rbruculere
Posts: 26 +0
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-05-2016
Ran by roberta (administrator) on BERT2 (01-05-2016 12:02:07)
Running from C:\Users\roberta\Desktop
Loaded Profiles: roberta (Available Profiles: roberta & Administrator)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Code 42 Software) C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
() C:\Windows\SysWOW64\PSIService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2898832 2012-10-01] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-09-06] (Glarysoft Ltd)
HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\RunOnce: [Uninstall C:\Users\roberta\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\roberta\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\Users\roberta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-12-13] ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-217919241-653189731-3087365520-1001] => :0
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{68140839-f5c5-47f8-a4de-51b7b83a6646}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{98ee28be-2e50-4a5e-a30c-4ae15ce48e8c}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-217919241-653189731-3087365520-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://pogo.com/
HKU\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> {BC14135C-D68E-42EF-B268-8219E40D5C00} URL = hxxp://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> {DB986CAF-1ABD-437B-A09F-C2B7C4E9D4D5} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-30] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-30] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
FireFox:
========
FF ProfilePath: C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine.US: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.my.yahoo.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-15] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-30] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2013-11-06]
FF Extension: Saved Password Editor - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\extensions\savedpasswordeditor@daniel.dawson.xpi [2016-01-28]
FF Extension: Print Edit - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\extensions\printedit@DW-dev.xpi [2016-04-01]
FF Extension: Print/Print Preview - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi [2016-04-30]
FF Extension: NoScript Suite Lite - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\Extensions\jid1-k8qH8wJfc2KaUi@jetpack.xpi [2016-02-10]
FF Extension: Toolbar Buttons - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}.xpi [2016-04-30]
FF Extension: FireShot - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-04-30]
FF Extension: Adblock Plus - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-30]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-08-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2306248 2015-04-02] (Comodo)
R2 CrashPlanService; C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [266112 2016-04-14] (Code 42 Software)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-08-06] (Conexant Systems, Inc.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
R2 HPSLPSVC; C:\Users\roberta\AppData\Local\Temp\7zS031F\hpslpsvc64.dll [1039360 2015-09-21] (Hewlett-Packard Co.) [File not signed]
S3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-04-27] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-12-13] (Intel Corporation)
S3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1064552 2015-10-07] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S3 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-12-01] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-12-01] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-03-26] (CyberLink)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2014-04-04] (SoftThinks SAS)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-08-29] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-04] (OSR Open Systems Resources, Inc.)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31160 2014-04-24] ()
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-07-10] (Glarysoft Ltd)
R1 GUSBootStartup; C:\Windows\System32\drivers\GUSBootStartup.sys [20160 2015-07-10] (Glarysoft Ltd)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2016-03-28] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-12-01] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-07] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-12-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
S3 NMgamingmsFltr; C:\Windows\system32\drivers\NMgamingms.sys [11648 2014-02-27] (LXD Development, Inc.) [File not signed]
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Ran by roberta (administrator) on BERT2 (01-05-2016 12:02:07)
Running from C:\Users\roberta\Desktop
Loaded Profiles: roberta (Available Profiles: roberta & Administrator)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Code 42 Software) C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
() C:\Windows\SysWOW64\PSIService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2898832 2012-10-01] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-09-06] (Glarysoft Ltd)
HKU\S-1-5-21-217919241-653189731-3087365520-1001\...\RunOnce: [Uninstall C:\Users\roberta\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\roberta\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\Users\roberta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-12-13] ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-217919241-653189731-3087365520-1001] => :0
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{68140839-f5c5-47f8-a4de-51b7b83a6646}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{98ee28be-2e50-4a5e-a30c-4ae15ce48e8c}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-217919241-653189731-3087365520-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://pogo.com/
HKU\S-1-5-21-217919241-653189731-3087365520-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> {BC14135C-D68E-42EF-B268-8219E40D5C00} URL = hxxp://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> {DB986CAF-1ABD-437B-A09F-C2B7C4E9D4D5} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-30] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-30] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-217919241-653189731-3087365520-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
FireFox:
========
FF ProfilePath: C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine.US: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.my.yahoo.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-15] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-30] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2013-11-06]
FF Extension: Saved Password Editor - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\extensions\savedpasswordeditor@daniel.dawson.xpi [2016-01-28]
FF Extension: Print Edit - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\extensions\printedit@DW-dev.xpi [2016-04-01]
FF Extension: Print/Print Preview - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi [2016-04-30]
FF Extension: NoScript Suite Lite - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\Extensions\jid1-k8qH8wJfc2KaUi@jetpack.xpi [2016-02-10]
FF Extension: Toolbar Buttons - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}.xpi [2016-04-30]
FF Extension: FireShot - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-04-30]
FF Extension: Adblock Plus - C:\Users\roberta\AppData\Roaming\Mozilla\Firefox\Profiles\1mofzxkm.default-1401985839117\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-30]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-08-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2306248 2015-04-02] (Comodo)
R2 CrashPlanService; C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [266112 2016-04-14] (Code 42 Software)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-08-06] (Conexant Systems, Inc.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
R2 HPSLPSVC; C:\Users\roberta\AppData\Local\Temp\7zS031F\hpslpsvc64.dll [1039360 2015-09-21] (Hewlett-Packard Co.) [File not signed]
S3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-04-27] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-12-13] (Intel Corporation)
S3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1064552 2015-10-07] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S3 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-12-01] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-12-01] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-03-26] (CyberLink)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2014-04-04] (SoftThinks SAS)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-08-29] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-04] (OSR Open Systems Resources, Inc.)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31160 2014-04-24] ()
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-07-10] (Glarysoft Ltd)
R1 GUSBootStartup; C:\Windows\System32\drivers\GUSBootStartup.sys [20160 2015-07-10] (Glarysoft Ltd)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2016-03-28] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-12-01] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-07] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-12-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
S3 NMgamingmsFltr; C:\Windows\system32\drivers\NMgamingms.sys [11648 2014-02-27] (LXD Development, Inc.) [File not signed]
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)