I think I have a malware problem affecting my computer and especially Chrome but before I get there I'm trying to track down a few other causes first.
I know I have Avast, malwarebytes, and CCleaner installed but I thought they all do different things?
I think I've been staring at this too long today.
Any help is appreciated.
Thanks
OTL log
OTL logfile created on: 18/10/2014 9:12:13 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\VIRGINIA\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
5.91 Gb Total Physical Memory | 3.04 Gb Available Physical Memory | 51.50% Memory free
11.81 Gb Paging File | 8.70 Gb Available in Paging File | 73.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 51.12 Gb Free Space | 27.44% Space Free | Partition Type: NTFS
Drive D: | 254.36 Gb Total Space | 253.92 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Drive E: | 61.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 25.00 Gb Total Space | 1.77 Gb Free Space | 7.10% Space Free | Partition Type: NTFS
Computer Name: VIRGINIA-PC | User Name: VIRGINIA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/10/18 08:06:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VIRGINIA\Desktop\OTL.exe
PRC - [2014/10/01 12:42:42 | 002,607,384 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/10/01 12:42:42 | 001,919,256 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/10/01 11:09:20 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/09/12 20:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/14 18:20:40 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2014/08/08 00:39:08 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2014/07/31 18:34:49 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/07/31 12:15:54 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2014/07/15 18:34:20 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/09/19 08:46:58 | 000,250,200 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2012/06/20 18:21:46 | 001,556,640 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2012/02/16 21:04:20 | 000,289,408 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
PRC - [2012/02/16 21:04:18 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
PRC - [2011/12/23 19:39:38 | 000,174,720 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011/12/22 22:58:42 | 000,318,080 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2011/11/21 17:22:08 | 000,080,512 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2011/11/21 17:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2010/12/20 21:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 21:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/06/19 13:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 13:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2008/12/22 20:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/14 00:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
========== Modules (No Company Name) ==========
MOD - [2014/10/18 21:01:35 | 000,043,008 | ---- | M] () -- c:\Users\VIRGINIA\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7rt764.dll
MOD - [2014/10/16 03:53:55 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b22741531a2850c807656d0298a96bd\PresentationFramework.Aero.ni.dll
MOD - [2014/10/16 03:53:23 | 014,340,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1f539baa94516139240877cb6afd72c2\PresentationFramework.ni.dll
MOD - [2014/10/16 03:53:06 | 012,435,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/10/16 03:53:00 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/16 03:52:54 | 005,467,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/10/16 03:52:50 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/10/16 03:52:49 | 012,236,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3d4f835b8078dacc8d5da623e2c3f0ee\PresentationCore.ni.dll
MOD - [2014/10/16 03:52:29 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll
MOD - [2014/10/16 03:52:26 | 007,991,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/09/12 20:20:58 | 003,610,624 | ---- | M] () -- C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/09/10 07:17:46 | 011,497,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/07/15 18:34:26 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/07/15 18:34:23 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014/03/23 17:04:20 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/23 15:01:44 | 025,100,288 | ---- | M] () -- C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\libcef.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/09/18 21:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/08/12 00:56:36 | 002,428,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/07/15 18:34:20 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/03/03 19:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV - [2014/10/18 13:30:27 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/10/14 13:20:02 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/10/01 12:42:42 | 001,919,256 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/09/23 00:32:08 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/19 08:46:58 | 000,250,200 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/02/16 21:04:18 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/11/21 17:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2011/11/21 17:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010/12/20 21:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 21:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/10/18 21:02:20 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/10/01 12:42:52 | 000,534,104 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2014/10/01 11:11:26 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/07/15 18:34:58 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/07/15 18:34:31 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/07/15 18:34:31 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/07/15 18:34:31 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/07/15 18:34:31 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/07/15 18:34:31 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/07/15 18:34:31 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/07/15 18:34:30 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/07/10 11:30:58 | 000,322,736 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0153.sys -- (RsFx0153)
DRV:64bit: - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013/02/05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtualAudio5.sys -- (WsAudio_Device(5)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtualAudio4.sys -- (WsAudio_Device(4)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtualAudio3.sys -- (WsAudio_Device(3)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtualAudio2.sys -- (WsAudio_Device(2)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtualAudio1.sys -- (WsAudio_Device(1)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/24 09:00:00 | 000,026,856 | ---- | M] (TuneClone Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tclondrv.sys -- (tclondrv)
DRV:64bit: - [2012/02/18 02:50:33 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/02/18 02:50:33 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/02/04 00:57:58 | 001,838,656 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/11/22 18:21:46 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/11/22 18:21:46 | 000,130,024 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/11/03 06:09:48 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/03 06:09:22 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/05 08:32:56 | 001,439,792 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/04/25 23:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/18 01:36:18 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010/11/20 09:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/08/24 05:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/20 05:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/23 20:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2014/10/01 12:42:52 | 000,557,656 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2014/10/01 12:42:52 | 000,445,880 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2014/09/26 17:01:23 | 000,761,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80055.sys -- (RapportCerberus_80055)
DRV - [2011/09/07 12:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 20:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\..\SearchScopes,DefaultScope = {99AFC06D-17BA-4F89-BF72-E6612AEA75AE}
IE - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\..\SearchScopes\{99AFC06D-17BA-4F89-BF72-E6612AEA75AE}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "https://www.google.ca/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2021.112
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/07/15 18:34:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2014/10/18 13:49:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VIRGINIA\AppData\Roaming\Mozilla\Extensions
[2014/10/14 13:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/10/14 13:20:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/15 18:34:35 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\9.0.2022.122_0\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2022.121_0\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.35_0\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-589063879-4051792814-2538650772-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-589063879-4051792814-2538650772-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-589063879-4051792814-2538650772-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-589063879-4051792814-2538650772-1000..\RunOnce: [Uninstall C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64" File not found
O4 - Startup: C:\Users\VIRGINIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\..Trusted Domains: prodigygame.com ([www] https in Trusted sites)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{594CC69C-88AF-4A7C-9225-05CAD6772A12}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7353270B-DCFC-4977-99A8-22157870CB28}: DhcpNameServer = 172.20.10.1
O18:64bit: - Protocol\Handler\intu-tt2012 - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-tt2012 - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-589063879-4051792814-2538650772-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/10/18 14:12:00 | 000,000,000 | ---D | C] -- C:\Users\VIRGINIA\AppData\Roaming\IsolatedStorage
[2014/10/18 14:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2014/10/18 14:11:57 | 000,000,000 | ---D | C] -- C:\Users\VIRGINIA\AppData\Roaming\DigitalVolcano
[2014/10/18 14:11:44 | 000,000,000 | ---D | C] -- C:\Users\VIRGINIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Pro
[2014/10/18 14:11:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Duplicate Cleaner Pro
[2014/10/18 14:00:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FMS Empty File Remover
[2014/10/18 13:59:40 | 000,000,000 | ---D | C] -- C:\Users\VIRGINIA\AppData\Local\Programs
[2014/10/18 13:57:28 | 000,000,000 | ---D | C] -- C:\Users\VIRGINIA\AppData\Local\Macromedia
[2014/10/18 13:37:07 | 000,000,000 | ---D | C] -- C:\Users\VIRGINIA\AppData\Local\Remove_Empty_Directories
[2014/10/18 13:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Remove Empty Directories
[2014/10/18 09:25:33 | 000,000,000 | ---D | C] -- C:\Users\VIRGINIA\Documents\CC Cleaner reg backups
[2014/10/18 08:54:49 | 000,505,536 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\VIRGINIA\Desktop\autorunsc.exe
[2014/10/18 08:54:47 | 000,593,080 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\VIRGINIA\Desktop\autoruns.exe
[2014/10/18 08:06:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\VIRGINIA\Desktop\OTL.exe
[2014/10/16 13:18:45 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/16 13:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/10/16 13:17:24 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/10/16 13:17:24 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/10/16 13:17:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/10/14 13:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/10/11 08:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/10/08 20:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2014/01/11 13:09:28 | 000,287,288 | ---- | C] (Citrix Online) -- C:\Users\VIRGINIA\Citrix Online Launcher.exe
[2013/08/28 04:54:47 | 005,402,320 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[1 C:\Users\VIRGINIA\Documents\*.tmp files -> C:\Users\VIRGINIA\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/10/18 21:08:52 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/18 21:08:52 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/18 21:02:20 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/18 21:02:01 | 000,000,632 | RHS- | M] () -- C:\Users\VIRGINIA\ntuser.pol
[2014/10/18 21:00:50 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/18 21:00:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/10/18 21:00:11 | 461,471,743 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/18 20:35:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/10/18 20:23:01 | 000,000,902 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/18 20:23:00 | 000,000,304 | ---- | M] () -- C:\windows\tasks\Digital Sites.job
[2014/10/18 13:01:31 | 003,949,064 | ---- | M] () -- C:\empties.bat
[2014/10/18 08:06:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VIRGINIA\Desktop\OTL.exe
[2014/10/16 09:50:54 | 000,002,826 | ---- | M] () -- C:\windows\SysNative\AutoRunFilter.ini
[2014/10/16 03:37:45 | 000,353,256 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/10/11 08:41:05 | 000,002,281 | ---- | M] () -- C:\Users\VIRGINIA\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/05 17:38:53 | 000,876,042 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/10/05 17:38:53 | 000,733,906 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/10/05 17:38:53 | 000,152,826 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/10/01 11:11:26 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/10/01 11:11:16 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[1 C:\Users\VIRGINIA\Documents\*.tmp files -> C:\Users\VIRGINIA\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/10/18 13:00:26 | 003,949,064 | ---- | C] () -- C:\empties.bat
[2014/10/18 08:54:47 | 000,049,518 | ---- | C] () -- C:\Users\VIRGINIA\Desktop\autoruns.chm
[2014/10/16 03:37:04 | 000,353,256 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/10/11 08:19:33 | 000,002,281 | ---- | C] () -- C:\Users\VIRGINIA\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/11 08:18:00 | 000,000,902 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/11 08:18:00 | 000,000,898 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/20 02:29:03 | 000,007,597 | ---- | C] () -- C:\Users\VIRGINIA\AppData\Local\Resmon.ResmonCfg
[2014/02/22 16:28:37 | 000,000,218 | ---- | C] () -- C:\Users\VIRGINIA\AppData\Local\recently-used.xbel
[2014/01/02 18:46:40 | 000,000,005 | ---- | C] () -- C:\Users\VIRGINIA\AppData\Roaming\WBPU-Q5-TTL.DAT
[2013/12/27 19:23:01 | 000,000,103 | ---- | C] () -- C:\Users\VIRGINIA\AppData\Roaming\WB.CFG
[2013/12/27 19:23:01 | 000,000,005 | ---- | C] () -- C:\Users\VIRGINIA\AppData\Roaming\WBPU-TTL.DAT
[2013/10/25 13:41:15 | 000,116,736 | ---- | C] () -- C:\windows\SysWow64\lfkodak.dll
[2013/10/25 13:41:14 | 000,343,040 | ---- | C] () -- C:\windows\SysWow64\lffpx7.dll
[2013/10/11 09:46:12 | 000,000,088 | RHS- | C] () -- C:\windows\SysWow64\1F300F0608.sys
[2013/10/11 09:39:13 | 000,002,984 | -HS- | C] () -- C:\windows\SysWow64\KGyGaAvL.sys
[2013/06/04 00:25:53 | 000,000,632 | RHS- | C] () -- C:\Users\VIRGINIA\ntuser.pol
[2013/04/07 20:24:24 | 002,705,248 | ---- | C] () -- C:\Users\VIRGINIA\OurFirstBudget-2013-03-22.QDF
[2013/04/01 19:13:50 | 000,030,720 | ---- | C] () -- C:\Users\VIRGINIA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/31 20:10:41 | 002,695,168 | ---- | C] () -- C:\Users\VIRGINIA\OurFirstBudget-2013-03-22.QDF-backup
[2013/03/22 17:35:50 | 000,000,149 | ---- | C] () -- C:\windows\QUICKEN.INI
[2013/03/11 13:47:24 | 000,000,254 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2013/03/11 13:47:24 | 000,000,093 | ---- | C] () -- C:\windows\brpcfx.ini
[2013/03/11 13:47:10 | 000,000,419 | ---- | C] () -- C:\windows\BRWMARK.INI
[2013/03/11 13:46:32 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2013/02/13 20:57:31 | 000,000,380 | ---- | C] () -- C:\Users\VIRGINIA\AppData\Roaming\sp_data.sys
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/10/18 13:44:27 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\.minecraft
[2013/12/26 14:43:34 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\AVAST Software
[2014/10/18 13:44:31 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\HandBrake
[2014/10/18 00:34:42 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\.minecraft
[2014/10/18 13:48:20 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\ASUS WebStorage
[2014/10/18 14:02:05 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\Audacity
[2013/11/30 01:13:29 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\AVAST Software
[2013/08/28 05:02:51 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\AVG
[2014/02/22 16:16:19 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\BHOK
[2014/10/18 13:48:21 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\calibre
[2014/10/18 13:48:22 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
[2014/10/18 14:11:57 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\DigitalVolcano
[2013/07/29 16:49:15 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\DownLite
[2013/08/13 19:20:29 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\DRail Modelspoor Software
[2014/10/18 21:01:42 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\Dropbox
[2014/10/18 14:02:05 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\Efficient To-Do List Free
[2014/10/18 13:48:27 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\FlvtoConverter
[2014/10/18 13:48:30 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\HandBrake
[2014/10/18 14:12:00 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\IsolatedStorage
[2013/05/05 19:11:31 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\iThmb Converter
[2013/12/27 21:55:32 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\Mp3tag
[2013/07/29 18:29:49 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\OpenOffice
[2014/09/13 17:41:34 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\QuickScan
[2014/10/18 13:49:03 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\Scribus
[2013/10/16 13:07:16 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\Ulead Systems
[2014/04/13 23:30:32 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\Unity
[2013/02/15 19:52:48 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\Windows Live Writer
[2013/08/14 18:56:55 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\XTrackCad
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0B174FAE
< End of report >
Autoruns
"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" "" "16/10/2014 3:42 AM"
+ "rdpclip" "" "" "File not found: rdpclip" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "21/06/2014 5:21 PM"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe" "21/10/2011 12:58 PM"
+ "SynAsusAcpi" "Asus Custom Acpi Monitor Application" "Synaptics Incorporated" "c:\program files\synaptics\syntp\synasusacpi.exe" "05/05/2011 10:37 PM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" "22/09/2014 7:45 PM"
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe" "21/08/2014 12:27 PM"
+ "ATKOSD2" "ATKOSD2" "ASUSTek Computer Inc." "c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe" "22/12/2011 7:57 AM"
+ "AvastUI.exe" "avast! Antivirus" "AVAST Software" "c:\program files\avast software\avast\avastui.exe" "25/07/2014 8:49 AM"
+ "HControlUser" "HControlUser" "ASUS" "c:\program files (x86)\asus\atk package\atk hotkey\hcontroluser.exe" "01/04/2009 9:05 AM"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe" "01/09/2014 6:54 AM"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe" "13/01/2014 9:15 PM"
"C:\Users\VIRGINIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "17/09/2014 11:29 PM"
+ "Dropbox.lnk" "Dropbox" "Dropbox, Inc." "c:\users\virginia\appdata\roaming\dropbox\bin\dropbox.exe" "04/06/2014 7:05 PM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "11/10/2014 8:19 AM"
+ ".NET Framework" "Google Chrome Installer" "Google Inc." "c:\program files (x86)\google\chrome\application\38.0.2125.101\installer\chrmstp.exe" "30/09/2014 11:36 PM"
+ "Active Directory Service Interface" "Google Chrome Installer" "Google Inc." "c:\program files (x86)\google\chrome\application\38.0.2125.101\installer\chrmstp.exe" "30/09/2014 11:36 PM"
+ "Dynamic HTML Data Binding" "Google Chrome Installer" "Google Inc." "c:\program files (x86)\google\chrome\application\38.0.2125.101\installer\chrmstp.exe" "30/09/2014 11:36 PM"
+ "Google Chrome" "Google Chrome Installer" "Google Inc." "c:\program files (x86)\google\chrome\application\38.0.2125.101\installer\chrmstp.exe" "30/09/2014 11:36 PM"
+ "HTML Help" "Google Chrome Installer" "Google Inc." "c:\program files (x86)\google\chrome\application\38.0.2125.101\installer\chrmstp.exe" "30/09/2014 11:36 PM"
+ "Internet Explorer" "" "" "File not found: C:\windows\system32\ie4uinit.exe" ""
+ "Internet Explorer Core Fonts" "Google Chrome Installer" "Google Inc." "c:\program files (x86)\google\chrome\application\38.0.2125.101\installer\chrmstp.exe" "30/09/2014 11:36 PM"
+ "Offline Browsing Pack" "" "" "File not found: C:\windows\system32\ie4uinit.exe" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" "18/10/2014 8:27 AM"
+ "ApplePhotoStreams" "iCloud Photos" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\applephotostreams.exe" "30/07/2014 6:24 PM"
+ "CCleaner Monitoring" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner64.exe" "26/09/2014 10:03 AM"
+ "iCloudServices" "iCloud" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\icloudservices.exe" "30/07/2014 6:24 PM"
"HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" "" "" "" "18/10/2014 1:23 PM"
+ "Uninstall C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64" "" "" "File not found: rmdir" ""
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "26/07/2014 6:50 PM"
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\virginia\appdata\roaming\dropbox\bin\dropboxext64.24.dll" "23/06/2014 8:32 PM"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "08/10/2014 8:09 PM"
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashsha64.dll" "26/06/2014 7:46 AM"
+ "PhotoStreamsExt" "Apple Photostreams UI Shell Extension" "Apple Inc." "c:\program files\common files\apple\internet services\shellstreams64.dll" "11/08/2014 2:45 PM"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files (x86)\winrar\rarext64.dll" "10/06/2014 1:11 PM"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "08/10/2014 8:09 PM"
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll" "26/06/2014 7:32 AM"
+ "PhotoStreamsExt" "Apple Photostreams UI Shell Extension" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\shellstreams.dll" "14/08/2014 9:00 PM"
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files (x86)\winrar\rarext.dll" "10/06/2014 1:11 PM"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "11/01/2014 2:18 PM"
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashsha64.dll" "26/06/2014 7:46 AM"
+ "BackupContextMenuExtension" "" "" "File not found: :/Program Files (x86)/ASUS/ASUS WebStorage/3.0.108.222/XPClient.DLL" ""
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "11/01/2014 2:18 PM"
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll" "26/06/2014 7:32 AM"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers" "" "" "" "18/02/2012 3:46 AM"
+ "PropertySheetExtension1" "" "" "File not found: :/Program Files (x86)/ASUS/ASUS WebStorage/3.0.108.222/XPClient.DLL" ""
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "26/07/2014 6:50 PM"
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\virginia\appdata\roaming\dropbox\bin\dropboxext64.24.dll" "23/06/2014 8:32 PM"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "26/07/2014 6:50 PM"
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\virginia\appdata\roaming\dropbox\bin\dropboxext64.24.dll" "23/06/2014 8:32 PM"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "28/06/2012 3:18 AM"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll" "21/10/2011 12:58 PM"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "12/08/2014 6:05 PM"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "Apache Software Foundation" "c:\program files (x86)\openoffice 4\program\shlxthdl\shlxthdl_x64.dll" "16/07/2013 9:28 AM"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "12/08/2014 6:05 PM"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll" "11/05/2013 5:34 AM"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "Apache Software Foundation" "c:\program files (x86)\openoffice 4\program\shlxthdl\shlxthdl.dll" "16/07/2013 9:28 AM"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "25/03/2014 10:32 PM"
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashsha64.dll" "26/06/2014 7:46 AM"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files (x86)\winrar\rarext64.dll" "10/06/2014 1:11 PM"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "25/03/2014 10:32 PM"
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll" "26/06/2014 7:32 AM"
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files (x86)\winrar\rarext.dll" "10/06/2014 1:11 PM"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "25/03/2014 10:32 PM"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files (x86)\winrar\rarext64.dll" "10/06/2014 1:11 PM"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "25/03/2014 10:32 PM"
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files (x86)\winrar\rarext.dll" "10/06/2014 1:11 PM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "09/04/2014 7:45 PM"
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashsha64.dll" "26/06/2014 7:46 AM"
+ "AsusWSShellExt_B" "AsusWSShellExt64" "eCareme Technologies, Inc." "c:\program files (x86)\asus\asus webstorage\3.0.108.222\asuswsshellext64.dll" "25/05/2011 3:09 AM"
+ "AsusWSShellExt_O" "AsusWSShellExt64" "eCareme Technologies, Inc." "c:\program files (x86)\asus\asus webstorage\3.0.108.222\asuswsshellext64.dll" "25/05/2011 3:09 AM"
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\virginia\appdata\roaming\dropbox\bin\dropboxext64.24.dll" "23/06/2014 8:32 PM"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\virginia\appdata\roaming\dropbox\bin\dropboxext64.24.dll" "23/06/2014 8:32 PM"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\virginia\appdata\roaming\dropbox\bin\dropboxext64.24.dll" "23/06/2014 8:32 PM"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\virginia\appdata\roaming\dropbox\bin\dropboxext64.24.dll" "23/06/2014 8:32 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "09/01/2014 9:22 PM"
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\virginia\appdata\roaming\dropbox\bin\dropboxext.24.dll" "23/06/2014 8:31 PM"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\virginia\appdata\roaming\dropbox\bin\dropboxext.24.dll" "23/06/2014 8:31 PM"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\virginia\appdata\roaming\dropbox\bin\dropboxext.24.dll" "23/06/2014 8:31 PM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "01/08/2014 9:05 PM"
+ "avast! Online Security" "IE Webrep plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie64.dll" "25/06/2014 12:18 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "22/09/2014 7:45 PM"
+ "avast! Online Security" "IE Webrep plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll" "25/06/2014 12:16 PM"
+ "Java Plug-In 2 SSV Helper" "Java Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll" "25/07/2014 2:45 PM"
+ "Java Plug-In SSV Helper" "Java Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll" "25/07/2014 2:45 PM"
"Task Scheduler" "" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 15.0 r0" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe" "24/09/2014 5:25 PM"
+ "\Adobe online update program" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe" "21/08/2014 12:27 PM"
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe" "01/06/2011 8:46 PM"
+ "\ASUS Live Update" "ASUS Live Update" "ASUSTeK Computer Inc." "c:\program files (x86)\asus\asus live update\liveupdate.exe" "20/06/2012 5:21 AM"
+ "\ASUS P4G" "Power4Gear Hybrid" "ASUS" "c:\program files\asus\p4g\batterylife.exe" "14/02/2012 3:28 AM"
+ "\AsusVibeSchedule" "AsusVibe Application" "" "c:\program files (x86)\asus\asusvibe\asusvibelauncher.exe" "31/08/2012 5:24 AM"
+ "\ATKOSD2" "ATKOSD2" "ASUSTek Computer Inc." "c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe" "22/12/2011 7:57 AM"
+ "\avast! Emergency Update" "avast! Emergency Update" "AVAST Software" "c:\program files\avast software\avast\avastemupdate.exe" "26/06/2014 7:31 AM"
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe" "26/09/2014 10:00 AM"
+ "\Digital Sites" "" "" "File not found: C:\Users\VIRGINIA\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE" ""
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "29/09/2014 9:19 PM"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "29/09/2014 9:19 PM"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "10/06/2009 4:36 PM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "18/10/2014 9:06 PM"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe" "21/08/2014 12:27 PM"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe" "24/09/2014 5:25 PM"
+ "AFBAgent" "ASUS FastBoot" "ASUSTeK Computer Inc." "c:\windows\system32\fbagent.exe" "03/03/2011 4:55 AM"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe" "11/02/2014 9:26 AM"
+ "ASLDRService" "ASLDR Service" "ASUS" "c:\program files (x86)\asus\atk package\atk hotkey\asldrsrv.exe" "21/11/2011 2:21 AM"
+ "ASUS InstantOn" "ASUS InstantOn Program" "ASUS" "c:\program files (x86)\asus\instanton for nb\insonsrv.exe" "16/02/2012 5:49 AM"
+ "ATKGFNEXSrv" "GFNEXSrv" "ASUS" "c:\program files (x86)\asus\atk package\atkgfnex\gfnexsrv.exe" "21/11/2011 2:19 AM"
+ "avast! Antivirus" "Manages and implements avast! antivirus services for this computer. This includes the real-time shields, the virus chest and the scheduler." "AVAST Software" "c:\program files\avast software\avast\avastsvc.exe" "26/06/2014 7:37 AM"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe" "31/08/2011 1:52 AM"
+ "BrYNSvc" "BrYNCSvc" "Brother Industries, Ltd." "c:\program files (x86)\browny02\brynsvc.exe" "24/01/2010 7:22 PM"
+ "Garmin Core Update Service" "Keeps the software and content on your Garmin devices and the Garmin software on your PC up to date." "Garmin Ltd or its subsidiaries" "c:\program files (x86)\garmin\core update service\garmin.cartography.mapupdate.coreservice.exe" "19/09/2013 9:46 AM"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "29/09/2014 9:19 PM"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "29/09/2014 9:19 PM"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe" "01/09/2014 6:54 AM"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe" "20/12/2010 10:10 PM"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe" "11/09/2014 9:29 PM"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe" "21/08/2014 3:50 PM"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe" "11/10/2014 6:07 AM"
+ "ProtexisLicensing" "Protexis Licensing Service" "" "c:\windows\syswow64\psiservice.exe" "03/11/2006 12:36 AM"
+ "RapportMgmtService" "IBM Security Trusteer Endpoint Protection Central Management and Monitoring Service" "IBM Corp." "c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe" "01/10/2014 5:18 AM"
+ "Steam Client Service" "Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files (x86)\common files\steam\steamservice.exe" "22/09/2014 11:18 PM"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe" "20/12/2010 10:15 PM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "18/10/2014 9:06 PM"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys" "05/12/2008 7:54 PM"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys" "01/05/2007 1:30 PM"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys" "27/02/2007 8:04 PM"
+ "AgereSoftModem" "SoftModem Device Driver" "LSI Corp" "c:\windows\system32\drivers\agrsm64.sys" "10/11/2008 11:01 AM"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys" "13/07/2009 7:19 PM"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "18/03/2010 8:45 PM"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" "20/03/2009 2:36 PM"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "19/03/2010 12:18 PM"
+ "AmUStor" "Alocr Micro USB Mass Storage Driver" "Alcor Micro, Corp." "c:\windows\system32\drivers\amustor.sys" "13/01/2011 8:06 AM"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys" "24/05/2007 5:27 PM"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys" "14/01/2009 3:27 PM"
+ "ASMMAP64" "Memory mapping Driver" "ASUS" "c:\program files (x86)\asus\atk package\atkgfnex\asmmap64.sys" "02/07/2009 5:13 AM"
+ "asmthub3" "ASMedia USB3 Hub Driver" "ASMedia Technology Inc" "c:\windows\system32\drivers\asmthub3.sys" "22/11/2011 3:09 AM"
+ "asmtxhci" "ASMEDIA XHCI Host Controller Driver" "ASMedia Technology Inc" "c:\windows\system32\drivers\asmtxhci.sys" "22/11/2011 3:09 AM"
+ "aswHwid" "avast! HardwareID" "" "c:\windows\system32\drivers\aswhwid.sys" "26/06/2014 7:31 AM"
+ "aswMonFlt" "avast! mini-filter driver (aswMonFlt)" "AVAST Software" "c:\windows\system32\drivers\aswmonflt.sys" "26/06/2014 7:32 AM"
+ "aswRdr" "avast! WFP Redirect driver" "AVAST Software" "c:\windows\system32\drivers\aswrdr2.sys" "26/06/2014 7:33 AM"
+ "aswRvrt" "avast! Revert" "" "c:\windows\system32\drivers\aswrvrt.sys" "26/06/2014 7:35 AM"
+ "aswSnx" "avast! virtualization driver (aswSnx)" "AVAST Software" "c:\windows\system32\drivers\aswsnx.sys" "26/06/2014 7:34 AM"
+ "aswSP" "avast! Self Protection" "AVAST Software" "c:\windows\system32\drivers\aswsp.sys" "02/07/2014 1:38 PM"
+ "aswStm" "avast! StreamFilter Callout Driver" "AVAST Software" "c:\windows\system32\drivers\aswstm.sys" "26/06/2014 7:47 AM"
+ "aswVmm" "avast! VM Monitor" "" "c:\windows\system32\drivers\aswvmm.sys" "26/06/2014 7:35 AM"
+ "athr" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athrx.sys" "09/06/2009 2:06 PM"
+ "ATKWMIACPIIO" "ATK WMIACPI Utility" "ASUS" "c:\program files (x86)\asus\atk package\atk wmiacpi\atkwmiacpi64.sys" "06/09/2011 9:44 PM"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys" "13/02/2009 6:18 PM"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys" "26/04/2009 7:14 AM"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys" "06/08/2006 9:51 PM"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys" "06/08/2006 9:51 PM"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys" "06/08/2006 9:51 PM"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys" "06/08/2006 9:51 PM"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys" "06/08/2006 9:51 PM"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys" "09/08/2006 8:11 AM"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys" "13/07/2009 7:19 PM"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys" "31/12/2008 12:29 PM"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys" "03/02/2009 6:52 PM"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys" "03/05/2012 3:56 PM"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys" "11/05/2009 4:26 AM"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "20/04/2010 2:32 PM"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys" "26/04/2011 2:06 PM"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "10/06/2010 8:46 PM"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys" "21/10/2011 1:29 PM"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys" "13/12/2005 5:47 PM"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys" "06/09/2011 7:39 AM"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys" "23/08/2011 9:12 AM"
+ "kbfiltr" "Keyboard Filter Driver" " " "c:\windows\system32\drivers\kbfiltr.sys" "20/07/2009 5:21 AM"
+ "L1C" "Atheros L1c PCI-E Gigabit Ethernet Controller" "Atheros Communications, Inc." "c:\windows\system32\drivers\l1c62x64.sys" "24/08/2010 5:14 AM"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys" "09/12/2008 6:46 PM"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "18/05/2009 8:20 PM"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys" "18/05/2009 8:31 PM"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys" "16/04/2009 6:13 PM"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys" "03/09/2014 1:50 PM"
+ "MBAMSwissArmy" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbamswissarmy.sys" "19/09/2014 6:14 PM"
+ "MBAMWebAccessControl" "Malwarebytes Web Access Control" "Malwarebytes Corporation" "c:\windows\system32\drivers\mwac.sys" "17/06/2014 10:06 PM"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys" "18/05/2009 9:09 PM"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "18/05/2009 9:25 PM"
+ "MEIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys" "19/10/2010 7:33 PM"
+ "Netaapl" "Apple Mobile Device Ethernet" "Apple Inc." "c:\windows\system32\drivers\netaapl64.sys" "15/07/2013 6:39 PM"
+ "netr28x" "Ralink 802.11 Wireless Adapter Driver" "Ralink Technology, Corp." "c:\windows\system32\drivers\netr28x.sys" "03/02/2012 9:57 AM"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys" "06/06/2006 5:11 PM"
+ "nvraid" "NVIDIA® nForce RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "19/03/2010 4:59 PM"
+ "nvstor" "NVIDIA® nForce Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "19/03/2010 4:45 PM"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys" "22/01/2009 7:05 PM"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys" "18/05/2009 9:18 PM"
+ "RapportCerberus_80055" "" "" "c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\rapportcerberus64_80055.sys" "24/08/2014 9:10 AM"
+ "RapportEI64" "RapportEI64" "IBM Corp." "c:\program files (x86)\trusteer\rapport\bin\x64\rapportei64.sys" "01/10/2014 5:40 AM"
+ "RapportKE64" "RapportKE" "IBM Corp." "c:\windows\system32\drivers\rapportke64.sys" "01/10/2014 5:40 AM"
+ "RapportPG64" "RapportPG64" "IBM Corp." "c:\program files (x86)\trusteer\rapport\bin\x64\rapportpg64.sys" "01/10/2014 5:41 AM"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys" "13/09/2006 9:18 AM"
+ "SiSGbeLH" "NDIS 6.0 Miniport Driver for SiS191/SiS190 Ethernet Device" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisg664.sys" "26/02/2009 5:42 AM"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "24/09/2008 2:28 PM"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "01/10/2008 5:56 PM"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys" "17/02/2009 7:03 PM"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys" "05/05/2011 10:28 PM"
+ "tclondrv" "TuneClone Virtual CD-RW SCSI Controller" "TuneClone Software" "c:\windows\system32\drivers\tclondrv.sys" "27/04/2011 3:26 AM"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys" "27/11/2012 7:38 PM"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys" "13/07/2009 7:19 PM"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "30/01/2009 9:18 PM"
+ "WDC_SAM" "Manages WD external storage products." "Western Digital Technologies" "c:\windows\system32\drivers\wdcsam64.sys" "16/04/2008 4:39 AM"
+ "WsAudio_Device(1)" "Wondershare Virtual Audio Device" "Wondershare" "c:\windows\system32\drivers\virtualaudio1.sys" "23/07/2009 8:04 AM"
+ "WsAudio_Device(2)" "Wondershare Virtual Audio Device" "Wondershare" "c:\windows\system32\drivers\virtualaudio2.sys" "23/07/2009 8:04 AM"
+ "WsAudio_Device(3)" "Wondershare Virtual Audio Device" "Wondershare" "c:\windows\system32\drivers\virtualaudio3.sys" "23/07/2009 8:04 AM"
+ "WsAudio_Device(4)" "Wondershare Virtual Audio Device" "Wondershare" "c:\windows\system32\drivers\virtualaudio4.sys" "23/07/2009 8:04 AM"
+ "WsAudio_Device(5)" "Wondershare Virtual Audio Device" "Wondershare" "c:\windows\system32\drivers\virtualaudio5.sys" "23/07/2009 8:04 AM"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "13/07/2014 5:44 PM"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "13/07/2009 9:28 PM"
+ "VIDC.RTV1" "" "" "c:\windows\system32\rtvcvfw64.dll" "28/09/2012 3:45 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "13/07/2014 6:38 PM"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm" "13/07/2009 9:06 PM"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" "20/11/2010 7:59 AM"
+ "VIDC.mjpg" "MainConcept MJPG Video Codec" "MainConcept" "c:\windows\syswow64\mcmjpg32.dll" "28/10/2003 12:22 PM"
+ "VIDC.RTV1" "" "" "c:\windows\syswow64\rtvcvfw32.dll" "28/09/2012 3:45 PM"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "21/06/2014 8:45 PM"
+ "ASUS Color Convert" "ASUS Color Preview Filter" "ASUSTek" "c:\program files (x86)\asus\splendid\rgbtran.ax" "26/05/2005 2:53 AM"
+ "ASUS Color Preview Filter" "ASUS Color Preview Filter" "ASUSTek" "c:\program files (x86)\asus\splendid\rgbtran.ax" "26/05/2005 2:53 AM"
+ "ASUS SplitVCam Pump" "" "" "c:\program files (x86)\asus\virtualcamera\virtualcamera.ax" "12/01/2012 5:17 AM"
+ "ASUS SplitVCam Relayer" "" "" "c:\program files (x86)\asus\virtualcamera\virtualcamera.ax" "12/01/2012 5:17 AM"
+ "ASUS SplitVCam Renderer" "" "" "c:\program files (x86)\asus\virtualcamera\splitvcamrenderer.ax" "12/01/2012 5:17 AM"
+ "ASUS Virtual Camera" "" "" "c:\program files (x86)\asus\virtualcamera\virtualcamera.ax" "12/01/2012 5:17 AM"
+ "CyberLink Audio Noise Reduction" "CLAuNR" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaunrwrapper.ax" "16/10/2005 10:34 PM"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaursmpl.ax" "24/02/2005 10:41 PM"
+ "CyberLink Audio VolumeBooster" "CyberLink Audio Volume Booster Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gvb.ax" "08/10/2004 4:36 AM"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaudiocd.ax" "21/01/2008 6:35 AM"
+ "Cyberlink File Reader (Async.)" "Cyberlink MPEG File Reader" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2greader.ax" "15/06/2003 11:35 PM"
+ "CyberLink MP3/WAV Wrapper" "CyberLink MP3 Wrapper" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gmp3wrap.ax" "13/01/2008 10:30 PM"
+ "CyberLink PCM Wrapper" "CyberLink PCM Wrapper" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gpcmenc.ax" "21/03/2002 1:54 AM"
+ "CyberLink Video Regulator" "CLRGL" "Cyberlink" "c:\program files (x86)\cyberlink\power2go\p2grgl.ax" "28/09/2005 6:42 AM"
+ "P2G Audio Encoder" "CyberLink Audio Encoder Filter" "Cyberlink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaudenc.ax" "20/12/2006 5:20 AM"
+ "WS ScreenCapture" "ScreenCa Dynamic Link Library" "" "c:\program files (x86)\aimersoft\drm media converter\screencapturefilter.ax" "07/12/2011 2:02 AM"
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\syswow64\xvid.ax" "25/09/2008 11:23 PM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" "" "28/08/2013 1:20 PM"
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll" "31/08/2011 1:44 AM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" "" "28/08/2013 1:20 PM"
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll" "31/08/2011 1:53 AM"
"C:\Users\VIRGINIA\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" "" "15/06/2014 12:44 PM"
+ "Avast! antivirus monitor" "Avast! antivirus sidebar gadget." "AVAST Software" "C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget\Gadget.xml" "13/03/2013 2:04 PM"