Eric Witzling
Posts: 120 +2
PC exhibiting some strange behavior, including Gmail text-replacement while writing email to others. Definitely spotted and removed malware crud, but noticed residual and reminiscent behavior in two unkillable conhost.exe processes and somewhere between 8-10 chrome.exe processes (which are killable and do not immediately come back) that start up in the background after a reboot, and make me think there's still something buried deep and mucking about.
Your instructions have changed a bit from previous, so I hope I'm giving you what you need. Avast Pro is already on the system and can run scans, but is not currently updating properly. (Mainly it's just been getting in the way of my own cleanup.)
FRST and Addition logs pasted below. Let me know if you want any further details of steps I've already taken and logs already collected.
--------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by janice (administrator) on CFO-HP on 09-04-2015 15:16:16
Running from C:\downloads
Loaded Profiles: janice (Available profiles: janice & patty & cfo & Xerox)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco WebEx LLC) C:\Windows\System32\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(ECi FMAudit) C:\Program Files\FMAuditOnsite\fmaonsite.exe
(HP) C:\Program Files\Hp\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
(LogMeIn, Inc.) C:\Users\janice\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Silver Bullet Technologies, Inc.) C:\Program Files\Silver Bullet Technology\Ranger\Logging\SBTLogServiceWindows.exe
(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Hewlett-Packard, Inc.) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(LogMeIn, Inc.) C:\Users\janice\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SHARP CORPORATION) C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Hewlett-Packard Company) C:\Program Files\Hp\StatusAlerts\bin\HPStatusAlerts.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1133\g2mstart.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Users\janice\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\janice\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1133\g2mcomm.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1133\g2mlauncher.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(LogMeIn, Inc.) C:\Users\janice\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_134_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7596576 2009-07-02] (Realtek Semiconductor)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-24] (Intel Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11268096 2010-05-06] (Hewlett-Packard)
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [SharpTray.exe] => C:\Program Files\Sharp\Sharpdesk\SharpTray.exe [131584 2009-12-08] (SHARP CORPORATION)
HKLM\...\Run: [IndexTray.exe] => C:\Program Files\Sharp\Sharpdesk\IndexTray.exe [395264 2009-12-08] (SHARP CORPORATION)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295512 2013-04-24] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-01-14] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-01-14] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HP LaserJet 400 MFP M425 Series Fax] => C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [2459888 2014-08-14] (Hewlett-Packard Company)
HKLM\...\Run: [StatusAlerts] => C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
HKU\S-1-5-21-1614596209-2777662679-913267390-1001\...\Run: [AROReminder] => [X]
HKU\S-1-5-21-1614596209-2777662679-913267390-1001\...\Run: [AIM for Windows] => "C:\Users\janice\AppData\Local\AOL\AIM\aim.exe"
HKU\S-1-5-21-1614596209-2777662679-913267390-1001\...\Run: [GoToMeeting] => C:\Program Files\Citrix\GoToMeeting\1133\g2mstart.exe [40816 2013-04-30] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1614596209-2777662679-913267390-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-1614596209-2777662679-913267390-1001\...\Run: [4903C05AE9AB57B53A27693FF7048D6A8B2DA265._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-1614596209-2777662679-913267390-1001\...\Run: [GoogleChromeAutoLaunch_41D9CE09389FE1B3294D13AB76B81B46] => C:\Program Files\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-1614596209-2777662679-913267390-1001\...\Run: [Amazon Music] => C:\Users\janice\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886272 2015-03-02] ()
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\janice\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\janice\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\janice\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\janice\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\janice\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\janice\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\janice\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\janice\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\janice\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:55242;https=127.0.0.1:55242
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-1614596209-2777662679-913267390-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lakelandbank.com/default.aspx
HKU\S-1-5-21-1614596209-2777662679-913267390-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1614596209-2777662679-913267390-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1614596209-2777662679-913267390-1001 -> {A11B5998-39F5-42F5-B7DE-C12D15C43B18} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-03-06] (RealDownloader)
BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-05-06] (Hewlett-Packard)
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-04-22] (DigitalPersona, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-09] (Oracle Corporation)
BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-09] (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09] (AVAST Software)
Toolbar: HKU\S-1-5-21-1614596209-2777662679-913267390-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1614596209-2777662679-913267390-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1614596209-2777662679-913267390-1001 -> No Name - {41565256-3700-A76A-76A7-7A786E7484D7} - No File
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} https://merchant.lakelandbank.com/WebCaptureWeb/alternatiff_licensed.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll [2009-12-08] (SHARP CORPORATION)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{52760699-64C9-4F0F-8791-D1B6936A8915}: [NameServer] 151.198.0.39,204.117.214.10
FireFox:
========
FF ProfilePath: C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\4n87uf9r.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-27] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-03] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2014-09-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-09] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin: Web Components -> C:\Program Files\Web Components\npWebVideoPlugin.dll [2013-07-01] ()
FF Plugin HKU\S-1-5-21-1614596209-2777662679-913267390-1001: @citrixonline.com/appdetectorplugin -> C:\Users\janice\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-04-30] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2013-04-24] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013-04-24] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\janice\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-12-04] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\4n87uf9r.default\searchplugins\AOL Search.xml [2014-02-11]
FF Extension: AOL Messaging Toolbar - C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\4n87uf9r.default\Extensions\{c2f863cd-0429-48c7-bb54-db756a951760} [2014-02-11]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-05-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-28]
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-04-24]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: No Name - C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\4n87uf9r.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [Not Found]
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [Not Found]
FF Extension: No Name - C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\4n87uf9r.default\extensions\cda2aa03-4bc9-4ec7-9498-460a0930b748@ad411bc8-5385-474c-96ad-ae0bd30853a6.com [Not Found]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.gmail.com/", "https://drive.google.com/a/minehill.com/?usp=chrome_app#my-drive", "https://www.google.com/calendar/render"
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=523482&p={searchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Live Documents) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\amaifjdaecbdedhngkjojpkdnjndpcch [2013-03-15]
CHR Extension: (Google Drive) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-04]
CHR Extension: (RemindMe) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkbeopafgiefnlffkhmkhldcojehlgam [2013-06-17]
CHR Extension: (Google Calendar) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-03-15]
CHR Extension: (Pandora) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-03-19]
CHR Extension: (Wunderlist Panel) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkkhbbhipldmgjflneimpacklkiogpo [2013-11-18]
CHR Extension: (Google Play Music) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-03-19]
CHR Extension: (RealDownloader) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-09-02]
CHR Extension: (Google Voice Desktop Notifier) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhfodlhanopbgfajnmcimljnakgioee [2013-03-15]
CHR Extension: (Simple Wunderlist Popup) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnncalpbcgmbdcbhcmlihhmgdmolegl [2013-11-18]
CHR Extension: (Todoist: To-Do list and Task Manager) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2013-03-15]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2014-09-09]
CHR Extension: (Google Voice (by Google)) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2013-03-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Mail Checker) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-03-15]
CHR Extension: (GroupDocs Signature plugin for Gmail) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhlbakmenmejflfilefakdjhfoiohggl [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (My Chrome Theme) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2013-03-15]
CHR Extension: (Outlook.com) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-03-30]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 atashost; C:\Windows\system32\atashost.exe [118568 2014-12-04] (Cisco WebEx LLC)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300808 2010-04-22] (DigitalPersona, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [362040 2010-04-28] (Hewlett-Packard Ltd)
R2 FMAuditOnsite; C:\Program Files\FMAuditOnsite\fmaonsite.exe [67664 2015-03-11] (ECi FMAudit)
S3 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [120832 2009-10-15] (Hewlett-Packard) [File not signed]
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2010-03-16] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 Hp.Skyroom.Windows.Service; C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [124472 2010-03-03] (Hewlett-Packard)
R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-01] (McAfee, Inc.)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [298496 2010-05-06] (Hewlett-Packard) [File not signed]
R2 LMIRescue_64eaaef1-33c8-4935-b520-fc5098fb7598; C:\Users\janice\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe [3088688 2015-04-09] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 rgsender; c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [379904 2009-11-19] (Hewlett-Packard, Inc.) [File not signed]
R2 SBT Log; C:\Program Files\Silver Bullet Technology\Ranger\Logging\SBTLogServiceWindows.exe [42496 2013-07-29] (Silver Bullet Technologies, Inc.) [File not signed]
R2 SWGVCSvc; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [227352 2009-03-05] (SonicWALL, Inc.)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-24] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R0 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [21576 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2013-06-27] ()
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2010-03-08] (Hewlett-Packard Development Company L.P.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-04-09] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-09] (Malwarebytes Corporation)
R1 RsvLock; C:\Windows\system32\Drivers\RsvLock.sys [40088 2010-02-01] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\system32\Drivers\SafeBoot.sys [110520 2010-02-01] () [File not signed]
R0 SbAlg; C:\Windows\system32\Drivers\SbAlg.sys [51800 2010-02-01] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\system32\Drivers\SbFsLock.sys [13256 2010-02-01] (McAfee, Inc.)
R3 SmrtSrc; C:\Windows\System32\DRIVERS\SmrtSrc.sys [199904 2012-06-04] (Jungo)
S1 SWIPsec; C:\Windows\system32\Drivers\SWIPsec.sys [87064 2009-03-05] (SonicWALL, Inc.)
S3 SWVNIC; C:\Windows\System32\DRIVERS\swvnic.sys [21016 2009-03-04] (SonicWALL, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
Your instructions have changed a bit from previous, so I hope I'm giving you what you need. Avast Pro is already on the system and can run scans, but is not currently updating properly. (Mainly it's just been getting in the way of my own cleanup.)
FRST and Addition logs pasted below. Let me know if you want any further details of steps I've already taken and logs already collected.
--------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by janice (administrator) on CFO-HP on 09-04-2015 15:16:16
Running from C:\downloads
Loaded Profiles: janice (Available profiles: janice & patty & cfo & Xerox)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco WebEx LLC) C:\Windows\System32\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(ECi FMAudit) C:\Program Files\FMAuditOnsite\fmaonsite.exe
(HP) C:\Program Files\Hp\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
(LogMeIn, Inc.) C:\Users\janice\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Silver Bullet Technologies, Inc.) C:\Program Files\Silver Bullet Technology\Ranger\Logging\SBTLogServiceWindows.exe
(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Hewlett-Packard, Inc.) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(LogMeIn, Inc.) C:\Users\janice\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SHARP CORPORATION) C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Hewlett-Packard Company) C:\Program Files\Hp\StatusAlerts\bin\HPStatusAlerts.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1133\g2mstart.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Users\janice\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\janice\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1133\g2mcomm.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1133\g2mlauncher.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(LogMeIn, Inc.) C:\Users\janice\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_134_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7596576 2009-07-02] (Realtek Semiconductor)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-24] (Intel Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11268096 2010-05-06] (Hewlett-Packard)
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [SharpTray.exe] => C:\Program Files\Sharp\Sharpdesk\SharpTray.exe [131584 2009-12-08] (SHARP CORPORATION)
HKLM\...\Run: [IndexTray.exe] => C:\Program Files\Sharp\Sharpdesk\IndexTray.exe [395264 2009-12-08] (SHARP CORPORATION)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295512 2013-04-24] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-01-14] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-01-14] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HP LaserJet 400 MFP M425 Series Fax] => C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [2459888 2014-08-14] (Hewlett-Packard Company)
HKLM\...\Run: [StatusAlerts] => C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
HKU\S-1-5-21-1614596209-2777662679-913267390-1001\...\Run: [AROReminder] => [X]
HKU\S-1-5-21-1614596209-2777662679-913267390-1001\...\Run: [AIM for Windows] => "C:\Users\janice\AppData\Local\AOL\AIM\aim.exe"
HKU\S-1-5-21-1614596209-2777662679-913267390-1001\...\Run: [GoToMeeting] => C:\Program Files\Citrix\GoToMeeting\1133\g2mstart.exe [40816 2013-04-30] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1614596209-2777662679-913267390-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-1614596209-2777662679-913267390-1001\...\Run: [4903C05AE9AB57B53A27693FF7048D6A8B2DA265._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-1614596209-2777662679-913267390-1001\...\Run: [GoogleChromeAutoLaunch_41D9CE09389FE1B3294D13AB76B81B46] => C:\Program Files\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-1614596209-2777662679-913267390-1001\...\Run: [Amazon Music] => C:\Users\janice\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886272 2015-03-02] ()
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\janice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\janice\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\janice\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\janice\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\janice\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\janice\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\janice\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\janice\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\janice\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\janice\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:55242;https=127.0.0.1:55242
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-1614596209-2777662679-913267390-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lakelandbank.com/default.aspx
HKU\S-1-5-21-1614596209-2777662679-913267390-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1614596209-2777662679-913267390-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1614596209-2777662679-913267390-1001 -> {A11B5998-39F5-42F5-B7DE-C12D15C43B18} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-03-06] (RealDownloader)
BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-05-06] (Hewlett-Packard)
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-04-22] (DigitalPersona, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-09] (Oracle Corporation)
BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-09] (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09] (AVAST Software)
Toolbar: HKU\S-1-5-21-1614596209-2777662679-913267390-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1614596209-2777662679-913267390-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1614596209-2777662679-913267390-1001 -> No Name - {41565256-3700-A76A-76A7-7A786E7484D7} - No File
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} https://merchant.lakelandbank.com/WebCaptureWeb/alternatiff_licensed.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll [2009-12-08] (SHARP CORPORATION)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{52760699-64C9-4F0F-8791-D1B6936A8915}: [NameServer] 151.198.0.39,204.117.214.10
FireFox:
========
FF ProfilePath: C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\4n87uf9r.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-27] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-03] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2014-09-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-09] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin: Web Components -> C:\Program Files\Web Components\npWebVideoPlugin.dll [2013-07-01] ()
FF Plugin HKU\S-1-5-21-1614596209-2777662679-913267390-1001: @citrixonline.com/appdetectorplugin -> C:\Users\janice\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-04-30] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2013-04-24] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013-04-24] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\janice\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-12-04] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\4n87uf9r.default\searchplugins\AOL Search.xml [2014-02-11]
FF Extension: AOL Messaging Toolbar - C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\4n87uf9r.default\Extensions\{c2f863cd-0429-48c7-bb54-db756a951760} [2014-02-11]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-05-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-28]
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-04-24]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: No Name - C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\4n87uf9r.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [Not Found]
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [Not Found]
FF Extension: No Name - C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\4n87uf9r.default\extensions\cda2aa03-4bc9-4ec7-9498-460a0930b748@ad411bc8-5385-474c-96ad-ae0bd30853a6.com [Not Found]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.gmail.com/", "https://drive.google.com/a/minehill.com/?usp=chrome_app#my-drive", "https://www.google.com/calendar/render"
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=523482&p={searchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Live Documents) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\amaifjdaecbdedhngkjojpkdnjndpcch [2013-03-15]
CHR Extension: (Google Drive) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-04]
CHR Extension: (RemindMe) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkbeopafgiefnlffkhmkhldcojehlgam [2013-06-17]
CHR Extension: (Google Calendar) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-03-15]
CHR Extension: (Pandora) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-03-19]
CHR Extension: (Wunderlist Panel) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkkhbbhipldmgjflneimpacklkiogpo [2013-11-18]
CHR Extension: (Google Play Music) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-03-19]
CHR Extension: (RealDownloader) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-09-02]
CHR Extension: (Google Voice Desktop Notifier) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhfodlhanopbgfajnmcimljnakgioee [2013-03-15]
CHR Extension: (Simple Wunderlist Popup) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnncalpbcgmbdcbhcmlihhmgdmolegl [2013-11-18]
CHR Extension: (Todoist: To-Do list and Task Manager) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2013-03-15]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2014-09-09]
CHR Extension: (Google Voice (by Google)) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2013-03-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Mail Checker) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-03-15]
CHR Extension: (GroupDocs Signature plugin for Gmail) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhlbakmenmejflfilefakdjhfoiohggl [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (My Chrome Theme) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2013-03-15]
CHR Extension: (Outlook.com) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-03-30]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 atashost; C:\Windows\system32\atashost.exe [118568 2014-12-04] (Cisco WebEx LLC)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300808 2010-04-22] (DigitalPersona, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [362040 2010-04-28] (Hewlett-Packard Ltd)
R2 FMAuditOnsite; C:\Program Files\FMAuditOnsite\fmaonsite.exe [67664 2015-03-11] (ECi FMAudit)
S3 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [120832 2009-10-15] (Hewlett-Packard) [File not signed]
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2010-03-16] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 Hp.Skyroom.Windows.Service; C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [124472 2010-03-03] (Hewlett-Packard)
R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-01] (McAfee, Inc.)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [298496 2010-05-06] (Hewlett-Packard) [File not signed]
R2 LMIRescue_64eaaef1-33c8-4935-b520-fc5098fb7598; C:\Users\janice\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe [3088688 2015-04-09] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 rgsender; c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [379904 2009-11-19] (Hewlett-Packard, Inc.) [File not signed]
R2 SBT Log; C:\Program Files\Silver Bullet Technology\Ranger\Logging\SBTLogServiceWindows.exe [42496 2013-07-29] (Silver Bullet Technologies, Inc.) [File not signed]
R2 SWGVCSvc; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [227352 2009-03-05] (SonicWALL, Inc.)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-24] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R0 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [21576 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2013-06-27] ()
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2010-03-08] (Hewlett-Packard Development Company L.P.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-04-09] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-09] (Malwarebytes Corporation)
R1 RsvLock; C:\Windows\system32\Drivers\RsvLock.sys [40088 2010-02-01] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\system32\Drivers\SafeBoot.sys [110520 2010-02-01] () [File not signed]
R0 SbAlg; C:\Windows\system32\Drivers\SbAlg.sys [51800 2010-02-01] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\system32\Drivers\SbFsLock.sys [13256 2010-02-01] (McAfee, Inc.)
R3 SmrtSrc; C:\Windows\System32\DRIVERS\SmrtSrc.sys [199904 2012-06-04] (Jungo)
S1 SWIPsec; C:\Windows\system32\Drivers\SWIPsec.sys [87064 2009-03-05] (SonicWALL, Inc.)
S3 SWVNIC; C:\Windows\System32\DRIVERS\swvnic.sys [21016 2009-03-04] (SonicWALL, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)