# Invalid Firewall Rules Re: Shared Access...



## soulsister (Feb 20, 2013)

Hi,


CCleaner found a number of "invalid Firewall rules" when scanning my registry for errors. I'm using windows 8.1 and am not as familiar with it as previous versions and so have not set any firewall rules. Since these mention 'shared access' and 'p2p' could someone take a look and see if I should be concerned - thank-you very much for the free assistance! (The whole, short, registry report is attached as a text file at bottom, which may be easier to read - ty.)


Invalid firewall rule Collab-P2PHost-In-TCP - %SystemRoot%\system32\p2phost.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule Collab-P2PHost-Out-TCP - %SystemRoot%\system32\p2phost.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule Collab-P2PHost-WSD-In-UDP - %SystemRoot%\system32\p2phost.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule Collab-P2PHost-WSD-Out-UDP - %SystemRoot%\system32\p2phost.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule NetPres-In-TCP-NoScope - %SystemRoot%\system32\netproj.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule NetPres-Out-TCP-NoScope - %SystemRoot%\system32\netproj.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule NetPres-WSD-In-UDP - %SystemRoot%\system32\netproj.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule NetPres-WSD-Out-UDP - %SystemRoot%\system32\netproj.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule NetPres-In-TCP - %SystemRoot%\system32\netproj.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule NetPres-Out-TCP - %SystemRoot%\system32\netproj.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule MCX-In-TCP - %SystemRoot%\ehome\ehshell.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule MCX-Out-TCP - %SystemRoot%\ehome\ehshell.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule MCX-In-UDP - %SystemRoot%\ehome\ehshell.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule MCX-Out-UDP - %SystemRoot%\ehome\ehshell.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule MCX-Prov-Out-TCP - %SystemRoot%\ehome\mcx2prov.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule MCX-McrMgr-Out-TCP - %SystemRoot%\ehome\mcrmgr.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {8E75B151-80A1-40A5-8BBD-EB984F5F45B6} - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {44E99813-1592-4083-B470-22C44B415114} - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {01CBBDFB-23D0-47A4-8221-65ED862B784C} - C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule {9394A914-0A11-4737-9B26-CCBE50FC3F12} - C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules


----------



## lunarlander (Sep 22, 2007)

Go to Control Panel > Administrative Tools > Windows firewall with advanced security. On th Action right pane, choose Restore default policy. 

Since you haven't made any firewall rules, this action is safe. Then if CCleaner still finds something wrong, then you can ignore it.

This forum does not recommend users to use CCleaner's registry functions. It damages your system more often that not.


----------



## Cookiegal (Aug 27, 2003)

Did you upgrade the system from Vista?

Some of those entries seem to pertain only to the Vista operating system and belong to something called Windows Meeting Space for file sharing.

http://technet.microsoft.com/en-us/library/cc749601(v=ws.10).aspx


----------



## soulsister (Feb 20, 2013)

No Cookiegal - I bought this laptop brand new with Windows 8 preinstalled. I've had to set it back to factory settings once using a Dell backup USB. I have no need for connecting remotely or to network and try to keep all those possibilities closed down... Any cause for concern here?


Thanks for your free help - appreciate it


----------



## Cookiegal (Aug 27, 2003)

Before we do anything we those entries I must mention that you shouldn't use the registry cleaner feature of CCleaner or any other similar program (at least not to remove anything but OK to look at what it finds like you've done here) as that can cause more harm than good.

Also, have you upgraded to Windows 8.1 or are you still on just Windows 8?

Please download FRST (Farbar Recovery Scan Tool) and save it to your desktop.

*Note*: You need to run the version that's compatible with your system (32-bit or 64-bit).


Double-click FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the *Scan* button.
It will make a log named (*FRST.txt*) in the same directory the tool is run (which should be on the desktop). Please copy and paste the contents of the log in your reply.
The first time the tool is run it makes a second log named (*Addition.txt*). Please copy and paste the contents of that log as well.


----------



## soulsister (Feb 20, 2013)

I am running a 64 bit version of Windows 8.1
On running FRST64.exe Windows gave the following message:
"Exception EAccessViolation in module ERUNT.exe at 00003A38. Access violation at address 00403A38 in module 'ERUNT.exe'. Read of address 0076005D." I clicked OK and the program opened.
Scan results are below.
Thanks!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by Cynthia Local (administrator) on PRECIOUS on 19-07-2014 14:41:31
Running from C:\Users\Cynthia\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(dotPDN LLC) C:\Program Files\paint.net\PaintDotNet.exe

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4384928 2012-07-12] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" 
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp 
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe 
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-15] (AVAST Software)
HKU\S-1-5-21-1481102844-3686879177-3490302776-1002\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1481102844-3686879177-3490302776-1002\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation)
Startup: C:\Users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.6.lnk
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.6.lnk
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicyUsers\S-1-5-21-1481102844-3686879177-3490302776-1002\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1481102844-3686879177-3490302776-1001\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKLM - DefaultScope {9960E138-2EA3-4551-95C0-859B20CD56AD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {9960E138-2EA3-4551-95C0-859B20CD56AD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope {9960E138-2EA3-4551-95C0-859B20CD56AD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {9960E138-2EA3-4551-95C0-859B20CD56AD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/...6-14&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/...6-14&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {9960E138-2EA3-4551-95C0-859B20CD56AD} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 - C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-15]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
Chrome: 
=======
CHR StartupUrls: "hxxp://www.google.com"
CHR Extension: (Google Docs) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-19]
CHR Extension: (Google Drive) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-21]
CHR Extension: (YouTube) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-19]
CHR Extension: (Google Search) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-19]
CHR Extension: (Google Wallet) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-19]
CHR Extension: (Gmail) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-15]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-15] (AVAST Software)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1919336 2012-08-06] (SoftThinks SAS)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-24] (IDT, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-06-15] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-06-15] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-15] ()
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-06-15] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2014-07-19 14:41 - 2014-07-19 14:42 - 00015787 _____ () C:\Users\Cynthia\Desktop\FRST.txt
2014-07-19 14:39 - 2014-07-19 14:41 - 00000000 ____D () C:\FRST
2014-07-19 13:09 - 2014-07-19 13:11 - 02089984 _____ (Farbar) C:\Users\Cynthia\Desktop\FRST64.exe
2014-07-18 23:11 - 2014-07-19 14:40 - 00033669 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-18 16:33 - 2014-07-18 23:37 - 00000000 ____D () C:\Users\Cynthia\Desktop\Videos from Pond5
2014-07-16 11:08 - 2014-07-16 11:37 - 00002068 _____ () C:\Users\Cynthia\Desktop\HouseCleaner.txt
2014-07-15 14:49 - 2014-07-15 14:49 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-15 14:45 - 2014-07-15 14:45 - 00000000 ____D () C:\Users\Cynthia\AppData\Roaming\AVAST Software
2014-07-15 14:44 - 2014-07-15 14:49 - 01041168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-07-15 14:44 - 2014-07-15 14:49 - 00427360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-15 14:44 - 2014-07-15 14:49 - 00307344 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-15 14:44 - 2014-07-15 14:49 - 00224896 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-15 14:44 - 2014-07-15 14:49 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-07-15 14:44 - 2014-07-15 14:49 - 00092008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-07-15 14:44 - 2014-07-15 14:49 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-07-15 14:44 - 2014-07-15 14:49 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-07-15 14:44 - 2014-07-15 14:49 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-15 14:44 - 2014-07-15 14:49 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-07-15 14:44 - 2014-07-15 14:49 - 00001984 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-15 14:44 - 2014-07-15 14:44 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1405449877984
2014-07-15 14:44 - 2014-07-15 14:44 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1405449877984
2014-07-15 14:44 - 2014-07-15 14:44 - 00085328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys.1405449877984
2014-07-15 14:44 - 2014-07-15 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-15 14:43 - 2014-07-15 14:43 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-15 14:41 - 2014-07-15 14:41 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-14 08:47 - 2014-07-14 08:47 - 00000000 ____D () C:\Users\Cynthia\Documents\Education n Occupations
2014-07-13 10:48 - 2014-07-18 16:52 - 00001191 _____ () C:\Users\Cynthia\Desktop\WebDesign Names.txt
2014-07-13 08:44 - 2014-07-13 08:44 - 00000000 ____D () C:\Users\Cynthia\Photos
2014-07-12 16:33 - 2014-07-13 13:59 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-12 16:33 - 2014-07-12 21:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-07-12 16:33 - 2014-07-12 16:33 - 00001276 _____ () C:\Users\Cynthia\Desktop\Spybot - Search & Destroy.lnk
2014-07-12 16:33 - 2014-07-12 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-07-12 16:06 - 2014-07-12 16:07 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-12 16:06 - 2014-07-12 16:06 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-12 16:06 - 2014-07-12 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-12 16:06 - 2014-07-12 16:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-12 16:06 - 2014-07-12 16:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-12 16:06 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-12 16:06 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-12 16:06 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-10 20:47 - 2014-04-13 23:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-10 14:27 - 2014-06-16 18:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-10 14:27 - 2014-06-16 18:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-10 14:27 - 2014-06-06 10:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-10 14:27 - 2014-05-29 23:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-10 14:27 - 2014-05-29 08:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-10 14:27 - 2014-05-29 03:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-10 14:27 - 2014-05-29 02:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-10 14:27 - 2014-05-29 02:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-10 14:27 - 2014-05-29 01:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-10 14:27 - 2014-05-29 01:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-10 14:26 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-10 14:26 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-10 14:26 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-10 14:26 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-10 14:26 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-10 14:26 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-10 14:26 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-10 14:26 - 2014-06-18 19:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-10 14:26 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-10 14:26 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-10 14:26 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-10 14:26 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-10 14:26 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-10 14:26 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-10 14:26 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-10 14:26 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-10 14:26 - 2014-06-18 18:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-10 14:26 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-10 14:26 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-10 14:26 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-10 14:26 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-10 14:26 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-10 14:26 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-10 14:26 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-10 14:26 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-10 14:26 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-10 14:26 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-10 14:26 - 2014-06-06 09:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-10 14:26 - 2014-06-06 08:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-10 14:26 - 2014-05-31 06:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-10 14:26 - 2014-05-31 06:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-10 14:26 - 2014-05-30 23:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-10 14:26 - 2014-05-30 23:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-10 14:26 - 2014-05-30 23:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 14:26 - 2014-05-30 23:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-10 14:26 - 2014-05-30 23:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-10 14:26 - 2014-05-30 23:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 14:26 - 2014-05-30 22:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-10 14:26 - 2014-05-30 22:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-10 14:26 - 2014-05-30 22:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-10 14:26 - 2014-05-30 22:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-10 14:26 - 2014-05-30 22:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-10 14:26 - 2014-05-30 22:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-10 14:26 - 2014-05-30 22:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-10 14:23 - 2014-07-10 14:23 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-06-26 11:05 - 2014-07-12 19:42 - 00164352 ___SH () C:\Users\Cynthia\Desktop\Thumbs.db
2014-06-26 08:09 - 2014-06-26 08:09 - 00001202 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-06-26 08:09 - 2014-06-26 08:09 - 00001190 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-06-26 08:09 - 2014-06-26 08:09 - 00000000 ____D () C:\Program Files\paint.net
2014-06-26 08:08 - 2014-06-26 08:10 - 00000000 ____D () C:\Users\Cynthia\AppData\Local\paint.net
2014-06-25 11:54 - 2014-07-16 02:26 - 00000000 ____D () C:\Users\Cynthia\AppData\Roaming\ActivePresenter
2014-06-25 11:54 - 2014-06-25 11:54 - 00001389 _____ () C:\Users\Public\Desktop\Active Presenter.lnk
2014-06-25 11:54 - 2014-06-25 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActivePresenter
2014-06-25 11:54 - 2014-06-25 11:54 - 00000000 ____D () C:\Program Files (x86)\ATOMI
2014-06-21 07:33 - 2014-06-21 07:33 - 00002788 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-06-21 07:33 - 2014-06-21 07:33 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-21 07:32 - 2014-07-19 12:57 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-21 07:32 - 2014-06-21 07:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-21 07:31 - 2014-06-21 07:31 - 00000000 ____D () C:\Program Files\Google
2014-06-21 07:30 - 2014-07-19 14:40 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-21 07:30 - 2014-07-19 12:57 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-21 07:30 - 2014-06-21 07:35 - 00003902 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 07:30 - 2014-06-21 07:35 - 00003666 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 07:20 - 2014-06-21 07:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-19 07:18 - 2014-06-19 07:18 - 00000000 ____D () C:\ProgramData\Google
2014-06-19 07:17 - 2014-06-21 07:33 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-19 07:17 - 2014-06-19 07:20 - 00000000 ____D () C:\Users\Cynthia\AppData\Local\Google
==================== One Month Modified Files and Folders =======
2014-07-19 14:42 - 2014-07-19 14:41 - 00015787 _____ () C:\Users\Cynthia\Desktop\FRST.txt
2014-07-19 14:41 - 2014-07-19 14:39 - 00000000 ____D () C:\FRST
2014-07-19 14:40 - 2014-07-18 23:11 - 00033669 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-19 14:40 - 2014-06-21 07:30 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-19 14:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-19 13:11 - 2014-07-19 13:09 - 02089984 _____ (Farbar) C:\Users\Cynthia\Desktop\FRST64.exe
2014-07-19 13:02 - 2014-06-14 13:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1481102844-3686879177-3490302776-1002
2014-07-19 12:58 - 2014-03-18 06:03 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-19 12:57 - 2014-06-21 07:32 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-19 12:57 - 2014-06-21 07:30 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 12:56 - 2012-09-28 23:58 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-07-18 23:37 - 2014-07-18 16:33 - 00000000 ____D () C:\Users\Cynthia\Desktop\Videos from Pond5
2014-07-18 16:52 - 2014-07-13 10:48 - 00001191 _____ () C:\Users\Cynthia\Desktop\WebDesign Names.txt
2014-07-17 10:15 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-16 11:37 - 2014-07-16 11:08 - 00002068 _____ () C:\Users\Cynthia\Desktop\HouseCleaner.txt
2014-07-16 02:26 - 2014-06-25 11:54 - 00000000 ____D () C:\Users\Cynthia\AppData\Roaming\ActivePresenter
2014-07-15 23:37 - 2014-06-14 20:33 - 00000000 ____D () C:\Program Files\Sandboxie
2014-07-15 15:17 - 2014-06-14 15:47 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-07-15 14:51 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-15 14:50 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-15 14:49 - 2014-07-15 14:49 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-15 14:49 - 2014-07-15 14:44 - 01041168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-07-15 14:49 - 2014-07-15 14:44 - 00427360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-15 14:49 - 2014-07-15 14:44 - 00307344 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-15 14:49 - 2014-07-15 14:44 - 00224896 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-15 14:49 - 2014-07-15 14:44 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-07-15 14:49 - 2014-07-15 14:44 - 00092008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-07-15 14:49 - 2014-07-15 14:44 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-07-15 14:49 - 2014-07-15 14:44 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-07-15 14:49 - 2014-07-15 14:44 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-15 14:49 - 2014-07-15 14:44 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-07-15 14:49 - 2014-07-15 14:44 - 00001984 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-15 14:45 - 2014-07-15 14:45 - 00000000 ____D () C:\Users\Cynthia\AppData\Roaming\AVAST Software
2014-07-15 14:45 - 2014-06-14 20:38 - 00002104 _____ () C:\WINDOWS\Sandboxie.ini
2014-07-15 14:44 - 2014-07-15 14:44 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1405449877984
2014-07-15 14:44 - 2014-07-15 14:44 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1405449877984
2014-07-15 14:44 - 2014-07-15 14:44 - 00085328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys.1405449877984
2014-07-15 14:44 - 2014-07-15 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-15 14:43 - 2014-07-15 14:43 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-15 14:41 - 2014-07-15 14:41 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-15 14:37 - 2014-06-14 16:07 - 00000000 ____D () C:\Users\Cynthia\AppData\Roaming\Lavasoft
2014-07-14 08:47 - 2014-07-14 08:47 - 00000000 ____D () C:\Users\Cynthia\Documents\Education n Occupations
2014-07-13 21:08 - 2014-06-15 06:19 - 00000000 ____D () C:\Users\Cynthia
2014-07-13 13:59 - 2014-07-12 16:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-13 08:44 - 2014-07-13 08:44 - 00000000 ____D () C:\Users\Cynthia\Photos
2014-07-12 21:53 - 2014-07-12 16:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-07-12 19:42 - 2014-06-26 11:05 - 00164352 ___SH () C:\Users\Cynthia\Desktop\Thumbs.db
2014-07-12 16:33 - 2014-07-12 16:33 - 00001276 _____ () C:\Users\Cynthia\Desktop\Spybot - Search & Destroy.lnk
2014-07-12 16:33 - 2014-07-12 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-07-12 16:27 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Globalization
2014-07-12 16:07 - 2014-07-12 16:06 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-12 16:06 - 2014-07-12 16:06 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-12 16:06 - 2014-07-12 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-12 16:06 - 2014-07-12 16:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-12 16:06 - 2014-07-12 16:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-11 08:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-11 06:38 - 2013-08-22 10:44 - 00344624 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-10 21:05 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-10 21:05 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 21:05 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 21:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 20:48 - 2014-06-14 16:48 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 20:48 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-10 20:47 - 2014-06-14 16:48 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-10 20:47 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-10 20:46 - 2014-03-18 05:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 16:49 - 2014-06-14 15:15 - 00001231 _____ () C:\Users\Cynthia\Desktop\My Documents - Shortcut.lnk
2014-07-10 16:49 - 2014-06-14 15:15 - 00001218 _____ () C:\Users\Cynthia\Desktop\My Pictures - Shortcut.lnk
2014-07-10 14:23 - 2014-07-10 14:23 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-06-26 16:55 - 2013-08-22 11:38 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 16:55 - 2013-08-22 11:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-26 10:16 - 2012-05-08 12:19 - 00000000 ____D () C:\DELL
2014-06-26 08:10 - 2014-06-26 08:08 - 00000000 ____D () C:\Users\Cynthia\AppData\Local\paint.net
2014-06-26 08:09 - 2014-06-26 08:09 - 00001202 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-06-26 08:09 - 2014-06-26 08:09 - 00001190 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-06-26 08:09 - 2014-06-26 08:09 - 00000000 ____D () C:\Program Files\paint.net
2014-06-25 11:54 - 2014-06-25 11:54 - 00001389 _____ () C:\Users\Public\Desktop\Active Presenter.lnk
2014-06-25 11:54 - 2014-06-25 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActivePresenter
2014-06-25 11:54 - 2014-06-25 11:54 - 00000000 ____D () C:\Program Files (x86)\ATOMI
2014-06-21 07:35 - 2014-06-21 07:30 - 00003902 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 07:35 - 2014-06-21 07:30 - 00003666 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-21 07:33 - 2014-06-21 07:33 - 00002788 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-06-21 07:33 - 2014-06-21 07:33 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-21 07:33 - 2014-06-19 07:20 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-21 07:33 - 2014-06-19 07:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-21 07:32 - 2014-06-21 07:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-21 07:31 - 2014-06-21 07:31 - 00000000 ____D () C:\Program Files\Google
2014-06-20 08:25 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-06-20 07:47 - 2014-06-14 21:10 - 00000000 ___RD () C:\Sandbox
2014-06-20 07:47 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\registration
2014-06-20 07:47 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-06-20 07:47 - 2012-09-28 23:39 - 00000000 ____D () C:\Program Files\Dell
2014-06-19 09:06 - 2014-06-15 10:07 - 00000000 ___DC () C:\WINDOWS\Panther
2014-06-19 07:20 - 2014-06-19 07:17 - 00000000 ____D () C:\Users\Cynthia\AppData\Local\Google
2014-06-19 07:18 - 2014-06-19 07:18 - 00000000 ____D () C:\ProgramData\Google
2014-06-19 05:22 - 2014-06-16 17:18 - 00000000 ____D () C:\Users\Cynthia Local\AppData\Local\softthinks
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-16 12:32
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2014
Ran by Cynthia Local at 2014-07-19 14:42:20
Running from C:\Users\Cynthia\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 3.9.5 - Atomi Systems, Inc.)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.124 - )
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.1 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.1 - Dell Inc.)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.39 - PC-Doctor, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.209 - ALPS ELECTRIC CO., LTD.)
DSC/AA Factory Installer (Version: 3.2.6032.39 - PC-Doctor, Inc.) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}) (Version: 2.5.0.0248 - Motorola Solutions, Inc)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
paint.net (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.27 - Dell Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
==================== Restore Points =========================
04-07-2014 00:41:30 Scheduled Checkpoint
11-07-2014 00:43:23 Windows Update
15-07-2014 18:36:33 AA11
==================== Hosts content: ==========================
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {102DEB5D-F2A5-420B-BEDF-F8F23107C6DD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {15481485-0601-4483-97AE-F8FD0431F27E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {1D202D4A-4A0D-4675-BC9D-A992D190F684} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-15] (AVAST Software)
Task: {1F3818CB-DEFB-4E2E-B5A9-BD631199A8BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-21] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {33EC6779-CA48-4F00-A081-F9F34FB4DB55} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {50F7D427-0982-4765-B160-AA39EA8DCE16} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-10] (Microsoft Corporation)
Task: {59BFCC35-03B5-49D0-A478-7E1BAD69C21E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-21] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {752EE59A-C121-45F3-AD76-F89C0361ECC5} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {C09D6A83-0BD3-48C9-926E-5F79DB16EAEE} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E0BA539F-B1B7-4BEC-BEE5-4ACADA42D264} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-09-28 23:52 - 2012-04-24 22:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-12-18 14:42 - 2013-12-18 14:42 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-06-15 06:12 - 2013-10-23 04:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-26 08:09 - 2014-06-26 08:09 - 02465792 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\PaintDotNetc8826574#\43c9657e748f576f869b8edd8af1f4d4\PaintDotNet.SystemLayer.Native.x64.ni.dll
2014-06-24 13:19 - 2014-06-24 13:19 - 01067584 _____ () C:\Program Files\paint.net\PaintDotNet.SystemLayer.Native.x64.dll
2014-07-15 14:49 - 2014-07-15 14:49 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-15 14:47 - 2014-07-15 14:47 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14071501\algo.dll
2014-07-19 13:27 - 2014-07-19 13:27 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14071900\algo.dll
2014-06-17 04:36 - 2014-06-17 04:36 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\bccb0a1f2d36a70793a6f123ca0ef953\PSIClient.ni.dll
2012-09-28 23:40 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-09-28 23:58 - 2012-08-09 14:51 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2012-09-28 23:58 - 2012-08-06 11:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2012-09-28 23:58 - 2012-08-06 11:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2013-12-18 14:42 - 2013-12-18 14:42 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2012-09-28 23:50 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-07-15 14:49 - 2014-07-15 14:49 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Cynthia\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========
HKCU\...\StartupApproved\StartupFolder: => "Intel(R) Turbo Boost Technology Monitor 2.6.lnk"
==================== Faulty Device Manager Devices =============
Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================
Application errors:
==================
Error: (07/18/2014 11:47:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 3178
Start Time: 01cfa2cd85321a0b
Termination Time: 196
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: 71cbc84b-0ef7-11e4-be75-84a6c8253757
Faulting package full name: 
Faulting package-relative application ID:
Error: (07/18/2014 03:38:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x77b0
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5
Error: (07/18/2014 08:28:49 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Error: (07/17/2014 08:58:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 87f4
Start Time: 01cfa2230aad47fb
Termination Time: 31
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: a2cbe0ac-0e16-11e4-be75-84a6c8253757
Faulting package full name: 
Faulting package-relative application ID:
Error: (07/17/2014 08:56:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 45c8
Start Time: 01cfa222dff438b1
Termination Time: 12
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: 465e289b-0e16-11e4-be75-84a6c8253757
Faulting package full name: 
Faulting package-relative application ID:
Error: (07/17/2014 06:47:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x39e8
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5
Error: (07/17/2014 04:09:11 PM) (Source: TOASTER.EXE) (EventID: 0) (User: )
Description: An Unhandled Exception occured.
Exception has been thrown by the target of an invocation.
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Reflection.RuntimeMethodInfo.UnsafeInvoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.Delegate.DynamicInvokeImpl(Object[] args)
at Microsoft.Win32.SystemEvents.SystemEventInvokeInfo.InvokeCallback(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)
Error: (07/16/2014 03:25:22 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Error: (07/16/2014 03:21:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x1b04
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5
Error: (07/16/2014 00:46:38 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

System errors:
=============
Error: (07/18/2014 02:45:18 PM) (Source: DCOM) (EventID: 10010) (User: PRECIOUS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (07/18/2014 08:54:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (07/18/2014 08:29:32 AM) (Source: DCOM) (EventID: 10010) (User: PRECIOUS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (07/18/2014 08:29:02 AM) (Source: DCOM) (EventID: 10010) (User: PRECIOUS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (07/17/2014 05:04:17 PM) (Source: DCOM) (EventID: 10010) (User: PRECIOUS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (07/17/2014 07:34:02 AM) (Source: DCOM) (EventID: 10010) (User: PRECIOUS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (07/17/2014 07:33:32 AM) (Source: DCOM) (EventID: 10010) (User: PRECIOUS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (07/16/2014 03:58:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (07/16/2014 03:25:50 PM) (Source: DCOM) (EventID: 10010) (User: PRECIOUS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (07/16/2014 00:47:04 PM) (Source: DCOM) (EventID: 10010) (User: PRECIOUS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Microsoft Office Sessions:
=========================
Error: (07/18/2014 11:47:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17126317801cfa2cd85321a0b196C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE71cbc84b-0ef7-11e4-be75-84a6c8253757
Error: (07/18/2014 03:38:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267f77b001cfa2bfd08e2b77C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll0fa05c9c-0eb3-11e4-be75-84a6c8253757
Error: (07/18/2014 08:28:49 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dllC:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll8
Error: (07/17/2014 08:58:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1712687f401cfa2230aad47fb31C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEa2cbe0ac-0e16-11e4-be75-84a6c8253757
Error: (07/17/2014 08:56:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1712645c801cfa222dff438b112C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE465e289b-0e16-11e4-be75-84a6c8253757
Error: (07/17/2014 06:47:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267f39e801cfa211203b0d99C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll5e9a19ea-0e04-11e4-be75-84a6c8253757
Error: (07/17/2014 04:09:11 PM) (Source: TOASTER.EXE) (EventID: 0) (User: )
Description: An Unhandled Exception occured.
Exception has been thrown by the target of an invocation.
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Reflection.RuntimeMethodInfo.UnsafeInvoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.Delegate.DynamicInvokeImpl(Object[] args)
at Microsoft.Win32.SystemEvents.SystemEventInvokeInfo.InvokeCallback(Object arg)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)
Error: (07/16/2014 03:25:22 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dllC:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll8
Error: (07/16/2014 03:21:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267f1b0401cfa12b1c9d411fC:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll5cbe73a2-0d1e-11e4-be75-84a6c8253757
Error: (07/16/2014 00:46:38 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dllC:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll8

CodeIntegrity Errors:
===================================
Date: 2014-07-19 14:41:26.268
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-19 14:41:26.221
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-19 14:41:26.080
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-19 14:41:26.033
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-19 14:39:17.445
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-19 14:39:17.414
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-19 14:39:17.258
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-19 14:39:17.226
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-19 14:39:05.193
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-19 14:39:05.162
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 
Percentage of memory in use: 37%
Total physical RAM: 8052.2 MB
Available physical RAM: 5031.38 MB
Total Pagefile: 9332.2 MB
Available Pagefile: 5491.42 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:918.68 GB) (Free:599.17 GB) NTFS
Drive x: (PBR Image) (Fixed) (Total:9.4 GB) (Free:0.23 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:2 GB) (Free:1.66 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F28FD068)
Partition: GPT Partition Type.
==================== End Of Log ============================


----------



## Cookiegal (Aug 27, 2003)

Please download the attached *fixlist.txt* file and save it where you saved FRST (which should be the desktop).

*NOTE:* It's important that both files, *FRST* and *fixlist.txt *are in the same location (preferably on the desktop) or the fix will not work.

Run *FRST/FRST64* and press the *Fix* button just once and then wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after the restart.

*NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.*

The tool will make a log on the Desktop (Fixlog.txt). Please post it in your reply.


----------



## soulsister (Feb 20, 2013)

It ran fine and needed to restart. Here is the log. Thank-you


----------



## Cookiegal (Aug 27, 2003)

Please copy and paste the log.


----------



## soulsister (Feb 20, 2013)

sorry - I didn't think - you guys probably don't like to download things - here's the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-07-2014 01
Ran by Cynthia Local at 2014-07-23 15:54:10 Run:1
Running from C:\Users\Cynthia\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-1481102844-3686879177-3490302776-1002\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1481102844-3686879177-3490302776-1001\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/r...q={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/r...q={searchTerms}
SearchScopes: HKCU - {9960E138-2EA3-4551-95C0-859B20CD56AD} URL = 
*****************
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1481102844-3686879177-3490302776-1002\User => Moved successfully.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1481102844-3686879177-3490302776-1001\User => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => Key deleted successfully.
"HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9960E138-2EA3-4551-95C0-859B20CD56AD}" => Key deleted successfully.
"HKCR\CLSID\{9960E138-2EA3-4551-95C0-859B20CD56AD}" => Key not found.

The system needed a reboot. 
==== End of Fixlog ====


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

You will also need to disable all of your security programs so they don't interfere with ComboFix. Please visit the following link for more information on how to disable them:

http://www.bleepingcomputer.com/forums/topic114351.html

Be sure to remember to re-enable them right after the scan.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## soulsister (Feb 20, 2013)

Hi - I just read this on the ComboFix site:

"At this time ComboFix can only run on the following Windows versions:


Windows XP (32-bit only)
Windows Vista (32-bit/64-bit)
Windows 7 (32-bit/64-bit) "
Do you still want me to use it?


----------



## Cookiegal (Aug 27, 2003)

Whoops, sorry, no. We'll use a different tool.

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## soulsister (Feb 20, 2013)

Having trouble posting a reply so trying one report at a time....

OTL logfile created on: 2014-08-02 7:27:29 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cynthia\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd

7.86 Gb Total Physical Memory | 5.85 Gb Available Physical Memory | 74.43% Memory free
9.11 Gb Paging File | 6.71 Gb Available in Paging File | 73.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.68 Gb Total Space | 869.07 Gb Free Space | 94.60% Space Free | Partition Type: NTFS
Drive X: | 9.40 Gb Total Space | 0.23 Gb Free Space | 2.47% Space Free | Partition Type: NTFS
Drive Y: | 2.00 Gb Total Space | 1.66 Gb Free Space | 82.89% Space Free | Partition Type: NTFS

Computer Name: PRECIOUS | User Name: Cynthia Local | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014-08-02 06:53:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cynthia\Desktop\OTL.exe
PRC - [2014-07-31 14:49:46 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014-07-15 14:49:40 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-08-08 12:23:28 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012-08-08 12:23:08 | 001,091,520 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012-08-06 11:58:50 | 000,491,880 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
PRC - [2012-08-06 11:58:30 | 004,056,424 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
PRC - [2012-08-06 11:58:14 | 001,919,336 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
PRC - [2012-07-17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012-07-17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012-07-09 14:47:18 | 000,277,504 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012-07-09 14:47:14 | 000,007,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012-06-25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012-06-07 23:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012-06-01 21:47:48 | 000,143,888 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2009-03-05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2014-07-15 14:49:40 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014-07-15 14:49:40 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2013-12-18 14:42:50 | 000,013,088 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2012-08-09 14:51:14 | 002,003,304 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
MOD - [2012-08-06 11:59:24 | 000,117,608 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
MOD - [2012-08-06 11:59:16 | 001,153,384 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
MOD - [2012-06-08 12:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012-06-07 23:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

========== Services (SafeList) ==========

SRV:*64bit:* - [2014-07-23 17:24:38 | 004,352,568 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) [Auto | Running] -- C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe -- (SEVPNCLIENT)
SRV:*64bit:* - [2014-07-15 14:49:40 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:*64bit:* - [2014-06-15 10:05:52 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:*64bit:* - [2014-06-15 10:04:12 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:*64bit:* - [2014-06-15 10:04:11 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:*64bit:* - [2014-06-15 10:00:59 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:*64bit:* - [2014-06-15 10:00:58 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:*64bit:* - [2014-06-15 10:00:21 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:*64bit:* - [2014-06-15 10:00:20 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:*64bit:* - [2014-06-15 10:00:20 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:*64bit:* - [2014-05-21 00:33:44 | 000,314,696 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV:*64bit:* - [2014-03-18 06:13:26 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:*64bit:* - [2014-03-18 06:13:25 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:*64bit:* - [2014-03-18 06:13:20 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:*64bit:* - [2014-03-18 06:13:18 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:*64bit:* - [2014-03-18 06:13:18 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:*64bit:* - [2014-03-18 06:13:14 | 000,399,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:*64bit:* - [2014-03-18 06:13:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:*64bit:* - [2014-03-18 06:13:13 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:*64bit:* - [2013-08-28 16:24:04 | 003,378,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:*64bit:* - [2013-08-28 16:23:48 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:*64bit:* - [2013-08-28 16:23:40 | 000,626,416 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:*64bit:* - [2013-08-28 16:23:20 | 000,149,744 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:*64bit:* - [2013-08-22 08:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:*64bit:* - [2013-08-22 07:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:*64bit:* - [2013-08-22 07:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:*64bit:* - [2013-08-22 07:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:*64bit:* - [2013-08-22 07:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:*64bit:* - [2013-08-22 07:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:*64bit:* - [2013-08-22 06:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:*64bit:* - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:*64bit:* - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:*64bit:* - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:*64bit:* - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:*64bit:* - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:*64bit:* - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:*64bit:* - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:*64bit:* - [2013-08-22 06:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:*64bit:* - [2013-08-22 05:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:*64bit:* - [2013-08-22 05:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:*64bit:* - [2013-08-22 05:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:*64bit:* - [2013-08-22 05:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:*64bit:* - [2013-08-22 05:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:*64bit:* - [2013-08-22 05:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:*64bit:* - [2013-08-22 05:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:*64bit:* - [2013-08-22 05:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:*64bit:* - [2012-07-24 06:59:56 | 000,321,536 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:*64bit:* - [2012-07-17 01:38:26 | 000,731,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:*64bit:* - [2012-05-30 14:11:34 | 000,149,544 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:*64bit:* - [2012-05-02 14:49:44 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:*64bit:* - [2012-04-20 15:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2014-06-15 10:00:20 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014-05-21 00:33:48 | 000,278,344 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013-12-18 14:42:30 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013-08-22 08:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013-08-21 23:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013-08-21 22:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012-08-08 12:23:28 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012-08-08 12:23:08 | 001,091,520 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012-08-06 11:58:14 | 001,919,336 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe -- (SftService)
SRV - [2012-07-17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-07-17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-07-13 21:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012-07-09 14:47:14 | 000,007,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012-06-25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2014-07-23 17:26:29 | 000,028,768 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Neo_VPN.sys -- (Neo_VPN)
DRV:*64bit:* - [2014-07-23 17:24:36 | 000,038,112 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SeLow_x64.sys -- (SeLow)
DRV:*64bit:* - [2014-07-15 14:49:47 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:*64bit:* - [2014-07-15 14:49:41 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:*64bit:* - [2014-07-15 14:49:41 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:*64bit:* - [2014-07-15 14:49:41 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:*64bit:* - [2014-07-15 14:49:40 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:*64bit:* - [2014-07-15 14:49:40 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:*64bit:* - [2014-07-15 14:49:40 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:*64bit:* - [2014-07-15 14:49:40 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:*64bit:* - [2014-06-15 10:05:12 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:*64bit:* - [2014-06-15 10:04:12 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:*64bit:* - [2014-06-15 10:04:12 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:*64bit:* - [2014-06-15 10:04:12 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:*64bit:* - [2014-06-15 10:04:11 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:*64bit:* - [2014-06-15 10:00:59 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:*64bit:* - [2014-06-15 10:00:59 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:*64bit:* - [2014-06-15 10:00:58 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:*64bit:* - [2014-06-15 10:00:20 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:*64bit:* - [2014-05-29 14:33:16 | 000,185,352 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:*64bit:* - [2014-05-21 00:33:36 | 003,791,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2014-05-06 18:39:17 | 000,038,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:*64bit:* - [2014-05-06 18:39:17 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:*64bit:* - [2014-03-18 07:08:50 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:*64bit:* - [2014-03-18 07:08:26 | 000,441,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:*64bit:* - [2014-03-18 06:13:19 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:*64bit:* - [2014-03-18 06:13:15 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:*64bit:* - [2014-03-18 06:13:15 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:*64bit:* - [2014-03-18 06:13:02 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:*64bit:* - [2014-03-18 06:13:01 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:*64bit:* - [2014-03-18 06:13:01 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:*64bit:* - [2014-03-18 06:13:01 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:*64bit:* - [2014-03-18 06:13:01 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:*64bit:* - [2014-03-18 06:13:01 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:*64bit:* - [2014-03-18 06:13:01 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:*64bit:* - [2014-03-18 06:13:00 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:*64bit:* - [2014-03-18 06:13:00 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:*64bit:* - [2014-03-18 06:13:00 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:*64bit:* - [2014-03-18 05:45:47 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:*64bit:* - [2014-03-18 05:45:41 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:*64bit:* - [2013-12-18 14:42:58 | 000,032,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:*64bit:* - [2013-10-08 22:12:46 | 003,345,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwew00.sys -- (NETwNe64)
DRV:*64bit:* - [2013-09-23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:*64bit:* - [2013-08-22 09:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:*64bit:* - [2013-08-22 09:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2013-08-22 08:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:*64bit:* - [2013-08-22 08:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:*64bit:* - [2013-08-22 08:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:*64bit:* - [2013-08-22 08:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:*64bit:* - [2013-08-22 08:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:*64bit:* - [2013-08-22 08:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2013-08-22 08:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2013-08-22 08:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:*64bit:* - [2013-08-22 08:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2013-08-22 08:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:*64bit:* - [2013-08-22 08:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:*64bit:* - [2013-08-22 08:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2013-08-22 08:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2013-08-22 08:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:*64bit:* - [2013-08-22 08:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2013-08-22 08:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:*64bit:* - [2013-08-22 08:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:*64bit:* - [2013-08-22 08:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2013-08-22 08:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:*64bit:* - [2013-08-22 08:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:*64bit:* - [2013-08-22 08:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2013-08-22 08:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:*64bit:* - [2013-08-22 08:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:*64bit:* - [2013-08-22 08:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:*64bit:* - [2013-08-22 08:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:*64bit:* - [2013-08-22 08:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:*64bit:* - [2013-08-22 08:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:*64bit:* - [2013-08-22 07:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:*64bit:* - [2013-08-22 07:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:*64bit:* - [2013-08-22 07:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:*64bit:* - [2013-08-22 07:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:*64bit:* - [2013-08-22 07:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:*64bit:* - [2013-08-22 07:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:*64bit:* - [2013-08-22 07:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:*64bit:* - [2013-08-22 07:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:*64bit:* - [2013-08-22 07:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:*64bit:* - [2013-08-22 07:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:*64bit:* - [2013-08-22 07:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:*64bit:* - [2013-08-22 07:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:*64bit:* - [2013-08-22 07:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:*64bit:* - [2013-08-22 07:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:*64bit:* - [2013-08-22 07:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2013-08-22 07:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:*64bit:* - [2013-08-22 07:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:*64bit:* - [2013-08-22 07:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:*64bit:* - [2013-08-22 07:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:*64bit:* - [2013-08-22 07:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:*64bit:* - [2013-08-22 07:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:*64bit:* - [2013-08-22 07:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:*64bit:* - [2013-08-22 04:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:*64bit:* - [2013-08-12 19:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:*64bit:* - [2013-08-09 20:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:*64bit:* - [2013-07-30 14:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:*64bit:* - [2013-07-25 15:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:*64bit:* - [2013-06-18 10:46:17 | 000,591,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:*64bit:* - [2012-10-27 00:02:10 | 000,651,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:*64bit:* - [2012-08-09 20:29:52 | 000,188,384 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xHCIPort.sys -- (XHCIPort)
DRV:*64bit:* - [2012-08-05 02:22:10 | 000,010,752 | ---- | M] (OSR Open Systems Resources, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DellRbtn.sys -- (DellRbtn)
DRV:*64bit:* - [2012-08-01 04:57:52 | 000,445,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:*64bit:* - [2012-07-24 06:59:56 | 000,540,160 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:*64bit:* - [2012-07-17 01:39:22 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:*64bit:* - [2012-07-14 18:36:30 | 000,825,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:*64bit:* - [2012-07-12 03:04:30 | 000,445,304 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:*64bit:* - [2012-07-04 13:31:40 | 000,055,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:*64bit:* - [2012-07-02 19:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:*64bit:* - [2012-06-25 11:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:*64bit:* - [2012-06-19 11:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:*64bit:* - [2012-06-15 17:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:*64bit:* - [2012-05-30 14:10:50 | 000,016,168 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {9960E138-2EA3-4551-95C0-859B20CD56AD}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:*64bit:* - HKLM\..\SearchScopes\{9960E138-2EA3-4551-95C0-859B20CD56AD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9960E138-2EA3-4551-95C0-859B20CD56AD}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9960E138-2EA3-4551-95C0-859B20CD56AD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
IE - HKCU\..\SearchScopes,DefaultScope = {9960E138-2EA3-4551-95C0-859B20CD56AD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: C:\Program Files\mcafee\msc\npMcSnFFPl64.dll File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-15 14:49:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

========== Chrome ==========

CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013-06-24 21:30:54 | 000,001,204 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com 
O1 - Hosts: ::1 localhost
O2:*64bit:* - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:*64bit:* - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:*64bit:* - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:*64bit:* - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Motorola Solutions, Inc.)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe File not found
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxTray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe File not found
O4:*64bit:* - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:*64bit:* - HKLM..\Run: [SoftEther VPN Client UI Helper] C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
O4:*64bit:* - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.6.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:*64bit:* - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: designyourwall.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: wallpaperdirect.com ([www] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99125FBB-36B6-4BB9-A324-8A09D999BF5B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6BC5219-F923-431D-9EC3-79CBA2E82A5B}: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O20:*64bit:* - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-04-16 10:35:33 | 000,000,000 | -HS- | M] () - Y:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014-08-02 06:53:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cynthia\Desktop\OTL.exe
[2014-07-31 16:59:10 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Google Drive\Documents\Graphics in Progress
[2014-07-31 09:49:45 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Google Drive\Documents\Online Receipts
[2014-07-27 09:09:59 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Google Drive\Documents\Favorites Backups fr IE
[2014-07-24 00:34:37 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Local\Adobe
[2014-07-23 20:07:08 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Google Drive\Documents\Photoshop Downloads
[2014-07-23 17:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2014-07-23 17:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014-07-23 17:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014-07-23 17:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014-07-23 17:26:29 | 000,028,768 | ---- | C] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\WINDOWS\SysNative\drivers\Neo_VPN.sys
[2014-07-23 17:26:13 | 000,038,240 | ---- | C] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\WINDOWS\SysNative\drivers\see.sys
[2014-07-23 17:24:53 | 000,135,736 | ---- | C] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\WINDOWS\SysNative\vpncmd.exe
[2014-07-23 17:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
[2014-07-23 17:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\SoftEther VPN Client
[2014-07-23 17:24:30 | 000,038,112 | ---- | C] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\WINDOWS\SysNative\drivers\SeLow_x64.sys
[2014-07-23 17:21:39 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Desktop\vpngate-client-2014.07.14-build-9473.130124
[2014-07-23 16:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014-07-23 16:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Photoshop CS6 Extended Files from USB
[2014-07-23 16:39:13 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Desktop\CS6 Instruction Files
[2014-07-23 15:53:51 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Desktop\FRST-OlderVersion
[2014-07-22 15:14:46 | 000,137,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vcomp120.dll
[2014-07-20 10:58:12 | 000,000,000 | R--D | C] -- C:\Users\Cynthia\Google Drive
[2014-07-20 10:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2014-07-20 10:41:52 | 000,895,120 | ---- | C] (Google Inc.) -- C:\Users\Cynthia\Desktop\googledrivesync.exe
[2014-07-20 09:34:14 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Google Drive\Documents\CyberLink
[2014-07-20 09:34:13 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Roaming\CyberLink
[2014-07-20 09:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014-07-20 09:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014-07-19 14:39:16 | 000,000,000 | ---D | C] -- C:\FRST
[2014-07-19 13:09:22 | 002,091,520 | ---- | C] (Farbar) -- C:\Users\Cynthia\Desktop\FRST64.exe
[2014-07-18 16:33:53 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Desktop\Videos from Pond5
[2014-07-15 14:49:40 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014-07-15 14:45:50 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Roaming\AVAST Software
[2014-07-15 14:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014-07-15 14:44:21 | 001,041,168 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsnx.sys
[2014-07-15 14:44:21 | 001,039,096 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsnx.sys.1405449877984
[2014-07-15 14:44:21 | 000,427,360 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys
[2014-07-15 14:44:21 | 000,423,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys.1405449877984
[2014-07-15 14:44:21 | 000,093,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys
[2014-07-15 14:44:21 | 000,092,008 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswstm.sys
[2014-07-15 14:44:21 | 000,085,328 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswstm.sys.1405449877984
[2014-07-15 14:44:21 | 000,079,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys
[2014-07-15 14:44:20 | 000,307,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe
[2014-07-15 14:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014-07-15 14:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014-07-14 08:47:23 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Google Drive\Documents\Education n Occupations
[2014-07-12 16:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2014-07-12 16:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014-07-12 16:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2014-07-12 16:06:42 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014-07-12 16:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014-07-12 16:06:28 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2014-07-12 16:06:28 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2014-07-12 16:06:28 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2014-07-12 16:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014-07-12 16:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-07-10 14:27:41 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\osk.exe
[2014-07-10 14:27:41 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\osk.exe
[2014-07-10 14:27:36 | 001,417,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2014-07-10 14:27:36 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\adtschema.dll
[2014-07-10 14:27:36 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\adtschema.dll
[2014-07-10 14:27:36 | 000,436,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\certcli.dll
[2014-07-10 14:27:36 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\certcli.dll
[2014-07-10 14:26:36 | 005,721,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2014-07-10 14:26:32 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2014-07-10 14:26:32 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2014-07-10 14:26:32 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2014-07-10 14:26:32 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2014-07-10 14:26:32 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2014-07-10 14:26:32 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2014-07-10 14:26:32 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtmsft.dll
[2014-07-10 14:26:32 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll
[2014-07-10 14:26:32 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2014-07-10 14:26:32 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2014-07-10 14:26:17 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\qedit.dll
[2014-07-10 14:26:17 | 000,488,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qedit.dll
[2014-07-10 14:26:16 | 013,287,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2014-07-10 14:26:16 | 011,792,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2014-07-10 14:26:16 | 001,054,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.appcore.dll
[2014-07-10 14:26:16 | 000,923,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2014-07-10 14:26:16 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.appcore.dll
[2014-07-10 14:26:16 | 000,827,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2014-07-10 14:26:16 | 000,756,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2014-07-10 14:26:16 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2014-07-10 14:26:16 | 000,555,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinapi.appcore.dll
[2014-07-10 14:26:16 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2014-07-10 14:26:16 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2014-07-10 14:26:16 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2014-07-10 14:26:16 | 000,054,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2014-07-10 14:26:15 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2014-07-10 14:23:10 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSReset.exe

========== Files - Modified Within 30 Days ==========

[2014-08-02 06:55:44 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\paint.net.lnk
[2014-08-02 06:53:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cynthia\Desktop\OTL.exe
[2014-08-02 06:40:08 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014-08-02 06:00:18 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014-07-31 17:54:48 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014-07-31 17:54:37 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014-07-31 17:45:25 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014-07-31 17:45:22 | 2459,709,439 | -HS- | M] () -- C:\hiberfil.sys
[2014-07-31 11:38:57 | 000,042,808 | ---- | M] () -- C:\Users\Cynthia\Desktop\Snap Logo.pdn
[2014-07-31 01:27:50 | 000,076,680 | ---- | M] () -- C:\Users\Cynthia\Desktop\Snap Logo.psd
[2014-07-30 14:16:10 | 000,000,366 | ---- | M] () -- C:\Users\Cynthia\Desktop\flirtylingerie_2269_460457.gif
[2014-07-29 21:02:24 | 000,344,225 | ---- | M] () -- C:\Users\Cynthia\Desktop\ChrisEvansGQ.jpg
[2014-07-28 07:49:02 | 000,000,132 | ---- | M] () -- C:\Users\Cynthia\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014-07-28 07:25:19 | 000,105,602 | ---- | M] () -- C:\Users\Cynthia\Desktop\110079full.jpg
[2014-07-23 23:49:19 | 000,865,408 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014-07-23 23:49:19 | 000,736,970 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014-07-23 23:49:19 | 000,140,352 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014-07-23 19:49:06 | 000,010,001 | ---- | M] () -- C:\Users\Cynthia\Desktop\Snap Logo.jpg
[2014-07-23 19:16:33 | 251,929,016 | ---- | M] () -- C:\Users\Cynthia\Desktop\Adobe.zip
[2014-07-23 18:53:01 | 000,001,705 | ---- | M] () -- C:\Users\Cynthia\Desktop\Photoshop.exe - Shortcut.lnk
[2014-07-23 17:26:29 | 000,028,768 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\WINDOWS\SysNative\drivers\Neo_VPN.sys
[2014-07-23 17:26:13 | 000,038,240 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\WINDOWS\SysNative\drivers\see.sys
[2014-07-23 17:24:53 | 000,135,736 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\WINDOWS\SysNative\vpncmd.exe
[2014-07-23 17:24:49 | 000,001,973 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk
[2014-07-23 17:24:49 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk
[2014-07-23 17:24:36 | 000,038,112 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\WINDOWS\SysNative\drivers\SeLow_x64.sys
[2014-07-23 15:53:51 | 002,091,520 | ---- | M] (Farbar) -- C:\Users\Cynthia\Desktop\FRST64.exe
[2014-07-22 15:14:46 | 000,137,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vcomp120.dll
[2014-07-20 10:48:05 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2014-07-20 10:48:05 | 000,002,058 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2014-07-20 10:48:05 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2014-07-20 10:41:52 | 000,895,120 | ---- | M] (Google Inc.) -- C:\Users\Cynthia\Desktop\googledrivesync.exe
[2014-07-16 11:18:53 | 005,889,471 | ---- | M] () -- C:\Users\Cynthia\Google Drive\Documents\Phone Instruction Manual 2014pdf.pdf
[2014-07-15 14:49:52 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014-07-15 14:49:47 | 000,427,360 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys
[2014-07-15 14:49:41 | 001,041,168 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsnx.sys
[2014-07-15 14:49:41 | 000,224,896 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys
[2014-07-15 14:49:41 | 000,092,008 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswstm.sys
[2014-07-15 14:49:40 | 000,307,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe
[2014-07-15 14:49:40 | 000,093,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys
[2014-07-15 14:49:40 | 000,079,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys
[2014-07-15 14:49:40 | 000,065,776 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys
[2014-07-15 14:49:40 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014-07-15 14:49:40 | 000,029,208 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswHwid.sys
[2014-07-15 14:45:44 | 000,002,104 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2014-07-15 14:44:18 | 001,039,096 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsnx.sys.1405449877984
[2014-07-15 14:44:18 | 000,423,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys.1405449877984
[2014-07-15 14:44:18 | 000,085,328 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswstm.sys.1405449877984
[2014-07-12 16:33:19 | 000,001,276 | ---- | M] () -- C:\Users\Cynthia\Desktop\Spybot - Search & Destroy.lnk
[2014-07-12 16:07:46 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014-07-12 16:06:31 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-07-10 14:23:10 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSReset.exe

========== Files Created - No Company Name ==========

[2014-07-31 01:27:48 | 000,076,680 | ---- | C] () -- C:\Users\Cynthia\Desktop\Snap Logo.psd
[2014-07-30 14:22:09 | 000,000,366 | ---- | C] () -- C:\Users\Cynthia\Desktop\flirtylingerie_2269_460457.gif
[2014-07-29 21:04:53 | 000,344,225 | ---- | C] () -- C:\Users\Cynthia\Desktop\ChrisEvansGQ.jpg
[2014-07-28 07:42:10 | 000,000,132 | ---- | C] () -- C:\Users\Cynthia\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014-07-28 07:27:29 | 000,105,602 | ---- | C] () -- C:\Users\Cynthia\Desktop\110079full.jpg
[2014-07-23 19:53:09 | 000,042,808 | ---- | C] () -- C:\Users\Cynthia\Desktop\Snap Logo.pdn
[2014-07-23 19:49:02 | 000,010,001 | ---- | C] () -- C:\Users\Cynthia\Desktop\Snap Logo.jpg
[2014-07-23 19:15:36 | 251,929,016 | ---- | C] () -- C:\Users\Cynthia\Desktop\Adobe.zip
[2014-07-23 18:53:01 | 000,001,705 | ---- | C] () -- C:\Users\Cynthia\Desktop\Photoshop.exe - Shortcut.lnk
[2014-07-23 17:59:22 | 000,001,053 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2014-07-23 17:57:39 | 000,001,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2014-07-23 17:24:49 | 000,001,973 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk
[2014-07-23 17:24:49 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk
[2014-07-20 10:48:05 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2014-07-20 10:48:05 | 000,002,058 | ---- | C] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2014-07-20 10:48:05 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2014-07-16 11:18:52 | 005,889,471 | ---- | C] () -- C:\Users\Cynthia\Google Drive\Documents\Phone Instruction Manual 2014pdf.pdf
[2014-07-15 14:44:52 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014-07-15 14:44:21 | 000,224,896 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys
[2014-07-15 14:44:21 | 000,065,776 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys
[2014-07-15 14:44:21 | 000,029,208 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswHwid.sys
[2014-07-12 16:33:19 | 000,001,276 | ---- | C] () -- C:\Users\Cynthia\Desktop\Spybot - Search & Destroy.lnk
[2014-07-12 16:06:31 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-06-15 11:47:39 | 000,000,136 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2014-06-15 06:42:24 | 000,000,624 | RHS- | C] () -- C:\Users\Cynthia\ntuser.pol
[2014-06-14 20:38:29 | 000,002,104 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2014-05-21 00:33:38 | 000,348,088 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2014-05-21 00:33:32 | 000,183,808 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2014-05-21 00:33:32 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2014-03-18 06:13:28 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014-03-18 06:13:03 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013-08-22 11:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013-08-22 11:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013-08-22 10:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013-08-22 03:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013-08-21 23:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013-08-21 19:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013-08-21 19:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012-09-29 00:10:26 | 000,880,342 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-06-15 10:00:20 | 021,268,952 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-06-15 10:00:21 | 018,755,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 05:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-21 22:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 05:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\Users\Cynthia\OneDrive:ms-properties
< End of report >


----------



## soulsister (Feb 20, 2013)

OTL Extras logfile created on: 2014-08-02 6:59:43 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cynthia\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd

7.86 Gb Total Physical Memory | 6.08 Gb Available Physical Memory | 77.35% Memory free
9.11 Gb Paging File | 7.16 Gb Available in Paging File | 78.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.68 Gb Total Space | 828.62 Gb Free Space | 90.20% Space Free | Partition Type: NTFS
Drive X: | 9.40 Gb Total Space | 0.23 Gb Free Space | 2.47% Space Free | Partition Type: NTFS
Drive Y: | 2.00 Gb Total Space | 1.66 Gb Free Space | 82.89% Space Free | Partition Type: NTFS

Computer Name: PRECIOUS | User Name: Cynthia Local | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B24508A-144F-4628-8825-440798848E2B}" = dir=out | app=%programfiles%\adobe\adobe bridge cs6 (64 bit)\photodownloader\photodownloader.exe | 
"{1574A9FB-C9B5-43AF-93FB-FD54A63E7CED}" = dir=out | app=%programfiles%\adobe\adobe bridge cs6 (64 bit)\logtransport2.exe | 
"{15A5CAD0-9F35-4E32-8BF4-D199C84D53FB}" = dir=out | app=%programfiles%\adobe\adobe photoshop cs6 (64 bit)\sniffer_gpu.exe | 
"{1A84D6A2-B93D-4ECB-80ED-3AA4B47645EB}" = protocol=58 | dir=out | [email protected],-503 | 
"{20E88FB6-3E7C-44B9-AC1B-BAD5BBCE6AE5}" = protocol=58 | dir=in | app=system | 
"{27C2C94D-ADAF-4B2E-AFFA-594205E787A2}" = dir=out | app=%programfiles%\adobe\adobe bridge cs6 (64 bit)\bridge.exe | 
"{5A5D7669-7F20-4176-9B10-9B72DFE1CF21}" = dir=out | app=%programfiles%\adobe\adobe bridge cs6 (64 bit)\bridgeproxy.exe | 
"{623FAABF-0DD7-4DF3-B356-9A46AA976BE2}" = dir=out | app=%programfiles%\adobe\adobe bridge cs6 (64 bit)\adobe3dandvideoserver\adobe3dandvideoserver.exe | 
"{68B03125-A799-49FF-96BF-F41CF49561F6}" = dir=out | [email protected]{microsoft.bingsports_3.0.2.317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | 
"{7125A664-9236-4D14-86DD-767E557E68F0}" = dir=out | app=%programfiles%\adobe\adobe bridge cs6 (64 bit)\adobe3dandvideoserver\adobe3dandvideoserver.exe | 
"{776A69EF-1E95-422C-BC35-A2B70720A575}" = dir=out | app=%programfiles%\adobe\adobe bridge cs6 (64 bit)\arh.exe | 
"{91B3D774-4755-48C1-9FA5-2A701F082393}" = dir=out | [email protected]{microsoft.zunevideo_2.6.183.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{A5575EC3-CF6F-443C-A35D-8DFE92255611}" = dir=out | app=%programfiles%\adobe\adobe photoshop cs6 (64 bit)\logtransport2.exe | 
"{CA8D593F-196F-4B6A-88E1-6D866CF635EF}" = dir=out | [email protected]{microsoft.bingfoodanddrink_3.0.2.313_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{D164BD18-79B7-474B-AEA2-37BBE7C529EE}" = dir=out | app=%programfiles%\adobe\adobe photoshop cs6 (64 bit)\photoshop.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1334eac7-d6ef-4177-8780-05c963853cd3}" = Intel(R) PRO/Wireless Driver
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Intel(R) Turbo Boost Technology Monitor 2.6
"{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89478C31-5CE8-461A-9084-9A0AF059F84F}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D61F48DA-627B-404E-9315-32A651B18B64}" = Intel® PROSet/Wireless WiFi Software
"{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}" = Intel(R) WiDi
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F509C1F4-0029-49F9-B145-A4C4E8DF481A}" = paint.net
"{F7A70D00-F283-45C8-B163-49EC365D7E27}" = DSC/AA Factory Installer
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"CCleaner" = CCleaner
"PC-Doctor for Windows" = Dell Support Center
"Sandboxie" = Sandboxie 4.12 (64-bit)
"softether_sevpnclient" = SoftEther VPN Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}" = Amazon Browser App
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell Backup and Recovery
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4689F012-C8E3-4F6E-BDEF-13671D53A6DC}" = Windows Live UX Platform Language Pack
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{75939021-3B68-419D-8DC1-E9823BFF9658}" = Google Drive
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{78F35489-621D-4FFD-BCE7-2C7C3897E47C}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9846E46F-07E0-4BDF-985A-E3FBA8C15877}" = Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1" = ActivePresenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell Backup and Recovery - Support Software
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{c9967fbd-e3c3-4ed0-992a-5b33260f2944}" = Intel® PROSet/Wireless Software
"{D531FC91-6F4E-49A7-B912-15289D05B6F8}" = Photo Common
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE8DFDD0-A543-4A83-B7A9-C411138194D5}" = Galerie de photos
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Avast" = avast! Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite Essentials
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2014-07-18 11:47:50 PM | Computer Name = PRECIOUS | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 11.0.9600.17126 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 3178 Start
Time: 01cfa2cd85321a0b Termination Time: 196 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id: 71cbc84b-0ef7-11e4-be75-84a6c8253757 Faulting package
full name: Faulting package-relative application ID:

Error - 2014-07-19 6:00:18 PM | Computer Name = PRECIOUS | Source = Application Error | ID = 1000
Description = Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39,
time stamp: 0x4ffe56d2 Faulting module name: MSVCR90.dll, version: 9.0.30729.8387,
time stamp: 0x51ea1bbd Exception code: 0x40000015 Fault offset: 0x000000000004267f
Faulting
process id: 0x1fe0 Faulting application start time: 0x01cfa39cd2d87db4 Faulting application
path: C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5x Faulting module path:
C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll
Report
Id: 11e37141-0f90-11e4-be75-84a6c8253757 Faulting package full name: Faulting package-relative
application ID:

Error - 2014-07-19 6:31:29 PM | Computer Name = PRECIOUS | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Spybot
- Search & Destroy\DelZip179.dll".Error in manifest or policy file "C:\Program 
Files (x86)\Spybot - Search & Destroy\DelZip179.dll" on line 8. The value "*" of 
attribute "language" in element "assemblyIdentity" is invalid.

Error - 2014-07-20 9:21:21 AM | Computer Name = PRECIOUS | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 11.0.9600.17126 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 740c Start
Time: 01cfa41d5f69fadd Termination Time: 4294967295 Application Path: C:\Program 
Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: b895ab45-1010-11e4-be75-84a6c8253757
Faulting
package full name: Faulting package-relative application ID:

Error - 2014-07-20 9:47:53 AM | Computer Name = PRECIOUS | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.3.9600.17039 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: acc0 Start
Time: 01cfa4201e309de8 Termination Time: 0 Application Path: C:\Windows\explorer.exe
Report
Id: 717164cc-1014-11e4-be75-84a6c8253757 Faulting package full name: Faulting package-relative
application ID:

Error - 2014-07-20 9:48:47 AM | Computer Name = PRECIOUS | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.3.9600.17039 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2918 Start
Time: 01cfa3724c66a62e Termination Time: 0 Application Path: C:\WINDOWS\Explorer.EXE
Report
Id: 5ab7dc55-1013-11e4-be75-84a6c8253757 Faulting package full name: Faulting package-relative
application ID:

Error - 2014-07-20 8:27:18 PM | Computer Name = PRECIOUS | Source = Application Error | ID = 1000
Description = Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39,
time stamp: 0x4ffe56d2 Faulting module name: MSVCR90.dll, version: 9.0.30729.8387,
time stamp: 0x51ea1bbd Exception code: 0x40000015 Fault offset: 0x000000000004267f
Faulting
process id: 0x9518 Faulting application start time: 0x01cfa47a837644ad Faulting application
path: C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5x Faulting module path:
C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll
Report
Id: c52ae9f4-106d-11e4-be75-84a6c8253757 Faulting package full name: Faulting package-relative
application ID:

Error - 2014-07-22 6:23:08 AM | Computer Name = PRECIOUS | Source = Application Error | ID = 1000
Description = Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39,
time stamp: 0x4ffe56d2 Faulting module name: MSVCR90.dll, version: 9.0.30729.8387,
time stamp: 0x51ea1bbd Exception code: 0x40000015 Fault offset: 0x000000000004267f
Faulting
process id: 0x11fd4 Faulting application start time: 0x01cfa596eb4f36ef Faulting 
application path: C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5x Faulting
module path: C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll
Report
Id: 2c36a22a-118a-11e4-be75-84a6c8253757 Faulting package full name: Faulting package-relative
application ID:

Error - 2014-07-22 7:15:53 AM | Computer Name = PRECIOUS | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Spybot
- Search & Destroy\DelZip179.dll".Error in manifest or policy file "C:\Program 
Files (x86)\Spybot - Search & Destroy\DelZip179.dll" on line 8. The value "*" of 
attribute "language" in element "assemblyIdentity" is invalid.

Error - 2014-07-22 3:21:16 PM | Computer Name = PRECIOUS | Source = Application Error | ID = 1000
Description = Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39,
time stamp: 0x4ffe56d2 Faulting module name: MSVCR90.dll, version: 9.0.30729.8387,
time stamp: 0x51ea1bbd Exception code: 0x40000015 Fault offset: 0x000000000004267f
Faulting
process id: 0x1655c Faulting application start time: 0x01cfa5e21bb87427 Faulting 
application path: C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5x Faulting
module path: C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll
Report
Id: 59addac0-11d5-11e4-be75-84a6c8253757 Faulting package full name: Faulting package-relative
application ID:

[ System Events ]
Error - 2014-07-15 2:40:42 PM | Computer Name = PRECIOUS | Source = Service Control Manager | ID = 7000
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
to start due to the following error: %%1053

Error - 2014-07-15 2:41:16 PM | Computer Name = PRECIOUS | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error - 2014-07-15 2:41:16 PM | Computer Name = PRECIOUS | Source = Service Control Manager | ID = 7000
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
to start due to the following error: %%1053

Error - 2014-07-15 2:42:54 PM | Computer Name = PRECIOUS | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1326 To ensure
that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).

Error - 2014-07-15 2:42:54 PM | Computer Name = PRECIOUS | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 2014-07-15 2:52:07 PM | Computer Name = PRECIOUS | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error - 2014-07-15 2:52:07 PM | Computer Name = PRECIOUS | Source = Service Control Manager | ID = 7000
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
to start due to the following error: %%1053

Error - 2014-07-15 2:54:06 PM | Computer Name = PRECIOUS | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1326 To ensure
that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).

Error - 2014-07-15 2:54:06 PM | Computer Name = PRECIOUS | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 2014-07-15 3:00:46 PM | Computer Name = PRECIOUS | Source = DCOM | ID = 10010
Description =

< End of report >


----------



## Cookiegal (Aug 27, 2003)

There is evidence in your log of running a pirated version of Adobe Photoshop CS6 therefor that should be uninstalled.

Also, before going any further, please do the following:

Please open an Elevated Command Prompt window (on the Start screen, type "Command" - a Command Prompt icon will appear, right-click on it and select Run as Administrator) then copy the following command and paste it in at the prompt:

*Licensingdiag.exe -report %userprofile%\desktop\report.txt -log %userprofile%\desktop\repfiles.cab*

After running the command, two files will appear on your desktop, report.txt and repfiles.cab. Please open the report.txt file in Notepad and copy and paste the contents here. The repfiles.cab is only a backup file and can be ignored for the time being.


----------



## soulsister (Feb 20, 2013)

Thanks Cookiegal. Can you tell me what it is we're doing here overall, not sure... Report is below.

<DiagReport>
<LicensingData>
<ToolVersion>6.3.9600.16384</ToolVersion>
<LicensingStatus>SL_LICENSING_STATUS_LICENSED</LicensingStatus>
<LicensingStatusReason>0x00000000</LicensingStatusReason>
<LocalGenuineState>SL_GEN_STATE_IS_GENUINE</LocalGenuineState>
<LocalGenuineResultP>1</LocalGenuineResultP>
<LastOnlineGenuineResult>0x00000000</LastOnlineGenuineResult>
<GraceTimeMinutes>0</GraceTimeMinutes>
<TotalGraceDays>0</TotalGraceDays>
<ValidityExpiration></ValidityExpiration>
<ActivePartialProductKey>4X6BG</ActivePartialProductKey>
<ActiveProductKeyPid2>00179-60209-91971-AAOEM</ActiveProductKeyPid2>
<OSVersion>6.3.9600.2.00010300.0.0.101</OSVersion>
<ProductName>Windows 8.1</ProductName>
<ProcessorArchitecture>x64</ProcessorArchitecture>
<EditionId>Core</EditionId>
<BuildLab>9600.winblue_gdr.140330-1035</BuildLab>
<TimeZone>Eastern Standard Time(GMT-04:00)</TimeZone>
<ActiveSkuId>9e4b231b-3e45-41f4-967f-c914f178b6ac</ActiveSkuId>
<ActiveSkuDescription>Windows(R) Operating System, OEM_DM channel</ActiveSkuDescription>
<ProductUniquenessGroups>55c92734-d682-4d71-983e-d6ec3f16059f</ProductUniquenessGroups>
<ActiveProductKeyPKeyId>06c1a14f-0164-df36-6bd1-3d9819ff1346</ActiveProductKeyPKeyId>
<ActiveProductKeyPidEx>06401-01796-020-991971-02-1033-9600.0000-1662014</ActiveProductKeyPidEx>
<ActiveProductKeyChannel>OEMM</ActiveProductKeyChannel>
<ActiveVolumeCustomerPid></ActiveVolumeCustomerPid>
<OfflineInstallationId>366701260372743321100088364271230447574033381972094388024316481</OfflineInstallationId>
<DomainJoined>false</DomainJoined>
<ComputerSid>S-1-5-21-1481102844-3686879177-3490302776</ComputerSid>
<ProductLCID>1033</ProductLCID>
<UserLCID>4105</UserLCID>
<SystemLCID>1033</SystemLCID>
<CodeSigning>SIGNED_INFO_PRS_SIGNED</CodeSigning>
<ServiceAvailable>true</ServiceAvailable>
<OemMarkerVersion>0x00020001</OemMarkerVersion>
<OemId>DELL </OemId>
<OemTableId>QA09 </OemTableId>
<Manufacturer>Dell Inc. </Manufacturer>
<Model>Inspiron 7720</Model>
<InstallDate>20140615064221.000000-240</InstallDate>
</LicensingData>
<HealthCheck>
<Result>PASS</Result>
<TamperedItems></TamperedItems>
</HealthCheck>
<GenuineAuthz>
<ServerProps>GenuineId=55c92734-d682-4d71-983e-d6ec3f16059f;OemId=0000002811;OptionalInfoId=t6Dix3g1HAS3JTxwHB3K8rUA8Gxz4rFMuGeuRqJEXwVFHe8fZrPFMqEb8/MdVMb1;Pid=fhfEJ29jjqzZ3soY4mYBNAcN1UcNs/+QFVoA1Fi7GF8=;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;TimeStampServer=2014-06-14T19:49:19Z;</ServerProps>
</GenuineAuthz>
</DiagReport>


----------



## Cookiegal (Aug 27, 2003)

Did you install this VPN Server intentionally?

SoftEther VPN Project at University of Tsukuba, Japan

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: C:\Program Files\mcafee\msc\npMcSnFFPl64.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected] .com: C:\Program Files\McAfee\MSK
```

Then click the *Run Fix* button at the top
Let the program run unhindered. It should reboot when it is done but if it does not, please reboot your system.
Please post the log it produces in your next reply.


----------



## soulsister (Feb 20, 2013)

Yes, I installed that VPN myself.

Here are the log files:

OTL logfile created on: 2014-08-05 4:19:59 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cynthia\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd

7.86 Gb Total Physical Memory | 4.65 Gb Available Physical Memory | 59.17% Memory free
9.11 Gb Paging File | 5.27 Gb Available in Paging File | 57.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.68 Gb Total Space | 869.07 Gb Free Space | 94.60% Space Free | Partition Type: NTFS
Drive X: | 9.40 Gb Total Space | 0.23 Gb Free Space | 2.47% Space Free | Partition Type: NTFS
Drive Y: | 2.00 Gb Total Space | 1.66 Gb Free Space | 82.89% Space Free | Partition Type: NTFS

Computer Name: PRECIOUS | User Name: Cynthia Local | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014-08-02 06:53:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cynthia\Desktop\OTL.exe
PRC - [2014-07-31 14:49:46 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014-07-15 14:49:40 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-08-08 12:23:28 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012-08-08 12:23:08 | 001,091,520 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012-08-06 11:58:50 | 000,491,880 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
PRC - [2012-08-06 11:58:30 | 004,056,424 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
PRC - [2012-08-06 11:58:14 | 001,919,336 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
PRC - [2012-07-17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012-07-17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012-07-09 14:47:18 | 000,277,504 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012-07-09 14:47:14 | 000,007,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012-06-25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012-06-07 23:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012-06-01 21:47:48 | 000,143,888 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2009-03-05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2014-07-15 14:49:40 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014-07-15 14:49:40 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2013-12-18 14:42:50 | 000,013,088 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2012-08-09 14:51:14 | 002,003,304 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
MOD - [2012-08-06 11:59:24 | 000,117,608 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
MOD - [2012-08-06 11:59:16 | 001,153,384 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
MOD - [2012-06-08 12:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012-06-07 23:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

========== Services (SafeList) ==========

SRV:*64bit:* - [2014-07-23 17:24:38 | 004,352,568 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) [Auto | Running] -- C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe -- (SEVPNCLIENT)
SRV:*64bit:* - [2014-07-15 14:49:40 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:*64bit:* - [2014-06-15 10:05:52 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:*64bit:* - [2014-06-15 10:04:12 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:*64bit:* - [2014-06-15 10:04:11 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:*64bit:* - [2014-06-15 10:00:59 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:*64bit:* - [2014-06-15 10:00:58 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:*64bit:* - [2014-06-15 10:00:21 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:*64bit:* - [2014-06-15 10:00:20 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:*64bit:* - [2014-06-15 10:00:20 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:*64bit:* - [2014-05-21 00:33:44 | 000,314,696 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV:*64bit:* - [2014-03-18 06:13:26 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:*64bit:* - [2014-03-18 06:13:25 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:*64bit:* - [2014-03-18 06:13:20 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:*64bit:* - [2014-03-18 06:13:18 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:*64bit:* - [2014-03-18 06:13:18 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:*64bit:* - [2014-03-18 06:13:14 | 000,399,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:*64bit:* - [2014-03-18 06:13:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:*64bit:* - [2014-03-18 06:13:13 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:*64bit:* - [2013-08-28 16:24:04 | 003,378,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:*64bit:* - [2013-08-28 16:23:48 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:*64bit:* - [2013-08-28 16:23:40 | 000,626,416 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:*64bit:* - [2013-08-28 16:23:20 | 000,149,744 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:*64bit:* - [2013-08-22 08:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:*64bit:* - [2013-08-22 07:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:*64bit:* - [2013-08-22 07:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:*64bit:* - [2013-08-22 07:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:*64bit:* - [2013-08-22 07:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:*64bit:* - [2013-08-22 07:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:*64bit:* - [2013-08-22 06:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:*64bit:* - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:*64bit:* - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:*64bit:* - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:*64bit:* - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:*64bit:* - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:*64bit:* - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:*64bit:* - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:*64bit:* - [2013-08-22 06:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:*64bit:* - [2013-08-22 05:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:*64bit:* - [2013-08-22 05:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:*64bit:* - [2013-08-22 05:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:*64bit:* - [2013-08-22 05:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:*64bit:* - [2013-08-22 05:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:*64bit:* - [2013-08-22 05:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:*64bit:* - [2013-08-22 05:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:*64bit:* - [2013-08-22 05:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:*64bit:* - [2012-07-24 06:59:56 | 000,321,536 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:*64bit:* - [2012-07-17 01:38:26 | 000,731,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:*64bit:* - [2012-05-30 14:11:34 | 000,149,544 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:*64bit:* - [2012-05-02 14:49:44 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:*64bit:* - [2012-04-20 15:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2014-06-15 10:00:20 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014-05-21 00:33:48 | 000,278,344 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013-12-18 14:42:30 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013-08-22 08:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013-08-21 23:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013-08-21 22:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012-08-08 12:23:28 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012-08-08 12:23:08 | 001,091,520 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012-08-06 11:58:14 | 001,919,336 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe -- (SftService)
SRV - [2012-07-17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-07-17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-07-13 21:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012-07-09 14:47:14 | 000,007,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012-06-25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2014-07-23 17:26:29 | 000,028,768 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Neo_VPN.sys -- (Neo_VPN)
DRV:*64bit:* - [2014-07-23 17:24:36 | 000,038,112 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SeLow_x64.sys -- (SeLow)
DRV:*64bit:* - [2014-07-15 14:49:47 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:*64bit:* - [2014-07-15 14:49:41 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:*64bit:* - [2014-07-15 14:49:41 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:*64bit:* - [2014-07-15 14:49:41 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:*64bit:* - [2014-07-15 14:49:40 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:*64bit:* - [2014-07-15 14:49:40 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:*64bit:* - [2014-07-15 14:49:40 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:*64bit:* - [2014-07-15 14:49:40 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:*64bit:* - [2014-06-15 10:05:12 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:*64bit:* - [2014-06-15 10:04:12 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:*64bit:* - [2014-06-15 10:04:12 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:*64bit:* - [2014-06-15 10:04:12 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:*64bit:* - [2014-06-15 10:04:11 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:*64bit:* - [2014-06-15 10:00:59 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:*64bit:* - [2014-06-15 10:00:59 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:*64bit:* - [2014-06-15 10:00:58 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:*64bit:* - [2014-06-15 10:00:20 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:*64bit:* - [2014-05-29 14:33:16 | 000,185,352 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:*64bit:* - [2014-05-21 00:33:36 | 003,791,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2014-05-06 18:39:17 | 000,038,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:*64bit:* - [2014-05-06 18:39:17 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:*64bit:* - [2014-03-18 07:08:50 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:*64bit:* - [2014-03-18 07:08:26 | 000,441,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:*64bit:* - [2014-03-18 06:13:19 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:*64bit:* - [2014-03-18 06:13:15 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:*64bit:* - [2014-03-18 06:13:15 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:*64bit:* - [2014-03-18 06:13:02 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:*64bit:* - [2014-03-18 06:13:01 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:*64bit:* - [2014-03-18 06:13:01 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:*64bit:* - [2014-03-18 06:13:01 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:*64bit:* - [2014-03-18 06:13:01 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:*64bit:* - [2014-03-18 06:13:01 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:*64bit:* - [2014-03-18 06:13:01 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:*64bit:* - [2014-03-18 06:13:00 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:*64bit:* - [2014-03-18 06:13:00 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:*64bit:* - [2014-03-18 06:13:00 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:*64bit:* - [2014-03-18 05:45:47 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:*64bit:* - [2014-03-18 05:45:41 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:*64bit:* - [2013-12-18 14:42:58 | 000,032,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:*64bit:* - [2013-10-08 22:12:46 | 003,345,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwew00.sys -- (NETwNe64)
DRV:*64bit:* - [2013-09-23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:*64bit:* - [2013-08-22 09:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:*64bit:* - [2013-08-22 09:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2013-08-22 08:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:*64bit:* - [2013-08-22 08:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:*64bit:* - [2013-08-22 08:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:*64bit:* - [2013-08-22 08:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:*64bit:* - [2013-08-22 08:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:*64bit:* - [2013-08-22 08:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2013-08-22 08:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2013-08-22 08:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:*64bit:* - [2013-08-22 08:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2013-08-22 08:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:*64bit:* - [2013-08-22 08:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:*64bit:* - [2013-08-22 08:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2013-08-22 08:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2013-08-22 08:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:*64bit:* - [2013-08-22 08:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2013-08-22 08:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:*64bit:* - [2013-08-22 08:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:*64bit:* - [2013-08-22 08:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2013-08-22 08:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:*64bit:* - [2013-08-22 08:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:*64bit:* - [2013-08-22 08:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2013-08-22 08:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:*64bit:* - [2013-08-22 08:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:*64bit:* - [2013-08-22 08:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:*64bit:* - [2013-08-22 08:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:*64bit:* - [2013-08-22 08:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:*64bit:* - [2013-08-22 08:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:*64bit:* - [2013-08-22 07:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:*64bit:* - [2013-08-22 07:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:*64bit:* - [2013-08-22 07:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:*64bit:* - [2013-08-22 07:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:*64bit:* - [2013-08-22 07:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:*64bit:* - [2013-08-22 07:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:*64bit:* - [2013-08-22 07:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:*64bit:* - [2013-08-22 07:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:*64bit:* - [2013-08-22 07:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:*64bit:* - [2013-08-22 07:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:*64bit:* - [2013-08-22 07:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:*64bit:* - [2013-08-22 07:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:*64bit:* - [2013-08-22 07:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:*64bit:* - [2013-08-22 07:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:*64bit:* - [2013-08-22 07:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2013-08-22 07:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:*64bit:* - [2013-08-22 07:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:*64bit:* - [2013-08-22 07:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:*64bit:* - [2013-08-22 07:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:*64bit:* - [2013-08-22 07:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:*64bit:* - [2013-08-22 07:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:*64bit:* - [2013-08-22 07:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:*64bit:* - [2013-08-22 04:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:*64bit:* - [2013-08-12 19:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:*64bit:* - [2013-08-09 20:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:*64bit:* - [2013-07-30 14:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:*64bit:* - [2013-07-25 15:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:*64bit:* - [2013-06-18 10:46:17 | 000,591,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:*64bit:* - [2012-10-27 00:02:10 | 000,651,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:*64bit:* - [2012-08-09 20:29:52 | 000,188,384 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xHCIPort.sys -- (XHCIPort)
DRV:*64bit:* - [2012-08-05 02:22:10 | 000,010,752 | ---- | M] (OSR Open Systems Resources, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DellRbtn.sys -- (DellRbtn)
DRV:*64bit:* - [2012-08-01 04:57:52 | 000,445,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:*64bit:* - [2012-07-24 06:59:56 | 000,540,160 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:*64bit:* - [2012-07-17 01:39:22 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:*64bit:* - [2012-07-14 18:36:30 | 000,825,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:*64bit:* - [2012-07-12 03:04:30 | 000,445,304 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:*64bit:* - [2012-07-04 13:31:40 | 000,055,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:*64bit:* - [2012-07-02 19:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:*64bit:* - [2012-06-25 11:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:*64bit:* - [2012-06-19 11:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:*64bit:* - [2012-06-15 17:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:*64bit:* - [2012-05-30 14:10:50 | 000,016,168 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {9960E138-2EA3-4551-95C0-859B20CD56AD}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:*64bit:* - HKLM\..\SearchScopes\{9960E138-2EA3-4551-95C0-859B20CD56AD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9960E138-2EA3-4551-95C0-859B20CD56AD}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9960E138-2EA3-4551-95C0-859B20CD56AD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
IE - HKCU\..\SearchScopes,DefaultScope = {9960E138-2EA3-4551-95C0-859B20CD56AD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: C:\Program Files\mcafee\msc\npMcSnFFPl64.dll File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-15 14:49:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

========== Chrome ==========

CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013-06-24 21:30:54 | 000,001,204 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com 
O1 - Hosts: ::1 localhost
O2:*64bit:* - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:*64bit:* - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:*64bit:* - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:*64bit:* - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Motorola Solutions, Inc.)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe File not found
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxTray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe File not found
O4:*64bit:* - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:*64bit:* - HKLM..\Run: [SoftEther VPN Client UI Helper] C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
O4:*64bit:* - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.6.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:*64bit:* - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: designyourwall.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: wallpaperdirect.com ([www] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99125FBB-36B6-4BB9-A324-8A09D999BF5B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6BC5219-F923-431D-9EC3-79CBA2E82A5B}: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O20:*64bit:* - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-04-16 10:35:33 | 000,000,000 | -HS- | M] () - Y:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014-08-02 06:53:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cynthia\Desktop\OTL.exe
[2014-07-31 16:59:10 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Google Drive\Documents\Graphics in Progress
[2014-07-31 09:49:45 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Google Drive\Documents\Online Receipts
[2014-07-27 09:09:59 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Google Drive\Documents\Favorites Backups fr IE
[2014-07-24 00:34:37 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Local\Adobe
[2014-07-23 20:07:08 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Google Drive\Documents\Photoshop Downloads
[2014-07-23 17:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2014-07-23 17:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014-07-23 17:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014-07-23 17:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014-07-23 17:26:29 | 000,028,768 | ---- | C] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\WINDOWS\SysNative\drivers\Neo_VPN.sys
[2014-07-23 17:26:13 | 000,038,240 | ---- | C] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\WINDOWS\SysNative\drivers\see.sys
[2014-07-23 17:24:53 | 000,135,736 | ---- | C] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\WINDOWS\SysNative\vpncmd.exe
[2014-07-23 17:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
[2014-07-23 17:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\SoftEther VPN Client
[2014-07-23 17:24:30 | 000,038,112 | ---- | C] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\WINDOWS\SysNative\drivers\SeLow_x64.sys
[2014-07-23 17:21:39 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Desktop\vpngate-client-2014.07.14-build-9473.130124
[2014-07-23 16:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014-07-23 16:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Photoshop CS6 Extended Files from USB
[2014-07-23 16:39:13 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Desktop\CS6 Instruction Files
[2014-07-23 15:53:51 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Desktop\FRST-OlderVersion
[2014-07-22 15:14:46 | 000,137,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vcomp120.dll
[2014-07-20 10:58:12 | 000,000,000 | R--D | C] -- C:\Users\Cynthia\Google Drive
[2014-07-20 10:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2014-07-20 10:41:52 | 000,895,120 | ---- | C] (Google Inc.) -- C:\Users\Cynthia\Desktop\googledrivesync.exe
[2014-07-20 09:34:14 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Google Drive\Documents\CyberLink
[2014-07-20 09:34:13 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Roaming\CyberLink
[2014-07-20 09:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014-07-20 09:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014-07-19 14:39:16 | 000,000,000 | ---D | C] -- C:\FRST
[2014-07-19 13:09:22 | 002,091,520 | ---- | C] (Farbar) -- C:\Users\Cynthia\Desktop\FRST64.exe
[2014-07-18 16:33:53 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Desktop\Videos from Pond5
[2014-07-15 14:49:40 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014-07-15 14:45:50 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Roaming\AVAST Software
[2014-07-15 14:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014-07-15 14:44:21 | 001,041,168 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsnx.sys
[2014-07-15 14:44:21 | 001,039,096 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsnx.sys.1405449877984
[2014-07-15 14:44:21 | 000,427,360 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys
[2014-07-15 14:44:21 | 000,423,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys.1405449877984
[2014-07-15 14:44:21 | 000,093,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys
[2014-07-15 14:44:21 | 000,092,008 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswstm.sys
[2014-07-15 14:44:21 | 000,085,328 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswstm.sys.1405449877984
[2014-07-15 14:44:21 | 000,079,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys
[2014-07-15 14:44:20 | 000,307,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe
[2014-07-15 14:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014-07-15 14:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014-07-14 08:47:23 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Google Drive\Documents\Education n Occupations
[2014-07-12 16:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2014-07-12 16:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014-07-12 16:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2014-07-12 16:06:42 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014-07-12 16:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014-07-12 16:06:28 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2014-07-12 16:06:28 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2014-07-12 16:06:28 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2014-07-12 16:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014-07-12 16:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-07-10 14:27:41 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\osk.exe
[2014-07-10 14:27:41 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\osk.exe
[2014-07-10 14:27:36 | 001,417,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2014-07-10 14:27:36 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\adtschema.dll
[2014-07-10 14:27:36 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\adtschema.dll
[2014-07-10 14:27:36 | 000,436,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\certcli.dll
[2014-07-10 14:27:36 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\certcli.dll
[2014-07-10 14:26:36 | 005,721,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2014-07-10 14:26:32 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2014-07-10 14:26:32 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2014-07-10 14:26:32 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2014-07-10 14:26:32 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2014-07-10 14:26:32 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2014-07-10 14:26:32 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2014-07-10 14:26:32 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtmsft.dll
[2014-07-10 14:26:32 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll
[2014-07-10 14:26:32 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2014-07-10 14:26:32 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2014-07-10 14:26:17 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\qedit.dll
[2014-07-10 14:26:17 | 000,488,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qedit.dll
[2014-07-10 14:26:16 | 013,287,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2014-07-10 14:26:16 | 011,792,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2014-07-10 14:26:16 | 001,054,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.appcore.dll
[2014-07-10 14:26:16 | 000,923,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2014-07-10 14:26:16 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.appcore.dll
[2014-07-10 14:26:16 | 000,827,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2014-07-10 14:26:16 | 000,756,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2014-07-10 14:26:16 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2014-07-10 14:26:16 | 000,555,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinapi.appcore.dll
[2014-07-10 14:26:16 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2014-07-10 14:26:16 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2014-07-10 14:26:16 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2014-07-10 14:26:16 | 000,054,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2014-07-10 14:26:15 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2014-07-10 14:23:10 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSReset.exe

========== Files - Modified Within 30 Days ==========

[2014-08-05 16:07:05 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014-08-05 06:40:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014-08-05 05:10:23 | 000,001,098 | ---- | M] () -- C:\Users\Cynthia\Desktop\Google Drive.lnk
[2014-08-05 05:01:50 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014-08-05 05:01:49 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014-08-03 08:49:21 | 000,558,692 | ---- | M] () -- C:\Users\Cynthia\Desktop\repfiles.cab
[2014-08-02 06:55:44 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\paint.net.lnk
[2014-08-02 06:53:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cynthia\Desktop\OTL.exe
[2014-07-31 17:45:25 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014-07-31 17:45:22 | 2459,709,439 | -HS- | M] () -- C:\hiberfil.sys
[2014-07-31 11:38:57 | 000,042,808 | ---- | M] () -- C:\Users\Cynthia\Desktop\Snap Logo.pdn
[2014-07-31 01:27:50 | 000,076,680 | ---- | M] () -- C:\Users\Cynthia\Desktop\Snap Logo.psd
[2014-07-29 21:02:24 | 000,344,225 | ---- | M] () -- C:\Users\Cynthia\Desktop\ChrisEvansGQ.jpg
[2014-07-28 07:49:02 | 000,000,132 | ---- | M] () -- C:\Users\Cynthia\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014-07-23 23:49:19 | 000,865,408 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014-07-23 23:49:19 | 000,736,970 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014-07-23 23:49:19 | 000,140,352 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014-07-23 19:49:06 | 000,010,001 | ---- | M] () -- C:\Users\Cynthia\Desktop\Snap Logo.jpg
[2014-07-23 19:16:33 | 251,929,016 | ---- | M] () -- C:\Users\Cynthia\Desktop\Adobe.zip
[2014-07-23 18:53:01 | 000,001,705 | ---- | M] () -- C:\Users\Cynthia\Desktop\Photoshop.exe - Shortcut.lnk
[2014-07-23 17:26:29 | 000,028,768 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\WINDOWS\SysNative\drivers\Neo_VPN.sys
[2014-07-23 17:26:13 | 000,038,240 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\WINDOWS\SysNative\drivers\see.sys
[2014-07-23 17:24:53 | 000,135,736 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\WINDOWS\SysNative\vpncmd.exe
[2014-07-23 17:24:49 | 000,001,973 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk
[2014-07-23 17:24:49 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk
[2014-07-23 17:24:36 | 000,038,112 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\WINDOWS\SysNative\drivers\SeLow_x64.sys
[2014-07-23 15:53:51 | 002,091,520 | ---- | M] (Farbar) -- C:\Users\Cynthia\Desktop\FRST64.exe
[2014-07-22 15:14:46 | 000,137,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vcomp120.dll
[2014-07-20 10:48:05 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2014-07-20 10:48:05 | 000,002,058 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2014-07-20 10:48:05 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2014-07-20 10:41:52 | 000,895,120 | ---- | M] (Google Inc.) -- C:\Users\Cynthia\Desktop\googledrivesync.exe
[2014-07-16 11:18:53 | 005,889,471 | ---- | M] () -- C:\Users\Cynthia\Google Drive\Documents\Phone Instruction Manual 2014pdf.pdf
[2014-07-15 14:49:52 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014-07-15 14:49:47 | 000,427,360 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys
[2014-07-15 14:49:41 | 001,041,168 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsnx.sys
[2014-07-15 14:49:41 | 000,224,896 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys
[2014-07-15 14:49:41 | 000,092,008 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswstm.sys
[2014-07-15 14:49:40 | 000,307,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe
[2014-07-15 14:49:40 | 000,093,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys
[2014-07-15 14:49:40 | 000,079,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys
[2014-07-15 14:49:40 | 000,065,776 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys
[2014-07-15 14:49:40 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014-07-15 14:49:40 | 000,029,208 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswHwid.sys
[2014-07-15 14:45:44 | 000,002,104 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2014-07-15 14:44:18 | 001,039,096 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsnx.sys.1405449877984
[2014-07-15 14:44:18 | 000,423,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys.1405449877984
[2014-07-15 14:44:18 | 000,085,328 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswstm.sys.1405449877984
[2014-07-12 16:33:19 | 000,001,276 | ---- | M] () -- C:\Users\Cynthia\Desktop\Spybot - Search & Destroy.lnk
[2014-07-12 16:07:46 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014-07-12 16:06:31 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-07-10 14:23:10 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSReset.exe

========== Files Created - No Company Name ==========

[2014-08-05 05:10:23 | 000,001,098 | ---- | C] () -- C:\Users\Cynthia\Desktop\Google Drive.lnk
[2014-08-03 08:49:21 | 000,558,692 | ---- | C] () -- C:\Users\Cynthia\Desktop\repfiles.cab
[2014-07-31 01:27:48 | 000,076,680 | ---- | C] () -- C:\Users\Cynthia\Desktop\Snap Logo.psd
[2014-07-29 21:04:53 | 000,344,225 | ---- | C] () -- C:\Users\Cynthia\Desktop\ChrisEvansGQ.jpg
[2014-07-28 07:42:10 | 000,000,132 | ---- | C] () -- C:\Users\Cynthia\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014-07-23 19:53:09 | 000,042,808 | ---- | C] () -- C:\Users\Cynthia\Desktop\Snap Logo.pdn
[2014-07-23 19:49:02 | 000,010,001 | ---- | C] () -- C:\Users\Cynthia\Desktop\Snap Logo.jpg
[2014-07-23 19:15:36 | 251,929,016 | ---- | C] () -- C:\Users\Cynthia\Desktop\Adobe.zip
[2014-07-23 18:53:01 | 000,001,705 | ---- | C] () -- C:\Users\Cynthia\Desktop\Photoshop.exe - Shortcut.lnk
[2014-07-23 17:59:22 | 000,001,053 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2014-07-23 17:57:39 | 000,001,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2014-07-23 17:24:49 | 000,001,973 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk
[2014-07-23 17:24:49 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk
[2014-07-20 10:48:05 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2014-07-20 10:48:05 | 000,002,058 | ---- | C] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2014-07-20 10:48:05 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2014-07-16 11:18:52 | 005,889,471 | ---- | C] () -- C:\Users\Cynthia\Google Drive\Documents\Phone Instruction Manual 2014pdf.pdf
[2014-07-15 14:44:52 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014-07-15 14:44:21 | 000,224,896 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys
[2014-07-15 14:44:21 | 000,065,776 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys
[2014-07-15 14:44:21 | 000,029,208 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswHwid.sys
[2014-07-12 16:33:19 | 000,001,276 | ---- | C] () -- C:\Users\Cynthia\Desktop\Spybot - Search & Destroy.lnk
[2014-07-12 16:06:31 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-06-15 11:47:39 | 000,000,136 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2014-06-15 06:42:24 | 000,000,624 | RHS- | C] () -- C:\Users\Cynthia\ntuser.pol
[2014-06-14 20:38:29 | 000,002,104 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2014-05-21 00:33:38 | 000,348,088 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2014-05-21 00:33:32 | 000,183,808 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2014-05-21 00:33:32 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2014-03-18 06:13:28 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014-03-18 06:13:03 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013-08-22 11:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013-08-22 11:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013-08-22 10:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013-08-22 03:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013-08-21 23:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013-08-21 19:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013-08-21 19:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012-09-29 00:10:26 | 000,880,342 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-06-15 10:00:20 | 021,268,952 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-06-15 10:00:21 | 018,755,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 05:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-21 22:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 05:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< :OTL >

< FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: C:\Program Files\mcafee\msc\npMcSnFFPl64.dll File not found >
Invalid Switch: MSC,version=10: C:\Program Files\mcafee\msc\npMcSnFFPl64.dll File not found

< FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll File not found >
Invalid Switch: MSC,version=10: C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll File not found

< FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected] .com: C:\Program Files\McAfee\MSK >

========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\Users\Cynthia\OneDrive:ms-properties
< End of report >


----------



## soulsister (Feb 20, 2013)

Sorry - Should have said this in the last post. There wasn't an Extras file this time so the above is the only log file.


----------



## Cookiegal (Aug 27, 2003)

Have you run the fix yet? The previous log looks like you just copied the fix but didn't run it. It should produce a log saying the items in the fix were moved or deleted.

Also, have you ever used an application called People Near Me which is a Messenger type of chat program?

Have you ever used something called Network Projector?


----------



## soulsister (Feb 20, 2013)

Hi Cookiegal - sorry, I hit the Scan, not Fix, button. The proper log is below. 


No, I have never used People Near Me or Network Projector. I looked them up to make sure.


Thanks again for your assistance! 


Log:


64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/MSC,version=10\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/MSC,version=10\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected] .com not found.
File C:\Program Files\McAfee\MSK not found.

OTL by OldTimer - Version 3.2.69.0 log created on 08082014_060102


----------



## Cookiegal (Aug 27, 2003)

Going back to your original problem, are you still getting the invalid firewall rules message?


----------



## soulsister (Feb 20, 2013)

Hi,


Yes, CCleaner still finds invalid firewall rules involving 'P2P' and 'Shared Access'. There are a lot of problems it finds with the registry but these are the ones that concern me. I've posted those particular ones below:


Invalid firewall rule MCX-McrMgr-Out-TCP - %SystemRoot%\ehome\mcrmgr.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule MCX-Prov-Out-TCP - %SystemRoot%\ehome\mcx2prov.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule MCX-Out-UDP - %SystemRoot%\ehome\ehshell.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule MCX-In-UDP - %SystemRoot%\ehome\ehshell.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule MCX-Out-TCP - %SystemRoot%\ehome\ehshell.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule MCX-In-TCP - %SystemRoot%\ehome\ehshell.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule NetPres-Out-TCP - %SystemRoot%\system32\netproj.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule NetPres-In-TCP - %SystemRoot%\system32\netproj.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule NetPres-WSD-Out-UDP - %SystemRoot%\system32\netproj.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule NetPres-WSD-In-UDP - %SystemRoot%\system32\netproj.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule NetPres-Out-TCP-NoScope - %SystemRoot%\system32\netproj.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule NetPres-In-TCP-NoScope - %SystemRoot%\system32\netproj.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule Collab-P2PHost-WSD-Out-UDP - %SystemRoot%\system32\p2phost.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule Collab-P2PHost-WSD-In-UDP - %SystemRoot%\system32\p2phost.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule Collab-P2PHost-Out-TCP - %SystemRoot%\system32\p2phost.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Invalid firewall rule Collab-P2PHost-In-TCP - %SystemRoot%\system32\p2phost.exe HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules


----------



## Cookiegal (Aug 27, 2003)

Don't be concerned with "Shared Access". All firewall settings come under that key, some may be allowed and some may be disabled.

Do you have a Media Center Extender?

http://windows.microsoft.com/en-ca/...a-center-extenders-frequently-asked-questions

I assume you get those invalid firewall rules when doing a registry scan with CCleaner? You shouldn't ever use that feature as cleaning the registry can often do more harm than good.


----------



## soulsister (Feb 20, 2013)

Okay I won't touch the registry then. No, I don't have a media extender of any sort.


----------



## Cookiegal (Aug 27, 2003)

I don't know what to tell you other than it appears that Vista was on this machine (or someone tried to install it) at some point in time. These files referenced in the invalid firewall rules:

%SystemRoot%\system32\p2phost.exe
%SystemRoot%\system32\netproj.exe

belong to a program called Windows Net Meeting that only existed on Vista and is not included on later operating system.

Also, it appears may have come installed on your Windows 8 machine.

There were a few other entries in your initial post that belonged to McAfee which we removed.

But, my advice would be to ignore those findings in CCleaner as they aren't causing any harm and removing them could potentially disable something.


----------



## soulsister (Feb 20, 2013)

Ok so these files are only referenced and no longer exist?


----------



## Cookiegal (Aug 27, 2003)

Not necessarily. They are only listed in ControlSet001 and not under CurrentControlSet so that's probably why the rules are broken. 

Did you check to see if the files exist?


----------



## soulsister (Feb 20, 2013)

Well, the search feature only finds the file names in my notepad files. In Windows 8 I'm not sure how to ensure you're searching your whole hard drive. Shouldn't it find the file name in the registry itself too?


----------



## Cookiegal (Aug 27, 2003)

We're not looking for it in the registry. We're looking for it in the files in the system32 folder. You can navigate to the folder by following the path:

Click on *This PC* and then double-click the* C drive* and then open the *Windows *folder and then open the *System32* folder and within that folder look to see if those files are there.

For future reference, when searching for files or folders click on This PC before entering the search criteria where it says Search This PC and it will search all locations.


----------

