Inactive-A Sick computer - Farbar logs

[brokensynapse]

Avast won't run..


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-10-2016
Ran by Sean Harris (03-10-2016 08:38:43)
Running from C:\Users\Sean Harris\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2007-12-10 14:05:09)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2532419472-1891236629-2710359153-500 - Administrator - Disabled)
Guest (S-1-5-21-2532419472-1891236629-2710359153-501 - Limited - Disabled)
Sean Harris (S-1-5-21-2532419472-1891236629-2710359153-1000 - Administrator - Enabled) => C:\Users\Sean Harris
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
3ivx MPEG-4 5.0.3 (remove only) (HKLM\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Reader 8.1.4 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
AIO_Scan (Version: 90.0.200.000 - Hewlett-Packard) Hidden
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
Avast Free Antivirus (HKLM\...\avast) (Version: 12.3.2280 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION
C4200 (Version: 90.0.200.000 - Hewlett-Packard) Hidden
C4200_doccd (Version: 90.0.200.000 - Hewlett-Packard) Hidden
c4200_Help (Version: 90.0.200.000 - Hewlett-Packard) Hidden
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: 4.18.0.0 - Conexant)
Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)
D1400 (Version: 82.0.201.000 - Hewlett-Packard) Hidden
D1400_Help (Version: 82.0.201.000 - Hewlett-Packard) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 90.0.146.000 - Hewlett-Packard) Hidden
dj_sf_ProductContext (Version: 82.0.201.000 - Hewlett-Packard) Hidden
dj_sf_software (Version: 82.0.201.000 - Hewlett-Packard) Hidden
dj_sf_software_req (Version: 82.0.201.000 - Hewlett-Packard) Hidden
DocProc (Version: 9.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
ESU for Microsoft Vista (HKLM\...\{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}) (Version: 2.0.5.1 - Hewlett-Packard)
FlipShare (HKLM\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
Google Chrome (HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7) (Version: - )
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Deskjet 8.0 Software (HKLM\...\{58535A90-1788-44f5-80BB-CFF62D9CE6D5}) (Version: 8.0 - HP)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Help and Support (HKLM\...\{31216452-5540-4C96-B754-94890A63D5AB}) (Version: 2.0.10.0 - Hewlett-Packard)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP OCR Software 9.0 (HKLM\...\HPOCR) (Version: 9.0 - HP)
HP Photosmart All-In-One Software 9.0 (HKLM\...\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}) (Version: 9.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Quick Launch Buttons 6.20 B1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.20 B1 - Hewlett-Packard)
HP QuickPlay 3.2 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Total Care Advisor (HKLM\...\{F6B29003-A078-4491-AFBE-62EFB6CFFE19}) (Version: 1.1.19 - Hewlett-Packard)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP User Guides 0057 (HKLM\...\{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}) (Version: 1.03.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{D32067CD-7409-4792-BFA0-1469BCD8F0C8}) (Version: 3.00 F1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPNetworkAssistant (HKLM\...\{228C6B46-64E2-404E-898A-EF0830603EF4}) (Version: 1.1.70 - Hewlett-Packard.)
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
iRip (HKLM\...\{4D6FAB8B-F22B-4272-AA27-9A188E21D047}) (Version: 1.0.1.26 - The Little App Factory, LLC.)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
LightScribe 1.6.43.1 (Version: 1.6.43.1 - hxxp://www.lightscribe.com) Hidden
lucky leap 1.0.0 (HKLM\...\lucky leap) (Version: 1.0.0 - luckyleap)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSCU for Microsoft Vista (HKLM\...\{F7F3B252-E772-48AA-93EB-7964BC326067}) (Version: 1.0.1.3 - Hewlett-Packard)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
muvee autoProducer 6.0 (HKLM\...\{0BFC200F-C45D-4271-AF34-4CA969225DEB}) (Version: 6.00.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hplaptop Master Uninstall) (Version: HPLAP0503 - WildTangent)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PS_AIO_ProductContext (Version: 90.0.200.000 - Hewlett-Packard) Hidden
PS_AIO_Software (Version: 90.0.200.000 - Hewlett-Packard) Hidden
PS_AIO_Software_min (Version: 90.0.200.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.551 - Roxio)
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
SmartAudio (HKLM\...\SmartAudio) (Version: - Conexant)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.11.0 - Synaptics)
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00933A8A-3422-4586-9E45-308AD322BEF9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
Task: {1412B440-FDB7-41E6-8183-27745EBE5E5C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-30] (Adobe Systems Incorporated)
Task: {1ED2DAD1-B90F-47C4-9AD8-40C635104ABA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000UA => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
Task: {3FD8946A-E628-4156-8828-714FFBF264AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000Core => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
Task: {4BCC7A0C-E50E-411F-8F3D-E0EDB7757D2B} - System32\Tasks\Microsoft\Windows\RestartManager\{F4B3AC6E-5272-4ecd-8978-AD89A4B845B7} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {4E501739-E756-46DA-853D-28912C450019} - System32\Tasks\{A565FBF5-B545-4ECA-A3D7-9B6C20E5C002} => pcalua.exe -a "C:\Program Files\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime
Task: {57BD79E1-5C5B-4AC0-B900-F484A6914EF6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-03] (AVAST Software)
Task: {747042E3-0465-46ED-8FBD-D10F1237B493} - System32\Tasks\{3E0875DD-48EE-44CE-914E-FFF7328DECE6} => pcalua.exe -a E:\VEWLP.exe -d E:\
Task: {7ECA859A-C65E-4A4A-8E57-2B933E9D5600} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {9BB60AAB-7B57-46EA-98EA-06AFBBAD0263} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {BEA8B901-0A1F-4F11-BBFE-F4614D338841} - System32\Tasks\Leader Technologies\PowerRegister\Seagate Product Registration (Sean Harris) => C:\Users\Sean Harris\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe
Task: {CADDBFCC-FBE3-4667-B886-B4270DC74A09} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20] ()
Task: {CCDB5F33-EE1C-4E35-85EB-F4288B702FA0} - System32\Tasks\GoogleUpdateTaskMachineCore1cf457faa263eb0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
Task: {CE005CD6-F910-45E8-81EA-191E6AB3E30A} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {CF985692-40E1-463E-9FC5-23C3BB86519C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
Task: {D54B8BA8-5E74-4E66-9C33-D861F421CBAF} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20] ()
Task: {E873E323-022B-45F0-B512-0F14A92DEC0B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf457faa263eb0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000Core.job => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000UA.job => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => rundll32.exe C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Sean Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iRip\iRip Help.lnk -> hxxp://www.ipodrip.com/help/
==================== Loaded Modules (Whitelisted) ==============
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-08-04 05:40 - 2007-04-23 20:11 - 00262243 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
2007-08-04 05:40 - 2007-04-23 20:11 - 00237673 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2011-05-06 14:07 - 2011-05-06 14:07 - 00460144 _____ () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
2010-10-26 01:06 - 2010-10-26 01:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShare\QtCore4.dll
2011-05-06 14:07 - 2011-05-06 14:07 - 04317184 _____ () C:\Program Files\Flip Video\FlipShare\Core.dll
2011-05-06 14:02 - 2011-05-06 14:02 - 00737280 _____ () C:\Program Files\Flip Video\FlipShare\qca2.dll
2010-10-26 01:23 - 2010-10-26 01:23 - 08351744 _____ () C:\Program Files\Flip Video\FlipShare\QtGui4.dll
2010-10-26 01:08 - 2010-10-26 01:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
2010-10-26 01:23 - 2010-10-26 01:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShare\QtSql4.dll
2010-10-26 01:06 - 2010-10-26 01:06 - 00364544 _____ () C:\Program Files\Flip Video\FlipShare\QtXml4.dll
2010-10-26 09:34 - 2010-10-26 09:34 - 11853824 _____ () C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
2010-10-26 01:37 - 2010-10-26 01:37 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\phonon4.dll
2010-05-20 14:49 - 2010-05-20 14:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShare\PocoNet.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShare\PocoXML.dll
2011-05-06 13:58 - 2011-05-06 13:58 - 01085440 _____ () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
2010-10-26 01:06 - 2010-10-26 01:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
2010-10-26 01:08 - 2010-10-26 01:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
2010-10-26 01:23 - 2010-10-26 01:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
2010-05-20 14:49 - 2010-05-20 14:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 00175616 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 00291840 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 00110592 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
2013-11-17 12:15 - 2014-07-28 13:45 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-04-25 14:31 - 2014-07-28 13:44 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2007-02-16 19:40 - 2007-02-16 19:40 - 01466368 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-02-16 19:40 - 2007-02-16 19:40 - 05521408 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-08-04 05:39 - 2007-04-23 20:10 - 00061440 _____ () C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
2007-08-04 06:15 - 2007-01-30 17:58 - 00677576 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2016-09-30 09:46 - 2016-10-03 07:36 - 00660672 _____ () C:\Program Files\lucky leap\bin\utilluckyleap.exe
2014-08-08 15:48 - 2016-10-03 05:34 - 00108224 _____ () C:\Program Files\lucky leap\bin\luckyleap.BrowserAdapter.exe
2016-09-30 09:49 - 2016-10-03 03:34 - 00296640 _____ () C:\Program Files\lucky leap\bin\luckyleap.PurBrowse.exe
2016-09-30 09:49 - 2016-10-03 03:34 - 00115392 _____ () C:\Program Files\lucky leap\bin\luckyleap.expext.exe
2016-09-30 09:49 - 2016-10-03 03:34 - 00065728 _____ () C:\Program Files\lucky leap\bin\luckyleap.Plinx.exe
2016-10-03 07:36 - 2016-10-03 03:34 - 00057024 _____ () C:\Users\Sean Harris\AppData\Local\Temp\fd899a94-6b8c-4550-aa5b-d682036c2eb2.dll
2013-10-03 15:45 - 2016-10-03 07:37 - 00660672 _____ () C:\Program Files\lucky leap\updateluckyleap.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [149]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisor => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
MSCONFIG\startupreg: QPService => "C:\Program Files\HP\QuickPlay\QPService.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{5BC58A37-88F1-48D7-8BE5-98236F326965}] => (Allow) C:\Program Files\HP\QuickPlay\QP.exe
FirewallRules: [{977244DC-0C6F-4602-9E5D-F53F4137696A}] => (Allow) C:\Program Files\HP\QuickPlay\QPService.exe
FirewallRules: [{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{05F6F3EF-B25C-4001-8372-FE26E6D1B328}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{F238082B-3978-480D-B122-CF2A1C1231A2}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{A7BB0588-8517-458B-B620-0B480C80D0FC}] => (Allow) C:\Program Files\HP\Digital Imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{0A83C0EF-91EE-40EC-B9DD-94EC2F9C6793}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{AD2D0DB4-8073-4B72-97FA-914302A36EE1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{A45ED214-B796-4345-B13D-CA5D29C899E1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe
FirewallRules: [{FF3EC5DE-D183-4CC9-986F-7CD0872593E1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{EFB3DB1D-3484-47A4-9202-6A9FE178DEED}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{41E5F946-A697-4ED1-8D0C-CD91FCAF5FC6}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{B4798DC6-D4D5-4570-8A2F-71D2E88DD43A}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{5E1AAB3A-A0D4-49EC-AB04-A097036047DC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{99CE8B0B-0A89-44B0-AC11-188A247E7521}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{551C54BC-CD2F-446D-9D0B-61352826742D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{4B7E4457-248F-4BA2-B8A8-00C7062C975D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{A4087168-D94B-4F77-BCAA-54D29F4D37F4}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [TCP Query User{AC8F7B82-0F15-496C-B3DA-34A8E2D33ADE}C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{928CECF7-5561-42E5-A96F-92BDD4375C78}C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{BB46DB95-497E-4F81-BB3C-571989FE87BF}] => (Allow) LPort=80
FirewallRules: [{5748741B-55B0-4A30-B114-9EC7C5ED8D53}] => (Allow) LPort=80
FirewallRules: [{A314BA29-E94B-4111-B178-7F969512969F}] => (Allow) LPort=80
FirewallRules: [{B7C28AAB-E2B8-4BE5-8218-A97A13A465E6}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{869C5BB4-2081-4A8C-BE6B-1309D7AD1721}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{66C4BA6A-BA64-4BA7-86C2-4D79991E3D06}] => (Allow) LPort=24726
FirewallRules: [{2E7DE2A1-FE43-492B-A940-46FC5FF331C3}] => (Allow) LPort=24727
FirewallRules: [{B638C71C-0524-4696-9415-4B37CFAE9837}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{604FD86F-44D0-4D8A-90E6-7563E93CF1C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB1059DF-3934-4FD1-BDAD-CE3E4F7ABFD1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A3C01DD2-B03F-435B-A3A2-A2D39DA42443}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{275871E7-69B6-4FB6-BA8B-92C7DDF9BAE0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4DBC2E42-7A2F-483D-A697-FB6992600E9A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe] => Enabled:Earthlink
==================== Restore Points =========================
05-04-2014 13:25:40 Windows Update
06-04-2014 03:00:37 Windows Update
06-04-2014 12:23:34 Installed Java 7 Update 51
12-04-2014 12:44:01 Windows Update
12-04-2014 14:18:39 Removed Java 7 Update 51
12-04-2014 14:21:07 Installed Java 7 Update 51
12-04-2014 14:29:15 Windows Update
13-04-2014 13:03:44 avast! antivirus system restore point
19-04-2014 15:13:08 Windows Update
19-04-2014 15:24:08 Windows Update
29-04-2014 12:01:42 Windows Update
29-04-2014 12:07:58 Windows Update
28-07-2014 13:30:55 avast! antivirus system restore point
28-07-2014 13:44:23 Installed Java 7 Update 65
28-07-2014 14:20:09 Windows Update
30-07-2014 03:01:16 Windows Update
05-08-2014 01:37:40 Windows Update
08-08-2014 01:40:41 Windows Update
12-08-2014 19:50:51 Windows Update
13-08-2014 03:00:45 Windows Update
19-08-2014 01:57:53 Windows Update
06-10-2014 06:07:03 Windows Update
07-10-2014 03:01:53 Windows Update
28-08-2016 15:44:52 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
30-09-2016 08:30:14 Removed DriverUpdate
30-09-2016 08:55:11 Removed SlimCleaner Plus
30-09-2016 09:12:28 Removed SlimCleaner Plus
==================== Faulty Device Manager Devices =============
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================
Application errors:
==================
Error: (10/03/2016 06:36:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (10/03/2016 06:32:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (09/30/2016 10:16:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23712
Error: (09/30/2016 10:16:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23712
Error: (09/30/2016 10:16:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/30/2016 10:16:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11841
Error: (09/30/2016 10:16:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11841
Error: (09/30/2016 10:16:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/30/2016 09:25:51 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Error: (09/30/2016 09:08:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 65630

System errors:
=============
Error: (10/03/2016 06:30:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswTdi
Error: (10/03/2016 06:30:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error:
After starting, the service hung in a start-pending state.
Error: (10/03/2016 06:30:11 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The CyberLink Background Capture Service (CBCS) service hung on starting.
Error: (10/03/2016 06:29:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (10/03/2016 06:28:06 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:26:13 AM on 10/3/2016 was unexpected.
Error: (10/03/2016 06:21:45 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the FlipShare Service service.
Error: (09/30/2016 09:42:56 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswTdi
Error: (09/30/2016 09:42:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error:
After starting, the service hung in a start-pending state.
Error: (09/30/2016 09:42:56 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The CyberLink Background Capture Service (CBCS) service hung on starting.
Error: (09/30/2016 09:41:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

CodeIntegrity:
===================================
Date: 2013-11-09 12:35:12.498
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-11-09 12:35:11.484
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-11-09 12:35:10.377
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-11-09 12:35:09.363
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-11-09 12:35:08.317
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2012-04-25 14:59:15.534
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG10\Drivers\Vista\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.
Date: 2012-04-25 14:59:13.506
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG10\Drivers\Vista\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.
Date: 2012-04-25 14:59:11.665
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG10\Drivers\Vista\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.
Date: 2012-04-25 14:59:10.012
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG10\Drivers\Vista\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.
Date: 2012-04-25 14:56:11.227
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG10\Drivers\ErHrVx86\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55
Percentage of memory in use: 84%
Total physical RAM: 1982.18 MB
Available physical RAM: 299.62 MB
Total Virtual: 4207.52 MB
Available Virtual: 1774.93 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:224.46 GB) (Free:107.63 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:8.43 GB) (Free:1.8 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 9E86F523)
Partition 1: (Active) - (Size=224.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

I still need primary log from FRST - FRST.txt

Did you try to reinstall Avast?

Uninstall following unwanted program: Buzzdock

 

[brokensynapse]

Hello ..

I finally got vast to run. It blocked several attempts of Luckyleap and found several infected files by win32. Even after this the problems persist.. Mozilla seems to be the most upset. New tabs are constantly opening with some pc repair scam.

Here's a new farbar log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2016
Ran by Sean Harris (administrator) on DHARMA-PC (03-10-2016 20:21:28)
Running from C:\Users\Sean Harris\Downloads
Loaded Profiles: Sean Harris (Available Profiles: Sean Harris)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_23_0_0_162_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Sean Harris\Downloads\FRST(1).exe

==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-12] (Synaptics, Inc.)
HKLM\...\Run: [QlbCtrl] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [159744 2007-02-13] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13556256 2008-12-04] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2008-12-04] (NVIDIA Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-10-15] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [ROC_roc_dec12] => "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-10-03] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OUktTkgzRjItU1kyNjgtSEdZOUEtRk5DUU4tWDcyWVI"&"inst=NzYtNzk2MzQ1OTE3LVU5MCsxLVRQKzEtWE8zNisxLU4xRCsxLVRCOSsyLVBMKzktVFVHKz (the data entry has 122 more characters).
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44128 2006-11-07] (soft thinks)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Run: [Google Update] => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [152216 2016-07-15] (Google Inc.)
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Run: [BitTorrent] => "C:\Users\Sean Harris\Desktop\BitTorrent.exe" /MINIMIZED
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-18] (Google Inc.)
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Run: [Google Photos Backup] => C:\Users\Sean Harris\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\MountPoints2: {28d49ee7-722c-11dd-a67c-001b24e9dfc6} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\MountPoints2: {7c412cd3-3272-11e1-9520-001b24e9dfc6} - F:\PhotoViewer.exe
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\MountPoints2: {8b53d496-cd0b-11dc-aa8a-001a73d8eaff} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1370624 2008-01-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-10-03] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2008-07-05]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Sean Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-12-18]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{1E4CEE65-A56B-45F2-A303-39A30B421E3B}: [DhcpNameServer] 192.168.100.254
Tcpip\..\Interfaces\{3BD60310-3959-4C3A-B7B7-C3CE2CEF7A6A}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=pr-bir-10037__alt__ddc_dsssyc_bd_com
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
URLSearchHook: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {037039D8-8C53-43CC-95BE-198556E66531} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {8E8176CF-3C72-4F29-B0AF-5E670D763FBD} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKLM -> {E4A7BA5D-1FCA-4261-85CA-307FC5471A6D} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bir-10037__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> {037039D8-8C53-43CC-95BE-198556E66531} URL =
SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bir-10037__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> {8BF7607D-D5CA-415A-8225-279CBBD07796} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3315827&CUI=UN35943307712393271&UM=2
SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> {8E8176CF-3C72-4F29-B0AF-5E670D763FBD} URL =
SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={2DE0DBFE-EDF6-4458-8784-F17D5776458E}&mid=ce8d487c2266b687ba873acff76d6d58-b1abb182ebcbd0d4464d5376e678bee1f073069c&lang=us&ds=AVG&pr=pa&d=2011-12-12 15:04:39&v=9.0.0.18&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> {CD020012-EF88-41D4-A783-C5E2D0C64066} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3300019&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> {E4A7BA5D-1FCA-4261-85CA-307FC5471A6D} URL =
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-19] (Oracle Corporation)
BHO: No Name -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-03] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-19] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-19] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
Toolbar: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} hxxps://www.member-data.com/rdc/EZTwainX.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 7ykyy2rz.default
FF ProfilePath: C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default [2016-10-03]
FF user.js: detected! => C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default\user.js [2016-10-03]
FF NewTab: Mozilla\Firefox\Profiles\7ykyy2rz.default -> hxxp://search.yahoo.com/?fr=hp-ddc-bd-tab&type=pr-bfr-10037__alt__ddc_dsssyctab_bd_com
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\7ykyy2rz.default -> Yahoo! Search
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\7ykyy2rz.default -> Yahoo! Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\7ykyy2rz.default -> Yahoo! Search
FF Homepage: Mozilla\Firefox\Profiles\7ykyy2rz.default -> hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=pr-bfr-10037__alt__ddc_dsssyc_bd_com
FF Keyword.URL: Mozilla\Firefox\Profiles\7ykyy2rz.default -> hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bfr-10037__alt__ddc_dss_bd_com&p=
FF Extension: (Firefox Hotfix) - C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-10-03]
FF Extension: (lucky leap 1.0.1) - C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default\Extensions\{d7e589a9-c9af-419b-8b29-f43cc9595584}.xpi [2016-10-03] [not signed]
FF SearchPlugin: C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default\searchplugins\search-simple.xml [2016-10-03]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2016-10-03] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-06-03] [not signed]
FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared => not found
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-03]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-03]
FF HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-19] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-11-22] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2006-03-31] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-2532419472-1891236629-2710359153-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-2532419472-1891236629-2710359153-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-11-12] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008-10-14] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-01-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-01-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-01-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-01-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-01-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-01-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-01-29] (Apple Inc.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dmkpdpkjmmdacleogmmlinafnhdfdlmp] - C:\Users\Sean Harris\AppData\Local\CRE\dmkpdpkjmmdacleogmmlinafnhdfdlmp.crx <not found>
CHR HKLM\...\Chrome\Extension: [eiimolhnbbbdagljikeckdkldgemmmlj] - C:\Program Files\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx [2014-10-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Sean Harris\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx <not found>
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\SEANHA~1\AppData\Local\Temp\crxBB17.tmp [2011-09-27]
CHR HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dmkpdpkjmmdacleogmmlinafnhdfdlmp] - C:\Users\Sean Harris\AppData\Local\CRE\dmkpdpkjmmdacleogmmlinafnhdfdlmp.crx <not found>
CHR HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Sean Harris\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx <not found>
StartMenuInternet: chrome.exe - C:\Users\Sean Harris\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-03] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-10-03] (AVAST Software)
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [262243 2007-04-23] () [File not signed]
S2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [106593 2007-04-23] () [File not signed]
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [153072 2014-09-05] (Coupons.com Inc.)
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2007-02-12] (Sonic Solutions) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-10-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-10-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-10-03] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2016-10-03] (ALWIL Software)
R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [295840 2016-10-03] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-10-03] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-10-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-10-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-10-03] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-10-03] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-10-03] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-10-03] (AVAST Software)
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2008-04-01] (LeapFrog) [File not signed]
R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [160768 2007-04-11] (Conexant Systems Inc.)
R1 {d7e589a9-c9af-419b-8b29-f43cc9595584}Gt; C:\Windows\System32\drivers\{d7e589a9-c9af-419b-8b29-f43cc9595584}Gt.sys [55776 2016-09-30] (StdLib)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-03 20:19 - 2016-10-03 20:20 - 01754624 _____ (Farbar) C:\Users\Sean Harris\Downloads\FRST(1).exe
2016-10-03 20:18 - 2016-10-03 20:19 - 01754624 _____ (Farbar) C:\Users\Sean Harris\Downloads\FRST(1).exe.part
2016-10-03 19:58 - 2016-10-03 19:58 - 00001789 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2016-10-03 19:58 - 2016-10-03 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-10-03 19:50 - 2016-10-03 19:48 - 00295840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
2016-10-03 19:48 - 2016-10-03 19:48 - 00012112 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys
2016-10-03 19:48 - 2016-10-03 06:44 - 00319760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-10-03 14:03 - 2016-10-03 14:03 - 00000856 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-10-03 13:58 - 2016-10-03 13:58 - 54359679 _____ C:\unp30547368341249072.mdmp
2016-10-03 08:38 - 2016-10-03 09:07 - 00046873 _____ C:\Users\Sean Harris\Downloads\Addition.txt
2016-10-03 08:33 - 2016-10-03 20:26 - 00028422 _____ C:\Users\Sean Harris\Downloads\FRST.txt
2016-10-03 08:33 - 2016-10-03 20:21 - 00000000 ____D C:\FRST
2016-10-03 08:32 - 2016-10-03 08:32 - 01754624 _____ (Farbar) C:\Users\Sean Harris\Downloads\FRST.exe
2016-10-03 07:55 - 2016-10-03 14:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-10-03 07:05 - 2016-10-03 07:05 - 06334848 _____ (AVAST Software) C:\Users\Sean Harris\Downloads\avast_free_antivirus_setup_online.exe
2016-10-03 06:46 - 2016-10-03 19:48 - 00184592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-10-03 06:46 - 2016-10-03 06:43 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-10-03 06:45 - 2016-10-03 06:44 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2016-10-03 06:44 - 2016-10-03 06:44 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-10-03 06:35 - 2016-10-03 06:35 - 00325134 _____ C:\unp305473061302938468.mdmp
2016-10-03 06:31 - 2016-10-03 06:31 - 00297258 _____ C:\unp305473053059149764.mdmp
2016-09-30 09:49 - 2016-10-03 19:51 - 00039832 _____ () C:\Windows\system32\Drivers\staport.sys
2016-09-30 09:49 - 2016-09-30 03:34 - 00055776 _____ (StdLib) C:\Windows\system32\Drivers\{d7e589a9-c9af-419b-8b29-f43cc9595584}Gt.sys
2016-09-30 08:48 - 2016-09-30 08:48 - 00000000 ____D C:\Users\Sean Harris\AppData\Local\CEF
2016-09-30 08:27 - 2016-09-30 08:27 - 00000000 ____D C:\ProgramData\SlimWare Utilities Inc
2016-09-30 08:27 - 2016-09-30 08:27 - 00000000 ____D C:\Program Files\SlimService
2016-09-30 08:27 - 2016-09-30 08:27 - 00000000 ____D C:\Program Files\SlimCleaner Plus
2016-09-30 08:26 - 2016-09-30 08:44 - 00000000 ____D C:\Users\Sean Harris\AppData\Local\SlimWare Utilities Inc
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-03 20:15 - 2008-07-05 16:00 - 00000000 ____D C:\Users\Sean Harris\AppData\LocalLow\HPAppData
2016-10-03 20:11 - 2013-03-10 18:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-03 20:06 - 2009-02-19 10:48 - 00070771 _____ C:\ProgramData\nvModes.001
2016-10-03 20:05 - 2007-08-04 06:16 - 00000000 ____D C:\Windows\SMINST
2016-10-03 20:03 - 2014-03-21 22:34 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf457faa263eb0.job
2016-10-03 20:03 - 2013-07-10 03:12 - 00000482 _____ C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2016-10-03 20:03 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-03 20:03 - 2006-11-02 07:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-03 20:03 - 2006-11-02 07:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-03 19:59 - 2006-11-02 08:01 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-03 19:58 - 2010-02-13 20:39 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-03 19:56 - 2009-07-02 10:12 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000UA.job
2016-10-03 19:54 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2016-10-03 18:19 - 2015-06-25 17:14 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-10-03 14:44 - 2013-11-02 16:00 - 00000000 ____D C:\Program Files\lucky leap
2016-10-03 14:05 - 2006-11-02 05:23 - 00000362 _____ C:\Windows\win.ini
2016-10-03 14:01 - 2016-08-19 13:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-10-03 11:56 - 2009-07-02 10:12 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000Core.job
2016-10-03 09:02 - 2007-12-22 08:39 - 00000000 ____D C:\Users\Sean Harris\AppData\Local\Google
2016-10-03 07:10 - 2012-04-25 14:35 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-10-03 07:10 - 2012-04-25 14:35 - 00433768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-10-03 06:44 - 2014-07-28 13:46 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-10-03 06:44 - 2013-05-26 17:24 - 00224616 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-10-03 06:44 - 2013-05-26 17:24 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-10-03 06:44 - 2012-04-25 14:35 - 00092256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-10-03 06:44 - 2012-04-25 14:35 - 00066688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-10-03 06:44 - 2012-04-25 14:35 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-10-03 06:22 - 2011-09-27 11:02 - 00000456 _____ C:\Windows\Tasks\ParetoLogic Registration3.job
2016-10-03 06:22 - 2009-02-19 10:48 - 00070771 _____ C:\ProgramData\nvModes.dat
2016-09-30 10:11 - 2013-03-10 18:15 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-09-30 10:11 - 2012-02-16 21:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-09-30 10:11 - 2007-08-04 05:30 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-30 09:45 - 2011-12-28 10:35 - 00000000 ____D C:\Users\Sean Harris\AppData\Roaming\HpUpdate
2016-09-30 09:38 - 2007-12-21 17:31 - 00000000 ____D C:\Users\Sean Harris
2016-09-30 09:38 - 2006-11-02 05:22 - 52690944 _____ C:\Windows\system32\config\software_previous
2016-09-30 09:38 - 2006-11-02 05:22 - 45350912 _____ C:\Windows\system32\config\components_previous
2016-09-30 09:38 - 2006-11-02 05:22 - 38010880 _____ C:\Windows\system32\config\system_previous
2016-09-30 09:38 - 2006-11-02 05:22 - 00524288 _____ C:\Windows\system32\config\default_previous
2016-09-30 09:38 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2016-09-30 09:38 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2016-09-30 09:37 - 2016-08-28 15:44 - 00000000 ____D C:\Users\Sean Harris\{1bbcfec6-1859-4565-8a35-895798d9cb1e}
2016-09-30 09:37 - 2014-10-06 06:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2016-09-30 09:37 - 2014-10-06 06:08 - 00000000 ____D C:\Program Files\Coupons
2016-09-30 09:37 - 2014-04-12 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-09-30 09:37 - 2014-04-12 22:04 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2016-09-30 09:37 - 2014-04-12 22:04 - 00000000 ____D C:\Program Files\iTunes
2016-09-30 09:37 - 2014-04-12 22:04 - 00000000 ____D C:\Program Files\iPod
2016-09-30 09:37 - 2008-07-05 11:30 - 00000000 ____D C:\ProgramData\HP Product Assistant
2016-09-30 09:37 - 2007-12-23 16:12 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-09-30 09:37 - 2007-12-21 17:38 - 00000000 ____D C:\Users\Sean Harris\AppData\Local\QuickPlay
2016-09-30 09:37 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\spool
2016-09-30 09:37 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\Msdtc
2016-09-30 09:36 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\registration
2016-09-30 09:27 - 2011-10-15 08:04 - 00001356 _____ C:\Users\Sean Harris\AppData\Local\d3d9caps.dat
2016-09-28 07:26 - 2012-04-25 14:29 - 00000000 ____D C:\ProgramData\AVAST Software
2016-09-09 19:22 - 2009-12-13 14:38 - 00000000 ____D C:\Users\Sean Harris\Desktop\Kiddos
==================== Files in the root of some directories =======
2013-05-27 20:19 - 2013-05-27 20:23 - 4096000 _____ () C:\Program Files\GUT223.tmp
2016-07-15 12:35 - 2016-07-15 12:35 - 6748160 _____ () C:\Program Files\GUTBE6B.tmp
2012-04-22 18:18 - 2012-04-23 20:02 - 0000660 _____ () C:\Users\Sean Harris\AppData\Roaming\bibstats
2008-01-26 16:44 - 2009-02-19 10:27 - 0028665 _____ () C:\Users\Sean Harris\AppData\Roaming\nvModes.001
2008-01-25 20:22 - 2008-01-25 20:22 - 0028665 _____ () C:\Users\Sean Harris\AppData\Roaming\nvModes.dat
2008-01-13 11:50 - 2008-01-13 11:50 - 0000117 _____ () C:\Users\Sean Harris\AppData\Roaming\PodRescue v1 Prefs
2008-01-12 23:03 - 2008-01-12 23:03 - 0000010 ____H () C:\Users\Sean Harris\AppData\Roaming\PodRescue_Time
2011-04-07 20:35 - 2011-04-07 20:35 - 0000000 _____ () C:\Users\Sean Harris\AppData\Roaming\wklnhst.dat
2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\AtStart.txt
2011-10-15 08:04 - 2016-09-30 09:27 - 0001356 _____ () C:\Users\Sean Harris\AppData\Local\d3d9caps.dat
2007-12-22 04:18 - 2016-08-28 15:45 - 0224256 _____ () C:\Users\Sean Harris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\DSwitch.txt
2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\QSwitch.txt
2007-08-04 05:53 - 2013-11-10 14:38 - 0027973 _____ () C:\ProgramData\hpzinstall.log
2009-02-19 10:48 - 2016-10-03 20:06 - 0070771 _____ () C:\ProgramData\nvModes.001
2009-02-19 10:48 - 2016-10-03 06:22 - 0070771 _____ () C:\ProgramData\nvModes.dat
Some files in TEMP:
====================
C:\Users\Sean Harris\AppData\Local\Temp\air4294.exe
C:\Users\Sean Harris\AppData\Local\Temp\airACB8.exe
C:\Users\Sean Harris\AppData\Local\Temp\airF31F.exe
C:\Users\Sean Harris\AppData\Local\Temp\BackupSetup.exe
C:\Users\Sean Harris\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Sean Harris\AppData\Local\Temp\DefaultPack.EXE
C:\Users\Sean Harris\AppData\Local\Temp\htmlayout.dll
C:\Users\Sean Harris\AppData\Local\Temp\iMesh_setup.exe
C:\Users\Sean Harris\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Sean Harris\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
C:\Users\Sean Harris\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Sean Harris\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Sean Harris\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Sean Harris\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Sean Harris\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Sean Harris\AppData\Local\Temp\SSUPDATE.EXE
C:\Users\Sean Harris\AppData\Local\Temp\tbBitT.dll
C:\Users\Sean Harris\AppData\Local\Temp\tbConn.dll
C:\Users\Sean Harris\AppData\Local\Temp\tbInte.dll
C:\Users\Sean Harris\AppData\Local\Temp\Uninstall.exe
C:\Users\Sean Harris\AppData\Local\Temp\Update.exe
C:\Users\Sean Harris\AppData\Local\Temp\vcredist_x86.exe

==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-10-03 20:11
==================== End of FRST.txt ============================



Thank you!!

 

[brokensynapse]

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2016
Ran by Sean Harris (03-10-2016 20:29:33)
Running from C:\Users\Sean Harris\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2007-12-10 14:05:09)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2532419472-1891236629-2710359153-500 - Administrator - Disabled)
Guest (S-1-5-21-2532419472-1891236629-2710359153-501 - Limited - Disabled)
Sean Harris (S-1-5-21-2532419472-1891236629-2710359153-1000 - Administrator - Enabled) => C:\Users\Sean Harris
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Avast Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
3ivx MPEG-4 5.0.3 (remove only) (HKLM\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Reader 8.1.4 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
AIO_Scan (Version: 90.0.200.000 - Hewlett-Packard) Hidden
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
Avast Internet Security (HKLM\...\avast) (Version: 12.3.2280 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION
C4200 (Version: 90.0.200.000 - Hewlett-Packard) Hidden
C4200_doccd (Version: 90.0.200.000 - Hewlett-Packard) Hidden
c4200_Help (Version: 90.0.200.000 - Hewlett-Packard) Hidden
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: 4.18.0.0 - Conexant)
Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)
D1400 (Version: 82.0.201.000 - Hewlett-Packard) Hidden
D1400_Help (Version: 82.0.201.000 - Hewlett-Packard) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 90.0.146.000 - Hewlett-Packard) Hidden
dj_sf_ProductContext (Version: 82.0.201.000 - Hewlett-Packard) Hidden
dj_sf_software (Version: 82.0.201.000 - Hewlett-Packard) Hidden
dj_sf_software_req (Version: 82.0.201.000 - Hewlett-Packard) Hidden
DocProc (Version: 9.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
ESU for Microsoft Vista (HKLM\...\{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}) (Version: 2.0.5.1 - Hewlett-Packard)
FlipShare (HKLM\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
Google Chrome (HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7) (Version: - )
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Deskjet 8.0 Software (HKLM\...\{58535A90-1788-44f5-80BB-CFF62D9CE6D5}) (Version: 8.0 - HP)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Help and Support (HKLM\...\{31216452-5540-4C96-B754-94890A63D5AB}) (Version: 2.0.10.0 - Hewlett-Packard)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP OCR Software 9.0 (HKLM\...\HPOCR) (Version: 9.0 - HP)
HP Photosmart All-In-One Software 9.0 (HKLM\...\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}) (Version: 9.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Quick Launch Buttons 6.20 B1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.20 B1 - Hewlett-Packard)
HP QuickPlay 3.2 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Total Care Advisor (HKLM\...\{F6B29003-A078-4491-AFBE-62EFB6CFFE19}) (Version: 1.1.19 - Hewlett-Packard)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP User Guides 0057 (HKLM\...\{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}) (Version: 1.03.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{D32067CD-7409-4792-BFA0-1469BCD8F0C8}) (Version: 3.00 F1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPNetworkAssistant (HKLM\...\{228C6B46-64E2-404E-898A-EF0830603EF4}) (Version: 1.1.70 - Hewlett-Packard.)
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
iRip (HKLM\...\{4D6FAB8B-F22B-4272-AA27-9A188E21D047}) (Version: 1.0.1.26 - The Little App Factory, LLC.)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
LightScribe 1.6.43.1 (Version: 1.6.43.1 - hxxp://www.lightscribe.com) Hidden
lucky leap 1.0.0 (HKLM\...\lucky leap) (Version: 1.0.0 - luckyleap)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSCU for Microsoft Vista (HKLM\...\{F7F3B252-E772-48AA-93EB-7964BC326067}) (Version: 1.0.1.3 - Hewlett-Packard)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
muvee autoProducer 6.0 (HKLM\...\{0BFC200F-C45D-4271-AF34-4CA969225DEB}) (Version: 6.00.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hplaptop Master Uninstall) (Version: HPLAP0503 - WildTangent)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PS_AIO_ProductContext (Version: 90.0.200.000 - Hewlett-Packard) Hidden
PS_AIO_Software (Version: 90.0.200.000 - Hewlett-Packard) Hidden
PS_AIO_Software_min (Version: 90.0.200.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.551 - Roxio)
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
SmartAudio (HKLM\...\SmartAudio) (Version: - Conexant)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.11.0 - Synaptics)
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00933A8A-3422-4586-9E45-308AD322BEF9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
Task: {1412B440-FDB7-41E6-8183-27745EBE5E5C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-30] (Adobe Systems Incorporated)
Task: {1ED2DAD1-B90F-47C4-9AD8-40C635104ABA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000UA => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
Task: {3FD8946A-E628-4156-8828-714FFBF264AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000Core => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
Task: {4BCC7A0C-E50E-411F-8F3D-E0EDB7757D2B} - System32\Tasks\Microsoft\Windows\RestartManager\{F4B3AC6E-5272-4ecd-8978-AD89A4B845B7} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {4E501739-E756-46DA-853D-28912C450019} - System32\Tasks\{A565FBF5-B545-4ECA-A3D7-9B6C20E5C002} => pcalua.exe -a "C:\Program Files\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime
Task: {5146E494-7602-4D8D-B59B-4AC8FDB5BDB5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-03] (AVAST Software)
Task: {747042E3-0465-46ED-8FBD-D10F1237B493} - System32\Tasks\{3E0875DD-48EE-44CE-914E-FFF7328DECE6} => pcalua.exe -a E:\VEWLP.exe -d E:\
Task: {7ECA859A-C65E-4A4A-8E57-2B933E9D5600} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {99F04631-D25B-47D8-83E8-8B7AF9D72CEC} - System32\Tasks\SafeZone scheduled Autoupdate 1475242992 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {9BB60AAB-7B57-46EA-98EA-06AFBBAD0263} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {BEA8B901-0A1F-4F11-BBFE-F4614D338841} - System32\Tasks\Leader Technologies\PowerRegister\Seagate Product Registration (Sean Harris) => C:\Users\Sean Harris\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe
Task: {CADDBFCC-FBE3-4667-B886-B4270DC74A09} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20] ()
Task: {CCDB5F33-EE1C-4E35-85EB-F4288B702FA0} - System32\Tasks\GoogleUpdateTaskMachineCore1cf457faa263eb0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
Task: {CE005CD6-F910-45E8-81EA-191E6AB3E30A} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {CF985692-40E1-463E-9FC5-23C3BB86519C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
Task: {D54B8BA8-5E74-4E66-9C33-D861F421CBAF} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20] ()
Task: {E873E323-022B-45F0-B512-0F14A92DEC0B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf457faa263eb0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000Core.job => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000UA.job => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => rundll32.exe C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Sean Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iRip\iRip Help.lnk -> hxxp://www.ipodrip.com/help/
==================== Loaded Modules (Whitelisted) ==============
2016-10-03 06:44 - 2016-10-03 06:44 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-10-03 13:53 - 2016-10-03 13:53 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16100300\algo.dll
2016-10-03 06:44 - 2016-10-03 06:44 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-08-04 05:40 - 2007-04-23 20:11 - 00262243 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
2007-08-04 05:40 - 2007-04-23 20:11 - 00237673 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2011-05-06 14:07 - 2011-05-06 14:07 - 00460144 _____ () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
2010-10-26 01:06 - 2010-10-26 01:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShare\QtCore4.dll
2011-05-06 14:07 - 2011-05-06 14:07 - 04317184 _____ () C:\Program Files\Flip Video\FlipShare\Core.dll
2011-05-06 14:02 - 2011-05-06 14:02 - 00737280 _____ () C:\Program Files\Flip Video\FlipShare\qca2.dll
2010-10-26 01:23 - 2010-10-26 01:23 - 08351744 _____ () C:\Program Files\Flip Video\FlipShare\QtGui4.dll
2010-10-26 01:08 - 2010-10-26 01:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
2010-10-26 01:23 - 2010-10-26 01:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShare\QtSql4.dll
2010-10-26 01:06 - 2010-10-26 01:06 - 00364544 _____ () C:\Program Files\Flip Video\FlipShare\QtXml4.dll
2010-10-26 09:34 - 2010-10-26 09:34 - 11853824 _____ () C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
2010-10-26 01:37 - 2010-10-26 01:37 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\phonon4.dll
2010-05-20 14:49 - 2010-05-20 14:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShare\PocoNet.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShare\PocoXML.dll
2011-05-06 13:58 - 2011-05-06 13:58 - 01085440 _____ () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
2010-10-26 01:06 - 2010-10-26 01:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
2010-10-26 01:08 - 2010-10-26 01:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
2010-10-26 01:23 - 2010-10-26 01:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
2010-05-20 14:49 - 2010-05-20 14:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 00175616 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 00291840 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 00110592 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
2013-11-17 12:15 - 2016-10-03 06:44 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2007-02-16 19:40 - 2007-02-16 19:40 - 01466368 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-02-16 19:40 - 2007-02-16 19:40 - 05521408 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-08-04 06:15 - 2007-01-30 17:58 - 00677576 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2007-08-04 05:39 - 2007-04-23 20:10 - 00061440 _____ () C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [149]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisor => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
MSCONFIG\startupreg: QPService => "C:\Program Files\HP\QuickPlay\QPService.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{5BC58A37-88F1-48D7-8BE5-98236F326965}] => (Allow) C:\Program Files\HP\QuickPlay\QP.exe
FirewallRules: [{977244DC-0C6F-4602-9E5D-F53F4137696A}] => (Allow) C:\Program Files\HP\QuickPlay\QPService.exe
FirewallRules: [{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{05F6F3EF-B25C-4001-8372-FE26E6D1B328}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{F238082B-3978-480D-B122-CF2A1C1231A2}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{A7BB0588-8517-458B-B620-0B480C80D0FC}] => (Allow) C:\Program Files\HP\Digital Imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{0A83C0EF-91EE-40EC-B9DD-94EC2F9C6793}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{AD2D0DB4-8073-4B72-97FA-914302A36EE1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{A45ED214-B796-4345-B13D-CA5D29C899E1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe
FirewallRules: [{FF3EC5DE-D183-4CC9-986F-7CD0872593E1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{EFB3DB1D-3484-47A4-9202-6A9FE178DEED}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{41E5F946-A697-4ED1-8D0C-CD91FCAF5FC6}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{B4798DC6-D4D5-4570-8A2F-71D2E88DD43A}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{5E1AAB3A-A0D4-49EC-AB04-A097036047DC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{99CE8B0B-0A89-44B0-AC11-188A247E7521}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{551C54BC-CD2F-446D-9D0B-61352826742D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{4B7E4457-248F-4BA2-B8A8-00C7062C975D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{A4087168-D94B-4F77-BCAA-54D29F4D37F4}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [TCP Query User{AC8F7B82-0F15-496C-B3DA-34A8E2D33ADE}C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{928CECF7-5561-42E5-A96F-92BDD4375C78}C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{BB46DB95-497E-4F81-BB3C-571989FE87BF}] => (Allow) LPort=80
FirewallRules: [{5748741B-55B0-4A30-B114-9EC7C5ED8D53}] => (Allow) LPort=80
FirewallRules: [{A314BA29-E94B-4111-B178-7F969512969F}] => (Allow) LPort=80
FirewallRules: [{B7C28AAB-E2B8-4BE5-8218-A97A13A465E6}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{869C5BB4-2081-4A8C-BE6B-1309D7AD1721}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{66C4BA6A-BA64-4BA7-86C2-4D79991E3D06}] => (Allow) LPort=24726
FirewallRules: [{2E7DE2A1-FE43-492B-A940-46FC5FF331C3}] => (Allow) LPort=24727
FirewallRules: [{B638C71C-0524-4696-9415-4B37CFAE9837}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{604FD86F-44D0-4D8A-90E6-7563E93CF1C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB1059DF-3934-4FD1-BDAD-CE3E4F7ABFD1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A3C01DD2-B03F-435B-A3A2-A2D39DA42443}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{275871E7-69B6-4FB6-BA8B-92C7DDF9BAE0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4DBC2E42-7A2F-483D-A697-FB6992600E9A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe] => Enabled:Earthlink
==================== Restore Points =========================
06-04-2014 03:00:37 Windows Update
06-04-2014 12:23:34 Installed Java 7 Update 51
12-04-2014 12:44:01 Windows Update
12-04-2014 14:18:39 Removed Java 7 Update 51
12-04-2014 14:21:07 Installed Java 7 Update 51
12-04-2014 14:29:15 Windows Update
13-04-2014 13:03:44 avast! antivirus system restore point
19-04-2014 15:13:08 Windows Update
19-04-2014 15:24:08 Windows Update
29-04-2014 12:01:42 Windows Update
29-04-2014 12:07:58 Windows Update
28-07-2014 13:30:55 avast! antivirus system restore point
28-07-2014 13:44:23 Installed Java 7 Update 65
28-07-2014 14:20:09 Windows Update
30-07-2014 03:01:16 Windows Update
05-08-2014 01:37:40 Windows Update
08-08-2014 01:40:41 Windows Update
12-08-2014 19:50:51 Windows Update
13-08-2014 03:00:45 Windows Update
19-08-2014 01:57:53 Windows Update
06-10-2014 06:07:03 Windows Update
07-10-2014 03:01:53 Windows Update
28-08-2016 15:44:52 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
30-09-2016 08:30:14 Removed DriverUpdate
30-09-2016 08:55:11 Removed SlimCleaner Plus
30-09-2016 09:12:28 Removed SlimCleaner Plus
03-10-2016 19:52:44 Device Driver Package Install: ALWIL Software Network Service
==================== Faulty Device Manager Devices =============
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================
Application errors:
==================
Error: (10/03/2016 06:36:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (10/03/2016 06:32:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll".
Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (09/30/2016 10:16:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23712
Error: (09/30/2016 10:16:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23712
Error: (09/30/2016 10:16:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/30/2016 10:16:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11841
Error: (09/30/2016 10:16:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11841
Error: (09/30/2016 10:16:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/30/2016 09:25:51 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Error: (09/30/2016 09:08:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 65630

System errors:
=============
Error: (10/03/2016 08:05:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error:
After starting, the service hung in a start-pending state.
Error: (10/03/2016 08:05:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The CyberLink Background Capture Service (CBCS) service hung on starting.
Error: (10/03/2016 08:03:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (10/03/2016 06:19:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error:
After starting, the service hung in a start-pending state.
Error: (10/03/2016 06:19:54 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The CyberLink Background Capture Service (CBCS) service hung on starting.
Error: (10/03/2016 06:18:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (10/03/2016 02:11:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
Error: (10/03/2016 02:03:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error:
After starting, the service hung in a start-pending state.
Error: (10/03/2016 02:03:57 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The CyberLink Background Capture Service (CBCS) service hung on starting.
Error: (10/03/2016 02:03:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

CodeIntegrity:
===================================
Date: 2013-11-09 12:35:12.498
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-11-09 12:35:11.484
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-11-09 12:35:10.377
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-11-09 12:35:09.363
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-11-09 12:35:08.317
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2012-04-25 14:59:15.534
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG10\Drivers\Vista\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.
Date: 2012-04-25 14:59:13.506
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG10\Drivers\Vista\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.
Date: 2012-04-25 14:59:11.665
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG10\Drivers\Vista\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.
Date: 2012-04-25 14:59:10.012
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG10\Drivers\Vista\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.
Date: 2012-04-25 14:56:11.227
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG10\Drivers\ErHrVx86\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55
Percentage of memory in use: 80%
Total physical RAM: 1982.18 MB
Available physical RAM: 392.8 MB
Total Virtual: 4203.56 MB
Available Virtual: 1790.47 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:224.46 GB) (Free:108.35 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:8.43 GB) (Free:1.8 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 9E86F523)
Partition 1: (Active) - (Size=224.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes Anti-Malware to your desktop.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
  • Launch Malwarebytes Anti-Malware[/*]
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.[/*]
• Click Finish.[/*]
• On the Dashboard, click the 'Update Now >>' link[/*]
• After the update completes, click the 'Scan Now >>' button.[/*]
  
• Or, on the Dashboard, click the Scan Now >> button. [/*]
• If an update is available, click the Update Now button.[/*]
  
• A Threat Scan will begin.[/*]
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.[/*]
• In most cases, a restart will be required.[/*]
• Wait for the prompt to restart the computer to appear, then click on Yes.[/*]

Already installed:
2.0 Threat Scan

• On the Dashboard, click the 'Update Now >>' link[/*]
• After the update completes, click the 'Scan Now >>' button.[/*]
  
• Or, on the Dashboard, click the Scan Now >> button. [/*]
• If an update is available, click the Update Now button.[/*]
  
• A Threat Scan will begin.[/*]
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.[/*]
• In most cases, a restart will be required.[/*]
• Wait for the prompt to restart the computer to appear, then click on Yes.[/*]

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.[/*]
• Click on the History tab > Application Logs.[/*]
• Double click on the scan log which shows the Date and time of the scan just performed.[/*]
• Click 'Export'.[/*]
• Click 'Text file (*.txt)'[/*]
• In the Save File dialog box which appears, click on Desktop.[/*]
• In the File name: box type a name for your scan log.[/*]
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".[/*]
• Click Ok[/*]
• Attach that saved log to your next reply.[/*]

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.[/*]
• Click on the History tab > Application Logs.[/*]
• Double click on the scan log which shows the Date and time of the scan just performed.[/*]
• Click 'Copy to Clipboard'[/*]
• Paste the contents of the clipboard into your reply.[/*]

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator[/*]
• The tool will start to update the database if one is required.[/*]
• Click on the Scan button.[/*]
• AdwCleaner will begin...be patient as the scan may take some time to complete.[/*]
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.[/*]
• Click on the Scan tab.[/*]
• Double-click the most recent scan which will be at the top of the list....the log will appear.[/*]
• To open a Cleaning log, click on the Cleaning tab and double-click the log at the top of the list.[/*]
• Copy and paste the contents of that logfile in your next reply.[/*]
• A copy of all logfiles are saved to C:\AdwCleaner.[/*]

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[brokensynapse]

RK log

RogueKiller V12.7.0.0 [Oct 3 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Sean Harris [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 10/04/2016 06:35:57 (Duration : 01:23:05)

¤¤¤ Processes : 2 ¤¤¤
[PUP|VT.GrayWare[AdWare]/Win32.Coupons.w] CouponPrinterService.exe(2076) -- C:\Program Files\Coupons\CouponPrinterService.exe[x] -> Found
[PUP|VT.GrayWare[AdWare]/Win32.Coupons.w] (SVC) CouponPrinterService -- C:\Program Files\Coupons\CouponPrinterService.exe[7] -> Found

¤¤¤ Registry : 43 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (C:\Program Files\Conduit\Community Alerts\Alert.dll) -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} (C:\Program Files\lucky leap\bin\d7e5.dll) -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} (C:\Program Files\HP\QuickPlay\Kernel\Movie\CLAud.ax) -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} (C:\Windows\COUPON~1.OCX) -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (C:\Users\Sean Harris\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll) -> Found
[PUP|VT.Unknown] HKEY_CLASSES_ROOT\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} (C:\Windows\COUPON~1.OCX) -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087} (C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll) -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} -> Found
[PUP] HKEY_CLASSES_ROOT\uus3url-pl -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\AVG Security Toolbar -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Conduit -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\lucky leap -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\ParetoLogic -> Found
[PUP] HKEY_USERS\.DEFAULT\Software\AVG Secure Search -> Found
[PUP] HKEY_USERS\.DEFAULT\Software\IGearSettings -> Found
[PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\AVG Security Toolbar -> Found
[PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\lucky leap -> Found
[PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\ParetoLogic -> Found
[PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\YahooPartnerToolbar -> Found
[PUP] HKEY_USERS\S-1-5-18\Software\AVG Secure Search -> Found
[PUP] HKEY_USERS\S-1-5-18\Software\IGearSettings -> Found
[PUP] HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar -> Found
[PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\AppDataLow\Software\AVG Security Toolbar -> Found
[PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\AppDataLow\Software\ConduitSearchScopes -> Found
[PUP] HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\AVG Security Toolbar -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap -> Found
[PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lucky leap -> Found
[PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} -> Found
[PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} -> Found
[PUP] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {CCC7A320-B3CA-4199-B1A6-9F516DD69829} : AVG Security Toolbar -> Found
[PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {CCC7A320-B3CA-4199-B1A6-9F516DD69829} : -> Found
[PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ROC_roc_dec12 : "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [x] -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVG Security Toolbar Service (C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe) -> Found
[PUP|VT.GrayWare[AdWare]/Win32.Coupons.w] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CouponPrinterService (C:\Program Files\Coupons\CouponPrinterService.exe) -> Found
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Found

¤¤¤ Tasks : 3 ¤¤¤
[PUP] %WINDIR%\Tasks\ParetoLogic Registration3.job -- C:\Windows\system32\rundll32.exe ("C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns) -> Found
[PUP] %WINDIR%\Tasks\ParetoLogic Update Version3 Startup Task.job -- C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe (-StartupTask) -> Found
[PUP] %WINDIR%\Tasks\ParetoLogic Update Version3.job -- C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe -> Found

¤¤¤ Files : 22 ¤¤¤
[PUP][Folder] C:\Users\Sean Harris\AppData\Roaming\DriverCure -> Found
[PUP][Folder] C:\Users\Sean Harris\AppData\Roaming\HPAppData -> Found
[PUP][File] C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default\searchplugins\search-simple.xml -> Found
[PUP][Folder] C:\Users\Sean Harris\AppData\Roaming\ParetoLogic -> Found
[PUP][Folder] C:\Users\Sean Harris\AppData\Roaming\SearchProtect -> Found
[PUP][Folder] C:\Users\Sean Harris\AppData\Local\AVG Security Toolbar -> Found
[PUP][Folder] C:\Users\Sean Harris\AppData\Local\Conduit -> Found
[PUP][Folder] C:\Users\Sean Harris\AppData\Local\NativeMessaging -> Found
[PUP][Folder] C:\Users\Sean Harris\AppData\Local\PackageAware -> Found
[PUP][Folder] C:\Users\Sean Harris\AppData\Local\SlimWare Utilities Inc -> Found
[PUP][Folder] C:\ProgramData\AVG Security Toolbar -> Found
[PUP][Folder] C:\ProgramData\Conduit -> Found
[PUP][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons -> Found
[PUP][Folder] C:\ProgramData\ParetoLogic -> Found
[PUP][Folder] C:\ProgramData\SlimWare Utilities Inc -> Found
[PUP][Folder] C:\Program Files\Conduit -> Found
[PUP][Folder] C:\Program Files\Coupons -> Found
[PUP][Folder] C:\Program Files\lucky leap -> Found
[PUP][Folder] C:\Program Files\MyPC Backup -> Found
[PUP][Folder] C:\Program Files\SlimCleaner Plus -> Found
[PUP][Folder] C:\Program Files\SlimService -> Found
[PUP][File] C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default\searchplugins\search-simple.xml -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.SearchEngine][FIREFX:Config] 7ykyy2rz.default : user_pref("browser.search.selectedEngine", "Yahoo! Search"); -> Found
[PUM.SearchEngine][FIREFX:Config] 7ykyy2rz.default : user_pref("browser.search.defaultenginename", "Yahoo! Search"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS542525K9SA00 ATA Device +++++
--- User ---
[MBR] 4ed05cea4e4c094cf49b7066c776fd31
[BSP] d359f184b4f987f009da31b68d9a3d90 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 229843 MB [Unknown Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 470720565 | Size: 8628 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK



Not all of the items were selected by RK for removal.. I didn't question it. Let me know if I need to do the scan again..

 

[brokensynapse]

Still having loads of popups on Mozilla .. MBytes is blocking every second


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/4/2016
Scan Time: 8:47:44 AM
Logfile: mbytes.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.04.07
Rootkit Database: v2016.09.26.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Sean Harris

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293516
Time Elapsed: 44 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[brokensynapse]

Where is this Threat scan..part of MBytes?

 

[Broni]

That's when you already have version 2 or higher installed.

 

[brokensynapse]

All of the boxes weren't checked by the nasties that RogueKiller found.. should I delete all?

 

[Broni]

Only checked ones. Nothing else.
Go on...

 

[brokensynapse]

# AdwCleaner v6.020 - Logfile created 04/10/2016 at 22:41:37
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-14.2 [Local]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (X86)
# Username : Sean Harris - DHARMA-PC
# Running from : C:\Users\Sean Harris\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****

[-] Service deleted: AVG Security Toolbar Service


***** [ Folders ] *****

[-] Folder deleted: C:\Users\Sean Harris\AppData\LocalLow\AVG Security Toolbar
[-] Folder deleted: C:\Users\Sean Harris\AppData\LocalLow\Conduit
[-] Folder deleted: C:\Users\Sean Harris\AppData\LocalLow\HPAppData
[-] Folder deleted: C:\ProgramData\AVG Security Toolbar
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Security Toolbar
[-] Folder deleted: C:\Program Files\slimcleaner plus
[#] Folder deleted on reboot: C:\Program Files\SlimCleaner Plus
[-] Folder deleted: C:\Program Files\Common Files\ParetoLogic
[-] Folder deleted: C:\Users\SEANHA~1\AppData\Local\Temp\AirInstaller
[-] Folder deleted: C:\Users\SEANHA~1\AppData\Local\Temp\NativeMessaging
[-] Folder deleted: C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search


***** [ Files ] *****

[-] File deleted: C:\END
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[-] File deleted: C:\Program Files\Yahoo!\Common\unyt.exe


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKLM\SOFTWARE\Classes\uus3url-pl
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[-] Key deleted: HKU\.DEFAULT\Software\AVG Secure Search
[-] Key deleted: HKU\.DEFAULT\Software\IGearSettings
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar
[-] Key deleted: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\AVG Security Toolbar
[-] Key deleted: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\ParetoLogic
[-] Key deleted: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\YahooPartnerToolbar
[-] Key deleted: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\AppDataLow\Software\AVG Security Toolbar
[-] Key deleted: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lucky leap
[-] Key deleted: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\AVG Secure Search
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\AVG Security Toolbar
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AVG Secure Search
[#] Key deleted on reboot: HKU\S-1-5-18\Software\IGearSettings
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\AVG Security Toolbar
[#] Key deleted on reboot: HKCU\Software\AVG Security Toolbar
[#] Key deleted on reboot: HKCU\Software\ParetoLogic
[#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\AVG Security Toolbar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\AVG Security Toolbar
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\ParetoLogic
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lucky leap
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
[-] Key deleted: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Internet Explorer\SearchScopes\{037039D8-8C53-43CC-95BE-198556E66531}
[-] Key deleted: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{037039D8-8C53-43CC-95BE-198556E66531}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{037039D8-8C53-43CC-95BE-198556E66531}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ROC_roc_dec12]
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\MyPC Backup


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [7764 Bytes] - [04/10/2016 22:41:37]
C:\AdwCleaner\AdwCleaner[S0].txt - [7685 Bytes] - [04/10/2016 21:00:40]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7910 Bytes] ##########

 

[brokensynapse]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows Vista (TM) Home Premium x86
Ran by Sean Harris (Administrator) on Wed 10/05/2016 at 5:54:13.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 21

Successfully deleted: C:\Users\Sean Harris\AppData\Local\cre (Folder)
Successfully deleted: C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default\user.js (File)
Successfully deleted: C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\twe3ly8n.default\user.js (File)
Successfully deleted: C:\Windows\couponprinter.ocx (File)
Successfully deleted: C:\Program Files\GUT223.tmp (File)
Successfully deleted: C:\Program Files\GUTBE6B.tmp (File)
Successfully deleted: C:\Users\Sean Harris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UM8QQG3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sean Harris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6CUEI94 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sean Harris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CV3DW6U7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sean Harris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D98BWSVK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sean Harris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6PG0HW7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sean Harris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIR69I7V (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sean Harris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OT9QOO2L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBAR2USER.EXE-56BEB4C7.pf (File)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UM8QQG3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6CUEI94 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CV3DW6U7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D98BWSVK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6PG0HW7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIR69I7V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OT9QOO2L (Temporary Internet Files Folder)



Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8E8176CF-3C72-4F29-B0AF-5E670D763FBD} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E4A7BA5D-1FCA-4261-85CA-307FC5471A6D} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/05/2016 at 6:04:54.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[brokensynapse]

Firefox seems back to normal.. do you have any browser recommendations for Vista?

Thank you

 

[Broni]

Good news
I use Firefox myself.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[brokensynapse]

ComboFix 16-09-28.01 - Sean Harris 10/07/2016 9:02.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.836 [GMT -5:00]
Running from: c:\users\Sean Harris\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: Avast Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Sean Harris\Documents\~WRL2278.tmp
c:\windows\system32\AutoRun.inf
c:\windows\system32\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2016-09-07 to 2016-10-07 )))))))))))))))))))))))))))))))
.
.
2016-10-07 14:21 . 2016-10-07 14:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-10-05 01:53 . 2016-10-05 03:41 -------- d-----w- C:\AdwCleaner
2016-10-05 01:46 . 2016-10-05 01:46 -------- d-----w- c:\users\Sean Harris\AppData\Local\CrashDumps
2016-10-04 13:44 . 2016-10-05 11:21 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-10-04 13:39 . 2016-03-10 19:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-10-04 13:39 . 2016-03-10 19:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-10-04 13:39 . 2016-03-10 19:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-10-04 13:39 . 2016-10-04 13:39 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-10-04 11:36 . 2016-10-04 11:36 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-10-04 11:34 . 2016-10-04 11:35 -------- d-----w- c:\program files\RogueKiller
2016-10-04 11:34 . 2016-10-04 11:34 -------- d-----w- c:\programdata\RogueKiller
2016-10-04 00:50 . 2016-10-04 00:48 295840 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2016-10-04 00:48 . 2016-10-03 11:44 319760 ----a-w- c:\windows\system32\aswBoot.exe
2016-10-04 00:48 . 2016-10-04 00:48 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2016-10-03 13:33 . 2016-10-04 01:37 -------- d-----w- C:\FRST
2016-10-03 11:46 . 2016-10-04 00:48 184592 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-10-03 11:46 . 2016-10-03 11:43 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-10-03 11:45 . 2016-10-03 11:44 921280 ----a-w- c:\windows\ucrtbase.dll
2016-10-03 11:44 . 2016-10-03 11:44 53208 ----a-w- c:\windows\avastSS.scr
2016-09-30 14:49 . 2016-10-04 00:51 39832 ----a-w- c:\windows\system32\drivers\staport.sys
2016-09-30 14:11 . 2016-09-30 14:11 -------- d-----w- c:\windows\system32\config\systemprofile\.oracle_jre_usage
2016-09-30 13:48 . 2016-09-30 13:48 -------- d-----w- c:\users\Sean Harris\AppData\Local\CEF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-10-04 12:13 . 2013-03-10 23:15 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-10-04 12:13 . 2012-02-17 02:15 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-10-03 12:10 . 2012-04-25 19:35 433768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-10-03 12:10 . 2012-04-25 19:35 735488 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-10-03 11:44 . 2012-04-25 19:35 66688 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2016-10-03 11:44 . 2014-07-28 18:46 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-10-03 11:44 . 2013-05-26 22:24 224616 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-10-03 11:44 . 2013-05-26 22:24 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-10-03 11:44 . 2012-04-25 19:35 64272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2016-10-03 11:44 . 2012-04-25 19:35 92256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-08-19 17:24 . 2016-08-19 17:24 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-07-15 17:55 . 2016-07-15 17:55 0 ----a-w- c:\windows\ava15B1.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-10-03 11:44 832488 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-19 39408]
"Google Photos Backup"="c:\users\Sean Harris\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" [2016-04-08 3790936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-03-20 60712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-10-04 9107616]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-06-22 598552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-unins...tUDEwVEIrMi1DMTBBQisyMg&prod=94&ver=10.0.1424" [?]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\users\Sean Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-03-20 22:23 1773568 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-04-24 01:11 176128 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-10 12:13]
.
2016-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf457faa263eb0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 17:35]
.
2016-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 17:35]
.
2016-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000Core.job
- c:\users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 17:36]
.
2016-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000UA.job
- c:\users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 17:36]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
HKCU-Run-BitTorrent - c:\users\Sean Harris\Desktop\BitTorrent.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Coupon Printer for Windows5.0.1.2 - c:\program files\Coupons\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-10-07 09:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2016-10-07 09:25:41
ComboFix-quarantined-files.txt
ComboFix 16-09-28.01 - Sean Harris 10/07/2016 9:02.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.836 [GMT -5:00]
Running from: c:\users\Sean Harris\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: Avast Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Sean Harris\Documents\~WRL2278.tmp
c:\windows\system32\AutoRun.inf
c:\windows\system32\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2016-09-07 to 2016-10-07 )))))))))))))))))))))))))))))))
.
.
2016-10-07 14:21 . 2016-10-07 14:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-10-05 01:53 . 2016-10-05 03:41 -------- d-----w- C:\AdwCleaner
2016-10-05 01:46 . 2016-10-05 01:46 -------- d-----w- c:\users\Sean Harris\AppData\Local\CrashDumps
2016-10-04 13:44 . 2016-10-05 11:21 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-10-04 13:39 . 2016-03-10 19:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-10-04 13:39 . 2016-03-10 19:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-10-04 13:39 . 2016-03-10 19:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-10-04 13:39 . 2016-10-04 13:39 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-10-04 11:36 . 2016-10-04 11:36 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-10-04 11:34 . 2016-10-04 11:35 -------- d-----w- c:\program files\RogueKiller
2016-10-04 11:34 . 2016-10-04 11:34 -------- d-----w- c:\programdata\RogueKiller
2016-10-04 00:50 . 2016-10-04 00:48 295840 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2016-10-04 00:48 . 2016-10-03 11:44 319760 ----a-w- c:\windows\system32\aswBoot.exe
2016-10-04 00:48 . 2016-10-04 00:48 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2016-10-03 13:33 . 2016-10-04 01:37 -------- d-----w- C:\FRST
2016-10-03 11:46 . 2016-10-04 00:48 184592 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-10-03 11:46 . 2016-10-03 11:43 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-10-03 11:45 . 2016-10-03 11:44 921280 ----a-w- c:\windows\ucrtbase.dll
2016-10-03 11:44 . 2016-10-03 11:44 53208 ----a-w- c:\windows\avastSS.scr
2016-09-30 14:49 . 2016-10-04 00:51 39832 ----a-w- c:\windows\system32\drivers\staport.sys
2016-09-30 14:11 . 2016-09-30 14:11 -------- d-----w- c:\windows\system32\config\systemprofile\.oracle_jre_usage
2016-09-30 13:48 . 2016-09-30 13:48 -------- d-----w- c:\users\Sean Harris\AppData\Local\CEF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-10-04 12:13 . 2013-03-10 23:15 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-10-04 12:13 . 2012-02-17 02:15 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-10-03 12:10 . 2012-04-25 19:35 433768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-10-03 12:10 . 2012-04-25 19:35 735488 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-10-03 11:44 . 2012-04-25 19:35 66688 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2016-10-03 11:44 . 2014-07-28 18:46 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-10-03 11:44 . 2013-05-26 22:24 224616 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-10-03 11:44 . 2013-05-26 22:24 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-10-03 11:44 . 2012-04-25 19:35 64272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2016-10-03 11:44 . 2012-04-25 19:35 92256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-08-19 17:24 . 2016-08-19 17:24 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-07-15 17:55 . 2016-07-15 17:55 0 ----a-w- c:\windows\ava15B1.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-10-03 11:44 832488 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-19 39408]
"Google Photos Backup"="c:\users\Sean Harris\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" [2016-04-08 3790936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-03-20 60712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-10-04 9107616]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-06-22 598552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-unins...tUDEwVEIrMi1DMTBBQisyMg&prod=94&ver=10.0.1424" [?]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\users\Sean Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-03-20 22:23 1773568 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-04-24 01:11 176128 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-10 12:13]
.
2016-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf457faa263eb0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 17:35]
.
2016-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 17:35]
.
2016-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000Core.job
- c:\users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 17:36]
.
2016-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000UA.job
- c:\users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 17:36]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
HKCU-Run-BitTorrent - c:\users\Sean Harris\Desktop\BitTorrent.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Coupon Printer for Windows5.0.1.2 - c:\program files\Coupons\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-10-07 09:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2016-10-07 09:25:41
ComboFix-quarantined-files.txt 2016-10-07 14:25
.
Pre-Run: 115,460,407,296 bytes free
Post-Run: 117,049,520,128 bytes free
.
- - End Of File - - 6CD47BA6690D03DC1367E0DCA5B4097E
1A1A06F62E891045814007163C1C76C3

2016-10-07 14:25
.
Pre-Run: 115,460,407,296 bytes free
Post-Run: 117,049,520,128 bytes free
.
- - End Of File - - 6CD47BA6690D03DC1367E0DCA5B4097E
1A1A06F62E891045814007163C1C76C3

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[brokensynapse]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-10-2016
Ran by Sean Harris (administrator) on DHARMA-PC (10-10-2016 05:27:03)
Running from C:\Users\Sean Harris\Downloads
Loaded Profiles: Sean Harris (Available Profiles: Sean Harris)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Sean Harris\Downloads\FRST(2).exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-12] (Synaptics, Inc.)
HKLM\...\Run: [QlbCtrl] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [159744 2007-02-13] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13556256 2008-12-04] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2008-12-04] (NVIDIA Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-10-15] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-10-03] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OUktTkgzRjItU1kyNjgtSEdZOUEtRk5DUU4tWDcyWVI"&"inst=NzYtNzk2MzQ1OTE3LVU5MCsxLVRQKzEtWE8zNisxLU4xRCsxLVRCOSsyLVBMKzktVFVHKz (the data entry has 122 more characters).
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44128 2006-11-07] (soft thinks)
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-18] (Google Inc.)
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Run: [Google Photos Backup] => C:\Users\Sean Harris\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1370624 2008-01-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-10-03] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2008-07-05]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Sean Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-12-18]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{1E4CEE65-A56B-45F2-A303-39A30B421E3B}: [DhcpNameServer] 192.168.100.254
Tcpip\..\Interfaces\{3BD60310-3959-4C3A-B7B7-C3CE2CEF7A6A}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {8E8176CF-3C72-4F29-B0AF-5E670D763FBD} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM -> {E4A7BA5D-1FCA-4261-85CA-307FC5471A6D} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-19] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-03] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-19] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-19] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-19] (Google Inc.)
DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} hxxps://www.member-data.com/rdc/EZTwainX.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 7ykyy2rz.default
FF ProfilePath: C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default [2016-10-10]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\7ykyy2rz.default -> Yahoo! Search
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\7ykyy2rz.default -> Yahoo! Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\7ykyy2rz.default -> Yahoo! Search
FF Homepage: Mozilla\Firefox\Profiles\7ykyy2rz.default -> hxxps://www.google.com/
FF Extension: (Firefox Hotfix) - C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-10-03]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2016-10-03] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-06-03] [not signed]
FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared => not found
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-03]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-03]
FF HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-10-04] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-11-22] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2006-03-31] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-2532419472-1891236629-2710359153-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-2532419472-1891236629-2710359153-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-11-12] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008-10-14] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-01-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-01-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-01-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-01-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-01-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-01-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-01-29] (Apple Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\SEANHA~1\AppData\Local\Temp\crxBB17.tmp <not found>
StartMenuInternet: chrome.exe - C:\Users\Sean Harris\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-03] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-10-03] (AVAST Software)
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [262243 2007-04-23] () [File not signed]
S2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [106593 2007-04-23] () [File not signed]
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2007-02-12] (Sonic Solutions) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-10-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-10-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-10-03] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2016-10-03] (ALWIL Software)
R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [295840 2016-10-03] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-10-03] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-10-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-10-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-10-03] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-10-03] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-10-03] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-10-03] (AVAST Software)
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2008-04-01] (LeapFrog) [File not signed]
R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [160768 2007-04-11] (Conexant Systems Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-10-04] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\SEANHA~1\AppData\Local\Temp\catchme.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-10 05:26 - 2016-10-10 05:26 - 01757184 _____ (Farbar) C:\Users\Sean Harris\Downloads\FRST(2).exe
2016-10-07 09:32 - 2016-10-07 09:32 - 00011856 _____ C:\Users\Sean Harris\Desktop\combofix log.txt
2016-10-07 09:25 - 2016-10-07 09:25 - 00011856 _____ C:\ComboFix.txt
2016-10-07 08:59 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2016-10-07 08:59 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2016-10-07 08:59 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-10-07 08:59 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-10-07 08:59 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-10-07 08:59 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2016-10-07 08:59 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2016-10-07 08:59 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2016-10-07 08:58 - 2016-10-07 09:25 - 00000000 ____D C:\Qoobox
2016-10-07 08:58 - 2016-10-07 09:25 - 00000000 ____D C:\ComboFix
2016-10-07 08:54 - 2016-10-07 09:23 - 00000000 ____D C:\Windows\erdnt
2016-10-07 08:53 - 2016-10-07 08:54 - 05659993 ____R (Swearware) C:\Users\Sean Harris\Downloads\ComboFix.exe
2016-10-07 08:48 - 2016-10-07 08:48 - 05659993 _____ (Swearware) C:\Users\Sean Harris\Downloads\ComboFix.exe.part
2016-10-05 06:04 - 2016-10-05 06:04 - 00003885 _____ C:\Users\Sean Harris\Desktop\JRT.txt
2016-10-05 05:52 - 2016-10-05 05:52 - 01631928 _____ (Malwarebytes) C:\Users\Sean Harris\Downloads\JRT.exe
2016-10-04 21:03 - 2016-10-04 21:03 - 00007685 _____ C:\Users\Sean Harris\Desktop\AdwCleaner[S0].txt
2016-10-04 20:53 - 2016-10-04 22:41 - 00000000 ____D C:\AdwCleaner
2016-10-04 20:51 - 2016-10-04 20:52 - 03861056 _____ C:\Users\Sean Harris\Downloads\AdwCleaner.exe
2016-10-04 20:46 - 2016-10-04 20:46 - 00000000 ____D C:\Users\Sean Harris\AppData\Local\CrashDumps
2016-10-04 10:01 - 2016-10-04 10:04 - 00000806 _____ C:\Users\Sean Harris\Desktop\firefox.lnk
2016-10-04 09:47 - 2016-10-04 09:47 - 00001067 _____ C:\Users\Sean Harris\Desktop\mbytes.txt
2016-10-04 08:44 - 2016-10-05 06:21 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-04 08:40 - 2016-10-04 08:40 - 00000859 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-04 08:39 - 2016-10-04 08:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-04 08:39 - 2016-10-04 08:39 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-10-04 08:39 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-04 08:39 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-04 08:39 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-04 08:37 - 2016-10-04 08:37 - 22851472 _____ (Malwarebytes ) C:\Users\Sean Harris\Downloads\mbam-setup-2.2.1.1043.exe
2016-10-04 08:19 - 2016-10-04 08:19 - 00017182 _____ C:\Users\Sean Harris\Desktop\rk log.txt
2016-10-04 06:36 - 2016-10-04 06:36 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-10-04 06:35 - 2016-10-04 06:35 - 00000800 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-10-04 06:35 - 2016-10-04 06:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-10-04 06:34 - 2016-10-04 06:35 - 00000000 ____D C:\Program Files\RogueKiller
2016-10-04 06:34 - 2016-10-04 06:34 - 00000000 ____D C:\ProgramData\RogueKiller
2016-10-04 06:32 - 2016-10-04 06:33 - 33624128 _____ (Adlice Software ) C:\Users\Sean Harris\Downloads\setup.exe
2016-10-04 06:32 - 2016-10-04 06:32 - 33624128 _____ (Adlice Software ) C:\Users\Sean Harris\Downloads\setup.exe.part
2016-10-03 20:19 - 2016-10-03 20:20 - 01754624 _____ (Farbar) C:\Users\Sean Harris\Downloads\FRST(1).exe
2016-10-03 20:18 - 2016-10-03 20:19 - 01754624 _____ (Farbar) C:\Users\Sean Harris\Downloads\FRST(1).exe.part
2016-10-03 19:58 - 2016-10-03 19:58 - 00001789 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2016-10-03 19:58 - 2016-10-03 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-10-03 19:50 - 2016-10-03 19:48 - 00295840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
2016-10-03 19:48 - 2016-10-03 19:48 - 00012112 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys
2016-10-03 19:48 - 2016-10-03 06:44 - 00319760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-10-03 14:03 - 2016-10-03 14:03 - 00000856 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-10-03 13:58 - 2016-10-03 13:58 - 54359679 _____ C:\unp30547368341249072.mdmp
2016-10-03 08:38 - 2016-10-03 20:37 - 00046895 _____ C:\Users\Sean Harris\Downloads\Addition.txt
2016-10-03 08:33 - 2016-10-10 05:28 - 00022377 _____ C:\Users\Sean Harris\Downloads\FRST.txt
2016-10-03 08:33 - 2016-10-10 05:27 - 00000000 ____D C:\FRST
2016-10-03 08:32 - 2016-10-03 08:32 - 01754624 _____ (Farbar) C:\Users\Sean Harris\Downloads\FRST.exe
2016-10-03 07:55 - 2016-10-03 14:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-10-03 07:05 - 2016-10-03 07:05 - 06334848 _____ (AVAST Software) C:\Users\Sean Harris\Downloads\avast_free_antivirus_setup_online.exe
2016-10-03 06:46 - 2016-10-03 19:48 - 00184592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-10-03 06:46 - 2016-10-03 06:43 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-10-03 06:45 - 2016-10-03 06:44 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2016-10-03 06:44 - 2016-10-03 06:44 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-10-03 06:35 - 2016-10-03 06:35 - 00325134 _____ C:\unp305473061302938468.mdmp
2016-10-03 06:31 - 2016-10-03 06:31 - 00297258 _____ C:\unp305473053059149764.mdmp
2016-09-30 09:49 - 2016-10-03 19:51 - 00039832 _____ () C:\Windows\system32\Drivers\staport.sys
2016-09-30 08:48 - 2016-09-30 08:48 - 00000000 ____D C:\Users\Sean Harris\AppData\Local\CEF

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-10 05:21 - 2009-07-02 10:12 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000Core.job
2016-10-10 05:18 - 2010-02-13 20:39 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-10 05:18 - 2009-07-02 10:12 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000UA.job
2016-10-10 05:16 - 2013-03-10 18:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-10 05:15 - 2009-02-19 10:48 - 00070771 _____ C:\ProgramData\nvModes.001
2016-10-10 05:15 - 2006-11-02 07:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-10 05:15 - 2006-11-02 07:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-10 01:53 - 2014-03-21 22:34 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf457faa263eb0.job
2016-10-07 09:47 - 2011-12-28 10:35 - 00000000 ____D C:\Users\Sean Harris\AppData\Roaming\HpUpdate
2016-10-07 09:44 - 2007-08-04 06:16 - 00000000 ____D C:\Windows\SMINST
2016-10-07 09:40 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-07 09:38 - 2006-11-02 08:01 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-07 09:21 - 2006-11-02 05:23 - 00000215 _____ C:\Windows\system.ini
2016-10-05 05:53 - 2009-02-19 10:48 - 00070771 _____ C:\ProgramData\nvModes.dat
2016-10-04 08:39 - 2009-03-03 17:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-04 07:13 - 2013-03-10 18:15 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-10-04 07:13 - 2012-02-16 21:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-10-04 07:12 - 2007-08-04 05:30 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-03 19:54 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2016-10-03 14:05 - 2006-11-02 05:23 - 00000362 _____ C:\Windows\win.ini
2016-10-03 14:01 - 2016-08-19 13:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-10-03 09:02 - 2007-12-22 08:39 - 00000000 ____D C:\Users\Sean Harris\AppData\Local\Google
2016-10-03 07:10 - 2012-04-25 14:35 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-10-03 07:10 - 2012-04-25 14:35 - 00433768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-10-03 06:44 - 2014-07-28 13:46 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-10-03 06:44 - 2013-05-26 17:24 - 00224616 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-10-03 06:44 - 2013-05-26 17:24 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-10-03 06:44 - 2012-04-25 14:35 - 00092256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-10-03 06:44 - 2012-04-25 14:35 - 00066688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-10-03 06:44 - 2012-04-25 14:35 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-09-30 09:38 - 2007-12-21 17:31 - 00000000 ____D C:\Users\Sean Harris
2016-09-30 09:38 - 2006-11-02 05:22 - 52690944 _____ C:\Windows\system32\config\software_previous
2016-09-30 09:38 - 2006-11-02 05:22 - 45350912 _____ C:\Windows\system32\config\components_previous
2016-09-30 09:38 - 2006-11-02 05:22 - 38010880 _____ C:\Windows\system32\config\system_previous
2016-09-30 09:38 - 2006-11-02 05:22 - 00524288 _____ C:\Windows\system32\config\default_previous
2016-09-30 09:38 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2016-09-30 09:38 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2016-09-30 09:37 - 2016-08-28 15:44 - 00000000 ____D C:\Users\Sean Harris\{1bbcfec6-1859-4565-8a35-895798d9cb1e}
2016-09-30 09:37 - 2014-04-12 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-09-30 09:37 - 2014-04-12 22:04 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2016-09-30 09:37 - 2014-04-12 22:04 - 00000000 ____D C:\Program Files\iTunes
2016-09-30 09:37 - 2014-04-12 22:04 - 00000000 ____D C:\Program Files\iPod
2016-09-30 09:37 - 2008-07-05 11:30 - 00000000 ____D C:\ProgramData\HP Product Assistant
2016-09-30 09:37 - 2007-12-23 16:12 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-09-30 09:37 - 2007-12-21 17:38 - 00000000 ____D C:\Users\Sean Harris\AppData\Local\QuickPlay
2016-09-30 09:37 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\spool
2016-09-30 09:37 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\Msdtc
2016-09-30 09:36 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\registration
2016-09-30 09:27 - 2011-10-15 08:04 - 00001356 _____ C:\Users\Sean Harris\AppData\Local\d3d9caps.dat
2016-09-28 07:26 - 2012-04-25 14:29 - 00000000 ____D C:\ProgramData\AVAST Software

==================== Files in the root of some directories =======

2012-04-22 18:18 - 2012-04-23 20:02 - 0000660 _____ () C:\Users\Sean Harris\AppData\Roaming\bibstats
2008-01-26 16:44 - 2009-02-19 10:27 - 0028665 _____ () C:\Users\Sean Harris\AppData\Roaming\nvModes.001
2008-01-25 20:22 - 2008-01-25 20:22 - 0028665 _____ () C:\Users\Sean Harris\AppData\Roaming\nvModes.dat
2008-01-13 11:50 - 2008-01-13 11:50 - 0000117 _____ () C:\Users\Sean Harris\AppData\Roaming\PodRescue v1 Prefs
2008-01-12 23:03 - 2008-01-12 23:03 - 0000010 ____H () C:\Users\Sean Harris\AppData\Roaming\PodRescue_Time
2011-04-07 20:35 - 2011-04-07 20:35 - 0000000 _____ () C:\Users\Sean Harris\AppData\Roaming\wklnhst.dat
2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\AtStart.txt
2011-10-15 08:04 - 2016-09-30 09:27 - 0001356 _____ () C:\Users\Sean Harris\AppData\Local\d3d9caps.dat
2007-12-22 04:18 - 2016-08-28 15:45 - 0224256 _____ () C:\Users\Sean Harris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\DSwitch.txt
2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\QSwitch.txt
2007-08-04 05:53 - 2013-11-10 14:38 - 0027973 _____ () C:\ProgramData\hpzinstall.log
2009-02-19 10:48 - 2016-10-10 05:15 - 0070771 _____ () C:\ProgramData\nvModes.001
2009-02-19 10:48 - 2016-10-05 05:53 - 0070771 _____ () C:\ProgramData\nvModes.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-07 09:52

==================== End of FRST.txt ============================

 

[brokensynapse]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-10-2016
Ran by Sean Harris (10-10-2016 05:29:44)
Running from C:\Users\Sean Harris\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2007-12-10 14:05:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2532419472-1891236629-2710359153-500 - Administrator - Disabled)
Guest (S-1-5-21-2532419472-1891236629-2710359153-501 - Limited - Disabled)
Sean Harris (S-1-5-21-2532419472-1891236629-2710359153-1000 - Administrator - Enabled) => C:\Users\Sean Harris

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Avast Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
3ivx MPEG-4 5.0.3 (remove only) (HKLM\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Reader 8.1.4 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
AIO_Scan (Version: 90.0.200.000 - Hewlett-Packard) Hidden
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
Avast Internet Security (HKLM\...\avast) (Version: 12.3.2280 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
C4200 (Version: 90.0.200.000 - Hewlett-Packard) Hidden
C4200_doccd (Version: 90.0.200.000 - Hewlett-Packard) Hidden
c4200_Help (Version: 90.0.200.000 - Hewlett-Packard) Hidden
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: 4.18.0.0 - Conexant)
Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
D1400 (Version: 82.0.201.000 - Hewlett-Packard) Hidden
D1400_Help (Version: 82.0.201.000 - Hewlett-Packard) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 90.0.146.000 - Hewlett-Packard) Hidden
dj_sf_ProductContext (Version: 82.0.201.000 - Hewlett-Packard) Hidden
dj_sf_software (Version: 82.0.201.000 - Hewlett-Packard) Hidden
dj_sf_software_req (Version: 82.0.201.000 - Hewlett-Packard) Hidden
DocProc (Version: 9.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
ESU for Microsoft Vista (HKLM\...\{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}) (Version: 2.0.5.1 - Hewlett-Packard)
FlipShare (HKLM\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
Google Chrome (HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7) (Version: - )
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Deskjet 8.0 Software (HKLM\...\{58535A90-1788-44f5-80BB-CFF62D9CE6D5}) (Version: 8.0 - HP)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Help and Support (HKLM\...\{31216452-5540-4C96-B754-94890A63D5AB}) (Version: 2.0.10.0 - Hewlett-Packard)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP OCR Software 9.0 (HKLM\...\HPOCR) (Version: 9.0 - HP)
HP Photosmart All-In-One Software 9.0 (HKLM\...\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}) (Version: 9.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Quick Launch Buttons 6.20 B1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.20 B1 - Hewlett-Packard)
HP QuickPlay 3.2 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Total Care Advisor (HKLM\...\{F6B29003-A078-4491-AFBE-62EFB6CFFE19}) (Version: 1.1.19 - Hewlett-Packard)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP User Guides 0057 (HKLM\...\{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}) (Version: 1.03.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{D32067CD-7409-4792-BFA0-1469BCD8F0C8}) (Version: 3.00 F1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPNetworkAssistant (HKLM\...\{228C6B46-64E2-404E-898A-EF0830603EF4}) (Version: 1.1.70 - Hewlett-Packard.)
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
iRip (HKLM\...\{4D6FAB8B-F22B-4272-AA27-9A188E21D047}) (Version: 1.0.1.26 - The Little App Factory, LLC.)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
LightScribe 1.6.43.1 (Version: 1.6.43.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSCU for Microsoft Vista (HKLM\...\{F7F3B252-E772-48AA-93EB-7964BC326067}) (Version: 1.0.1.3 - Hewlett-Packard)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
muvee autoProducer 6.0 (HKLM\...\{0BFC200F-C45D-4271-AF34-4CA969225DEB}) (Version: 6.00.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hplaptop Master Uninstall) (Version: HPLAP0503 - WildTangent)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PS_AIO_ProductContext (Version: 90.0.200.000 - Hewlett-Packard) Hidden
PS_AIO_Software (Version: 90.0.200.000 - Hewlett-Packard) Hidden
PS_AIO_Software_min (Version: 90.0.200.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.551 - Roxio)
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
SmartAudio (HKLM\...\SmartAudio) (Version: - Conexant)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.11.0 - Synaptics)
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00933A8A-3422-4586-9E45-308AD322BEF9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
Task: {1412B440-FDB7-41E6-8183-27745EBE5E5C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-04] (Adobe Systems Incorporated)
Task: {1ED2DAD1-B90F-47C4-9AD8-40C635104ABA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000UA => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
Task: {3FD8946A-E628-4156-8828-714FFBF264AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000Core => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
Task: {4BCC7A0C-E50E-411F-8F3D-E0EDB7757D2B} - System32\Tasks\Microsoft\Windows\RestartManager\{F4B3AC6E-5272-4ecd-8978-AD89A4B845B7} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {4E501739-E756-46DA-853D-28912C450019} - System32\Tasks\{A565FBF5-B545-4ECA-A3D7-9B6C20E5C002} => pcalua.exe -a "C:\Program Files\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime
Task: {5146E494-7602-4D8D-B59B-4AC8FDB5BDB5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-03] (AVAST Software)
Task: {747042E3-0465-46ED-8FBD-D10F1237B493} - System32\Tasks\{3E0875DD-48EE-44CE-914E-FFF7328DECE6} => pcalua.exe -a E:\VEWLP.exe -d E:\
Task: {7ECA859A-C65E-4A4A-8E57-2B933E9D5600} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {99F04631-D25B-47D8-83E8-8B7AF9D72CEC} - System32\Tasks\SafeZone scheduled Autoupdate 1475242992 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {BEA8B901-0A1F-4F11-BBFE-F4614D338841} - System32\Tasks\Leader Technologies\PowerRegister\Seagate Product Registration (Sean Harris) => C:\Users\Sean Harris\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe
Task: {CCDB5F33-EE1C-4E35-85EB-F4288B702FA0} - System32\Tasks\GoogleUpdateTaskMachineCore1cf457faa263eb0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
Task: {CE005CD6-F910-45E8-81EA-191E6AB3E30A} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {CF985692-40E1-463E-9FC5-23C3BB86519C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
Task: {E873E323-022B-45F0-B512-0F14A92DEC0B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf457faa263eb0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000Core.job => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000UA.job => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Sean Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iRip\iRip Help.lnk -> hxxp://www.ipodrip.com/help/

==================== Loaded Modules (Whitelisted) ==============

2016-10-03 06:44 - 2016-10-03 06:44 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-10-03 06:44 - 2016-10-03 06:44 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-10-09 06:01 - 2016-10-09 06:01 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16100900\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-08-04 05:40 - 2007-04-23 20:11 - 00262243 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
2007-08-04 05:40 - 2007-04-23 20:11 - 00237673 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2011-05-06 14:07 - 2011-05-06 14:07 - 00460144 _____ () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
2010-10-26 01:06 - 2010-10-26 01:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShare\QtCore4.dll
2011-05-06 14:07 - 2011-05-06 14:07 - 04317184 _____ () C:\Program Files\Flip Video\FlipShare\Core.dll
2011-05-06 14:02 - 2011-05-06 14:02 - 00737280 _____ () C:\Program Files\Flip Video\FlipShare\qca2.dll
2010-10-26 01:23 - 2010-10-26 01:23 - 08351744 _____ () C:\Program Files\Flip Video\FlipShare\QtGui4.dll
2010-10-26 01:08 - 2010-10-26 01:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
2010-10-26 01:23 - 2010-10-26 01:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShare\QtSql4.dll
2010-10-26 01:06 - 2010-10-26 01:06 - 00364544 _____ () C:\Program Files\Flip Video\FlipShare\QtXml4.dll
2010-10-26 09:34 - 2010-10-26 09:34 - 11853824 _____ () C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
2010-10-26 01:37 - 2010-10-26 01:37 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\phonon4.dll
2010-05-20 14:49 - 2010-05-20 14:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShare\PocoNet.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShare\PocoXML.dll
2011-05-06 13:58 - 2011-05-06 13:58 - 01085440 _____ () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
2010-10-26 01:06 - 2010-10-26 01:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
2010-10-26 01:08 - 2010-10-26 01:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
2010-10-26 01:23 - 2010-10-26 01:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
2010-05-20 14:49 - 2010-05-20 14:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 00175616 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 00291840 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
2010-05-17 10:47 - 2010-05-17 10:47 - 00110592 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
2013-11-17 12:15 - 2016-10-03 06:44 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2007-02-16 19:40 - 2007-02-16 19:40 - 01466368 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-02-16 19:40 - 2007-02-16 19:40 - 05521408 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-08-04 06:15 - 2007-01-30 17:58 - 00677576 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2007-08-04 05:39 - 2007-04-23 20:10 - 00061440 _____ () C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [149]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2016-10-07 09:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisor => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
MSCONFIG\startupreg: QPService => "C:\Program Files\HP\QuickPlay\QPService.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{5BC58A37-88F1-48D7-8BE5-98236F326965}] => (Allow) C:\Program Files\HP\QuickPlay\QP.exe
FirewallRules: [{977244DC-0C6F-4602-9E5D-F53F4137696A}] => (Allow) C:\Program Files\HP\QuickPlay\QPService.exe
FirewallRules: [{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{05F6F3EF-B25C-4001-8372-FE26E6D1B328}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{F238082B-3978-480D-B122-CF2A1C1231A2}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
FirewallRules: [{A7BB0588-8517-458B-B620-0B480C80D0FC}] => (Allow) C:\Program Files\HP\Digital Imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{0A83C0EF-91EE-40EC-B9DD-94EC2F9C6793}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{AD2D0DB4-8073-4B72-97FA-914302A36EE1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{A45ED214-B796-4345-B13D-CA5D29C899E1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe
FirewallRules: [{FF3EC5DE-D183-4CC9-986F-7CD0872593E1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{EFB3DB1D-3484-47A4-9202-6A9FE178DEED}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{41E5F946-A697-4ED1-8D0C-CD91FCAF5FC6}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{B4798DC6-D4D5-4570-8A2F-71D2E88DD43A}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{5E1AAB3A-A0D4-49EC-AB04-A097036047DC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{99CE8B0B-0A89-44B0-AC11-188A247E7521}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{551C54BC-CD2F-446D-9D0B-61352826742D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{4B7E4457-248F-4BA2-B8A8-00C7062C975D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{A4087168-D94B-4F77-BCAA-54D29F4D37F4}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [TCP Query User{AC8F7B82-0F15-496C-B3DA-34A8E2D33ADE}C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{928CECF7-5561-42E5-A96F-92BDD4375C78}C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{BB46DB95-497E-4F81-BB3C-571989FE87BF}] => (Allow) LPort=80
FirewallRules: [{5748741B-55B0-4A30-B114-9EC7C5ED8D53}] => (Allow) LPort=80
FirewallRules: [{A314BA29-E94B-4111-B178-7F969512969F}] => (Allow) LPort=80
FirewallRules: [{B7C28AAB-E2B8-4BE5-8218-A97A13A465E6}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{869C5BB4-2081-4A8C-BE6B-1309D7AD1721}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{66C4BA6A-BA64-4BA7-86C2-4D79991E3D06}] => (Allow) LPort=24726
FirewallRules: [{2E7DE2A1-FE43-492B-A940-46FC5FF331C3}] => (Allow) LPort=24727
FirewallRules: [{B638C71C-0524-4696-9415-4B37CFAE9837}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{604FD86F-44D0-4D8A-90E6-7563E93CF1C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB1059DF-3934-4FD1-BDAD-CE3E4F7ABFD1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A3C01DD2-B03F-435B-A3A2-A2D39DA42443}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{275871E7-69B6-4FB6-BA8B-92C7DDF9BAE0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4DBC2E42-7A2F-483D-A697-FB6992600E9A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe] => Enabled:Earthlink

==================== Restore Points =========================

13-04-2014 13:03:44 avast! antivirus system restore point
19-04-2014 15:13:08 Windows Update
19-04-2014 15:24:08 Windows Update
29-04-2014 12:01:42 Windows Update
29-04-2014 12:07:58 Windows Update
28-07-2014 13:30:55 avast! antivirus system restore point
28-07-2014 13:44:23 Installed Java 7 Update 65
28-07-2014 14:20:09 Windows Update
30-07-2014 03:01:16 Windows Update
05-08-2014 01:37:40 Windows Update
08-08-2014 01:40:41 Windows Update
12-08-2014 19:50:51 Windows Update
13-08-2014 03:00:45 Windows Update
19-08-2014 01:57:53 Windows Update
06-10-2014 06:07:03 Windows Update
07-10-2014 03:01:53 Windows Update
28-08-2016 15:44:52 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
30-09-2016 08:30:14 Removed DriverUpdate
30-09-2016 08:55:11 Removed SlimCleaner Plus
30-09-2016 09:12:28 Removed SlimCleaner Plus
03-10-2016 19:52:44 Device Driver Package Install: ALWIL Software Network Service
05-10-2016 05:54:14 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/09/2016 07:53:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16536

Error: (10/09/2016 07:53:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16536

Error: (10/09/2016 07:53:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/09/2016 07:53:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4056

Error: (10/09/2016 07:53:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4056

Error: (10/09/2016 07:53:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/09/2016 07:53:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2808

Error: (10/09/2016 07:53:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2808

Error: (10/09/2016 07:53:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/09/2016 07:53:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045


System errors:
=============
Error: (10/08/2016 04:32:42 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.

Error: (10/07/2016 09:43:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error:
After starting, the service hung in a start-pending state.

Error: (10/07/2016 09:43:49 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The CyberLink Background Capture Service (CBCS) service hung on starting.

Error: (10/07/2016 09:42:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/07/2016 09:38:20 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.

Error: (10/07/2016 09:21:24 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/07/2016 09:12:36 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/07/2016 09:04:59 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.

Error: (10/07/2016 09:02:13 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/07/2016 09:00:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The XAudioService service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2016-10-10 05:29:32.766
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-10 05:29:31.216
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-10 05:29:29.970
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-10 05:29:28.583
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-10 05:29:26.720
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-10 05:29:25.277
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-10 05:29:24.025
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-10 05:29:22.694
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-10 05:28:30.651
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-10 05:28:29.163
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55
Percentage of memory in use: 63%
Total physical RAM: 1982.18 MB
Available physical RAM: 720.98 MB
Total Virtual: 4207.54 MB
Available Virtual: 2066.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:224.46 GB) (Free:108.69 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:8.43 GB) (Free:1.8 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 9E86F523)
Partition 1: (Active) - (Size=224.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[Broni]

Still with me?

 

[brokensynapse]

Sorry for the delay..

GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\SEANHA~1\AppData\Local\Temp\catchme.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2012-04-22 18:18 - 2012-04-23 20:02 - 0000660 _____ () C:\Users\Sean Harris\AppData\Roaming\bibstats
2008-01-26 16:44 - 2009-02-19 10:27 - 0028665 _____ () C:\Users\Sean Harris\AppData\Roaming\nvModes.001
2008-01-25 20:22 - 2008-01-25 20:22 - 0028665 _____ () C:\Users\Sean Harris\AppData\Roaming\nvModes.dat
2008-01-13 11:50 - 2008-01-13 11:50 - 0000117 _____ () C:\Users\Sean Harris\AppData\Roaming\PodRescue v1 Prefs
2008-01-12 23:03 - 2008-01-12 23:03 - 0000010 ____H () C:\Users\Sean Harris\AppData\Roaming\PodRescue_Time
2011-04-07 20:35 - 2011-04-07 20:35 - 0000000 _____ () C:\Users\Sean Harris\AppData\Roaming\wklnhst.dat
2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\AtStart.txt
2011-10-15 08:04 - 2016-09-30 09:27 - 0001356 _____ () C:\Users\Sean Harris\AppData\Local\d3d9caps.dat
2007-12-22 04:18 - 2016-08-28 15:45 - 0224256 _____ () C:\Users\Sean Harris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\DSwitch.txt
2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\QSwitch.txt
2007-08-04 05:53 - 2013-11-10 14:38 - 0027973 _____ () C:\ProgramData\hpzinstall.log
2009-02-19 10:48 - 2016-10-10 05:15 - 0070771 _____ () C:\ProgramData\nvModes.001
2009-02-19 10:48 - 2016-10-05 05:53 - 0070771 _____ () C:\ProgramData\nvModes.dat
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [149]
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION

 

[Broni]

That's incorrect.
You just posted content of my "fixlist" file.
Please, re-read my instructions.

 

[brokensynapse]

Sorry about that..


Fix result of Farbar Recovery Scan Tool (x86) Version: 09-10-2016
Ran by Sean Harris (20-10-2016 07:15:14) Run:2
Running from C:\Users\Sean Harris\Downloads
Loaded Profiles: Sean Harris (Available Profiles: Sean Harris)
Boot Mode: Normal

==============================================

fixlist content:
*****************
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\SEANHA~1\AppData\Local\Temp\catchme.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2012-04-22 18:18 - 2012-04-23 20:02 - 0000660 _____ () C:\Users\Sean Harris\AppData\Roaming\bibstats
2008-01-26 16:44 - 2009-02-19 10:27 - 0028665 _____ () C:\Users\Sean Harris\AppData\Roaming\nvModes.001
2008-01-25 20:22 - 2008-01-25 20:22 - 0028665 _____ () C:\Users\Sean Harris\AppData\Roaming\nvModes.dat
2008-01-13 11:50 - 2008-01-13 11:50 - 0000117 _____ () C:\Users\Sean Harris\AppData\Roaming\PodRescue v1 Prefs
2008-01-12 23:03 - 2008-01-12 23:03 - 0000010 ____H () C:\Users\Sean Harris\AppData\Roaming\PodRescue_Time
2011-04-07 20:35 - 2011-04-07 20:35 - 0000000 _____ () C:\Users\Sean Harris\AppData\Roaming\wklnhst.dat
2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\AtStart.txt
2011-10-15 08:04 - 2016-09-30 09:27 - 0001356 _____ () C:\Users\Sean Harris\AppData\Local\d3d9caps.dat
2007-12-22 04:18 - 2016-08-28 15:45 - 0224256 _____ () C:\Users\Sean Harris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\DSwitch.txt
2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\QSwitch.txt
2007-08-04 05:53 - 2013-11-10 14:38 - 0027973 _____ () C:\ProgramData\hpzinstall.log
2009-02-19 10:48 - 2016-10-10 05:15 - 0070771 _____ () C:\ProgramData\nvModes.001
2009-02-19 10:48 - 2016-10-05 05:53 - 0070771 _____ () C:\ProgramData\nvModes.dat
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [149]
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION

*****************

"C:\Windows\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Google => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
blbdrive => service not found.
catchme => service not found.
HTCAND32 => service not found.
IpInIp => service not found.
NwlnkFlt => service not found.
NwlnkFwd => service not found.
"C:\Users\Sean Harris\AppData\Roaming\bibstats" => not found.
"C:\Users\Sean Harris\AppData\Roaming\nvModes.001" => not found.
"C:\Users\Sean Harris\AppData\Roaming\nvModes.dat" => not found.
"C:\Users\Sean Harris\AppData\Roaming\PodRescue v1 Prefs" => not found.
"C:\Users\Sean Harris\AppData\Roaming\PodRescue_Time" => not found.
"C:\Users\Sean Harris\AppData\Roaming\wklnhst.dat" => not found.
C:\Users\Sean Harris\AppData\Local\AtStart.txt => moved successfully
"C:\Users\Sean Harris\AppData\Local\d3d9caps.dat" => not found.
"C:\Users\Sean Harris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found.
C:\Users\Sean Harris\AppData\Local\DSwitch.txt => moved successfully
C:\Users\Sean Harris\AppData\Local\QSwitch.txt => moved successfully
"C:\ProgramData\hpzinstall.log" => not found.
C:\ProgramData\nvModes.001 => moved successfully
C:\ProgramData\nvModes.dat => moved successfully
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344} => key not found.
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908} => key not found.
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F} => key not found.
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782} => key not found.
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8} => key not found.
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007} => key not found.
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key not found.
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key not found.
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892} => key not found.
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B} => key not found.
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5} => key not found.
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key not found.
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008} => key not found.
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61} => key not found.
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB} => key not found.
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998} => key not found.
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB} => key not found.
HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9} => key not found.
"C:\ProgramData\Temp" => ":0B4227B4" ADS not found.
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully

==== End of Fixlog 07:16:56 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program