoft Corporation)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation)
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576 2009-07-13] (Microsoft Corporation)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] (Microsoft Corporation)
R3 FLxHCIc; C:\Windows\System32\DRIVERS\FLxHCIc.sys [219648 2012-01-10] (Fresco Logic)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [65024 2012-01-10] (Fresco Logic)
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-13] (Microsoft Corporation)
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] (Microsoft Corporation)
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] (Microsoft Corporation)
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [65088 2009-07-13] (Microsoft Corporation)
R3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.)
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-20] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation)
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-13] (Microsoft Corporation)
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-13] (Microsoft Corporation)
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-13] (Microsoft Corporation)
R3 HidUsb; C:\Windows\system32\drivers\hidusb.sys [30208 2010-11-20] (Microsoft Corporation)
R0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [31040 2014-04-27] (Hewlett-Packard Company)
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-20] (Hewlett-Packard Company)
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] (Microsoft Corporation)
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] (Microsoft Corporation)
R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation)
R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [557848 2011-05-20] (Intel Corporation)
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2011-11-09] (Intel Corporation)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [5363200 2014-02-16] (Intel Corporation)
S3 iirsp; C:\Windows\system32\drivers\iirsp.sys [44112 2009-07-13] (Intel Corp./ICP vortex GmbH)
R3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [452088 2014-07-20] (Intel® Corporation)
S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-13] (Microsoft Corporation)
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-13] (Microsoft Corporation)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36920 2013-04-03] ()
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation)
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] (Microsoft Corporation)
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13] (Microsoft Corporation)
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13] (Microsoft Corporation)
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-13] (Microsoft Corporation)
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [274880 2014-02-03] (Microsoft Corporation)
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-13] (Microsoft Corporation)
S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation)
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2014-04-11] (Microsoft Corporation)
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [155072 2014-04-11] (Microsoft Corporation)
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] (Microsoft Corporation)
S3 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [114752 2009-07-13] (LSI Corporation)
S3 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [106560 2009-07-13] (LSI Corporation)
S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [65600 2009-07-13] (LSI Corporation)
S3 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [115776 2009-07-13] (LSI Corporation)
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-13] (Microsoft Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-24] (Malwarebytes Corporation)
S3 megasas; C:\Windows\system32\drivers\megasas.sys [35392 2009-07-13] (LSI Corporation)
S3 MegaSR; C:\Windows\system32\drivers\MegaSR.sys [284736 2009-07-13] (LSI Corporation, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-05-04] (Intel Corporation)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13] (Microsoft Corporation)
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13] (Microsoft Corporation)
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-13] (Microsoft Corporation)
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] (Microsoft Corporation)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-20] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-20] (Microsoft Corporation)
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-13] (Microsoft Corporation)
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] (Microsoft Corporation)
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-11-09] (Microsoft Corporation)
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-11-09] (Microsoft Corporation)
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-11-09] (Microsoft Corporation)
R0 msahci; C:\Windows\System32\drivers\msahci.sys [31104 2010-11-20] (Microsoft Corporation)
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-20] (Microsoft Corporation)
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-13] (Microsoft Corporation)
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation)
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-13] (Microsoft Corporation)
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation)
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation)
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation)
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] (Microsoft Corporation)
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-13] (Microsoft Corporation)
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation)
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-13] (Microsoft Corporation)
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-13] (Microsoft Corporation)
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] (Microsoft Corporation)
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] (Microsoft Corporation)
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] (Microsoft Corporation)
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] (Microsoft Corporation)
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] (Microsoft Corporation)
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation)
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] (Microsoft Corporation)
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] (Microsoft Corporation)
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] (Microsoft Corporation)
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-13] (IBM Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13] (Microsoft Corporation)
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1684928 2014-01-23] (Microsoft Corporation)
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation)
S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-11-09] (NVIDIA Corporation)
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-11-09] (NVIDIA Corporation)
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-13] (Microsoft Corporation)
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-13] (Microsoft Corporation)
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-13] (Microsoft Corporation)
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] (Microsoft Corporation)
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] (Microsoft Corporation)
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-13] (Microsoft Corporation)
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [220752 2009-07-13] (Microsoft Corporation)
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-13] (Microsoft Corporation)
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [663552 2014-10-15] (Microsoft Corporation)
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation)
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-13] (Microsoft Corporation)
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] (Microsoft Corporation)
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1524816 2009-07-13] (QLogic Corporation)
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [128592 2009-07-13] (QLogic Corporation)
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-13] (Microsoft Corporation)
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] (Microsoft Corporation)
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation)
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation)
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] (Microsoft Corporation)
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] (Microsoft Corporation)
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] (Microsoft Corporation)
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation)
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation)
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] (Microsoft Corporation)
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] (Microsoft Corporation)
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-12-13] (Microsoft Corporation)
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [212480 2014-10-15] (Microsoft Corporation)
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] (Microsoft Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [359128 2014-03-06] (Realtek Semiconductor Corp.)
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] (Microsoft Corporation)
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [941272 2014-09-05] (Realtek                                            )
S3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [1145448 2011-07-18] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3073752 2014-04-27] (Realtek Semiconductor Corporation                           )
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-20] (Microsoft Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] (Microsoft Corporation)
S3 sdbus; C:\Windows\System32\DRIVERS\sdbus.sys [109056 2010-11-20] (Microsoft Corporation)
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-13] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Microsoft Corporation)
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-13] (Microsoft Corporation)
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation)
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation)
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] (Microsoft Corporation)
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-13] (Microsoft Corporation)
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [43584 2009-07-13] (Silicon Integrated Systems Corp.)
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [80464 2009-07-13] (Silicon Integrated Systems)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2014-04-27] (Synaptics Incorporated)
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-13] (Microsoft Corporation)
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-11-09] (Microsoft Corporation)
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-11-09] (Microsoft Corporation)
S3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL6.SYS [292864 2009-06-10] (Conexant Systems, Inc.)
S3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
S3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT6.SYS [740864 2009-06-10] (Conexant Systems, Inc.)
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-11-09] (Microsoft Corporation)
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-13] (Promise Technology)
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [540160 2012-11-02] (IDT, Inc.)
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-13] (Microsoft Corporation)
R3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [396848 2011-10-14] (Synaptics Incorporated)
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-04] (Microsoft Corporation)
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2014-04-04] (Microsoft Corporation)
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] (Microsoft Corporation)
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] (Microsoft Corporation)
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] (Microsoft Corporation)
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] (Microsoft Corporation)
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-20] (Microsoft Corporation)
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2014-10-15] (Microsoft Corporation)
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56832 2013-10-01] (Microsoft Corporation)
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [30208 2012-12-13] (Microsoft Corporation)
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] (Microsoft Corporation)
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [64080 2009-07-13] (Microsoft Corporation)
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] (Microsoft Corporation)
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-13] (Microsoft Corporation)
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] (Microsoft Corporation)
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-13] (Microsoft Corporation)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.)
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-26] (Microsoft Corporation)
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] (Microsoft Corporation)
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [53248 2013-11-26] (Microsoft Corporation)
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-26] (Microsoft Corporation)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-26] (Microsoft Corporation)
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] (Microsoft Corporation)
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [42496 2013-07-03] (Microsoft Corporation)
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-11-09] (Microsoft Corporation)
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-26] (Microsoft Corporation)
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-13] (Microsoft Corporation)
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] (Microsoft Corporation)
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation)
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-20] (Microsoft Corporation)
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-13] (VIA Technologies, Inc.)
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] (Microsoft Corporation)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] (Microsoft Corporation)
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [296320 2011-11-09] (Microsoft Corporation)
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-13] (VIA Technologies Inc.,Ltd)
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation)
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-13] (Microsoft Corporation)
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-13] (Microsoft Corporation)
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-13] (Microsoft Corporation)
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation)
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation)
S3 Wd; C:\Windows\system32\drivers\wd.sys [21056 2009-07-13] (Microsoft Corporation)
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-25] (Microsoft Corporation)
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] (Microsoft Corporation)
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-13] (Microsoft Corporation)
S3 WIMMount; C:\Windows\SysWOW64\drivers\wimmount.sys [19008 2009-07-13] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
U3 Winsock; No ImagePath
R3 WinUsb; C:\Windows\System32\DRIVERS\WinUSB.sys [41984 2010-11-20] (Microsoft Corporation)
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-13] (Microsoft Corporation)
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation)
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-25] (Microsoft Corporation)
R3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-24 05:01 - 2014-10-24 05:06 - 00000112 _____ () C:\Windows\setupact.log
2014-10-24 05:01 - 2014-10-24 05:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-24 05:00 - 2014-10-24 05:00 - 00007986 _____ () C:\Windows\PFRO.log
2014-10-24 04:58 - 2014-10-24 04:58 - 00000000 _____ () C:\asc_rdflag
2014-10-24 00:35 - 2014-10-24 00:35 - 00000000 ____D () C:\Users\Public\Documents\Arc
2014-10-24 00:35 - 2014-10-24 00:35 - 00000000 ____D () C:\ProgramData\Documents\Arc
2014-10-23 22:56 - 2014-10-24 00:10 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-22 22:24 - 2014-10-22 22:24 - 00000000 ____D () C:\Users\Laurel\Downloads\FRST-OlderVersion
2014-10-17 20:59 - 2014-10-24 00:12 - 00000000 ____D () C:\Users\Laurel\Desktop\Virus Removal
2014-10-17 20:57 - 2014-10-17 20:57 - 00688992 ____R (Swearware) C:\Users\Laurel\Downloads\dds.com
2014-10-15 22:39 - 2014-10-15 22:39 - 00048309 _____ () C:\Users\Laurel\Downloads\Addition.txt
2014-10-15 22:39 - 2014-10-15 22:39 - 00000000 ____D () C:\Windows\ERUNT
2014-10-15 22:38 - 2014-10-24 12:32 - 00089998 _____ () C:\Users\Laurel\Downloads\FRST.txt
2014-10-15 22:34 - 2014-10-24 12:32 - 00000000 ____D () C:\FRST
2014-10-15 22:31 - 2014-10-22 22:24 - 02112000 _____ (Farbar) C:\Users\Laurel\Downloads\FRST64.exe
2014-10-15 22:30 - 2014-10-15 22:30 - 01705698 _____ (Thisisu) C:\Users\Laurel\Downloads\JRT.exe
2014-10-15 22:16 - 2014-10-24 05:19 - 00000000 ____D () C:\AdwCleaner
2014-10-15 14:46 - 2014-10-15 14:46 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 14:46 - 2014-10-15 14:46 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 14:45 - 2014-10-15 14:45 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 14:45 - 2014-10-15 14:45 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 14:41 - 2014-10-15 14:41 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 14:41 - 2014-10-15 14:41 - 00638888 _____ (Oracle Corporation) C:\Users\Laurel\Downloads\chromeinstall-8u25.exe
2014-10-15 14:40 - 2014-10-15 14:40 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 14:40 - 2014-10-15 14:40 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 14:39 - 2014-10-15 14:39 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 14:39 - 2014-10-15 14:39 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 14:39 - 2014-10-15 14:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 14:39 - 2014-10-15 14:39 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 14:39 - 2014-10-15 14:39 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 14:39 - 2014-10-15 14:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-15 14:39 - 2014-10-15 14:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 14:39 - 2014-10-15 14:39 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-15 14:39 - 2014-10-15 14:39 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 14:39 - 2014-10-15 14:39 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-15 14:37 - 2014-10-15 14:37 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 14:35 - 2014-10-15 14:35 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 14:35 - 2014-10-15 14:35 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 14:35 - 2014-10-15 14:35 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 14:35 - 2014-10-15 14:35 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 14:35 - 2014-10-15 14:35 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 14:35 - 2014-10-15 14:35 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 14:35 - 2014-10-15 14:35 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 14:35 - 2014-10-15 14:35 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 14:35 - 2014-10-15 14:35 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 14:35 - 2014-10-15 14:35 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 14:35 - 2014-10-15 14:35 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 14:30 - 2014-10-15 14:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 14:30 - 2014-10-15 14:30 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 14:24 - 2014-10-15 14:24 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 14:24 - 2014-10-15 14:24 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 14:24 - 2014-10-15 14:24 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 14:24 - 2014-10-15 14:24 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 14:24 - 2014-10-15 14:24 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 14:24 - 2014-10-15 14:24 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 14:22 - 2014-10-15 14:22 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 14:22 - 2014-10-15 14:22 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 14:22 - 2014-10-15 14:22 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 14:22 - 2014-10-15 14:22 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 14:22 - 2014-10-15 14:22 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 14:22 - 2014-10-15 14:22 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 14:22 - 2014-10-15 14:22 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 14:22 - 2014-10-15 14:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 14:22 - 2014-10-15 14:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 14:22 - 2014-10-15 14:22 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 14:11 - 2014-10-15 14:43 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-15 14:10 - 2014-10-15 14:43 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-15 14:10 - 2014-10-15 14:43 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-15 14:07 - 2014-03-06 23:53 - 02510528 _____ (Sysinternals - www.sysinternals.com) C:\Users\Laurel\Desktop\Procmon.exe
2014-10-15 14:06 - 2014-10-15 14:06 - 01121208 _____ () C:\Users\Laurel\Downloads\ProcessMonitor.zip
2014-10-15 12:54 - 2014-10-15 12:54 - 00001140 _____ () C:\Users\Laurel\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-10-05 15:09 - 2014-10-05 15:09 - 00006576 ____N () C:\bootsqm.dat
2014-09-30 17:52 - 2014-09-30 17:52 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 17:52 - 2014-09-30 17:52 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-29 02:59 - 2014-10-24 11:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-29 02:59 - 2014-10-15 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-29 02:58 - 2014-10-23 22:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-29 02:58 - 2014-10-15 20:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-29 02:58 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-29 02:41 - 2014-09-29 02:41 - 00001260 _____ () C:\Users\Laurel\Desktop\Startup Manager.lnk
2014-09-28 01:08 - 2014-09-28 01:08 - 00001192 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-09-28 01:08 - 2014-09-28 01:08 - 00001192 _____ () C:\ProgramData\Desktop\IObit Uninstaller.lnk
2014-09-28 01:02 - 2014-09-28 01:02 - 38662680 _____ (IObit ) C:\Users\Laurel\Downloads\ASC setup 927.exe
2014-09-27 08:56 - 2014-09-27 08:56 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-09-27 08:56 - 2014-09-27 08:56 - 00001979 _____ () C:\ProgramData\Desktop\Adobe Reader X.lnk
2014-09-25 23:27 - 2014-09-25 23:27 - 00002219 _____ () C:\Users\Laurel\Desktop\Google Chrome.lnk
2014-09-25 03:49 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 03:49 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-24 12:06 - 2012-09-06 09:54 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-10-24 11:59 - 2014-06-29 00:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-24 11:43 - 2013-04-24 03:40 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-24 08:24 - 2012-01-18 23:16 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{545BAAE0-16ED-4F63-899A-83E8D6C9C695}
2014-10-24 08:11 - 2012-01-13 04:26 - 01049607 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 05:18 - 2013-04-24 03:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 05:18 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-24 05:14 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 05:14 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 05:06 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-24 05:03 - 2013-11-20 02:12 - 00000000 ____D () C:\ProgramData\ProductData
2014-10-24 05:01 - 2009-07-14 00:45 - 00343728 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-24 04:58 - 2013-12-28 05:48 - 43958272 _____ () C:\Windows\system32\config\components.iodefrag.bak
2014-10-24 04:58 - 2013-12-05 02:27 - 80228352 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-10-24 04:58 - 2013-12-05 02:27 - 00978944 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-10-24 04:58 - 2013-12-05 02:27 - 00061440 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-10-24 04:58 - 2013-12-05 02:27 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-10-24 04:58 - 2012-01-18 23:12 - 00000000 ____D () C:\Users\Laurel
2014-10-24 04:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-24 04:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-18 02:38 - 2013-04-24 03:40 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 02:38 - 2013-04-24 03:40 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 14:09 - 2012-01-18 22:18 - 00000000 ____D () C:\Users\Laurel\AppData\Local\CrashDumps
2014-10-17 00:37 - 2012-05-22 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-10-16 21:53 - 2012-08-25 01:02 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLaurel
2014-10-16 21:53 - 2012-08-25 01:02 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForLaurel.job
2014-10-15 14:42 - 2013-10-16 01:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-15 14:42 - 2012-02-22 01:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-15 13:58 - 2009-07-14 01:08 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-15 13:55 - 2014-05-22 16:31 - 00000000 ____D () C:\Users\Laurel\AppData\Roaming\ProductData
2014-10-15 13:55 - 2014-02-26 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-10-15 13:55 - 2012-01-18 22:18 - 00000000 ____D () C:\ProgramData\IObit
2014-10-15 13:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-15 13:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-15 13:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-10-14 18:39 - 2013-08-21 23:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-05 15:02 - 2013-04-03 20:23 - 00007605 _____ () C:\Users\Laurel\AppData\Local\Resmon.ResmonCfg
2014-10-03 00:57 - 2012-10-07 14:02 - 00000000 ____D () C:\Users\Laurel\Desktop\Princess
2014-10-01 11:11 - 2012-01-23 00:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-30 02:29 - 2012-01-24 00:31 - 00000000 ____D () C:\Users\Laurel\Desktop\Game Info
2014-09-29 02:59 - 2012-01-23 00:26 - 00000000 ____D () C:\Users\Laurel\AppData\Roaming\Malwarebytes
2014-09-29 02:58 - 2012-01-23 00:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-29 02:58 - 2012-01-23 00:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-29 02:43 - 2012-01-18 22:18 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-09-28 01:08 - 2014-05-22 16:30 - 00003096 _____ () C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
2014-09-28 01:08 - 2014-02-26 14:59 - 00002888 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-09-28 01:07 - 2014-02-26 14:58 - 00002856 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_Laurel
2014-09-27 08:56 - 2011-11-09 13:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-25 23:30 - 2012-01-18 20:15 - 00000000 ____D () C:\Users\Laurel\AppData\Local\Google
2014-09-24 14:00 - 2014-06-29 00:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 14:00 - 2012-04-10 00:44 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 14:00 - 2011-11-09 13:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some content of TEMP:
====================
C:\Users\Laurel\AppData\Local\Temp\Quarantine.exe
C:\Users\Laurel\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-04-09 03:39
 
==================== End Of Log ============================


#15 Jo*

Jo*

  • Malware Response Team
  • 3,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:22 PM

Posted 24 October 2014 - 11:43 AM

Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.

  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.

---


How the computer is running now?


---


Thanks for the logs!

The only one I could not find is the JRT.txt

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users