TechSpot

Sick computer - Farbar logs

By brokensynapse
Oct 3, 2016
  1. Avast won't run..


    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-10-2016
    Ran by Sean Harris (03-10-2016 08:38:43)
    Running from C:\Users\Sean Harris\Downloads
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2007-12-10 14:05:09)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================
    Administrator (S-1-5-21-2532419472-1891236629-2710359153-500 - Administrator - Disabled)
    Guest (S-1-5-21-2532419472-1891236629-2710359153-501 - Limited - Disabled)
    Sean Harris (S-1-5-21-2532419472-1891236629-2710359153-1000 - Administrator - Enabled) => C:\Users\Sean Harris
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: avast! Antivirus (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Disabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    3ivx MPEG-4 5.0.3 (remove only) (HKLM\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
    ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
    Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
    Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
    Adobe Reader 8.1.4 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.4 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
    AIO_Scan (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
    Avast Free Antivirus (HKLM\...\avast) (Version: 12.3.2280 - AVAST Software)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION
    C4200 (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    C4200_doccd (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    c4200_Help (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: 4.18.0.0 - Conexant)
    Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)
    D1400 (Version: 82.0.201.000 - Hewlett-Packard) Hidden
    D1400_Help (Version: 82.0.201.000 - Hewlett-Packard) Hidden
    Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
    DeviceDiscovery (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    dj_sf_ProductContext (Version: 82.0.201.000 - Hewlett-Packard) Hidden
    dj_sf_software (Version: 82.0.201.000 - Hewlett-Packard) Hidden
    dj_sf_software_req (Version: 82.0.201.000 - Hewlett-Packard) Hidden
    DocProc (Version: 9.0.0.0 - Hewlett-Packard) Hidden
    DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    ESU for Microsoft Vista (HKLM\...\{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}) (Version: 2.0.5.1 - Hewlett-Packard)
    FlipShare (HKLM\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
    Google Chrome (HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
    Google Photos Backup (HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
    HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7) (Version: - )
    HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
    HP Deskjet 8.0 Software (HKLM\...\{58535A90-1788-44f5-80BB-CFF62D9CE6D5}) (Version: 8.0 - HP)
    HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
    HP Help and Support (HKLM\...\{31216452-5540-4C96-B754-94890A63D5AB}) (Version: 2.0.10.0 - Hewlett-Packard)
    HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
    HP OCR Software 9.0 (HKLM\...\HPOCR) (Version: 9.0 - HP)
    HP Photosmart All-In-One Software 9.0 (HKLM\...\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}) (Version: 9.0 - HP)
    HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
    HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
    HP Quick Launch Buttons 6.20 B1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.20 B1 - Hewlett-Packard)
    HP QuickPlay 3.2 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
    HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
    HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
    HP Total Care Advisor (HKLM\...\{F6B29003-A078-4491-AFBE-62EFB6CFFE19}) (Version: 1.1.19 - Hewlett-Packard)
    HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
    HP User Guides 0057 (HKLM\...\{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}) (Version: 1.03.0000 - Hewlett-Packard)
    HP Wireless Assistant (HKLM\...\{D32067CD-7409-4792-BFA0-1469BCD8F0C8}) (Version: 3.00 F1 - Hewlett-Packard)
    HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    HPNetworkAssistant (HKLM\...\{228C6B46-64E2-404E-898A-EF0830603EF4}) (Version: 1.1.70 - Hewlett-Packard.)
    HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
    iRip (HKLM\...\{4D6FAB8B-F22B-4272-AA27-9A188E21D047}) (Version: 1.0.1.26 - The Little App Factory, LLC.)
    iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
    Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
    LightScribe 1.6.43.1 (Version: 1.6.43.1 - hxxp://www.lightscribe.com) Hidden
    lucky leap 1.0.0 (HKLM\...\lucky leap) (Version: 1.0.0 - luckyleap)
    MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
    MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
    Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
    MSCU for Microsoft Vista (HKLM\...\{F7F3B252-E772-48AA-93EB-7964BC326067}) (Version: 1.0.1.3 - Hewlett-Packard)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    muvee autoProducer 6.0 (HKLM\...\{0BFC200F-C45D-4271-AF34-4CA969225DEB}) (Version: 6.00.050 - muvee Technologies)
    My HP Games (HKLM\...\WildTangent hplaptop Master Uninstall) (Version: HPLAP0503 - WildTangent)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - NVIDIA Corporation)
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    PS_AIO_ProductContext (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    PS_AIO_Software (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    PS_AIO_Software_min (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
    QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
    Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
    Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
    Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
    Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
    Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
    Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
    Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
    Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.551 - Roxio)
    Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
    Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
    SmartAudio (HKLM\...\SmartAudio) (Version: - Conexant)
    SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
    SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
    Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.11.0 - Synaptics)
    Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    ==================== Custom CLSID (Whitelisted): ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {00933A8A-3422-4586-9E45-308AD322BEF9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
    Task: {1412B440-FDB7-41E6-8183-27745EBE5E5C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-30] (Adobe Systems Incorporated)
    Task: {1ED2DAD1-B90F-47C4-9AD8-40C635104ABA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000UA => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
    Task: {3FD8946A-E628-4156-8828-714FFBF264AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000Core => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
    Task: {4BCC7A0C-E50E-411F-8F3D-E0EDB7757D2B} - System32\Tasks\Microsoft\Windows\RestartManager\{F4B3AC6E-5272-4ecd-8978-AD89A4B845B7} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
    Task: {4E501739-E756-46DA-853D-28912C450019} - System32\Tasks\{A565FBF5-B545-4ECA-A3D7-9B6C20E5C002} => pcalua.exe -a "C:\Program Files\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime
    Task: {57BD79E1-5C5B-4AC0-B900-F484A6914EF6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-03] (AVAST Software)
    Task: {747042E3-0465-46ED-8FBD-D10F1237B493} - System32\Tasks\{3E0875DD-48EE-44CE-914E-FFF7328DECE6} => pcalua.exe -a E:\VEWLP.exe -d E:\
    Task: {7ECA859A-C65E-4A4A-8E57-2B933E9D5600} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
    Task: {9BB60AAB-7B57-46EA-98EA-06AFBBAD0263} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
    Task: {BEA8B901-0A1F-4F11-BBFE-F4614D338841} - System32\Tasks\Leader Technologies\PowerRegister\Seagate Product Registration (Sean Harris) => C:\Users\Sean Harris\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe
    Task: {CADDBFCC-FBE3-4667-B886-B4270DC74A09} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20] ()
    Task: {CCDB5F33-EE1C-4E35-85EB-F4288B702FA0} - System32\Tasks\GoogleUpdateTaskMachineCore1cf457faa263eb0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
    Task: {CE005CD6-F910-45E8-81EA-191E6AB3E30A} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    Task: {CF985692-40E1-463E-9FC5-23C3BB86519C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
    Task: {D54B8BA8-5E74-4E66-9C33-D861F421CBAF} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20] ()
    Task: {E873E323-022B-45F0-B512-0F14A92DEC0B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf457faa263eb0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000Core.job => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000UA.job => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\ParetoLogic Registration3.job => rundll32.exe C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
    Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
    Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
    ==================== Shortcuts =============================
    (The entries could be listed to be restored or removed.)
    Shortcut: C:\Users\Sean Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iRip\iRip Help.lnk -> hxxp://www.ipodrip.com/help/
    ==================== Loaded Modules (Whitelisted) ==============
    2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2007-08-04 05:40 - 2007-04-23 20:11 - 00262243 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    2007-08-04 05:40 - 2007-04-23 20:11 - 00237673 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
    2011-05-06 14:07 - 2011-05-06 14:07 - 00460144 _____ () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    2010-10-26 01:06 - 2010-10-26 01:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShare\QtCore4.dll
    2011-05-06 14:07 - 2011-05-06 14:07 - 04317184 _____ () C:\Program Files\Flip Video\FlipShare\Core.dll
    2011-05-06 14:02 - 2011-05-06 14:02 - 00737280 _____ () C:\Program Files\Flip Video\FlipShare\qca2.dll
    2010-10-26 01:23 - 2010-10-26 01:23 - 08351744 _____ () C:\Program Files\Flip Video\FlipShare\QtGui4.dll
    2010-10-26 01:08 - 2010-10-26 01:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
    2010-10-26 01:23 - 2010-10-26 01:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShare\QtSql4.dll
    2010-10-26 01:06 - 2010-10-26 01:06 - 00364544 _____ () C:\Program Files\Flip Video\FlipShare\QtXml4.dll
    2010-10-26 09:34 - 2010-10-26 09:34 - 11853824 _____ () C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
    2010-10-26 01:37 - 2010-10-26 01:37 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\phonon4.dll
    2010-05-20 14:49 - 2010-05-20 14:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShare\PocoNet.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShare\PocoXML.dll
    2011-05-06 13:58 - 2011-05-06 13:58 - 01085440 _____ () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    2010-10-26 01:06 - 2010-10-26 01:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
    2010-10-26 01:08 - 2010-10-26 01:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
    2010-10-26 01:23 - 2010-10-26 01:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
    2010-05-20 14:49 - 2010-05-20 14:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 00175616 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 00291840 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 00110592 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
    2013-11-17 12:15 - 2014-07-28 13:45 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2012-04-25 14:31 - 2014-07-28 13:44 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2007-02-16 19:40 - 2007-02-16 19:40 - 01466368 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
    2007-02-16 19:40 - 2007-02-16 19:40 - 05521408 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
    2007-08-04 05:39 - 2007-04-23 20:10 - 00061440 _____ () C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
    2007-08-04 06:15 - 2007-01-30 17:58 - 00677576 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    2016-09-30 09:46 - 2016-10-03 07:36 - 00660672 _____ () C:\Program Files\lucky leap\bin\utilluckyleap.exe
    2014-08-08 15:48 - 2016-10-03 05:34 - 00108224 _____ () C:\Program Files\lucky leap\bin\luckyleap.BrowserAdapter.exe
    2016-09-30 09:49 - 2016-10-03 03:34 - 00296640 _____ () C:\Program Files\lucky leap\bin\luckyleap.PurBrowse.exe
    2016-09-30 09:49 - 2016-10-03 03:34 - 00115392 _____ () C:\Program Files\lucky leap\bin\luckyleap.expext.exe
    2016-09-30 09:49 - 2016-10-03 03:34 - 00065728 _____ () C:\Program Files\lucky leap\bin\luckyleap.Plinx.exe
    2016-10-03 07:36 - 2016-10-03 03:34 - 00057024 _____ () C:\Users\Sean Harris\AppData\Local\Temp\fd899a94-6b8c-4550-aa5b-d682036c2eb2.dll
    2013-10-03 15:45 - 2016-10-03 07:37 - 00660672 _____ () C:\Program Files\lucky leap\updateluckyleap.exe
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the ADS will be removed.)
    AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [149]
    ==================== Safe Mode (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    ==================== Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)

    ==================== Hosts content: ===============================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost
    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 209.18.47.61 - 209.18.47.62
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: HPAdvisor => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
    MSCONFIG\startupreg: QPService => "C:\Program Files\HP\QuickPlay\QPService.exe"
    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [{5BC58A37-88F1-48D7-8BE5-98236F326965}] => (Allow) C:\Program Files\HP\QuickPlay\QP.exe
    FirewallRules: [{977244DC-0C6F-4602-9E5D-F53F4137696A}] => (Allow) C:\Program Files\HP\QuickPlay\QPService.exe
    FirewallRules: [{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{05F6F3EF-B25C-4001-8372-FE26E6D1B328}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{F238082B-3978-480D-B122-CF2A1C1231A2}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{A7BB0588-8517-458B-B620-0B480C80D0FC}] => (Allow) C:\Program Files\HP\Digital Imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [{0A83C0EF-91EE-40EC-B9DD-94EC2F9C6793}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{AD2D0DB4-8073-4B72-97FA-914302A36EE1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{A45ED214-B796-4345-B13D-CA5D29C899E1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe
    FirewallRules: [{FF3EC5DE-D183-4CC9-986F-7CD0872593E1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{EFB3DB1D-3484-47A4-9202-6A9FE178DEED}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
    FirewallRules: [{41E5F946-A697-4ED1-8D0C-CD91FCAF5FC6}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
    FirewallRules: [{B4798DC6-D4D5-4570-8A2F-71D2E88DD43A}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
    FirewallRules: [{5E1AAB3A-A0D4-49EC-AB04-A097036047DC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
    FirewallRules: [{99CE8B0B-0A89-44B0-AC11-188A247E7521}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
    FirewallRules: [{551C54BC-CD2F-446D-9D0B-61352826742D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{4B7E4457-248F-4BA2-B8A8-00C7062C975D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{A4087168-D94B-4F77-BCAA-54D29F4D37F4}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
    FirewallRules: [TCP Query User{AC8F7B82-0F15-496C-B3DA-34A8E2D33ADE}C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [UDP Query User{928CECF7-5561-42E5-A96F-92BDD4375C78}C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [{BB46DB95-497E-4F81-BB3C-571989FE87BF}] => (Allow) LPort=80
    FirewallRules: [{5748741B-55B0-4A30-B114-9EC7C5ED8D53}] => (Allow) LPort=80
    FirewallRules: [{A314BA29-E94B-4111-B178-7F969512969F}] => (Allow) LPort=80
    FirewallRules: [{B7C28AAB-E2B8-4BE5-8218-A97A13A465E6}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
    FirewallRules: [{869C5BB4-2081-4A8C-BE6B-1309D7AD1721}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
    FirewallRules: [{66C4BA6A-BA64-4BA7-86C2-4D79991E3D06}] => (Allow) LPort=24726
    FirewallRules: [{2E7DE2A1-FE43-492B-A940-46FC5FF331C3}] => (Allow) LPort=24727
    FirewallRules: [{B638C71C-0524-4696-9415-4B37CFAE9837}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{604FD86F-44D0-4D8A-90E6-7563E93CF1C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{EB1059DF-3934-4FD1-BDAD-CE3E4F7ABFD1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{A3C01DD2-B03F-435B-A3A2-A2D39DA42443}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{275871E7-69B6-4FB6-BA8B-92C7DDF9BAE0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{4DBC2E42-7A2F-483D-A697-FB6992600E9A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe] => Enabled:Earthlink
    ==================== Restore Points =========================
    05-04-2014 13:25:40 Windows Update
    06-04-2014 03:00:37 Windows Update
    06-04-2014 12:23:34 Installed Java 7 Update 51
    12-04-2014 12:44:01 Windows Update
    12-04-2014 14:18:39 Removed Java 7 Update 51
    12-04-2014 14:21:07 Installed Java 7 Update 51
    12-04-2014 14:29:15 Windows Update
    13-04-2014 13:03:44 avast! antivirus system restore point
    19-04-2014 15:13:08 Windows Update
    19-04-2014 15:24:08 Windows Update
    29-04-2014 12:01:42 Windows Update
    29-04-2014 12:07:58 Windows Update
    28-07-2014 13:30:55 avast! antivirus system restore point
    28-07-2014 13:44:23 Installed Java 7 Update 65
    28-07-2014 14:20:09 Windows Update
    30-07-2014 03:01:16 Windows Update
    05-08-2014 01:37:40 Windows Update
    08-08-2014 01:40:41 Windows Update
    12-08-2014 19:50:51 Windows Update
    13-08-2014 03:00:45 Windows Update
    19-08-2014 01:57:53 Windows Update
    06-10-2014 06:07:03 Windows Update
    07-10-2014 03:01:53 Windows Update
    28-08-2016 15:44:52 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
    30-09-2016 08:30:14 Removed DriverUpdate
    30-09-2016 08:55:11 Removed SlimCleaner Plus
    30-09-2016 09:12:28 Removed SlimCleaner Plus
    ==================== Faulty Device Manager Devices =============
    Name: Microsoft ISATAP Adapter #2
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (10/03/2016 06:36:13 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll".
    Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (10/03/2016 06:32:51 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll".
    Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (09/30/2016 10:16:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 23712
    Error: (09/30/2016 10:16:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 23712
    Error: (09/30/2016 10:16:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
    Error: (09/30/2016 10:16:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 11841
    Error: (09/30/2016 10:16:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 11841
    Error: (09/30/2016 10:16:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
    Error: (09/30/2016 09:25:51 AM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
    Error: (09/30/2016 09:08:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 65630

    System errors:
    =============
    Error: (10/03/2016 06:30:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    aswTdi
    Error: (10/03/2016 06:30:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error:
    After starting, the service hung in a start-pending state.
    Error: (10/03/2016 06:30:11 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The CyberLink Background Capture Service (CBCS) service hung on starting.
    Error: (10/03/2016 06:29:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Parallel port driver service failed to start due to the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    Error: (10/03/2016 06:28:06 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 6:26:13 AM on 10/3/2016 was unexpected.
    Error: (10/03/2016 06:21:45 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the FlipShare Service service.
    Error: (09/30/2016 09:42:56 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    aswTdi
    Error: (09/30/2016 09:42:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error:
    After starting, the service hung in a start-pending state.
    Error: (09/30/2016 09:42:56 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The CyberLink Background Capture Service (CBCS) service hung on starting.
    Error: (09/30/2016 09:41:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Parallel port driver service failed to start due to the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    CodeIntegrity:
    ===================================
    Date: 2013-11-09 12:35:12.498
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2013-11-09 12:35:11.484
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2013-11-09 12:35:10.377
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2013-11-09 12:35:09.363
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2013-11-09 12:35:08.317
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2012-04-25 14:59:15.534
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG10\Drivers\Vista\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.
    Date: 2012-04-25 14:59:13.506
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG10\Drivers\Vista\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.
    Date: 2012-04-25 14:59:11.665
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG10\Drivers\Vista\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.
    Date: 2012-04-25 14:59:10.012
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG10\Drivers\Vista\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.
    Date: 2012-04-25 14:56:11.227
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG10\Drivers\ErHrVx86\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================
    Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55
    Percentage of memory in use: 84%
    Total physical RAM: 1982.18 MB
    Available physical RAM: 299.62 MB
    Total Virtual: 4207.52 MB
    Available Virtual: 1774.93 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:224.46 GB) (Free:107.63 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (HP_RECOVERY) (Fixed) (Total:8.43 GB) (Free:1.8 GB) NTFS ==>[system with boot components (obtained from drive)]
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 232.9 GB) (Disk ID: 9E86F523)
    Partition 1: (Active) - (Size=224.5 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=8.4 GB) - (Type=07 NTFS)
    ==================== End of Addition.txt ============================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================

    [​IMG] I still need primary log from FRST - FRST.txt

    [​IMG] Did you try to reinstall Avast?

    [​IMG] Uninstall following unwanted program: Buzzdock
     
  3. brokensynapse

    brokensynapse TS Enthusiast Topic Starter Posts: 56

    Hello ..

    I finally got vast to run. It blocked several attempts of Luckyleap and found several infected files by win32. Even after this the problems persist.. Mozilla seems to be the most upset. New tabs are constantly opening with some pc repair scam.

    Here's a new farbar log

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2016
    Ran by Sean Harris (administrator) on DHARMA-PC (03-10-2016 20:21:28)
    Running from C:\Users\Sean Harris\Downloads
    Loaded Profiles: Sean Harris (Available Profiles: Sean Harris)
    Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    (Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
    () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_23_0_0_162_ActiveX.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Farbar) C:\Users\Sean Harris\Downloads\FRST(1).exe

    ==================== Registry (Whitelisted) ====================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-12] (Synaptics, Inc.)
    HKLM\...\Run: [QlbCtrl] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [159744 2007-02-13] ( Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
    HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
    HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13556256 2008-12-04] (NVIDIA Corporation)
    HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2008-12-04] (NVIDIA Corporation)
    HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-10-15] (Adobe Systems Incorporated)
    HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
    HKLM\...\Run: [ROC_roc_dec12] => "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-10-03] (AVAST Software)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
    HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OUktTkgzRjItU1kyNjgtSEdZOUEtRk5DUU4tWDcyWVI"&"inst=NzYtNzk2MzQ1OTE3LVU5MCsxLVRQKzEtWE8zNisxLU4xRCsxLVRCOSsyLVBMKzktVFVHKz (the data entry has 122 more characters).
    HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44128 2006-11-07] (soft thinks)
    HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Corporation)
    HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Run: [Google Update] => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [152216 2016-07-15] (Google Inc.)
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Run: [BitTorrent] => "C:\Users\Sean Harris\Desktop\BitTorrent.exe" /MINIMIZED
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-18] (Google Inc.)
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Run: [Google Photos Backup] => C:\Users\Sean Harris\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\MountPoints2: {28d49ee7-722c-11dd-a67c-001b24e9dfc6} - G:\LaunchU3.exe -a
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\MountPoints2: {7c412cd3-3272-11e1-9520-001b24e9dfc6} - F:\PhotoViewer.exe
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\MountPoints2: {8b53d496-cd0b-11dc-aa8a-001a73d8eaff} - G:\LaunchU3.exe -a
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1370624 2008-01-19] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-10-03] (AVAST Software)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2008-07-05]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\Sean Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-12-18]
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
    Tcpip\..\Interfaces\{1E4CEE65-A56B-45F2-A303-39A30B421E3B}: [DhcpNameServer] 192.168.100.254
    Tcpip\..\Interfaces\{3BD60310-3959-4C3A-B7B7-C3CE2CEF7A6A}: [DhcpNameServer] 209.18.47.61 209.18.47.62
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=pr-bir-10037__alt__ddc_dsssyc_bd_com
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
    URLSearchHook: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
    URLSearchHook: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
    SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKLM -> {037039D8-8C53-43CC-95BE-198556E66531} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKLM -> {8E8176CF-3C72-4F29-B0AF-5E670D763FBD} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
    SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    SearchScopes: HKLM -> {E4A7BA5D-1FCA-4261-85CA-307FC5471A6D} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
    SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bir-10037__alt__ddc_dss_bd_com&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> {037039D8-8C53-43CC-95BE-198556E66531} URL =
    SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bir-10037__alt__ddc_dss_bd_com&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> {8BF7607D-D5CA-415A-8225-279CBBD07796} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3315827&CUI=UN35943307712393271&UM=2
    SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> {8E8176CF-3C72-4F29-B0AF-5E670D763FBD} URL =
    SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={2DE0DBFE-EDF6-4458-8784-F17D5776458E}&mid=ce8d487c2266b687ba873acff76d6d58-b1abb182ebcbd0d4464d5376e678bee1f073069c&lang=us&ds=AVG&pr=pa&d=2011-12-12 15:04:39&v=9.0.0.18&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> {CD020012-EF88-41D4-A783-C5E2D0C64066} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3300019&SearchSource=45&UM=2&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> {E4A7BA5D-1FCA-4261-85CA-307FC5471A6D} URL =
    BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
    BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-19] (Oracle Corporation)
    BHO: No Name -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> No File
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-03] (AVAST Software)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-19] (Google Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-19] (Oracle Corporation)
    BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
    Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-19] (Google Inc.)
    Toolbar: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-19] (Google Inc.)
    Toolbar: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
    Toolbar: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} hxxps://www.member-data.com/rdc/EZTwainX.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
    FireFox:
    ========
    FF DefaultProfile: 7ykyy2rz.default
    FF ProfilePath: C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default [2016-10-03]
    FF user.js: detected! => C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default\user.js [2016-10-03]
    FF NewTab: Mozilla\Firefox\Profiles\7ykyy2rz.default -> hxxp://search.yahoo.com/?fr=hp-ddc-bd-tab&type=pr-bfr-10037__alt__ddc_dsssyctab_bd_com
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\7ykyy2rz.default -> Yahoo! Search
    FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\7ykyy2rz.default -> Yahoo! Search
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\7ykyy2rz.default -> Yahoo! Search
    FF Homepage: Mozilla\Firefox\Profiles\7ykyy2rz.default -> hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=pr-bfr-10037__alt__ddc_dsssyc_bd_com
    FF Keyword.URL: Mozilla\Firefox\Profiles\7ykyy2rz.default -> hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bfr-10037__alt__ddc_dss_bd_com&p=
    FF Extension: (Firefox Hotfix) - C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-10-03]
    FF Extension: (lucky leap 1.0.1) - C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default\Extensions\{d7e589a9-c9af-419b-8b29-f43cc9595584}.xpi [2016-10-03] [not signed]
    FF SearchPlugin: C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default\searchplugins\search-simple.xml [2016-10-03]
    FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2016-10-03] [not signed]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
    FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-06-03] [not signed]
    FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared => not found
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-03]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-03]
    FF HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-19] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-11-22] (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
    FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-19] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-19] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2006-03-31] (RealNetworks, Inc.)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2532419472-1891236629-2710359153-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2532419472-1891236629-2710359153-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-11-12] (Sun Microsystems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008-10-14] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-01-29] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-01-29] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-01-29] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-01-29] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-01-29] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-01-29] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-01-29] (Apple Inc.)
    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [dmkpdpkjmmdacleogmmlinafnhdfdlmp] - C:\Users\Sean Harris\AppData\Local\CRE\dmkpdpkjmmdacleogmmlinafnhdfdlmp.crx <not found>
    CHR HKLM\...\Chrome\Extension: [eiimolhnbbbdagljikeckdkldgemmmlj] - C:\Program Files\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx [2014-10-07]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
    CHR HKLM\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Sean Harris\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx <not found>
    CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\SEANHA~1\AppData\Local\Temp\crxBB17.tmp [2011-09-27]
    CHR HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dmkpdpkjmmdacleogmmlinafnhdfdlmp] - C:\Users\Sean Harris\AppData\Local\CRE\dmkpdpkjmmdacleogmmlinafnhdfdlmp.crx <not found>
    CHR HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Sean Harris\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx <not found>
    StartMenuInternet: chrome.exe - C:\Users\Sean Harris\AppData\Local\Google\Chrome\Application\chrome.exe
    ==================== Services (Whitelisted) ====================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-03] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-10-03] (AVAST Software)
    R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [262243 2007-04-23] () [File not signed]
    S2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [106593 2007-04-23] () [File not signed]
    R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [153072 2014-09-05] (Coupons.com Inc.)
    R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
    R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
    R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-11] (Hewlett-Packard Co.) [File not signed]
    R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2007-02-12] (Sonic Solutions) [File not signed]
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
    S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]
    ===================== Drivers (Whitelisted) ======================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-10-03] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-10-03] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-10-03] (AVAST Software)
    R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2016-10-03] (ALWIL Software)
    R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [295840 2016-10-03] (AVAST Software)
    R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-10-03] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-10-03] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-10-03] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-10-03] (AVAST Software)
    R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-10-03] (AVAST Software)
    S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-10-03] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-10-03] (AVAST Software)
    R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
    S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2008-04-01] (LeapFrog) [File not signed]
    R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [160768 2007-04-11] (Conexant Systems Inc.)
    R1 {d7e589a9-c9af-419b-8b29-f43cc9595584}Gt; C:\Windows\System32\drivers\{d7e589a9-c9af-419b-8b29-f43cc9595584}Gt.sys [55776 2016-09-30] (StdLib)
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2016-10-03 20:19 - 2016-10-03 20:20 - 01754624 _____ (Farbar) C:\Users\Sean Harris\Downloads\FRST(1).exe
    2016-10-03 20:18 - 2016-10-03 20:19 - 01754624 _____ (Farbar) C:\Users\Sean Harris\Downloads\FRST(1).exe.part
    2016-10-03 19:58 - 2016-10-03 19:58 - 00001789 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
    2016-10-03 19:58 - 2016-10-03 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2016-10-03 19:50 - 2016-10-03 19:48 - 00295840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
    2016-10-03 19:48 - 2016-10-03 19:48 - 00012112 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys
    2016-10-03 19:48 - 2016-10-03 06:44 - 00319760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2016-10-03 14:03 - 2016-10-03 14:03 - 00000856 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2016-10-03 13:58 - 2016-10-03 13:58 - 54359679 _____ C:\unp30547368341249072.mdmp
    2016-10-03 08:38 - 2016-10-03 09:07 - 00046873 _____ C:\Users\Sean Harris\Downloads\Addition.txt
    2016-10-03 08:33 - 2016-10-03 20:26 - 00028422 _____ C:\Users\Sean Harris\Downloads\FRST.txt
    2016-10-03 08:33 - 2016-10-03 20:21 - 00000000 ____D C:\FRST
    2016-10-03 08:32 - 2016-10-03 08:32 - 01754624 _____ (Farbar) C:\Users\Sean Harris\Downloads\FRST.exe
    2016-10-03 07:55 - 2016-10-03 14:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2016-10-03 07:05 - 2016-10-03 07:05 - 06334848 _____ (AVAST Software) C:\Users\Sean Harris\Downloads\avast_free_antivirus_setup_online.exe
    2016-10-03 06:46 - 2016-10-03 19:48 - 00184592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
    2016-10-03 06:46 - 2016-10-03 06:43 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2016-10-03 06:45 - 2016-10-03 06:44 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
    2016-10-03 06:44 - 2016-10-03 06:44 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
    2016-10-03 06:35 - 2016-10-03 06:35 - 00325134 _____ C:\unp305473061302938468.mdmp
    2016-10-03 06:31 - 2016-10-03 06:31 - 00297258 _____ C:\unp305473053059149764.mdmp
    2016-09-30 09:49 - 2016-10-03 19:51 - 00039832 _____ () C:\Windows\system32\Drivers\staport.sys
    2016-09-30 09:49 - 2016-09-30 03:34 - 00055776 _____ (StdLib) C:\Windows\system32\Drivers\{d7e589a9-c9af-419b-8b29-f43cc9595584}Gt.sys
    2016-09-30 08:48 - 2016-09-30 08:48 - 00000000 ____D C:\Users\Sean Harris\AppData\Local\CEF
    2016-09-30 08:27 - 2016-09-30 08:27 - 00000000 ____D C:\ProgramData\SlimWare Utilities Inc
    2016-09-30 08:27 - 2016-09-30 08:27 - 00000000 ____D C:\Program Files\SlimService
    2016-09-30 08:27 - 2016-09-30 08:27 - 00000000 ____D C:\Program Files\SlimCleaner Plus
    2016-09-30 08:26 - 2016-09-30 08:44 - 00000000 ____D C:\Users\Sean Harris\AppData\Local\SlimWare Utilities Inc
    ==================== One Month Modified files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2016-10-03 20:15 - 2008-07-05 16:00 - 00000000 ____D C:\Users\Sean Harris\AppData\LocalLow\HPAppData
    2016-10-03 20:11 - 2013-03-10 18:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-10-03 20:06 - 2009-02-19 10:48 - 00070771 _____ C:\ProgramData\nvModes.001
    2016-10-03 20:05 - 2007-08-04 06:16 - 00000000 ____D C:\Windows\SMINST
    2016-10-03 20:03 - 2014-03-21 22:34 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf457faa263eb0.job
    2016-10-03 20:03 - 2013-07-10 03:12 - 00000482 _____ C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
    2016-10-03 20:03 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-10-03 20:03 - 2006-11-02 07:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2016-10-03 20:03 - 2006-11-02 07:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2016-10-03 19:59 - 2006-11-02 08:01 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-10-03 19:58 - 2010-02-13 20:39 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-10-03 19:56 - 2009-07-02 10:12 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000UA.job
    2016-10-03 19:54 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
    2016-10-03 18:19 - 2015-06-25 17:14 - 00000008 __RSH C:\ProgramData\ntuser.pol
    2016-10-03 14:44 - 2013-11-02 16:00 - 00000000 ____D C:\Program Files\lucky leap
    2016-10-03 14:05 - 2006-11-02 05:23 - 00000362 _____ C:\Windows\win.ini
    2016-10-03 14:01 - 2016-08-19 13:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2016-10-03 11:56 - 2009-07-02 10:12 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000Core.job
    2016-10-03 09:02 - 2007-12-22 08:39 - 00000000 ____D C:\Users\Sean Harris\AppData\Local\Google
    2016-10-03 07:10 - 2012-04-25 14:35 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2016-10-03 07:10 - 2012-04-25 14:35 - 00433768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2016-10-03 06:44 - 2014-07-28 13:46 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2016-10-03 06:44 - 2013-05-26 17:24 - 00224616 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2016-10-03 06:44 - 2013-05-26 17:24 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2016-10-03 06:44 - 2012-04-25 14:35 - 00092256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2016-10-03 06:44 - 2012-04-25 14:35 - 00066688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
    2016-10-03 06:44 - 2012-04-25 14:35 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
    2016-10-03 06:22 - 2011-09-27 11:02 - 00000456 _____ C:\Windows\Tasks\ParetoLogic Registration3.job
    2016-10-03 06:22 - 2009-02-19 10:48 - 00070771 _____ C:\ProgramData\nvModes.dat
    2016-09-30 10:11 - 2013-03-10 18:15 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2016-09-30 10:11 - 2012-02-16 21:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2016-09-30 10:11 - 2007-08-04 05:30 - 00000000 ____D C:\Windows\system32\Macromed
    2016-09-30 09:45 - 2011-12-28 10:35 - 00000000 ____D C:\Users\Sean Harris\AppData\Roaming\HpUpdate
    2016-09-30 09:38 - 2007-12-21 17:31 - 00000000 ____D C:\Users\Sean Harris
    2016-09-30 09:38 - 2006-11-02 05:22 - 52690944 _____ C:\Windows\system32\config\software_previous
    2016-09-30 09:38 - 2006-11-02 05:22 - 45350912 _____ C:\Windows\system32\config\components_previous
    2016-09-30 09:38 - 2006-11-02 05:22 - 38010880 _____ C:\Windows\system32\config\system_previous
    2016-09-30 09:38 - 2006-11-02 05:22 - 00524288 _____ C:\Windows\system32\config\default_previous
    2016-09-30 09:38 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\security_previous
    2016-09-30 09:38 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
    2016-09-30 09:37 - 2016-08-28 15:44 - 00000000 ____D C:\Users\Sean Harris\{1bbcfec6-1859-4565-8a35-895798d9cb1e}
    2016-09-30 09:37 - 2014-10-06 06:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    2016-09-30 09:37 - 2014-10-06 06:08 - 00000000 ____D C:\Program Files\Coupons
    2016-09-30 09:37 - 2014-04-12 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2016-09-30 09:37 - 2014-04-12 22:04 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2016-09-30 09:37 - 2014-04-12 22:04 - 00000000 ____D C:\Program Files\iTunes
    2016-09-30 09:37 - 2014-04-12 22:04 - 00000000 ____D C:\Program Files\iPod
    2016-09-30 09:37 - 2008-07-05 11:30 - 00000000 ____D C:\ProgramData\HP Product Assistant
    2016-09-30 09:37 - 2007-12-23 16:12 - 00000000 ____D C:\Program Files\Common Files\Apple
    2016-09-30 09:37 - 2007-12-21 17:38 - 00000000 ____D C:\Users\Sean Harris\AppData\Local\QuickPlay
    2016-09-30 09:37 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\spool
    2016-09-30 09:37 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\Msdtc
    2016-09-30 09:36 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\registration
    2016-09-30 09:27 - 2011-10-15 08:04 - 00001356 _____ C:\Users\Sean Harris\AppData\Local\d3d9caps.dat
    2016-09-28 07:26 - 2012-04-25 14:29 - 00000000 ____D C:\ProgramData\AVAST Software
    2016-09-09 19:22 - 2009-12-13 14:38 - 00000000 ____D C:\Users\Sean Harris\Desktop\Kiddos
    ==================== Files in the root of some directories =======
    2013-05-27 20:19 - 2013-05-27 20:23 - 4096000 _____ () C:\Program Files\GUT223.tmp
    2016-07-15 12:35 - 2016-07-15 12:35 - 6748160 _____ () C:\Program Files\GUTBE6B.tmp
    2012-04-22 18:18 - 2012-04-23 20:02 - 0000660 _____ () C:\Users\Sean Harris\AppData\Roaming\bibstats
    2008-01-26 16:44 - 2009-02-19 10:27 - 0028665 _____ () C:\Users\Sean Harris\AppData\Roaming\nvModes.001
    2008-01-25 20:22 - 2008-01-25 20:22 - 0028665 _____ () C:\Users\Sean Harris\AppData\Roaming\nvModes.dat
    2008-01-13 11:50 - 2008-01-13 11:50 - 0000117 _____ () C:\Users\Sean Harris\AppData\Roaming\PodRescue v1 Prefs
    2008-01-12 23:03 - 2008-01-12 23:03 - 0000010 ____H () C:\Users\Sean Harris\AppData\Roaming\PodRescue_Time
    2011-04-07 20:35 - 2011-04-07 20:35 - 0000000 _____ () C:\Users\Sean Harris\AppData\Roaming\wklnhst.dat
    2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\AtStart.txt
    2011-10-15 08:04 - 2016-09-30 09:27 - 0001356 _____ () C:\Users\Sean Harris\AppData\Local\d3d9caps.dat
    2007-12-22 04:18 - 2016-08-28 15:45 - 0224256 _____ () C:\Users\Sean Harris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\DSwitch.txt
    2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\QSwitch.txt
    2007-08-04 05:53 - 2013-11-10 14:38 - 0027973 _____ () C:\ProgramData\hpzinstall.log
    2009-02-19 10:48 - 2016-10-03 20:06 - 0070771 _____ () C:\ProgramData\nvModes.001
    2009-02-19 10:48 - 2016-10-03 06:22 - 0070771 _____ () C:\ProgramData\nvModes.dat
    Some files in TEMP:
    ====================
    C:\Users\Sean Harris\AppData\Local\Temp\air4294.exe
    C:\Users\Sean Harris\AppData\Local\Temp\airACB8.exe
    C:\Users\Sean Harris\AppData\Local\Temp\airF31F.exe
    C:\Users\Sean Harris\AppData\Local\Temp\BackupSetup.exe
    C:\Users\Sean Harris\AppData\Local\Temp\CommonInstaller.exe
    C:\Users\Sean Harris\AppData\Local\Temp\DefaultPack.EXE
    C:\Users\Sean Harris\AppData\Local\Temp\htmlayout.dll
    C:\Users\Sean Harris\AppData\Local\Temp\iMesh_setup.exe
    C:\Users\Sean Harris\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
    C:\Users\Sean Harris\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
    C:\Users\Sean Harris\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
    C:\Users\Sean Harris\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
    C:\Users\Sean Harris\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\Sean Harris\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    C:\Users\Sean Harris\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
    C:\Users\Sean Harris\AppData\Local\Temp\SSUPDATE.EXE
    C:\Users\Sean Harris\AppData\Local\Temp\tbBitT.dll
    C:\Users\Sean Harris\AppData\Local\Temp\tbConn.dll
    C:\Users\Sean Harris\AppData\Local\Temp\tbInte.dll
    C:\Users\Sean Harris\AppData\Local\Temp\Uninstall.exe
    C:\Users\Sean Harris\AppData\Local\Temp\Update.exe
    C:\Users\Sean Harris\AppData\Local\Temp\vcredist_x86.exe

    ==================== Bamital & volsnap ======================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2016-10-03 20:11
    ==================== End of FRST.txt ============================



    Thank you!!
     
  4. brokensynapse

    brokensynapse TS Enthusiast Topic Starter Posts: 56

    Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2016
    Ran by Sean Harris (03-10-2016 20:29:33)
    Running from C:\Users\Sean Harris\Downloads
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2007-12-10 14:05:09)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================
    Administrator (S-1-5-21-2532419472-1891236629-2710359153-500 - Administrator - Disabled)
    Guest (S-1-5-21-2532419472-1891236629-2710359153-501 - Limited - Disabled)
    Sean Harris (S-1-5-21-2532419472-1891236629-2710359153-1000 - Administrator - Enabled) => C:\Users\Sean Harris
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: Avast Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    3ivx MPEG-4 5.0.3 (remove only) (HKLM\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
    ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
    Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
    Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
    Adobe Reader 8.1.4 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.4 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
    AIO_Scan (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
    Avast Internet Security (HKLM\...\avast) (Version: 12.3.2280 - AVAST Software)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION
    C4200 (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    C4200_doccd (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    c4200_Help (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: 4.18.0.0 - Conexant)
    Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)
    D1400 (Version: 82.0.201.000 - Hewlett-Packard) Hidden
    D1400_Help (Version: 82.0.201.000 - Hewlett-Packard) Hidden
    Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
    DeviceDiscovery (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    dj_sf_ProductContext (Version: 82.0.201.000 - Hewlett-Packard) Hidden
    dj_sf_software (Version: 82.0.201.000 - Hewlett-Packard) Hidden
    dj_sf_software_req (Version: 82.0.201.000 - Hewlett-Packard) Hidden
    DocProc (Version: 9.0.0.0 - Hewlett-Packard) Hidden
    DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    ESU for Microsoft Vista (HKLM\...\{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}) (Version: 2.0.5.1 - Hewlett-Packard)
    FlipShare (HKLM\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
    Google Chrome (HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
    Google Photos Backup (HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
    HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7) (Version: - )
    HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
    HP Deskjet 8.0 Software (HKLM\...\{58535A90-1788-44f5-80BB-CFF62D9CE6D5}) (Version: 8.0 - HP)
    HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
    HP Help and Support (HKLM\...\{31216452-5540-4C96-B754-94890A63D5AB}) (Version: 2.0.10.0 - Hewlett-Packard)
    HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
    HP OCR Software 9.0 (HKLM\...\HPOCR) (Version: 9.0 - HP)
    HP Photosmart All-In-One Software 9.0 (HKLM\...\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}) (Version: 9.0 - HP)
    HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
    HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
    HP Quick Launch Buttons 6.20 B1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.20 B1 - Hewlett-Packard)
    HP QuickPlay 3.2 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
    HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
    HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
    HP Total Care Advisor (HKLM\...\{F6B29003-A078-4491-AFBE-62EFB6CFFE19}) (Version: 1.1.19 - Hewlett-Packard)
    HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
    HP User Guides 0057 (HKLM\...\{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}) (Version: 1.03.0000 - Hewlett-Packard)
    HP Wireless Assistant (HKLM\...\{D32067CD-7409-4792-BFA0-1469BCD8F0C8}) (Version: 3.00 F1 - Hewlett-Packard)
    HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    HPNetworkAssistant (HKLM\...\{228C6B46-64E2-404E-898A-EF0830603EF4}) (Version: 1.1.70 - Hewlett-Packard.)
    HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
    iRip (HKLM\...\{4D6FAB8B-F22B-4272-AA27-9A188E21D047}) (Version: 1.0.1.26 - The Little App Factory, LLC.)
    iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
    Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
    LightScribe 1.6.43.1 (Version: 1.6.43.1 - hxxp://www.lightscribe.com) Hidden
    lucky leap 1.0.0 (HKLM\...\lucky leap) (Version: 1.0.0 - luckyleap)
    MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
    MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
    Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
    MSCU for Microsoft Vista (HKLM\...\{F7F3B252-E772-48AA-93EB-7964BC326067}) (Version: 1.0.1.3 - Hewlett-Packard)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    muvee autoProducer 6.0 (HKLM\...\{0BFC200F-C45D-4271-AF34-4CA969225DEB}) (Version: 6.00.050 - muvee Technologies)
    My HP Games (HKLM\...\WildTangent hplaptop Master Uninstall) (Version: HPLAP0503 - WildTangent)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - NVIDIA Corporation)
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    PS_AIO_ProductContext (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    PS_AIO_Software (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    PS_AIO_Software_min (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
    QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
    Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
    Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
    Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
    Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
    Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
    Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
    Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
    Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.551 - Roxio)
    Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
    SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
    Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
    SmartAudio (HKLM\...\SmartAudio) (Version: - Conexant)
    SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
    SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
    Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.11.0 - Synaptics)
    Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    ==================== Custom CLSID (Whitelisted): ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {00933A8A-3422-4586-9E45-308AD322BEF9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
    Task: {1412B440-FDB7-41E6-8183-27745EBE5E5C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-30] (Adobe Systems Incorporated)
    Task: {1ED2DAD1-B90F-47C4-9AD8-40C635104ABA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000UA => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
    Task: {3FD8946A-E628-4156-8828-714FFBF264AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000Core => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
    Task: {4BCC7A0C-E50E-411F-8F3D-E0EDB7757D2B} - System32\Tasks\Microsoft\Windows\RestartManager\{F4B3AC6E-5272-4ecd-8978-AD89A4B845B7} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
    Task: {4E501739-E756-46DA-853D-28912C450019} - System32\Tasks\{A565FBF5-B545-4ECA-A3D7-9B6C20E5C002} => pcalua.exe -a "C:\Program Files\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime
    Task: {5146E494-7602-4D8D-B59B-4AC8FDB5BDB5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-03] (AVAST Software)
    Task: {747042E3-0465-46ED-8FBD-D10F1237B493} - System32\Tasks\{3E0875DD-48EE-44CE-914E-FFF7328DECE6} => pcalua.exe -a E:\VEWLP.exe -d E:\
    Task: {7ECA859A-C65E-4A4A-8E57-2B933E9D5600} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
    Task: {99F04631-D25B-47D8-83E8-8B7AF9D72CEC} - System32\Tasks\SafeZone scheduled Autoupdate 1475242992 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
    Task: {9BB60AAB-7B57-46EA-98EA-06AFBBAD0263} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
    Task: {BEA8B901-0A1F-4F11-BBFE-F4614D338841} - System32\Tasks\Leader Technologies\PowerRegister\Seagate Product Registration (Sean Harris) => C:\Users\Sean Harris\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe
    Task: {CADDBFCC-FBE3-4667-B886-B4270DC74A09} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20] ()
    Task: {CCDB5F33-EE1C-4E35-85EB-F4288B702FA0} - System32\Tasks\GoogleUpdateTaskMachineCore1cf457faa263eb0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
    Task: {CE005CD6-F910-45E8-81EA-191E6AB3E30A} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    Task: {CF985692-40E1-463E-9FC5-23C3BB86519C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
    Task: {D54B8BA8-5E74-4E66-9C33-D861F421CBAF} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20] ()
    Task: {E873E323-022B-45F0-B512-0F14A92DEC0B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf457faa263eb0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000Core.job => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000UA.job => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\ParetoLogic Registration3.job => rundll32.exe C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
    Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
    Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
    ==================== Shortcuts =============================
    (The entries could be listed to be restored or removed.)
    Shortcut: C:\Users\Sean Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iRip\iRip Help.lnk -> hxxp://www.ipodrip.com/help/
    ==================== Loaded Modules (Whitelisted) ==============
    2016-10-03 06:44 - 2016-10-03 06:44 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-10-03 13:53 - 2016-10-03 13:53 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16100300\algo.dll
    2016-10-03 06:44 - 2016-10-03 06:44 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2007-08-04 05:40 - 2007-04-23 20:11 - 00262243 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    2007-08-04 05:40 - 2007-04-23 20:11 - 00237673 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
    2011-05-06 14:07 - 2011-05-06 14:07 - 00460144 _____ () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    2010-10-26 01:06 - 2010-10-26 01:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShare\QtCore4.dll
    2011-05-06 14:07 - 2011-05-06 14:07 - 04317184 _____ () C:\Program Files\Flip Video\FlipShare\Core.dll
    2011-05-06 14:02 - 2011-05-06 14:02 - 00737280 _____ () C:\Program Files\Flip Video\FlipShare\qca2.dll
    2010-10-26 01:23 - 2010-10-26 01:23 - 08351744 _____ () C:\Program Files\Flip Video\FlipShare\QtGui4.dll
    2010-10-26 01:08 - 2010-10-26 01:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
    2010-10-26 01:23 - 2010-10-26 01:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShare\QtSql4.dll
    2010-10-26 01:06 - 2010-10-26 01:06 - 00364544 _____ () C:\Program Files\Flip Video\FlipShare\QtXml4.dll
    2010-10-26 09:34 - 2010-10-26 09:34 - 11853824 _____ () C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
    2010-10-26 01:37 - 2010-10-26 01:37 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\phonon4.dll
    2010-05-20 14:49 - 2010-05-20 14:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShare\PocoNet.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShare\PocoXML.dll
    2011-05-06 13:58 - 2011-05-06 13:58 - 01085440 _____ () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    2010-10-26 01:06 - 2010-10-26 01:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
    2010-10-26 01:08 - 2010-10-26 01:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
    2010-10-26 01:23 - 2010-10-26 01:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
    2010-05-20 14:49 - 2010-05-20 14:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 00175616 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 00291840 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 00110592 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
    2013-11-17 12:15 - 2016-10-03 06:44 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2007-02-16 19:40 - 2007-02-16 19:40 - 01466368 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
    2007-02-16 19:40 - 2007-02-16 19:40 - 05521408 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
    2007-08-04 06:15 - 2007-01-30 17:58 - 00677576 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    2007-08-04 05:39 - 2007-04-23 20:10 - 00061440 _____ () C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the ADS will be removed.)
    AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [149]
    ==================== Safe Mode (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    ==================== Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)

    ==================== Hosts content: ===============================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost
    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 209.18.47.61 - 209.18.47.62
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
    Windows Firewall is disabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: HPAdvisor => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
    MSCONFIG\startupreg: QPService => "C:\Program Files\HP\QuickPlay\QPService.exe"
    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [{5BC58A37-88F1-48D7-8BE5-98236F326965}] => (Allow) C:\Program Files\HP\QuickPlay\QP.exe
    FirewallRules: [{977244DC-0C6F-4602-9E5D-F53F4137696A}] => (Allow) C:\Program Files\HP\QuickPlay\QPService.exe
    FirewallRules: [{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{05F6F3EF-B25C-4001-8372-FE26E6D1B328}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{F238082B-3978-480D-B122-CF2A1C1231A2}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{A7BB0588-8517-458B-B620-0B480C80D0FC}] => (Allow) C:\Program Files\HP\Digital Imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [{0A83C0EF-91EE-40EC-B9DD-94EC2F9C6793}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{AD2D0DB4-8073-4B72-97FA-914302A36EE1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{A45ED214-B796-4345-B13D-CA5D29C899E1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe
    FirewallRules: [{FF3EC5DE-D183-4CC9-986F-7CD0872593E1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{EFB3DB1D-3484-47A4-9202-6A9FE178DEED}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
    FirewallRules: [{41E5F946-A697-4ED1-8D0C-CD91FCAF5FC6}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
    FirewallRules: [{B4798DC6-D4D5-4570-8A2F-71D2E88DD43A}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
    FirewallRules: [{5E1AAB3A-A0D4-49EC-AB04-A097036047DC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
    FirewallRules: [{99CE8B0B-0A89-44B0-AC11-188A247E7521}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
    FirewallRules: [{551C54BC-CD2F-446D-9D0B-61352826742D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{4B7E4457-248F-4BA2-B8A8-00C7062C975D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{A4087168-D94B-4F77-BCAA-54D29F4D37F4}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
    FirewallRules: [TCP Query User{AC8F7B82-0F15-496C-B3DA-34A8E2D33ADE}C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [UDP Query User{928CECF7-5561-42E5-A96F-92BDD4375C78}C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [{BB46DB95-497E-4F81-BB3C-571989FE87BF}] => (Allow) LPort=80
    FirewallRules: [{5748741B-55B0-4A30-B114-9EC7C5ED8D53}] => (Allow) LPort=80
    FirewallRules: [{A314BA29-E94B-4111-B178-7F969512969F}] => (Allow) LPort=80
    FirewallRules: [{B7C28AAB-E2B8-4BE5-8218-A97A13A465E6}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
    FirewallRules: [{869C5BB4-2081-4A8C-BE6B-1309D7AD1721}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
    FirewallRules: [{66C4BA6A-BA64-4BA7-86C2-4D79991E3D06}] => (Allow) LPort=24726
    FirewallRules: [{2E7DE2A1-FE43-492B-A940-46FC5FF331C3}] => (Allow) LPort=24727
    FirewallRules: [{B638C71C-0524-4696-9415-4B37CFAE9837}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{604FD86F-44D0-4D8A-90E6-7563E93CF1C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{EB1059DF-3934-4FD1-BDAD-CE3E4F7ABFD1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{A3C01DD2-B03F-435B-A3A2-A2D39DA42443}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{275871E7-69B6-4FB6-BA8B-92C7DDF9BAE0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{4DBC2E42-7A2F-483D-A697-FB6992600E9A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe] => Enabled:Earthlink
    ==================== Restore Points =========================
    06-04-2014 03:00:37 Windows Update
    06-04-2014 12:23:34 Installed Java 7 Update 51
    12-04-2014 12:44:01 Windows Update
    12-04-2014 14:18:39 Removed Java 7 Update 51
    12-04-2014 14:21:07 Installed Java 7 Update 51
    12-04-2014 14:29:15 Windows Update
    13-04-2014 13:03:44 avast! antivirus system restore point
    19-04-2014 15:13:08 Windows Update
    19-04-2014 15:24:08 Windows Update
    29-04-2014 12:01:42 Windows Update
    29-04-2014 12:07:58 Windows Update
    28-07-2014 13:30:55 avast! antivirus system restore point
    28-07-2014 13:44:23 Installed Java 7 Update 65
    28-07-2014 14:20:09 Windows Update
    30-07-2014 03:01:16 Windows Update
    05-08-2014 01:37:40 Windows Update
    08-08-2014 01:40:41 Windows Update
    12-08-2014 19:50:51 Windows Update
    13-08-2014 03:00:45 Windows Update
    19-08-2014 01:57:53 Windows Update
    06-10-2014 06:07:03 Windows Update
    07-10-2014 03:01:53 Windows Update
    28-08-2016 15:44:52 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
    30-09-2016 08:30:14 Removed DriverUpdate
    30-09-2016 08:55:11 Removed SlimCleaner Plus
    30-09-2016 09:12:28 Removed SlimCleaner Plus
    03-10-2016 19:52:44 Device Driver Package Install: ALWIL Software Network Service
    ==================== Faulty Device Manager Devices =============
    Name: Microsoft ISATAP Adapter #2
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (10/03/2016 06:36:13 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll".
    Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (10/03/2016 06:32:51 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\defs\99999999\aswEngin.dll".
    Dependent Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (09/30/2016 10:16:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 23712
    Error: (09/30/2016 10:16:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 23712
    Error: (09/30/2016 10:16:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
    Error: (09/30/2016 10:16:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 11841
    Error: (09/30/2016 10:16:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 11841
    Error: (09/30/2016 10:16:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
    Error: (09/30/2016 09:25:51 AM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
    Error: (09/30/2016 09:08:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 65630

    System errors:
    =============
    Error: (10/03/2016 08:05:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error:
    After starting, the service hung in a start-pending state.
    Error: (10/03/2016 08:05:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The CyberLink Background Capture Service (CBCS) service hung on starting.
    Error: (10/03/2016 08:03:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Parallel port driver service failed to start due to the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    Error: (10/03/2016 06:19:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error:
    After starting, the service hung in a start-pending state.
    Error: (10/03/2016 06:19:54 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The CyberLink Background Capture Service (CBCS) service hung on starting.
    Error: (10/03/2016 06:18:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Parallel port driver service failed to start due to the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    Error: (10/03/2016 02:11:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.
    Error: (10/03/2016 02:03:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error:
    After starting, the service hung in a start-pending state.
    Error: (10/03/2016 02:03:57 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The CyberLink Background Capture Service (CBCS) service hung on starting.
    Error: (10/03/2016 02:03:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Parallel port driver service failed to start due to the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    CodeIntegrity:
    ===================================
    Date: 2013-11-09 12:35:12.498
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2013-11-09 12:35:11.484
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2013-11-09 12:35:10.377
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2013-11-09 12:35:09.363
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2013-11-09 12:35:08.317
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2012-04-25 14:59:15.534
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG10\Drivers\Vista\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.
    Date: 2012-04-25 14:59:13.506
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG10\Drivers\Vista\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.
    Date: 2012-04-25 14:59:11.665
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG10\Drivers\Vista\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.
    Date: 2012-04-25 14:59:10.012
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG10\Drivers\Vista\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.
    Date: 2012-04-25 14:56:11.227
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG10\Drivers\ErHrVx86\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================
    Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55
    Percentage of memory in use: 80%
    Total physical RAM: 1982.18 MB
    Available physical RAM: 392.8 MB
    Total Virtual: 4203.56 MB
    Available Virtual: 1790.47 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:224.46 GB) (Free:108.35 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (HP_RECOVERY) (Fixed) (Total:8.43 GB) (Free:1.8 GB) NTFS ==>[system with boot components (obtained from drive)]
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 232.9 GB) (Disk ID: 9E86F523)
    Partition 1: (Active) - (Size=224.5 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=8.4 GB) - (Type=07 NTFS)
    ==================== End of Addition.txt ============================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    [​IMG] Please download Malwarebytes Anti-Malware to your desktop.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware[/*]
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.[/*]
    • Click Finish.[/*]
    • On the Dashboard, click the 'Update Now >>' link[/*]
    • After the update completes, click the 'Scan Now >>' button.[/*]
    • Or, on the Dashboard, click the Scan Now >> button. [/*]
    • If an update is available, click the Update Now button.[/*]
    • A Threat Scan will begin.[/*]
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.[/*]
    • In most cases, a restart will be required.[/*]
    • Wait for the prompt to restart the computer to appear, then click on Yes.[/*]


    Already installed:
    2.0 Threat Scan
    • On the Dashboard, click the 'Update Now >>' link[/*]
    • After the update completes, click the 'Scan Now >>' button.[/*]
    • Or, on the Dashboard, click the Scan Now >> button. [/*]
    • If an update is available, click the Update Now button.[/*]
    • A Threat Scan will begin.[/*]
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.[/*]
    • In most cases, a restart will be required.[/*]
    • Wait for the prompt to restart the computer to appear, then click on Yes.[/*]

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.[/*]
    • Click on the History tab > Application Logs.[/*]
    • Double click on the scan log which shows the Date and time of the scan just performed.[/*]
    • Click 'Export'.[/*]
    • Click 'Text file (*.txt)'[/*]
    • In the Save File dialog box which appears, click on Desktop.[/*]
    • In the File name: box type a name for your scan log.[/*]
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".[/*]
    • Click Ok[/*]
    • Attach that saved log to your next reply.[/*]


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.[/*]
    • Click on the History tab > Application Logs.[/*]
    • Double click on the scan log which shows the Date and time of the scan just performed.[/*]
    • Click 'Copy to Clipboard'[/*]
    • Paste the contents of the clipboard into your reply.[/*]

    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator[/*]
    • The tool will start to update the database if one is required.[/*]
    • Click on the Scan button.[/*]
    • AdwCleaner will begin...be patient as the scan may take some time to complete.[/*]
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.[/*]
    • Click on the Scan tab.[/*]
    • Double-click the most recent scan which will be at the top of the list....the log will appear.[/*]
    • To open a Cleaning log, click on the Cleaning tab and double-click the log at the top of the list.[/*]
    • Copy and paste the contents of that logfile in your next reply.[/*]
    • A copy of all logfiles are saved to C:\AdwCleaner.[/*]

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  6. brokensynapse

    brokensynapse TS Enthusiast Topic Starter Posts: 56

    RK log

    RogueKiller V12.7.0.0 [Oct 3 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Sean Harris [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller.exe
    Mode : Scan -- Date : 10/04/2016 06:35:57 (Duration : 01:23:05)

    ¤¤¤ Processes : 2 ¤¤¤
    [PUP|VT.GrayWare[AdWare]/Win32.Coupons.w] CouponPrinterService.exe(2076) -- C:\Program Files\Coupons\CouponPrinterService.exe[x] -> Found
    [PUP|VT.GrayWare[AdWare]/Win32.Coupons.w] (SVC) CouponPrinterService -- C:\Program Files\Coupons\CouponPrinterService.exe[7] -> Found

    ¤¤¤ Registry : 43 ¤¤¤
    [PUP] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found
    [PUP] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} -> Found
    [PUP] HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (C:\Program Files\Conduit\Community Alerts\Alert.dll) -> Found
    [PUP] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} -> Found
    [PUP] HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} (C:\Program Files\lucky leap\bin\d7e5.dll) -> Found
    [PUP] HKEY_CLASSES_ROOT\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF} -> Found
    [PUP] HKEY_CLASSES_ROOT\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} (C:\Program Files\HP\QuickPlay\Kernel\Movie\CLAud.ax) -> Found
    [PUP] HKEY_CLASSES_ROOT\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} (C:\Windows\COUPON~1.OCX) -> Found
    [PUP] HKEY_CLASSES_ROOT\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (C:\Users\Sean Harris\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll) -> Found
    [PUP|VT.Unknown] HKEY_CLASSES_ROOT\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} (C:\Windows\COUPON~1.OCX) -> Found
    [PUP] HKEY_CLASSES_ROOT\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087} (C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll) -> Found
    [PUP] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Found
    [PUP] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} -> Found
    [PUP] HKEY_CLASSES_ROOT\uus3url-pl -> Found
    [PUP] HKEY_LOCAL_MACHINE\Software\AVG Security Toolbar -> Found
    [PUP] HKEY_LOCAL_MACHINE\Software\Conduit -> Found
    [PUP] HKEY_LOCAL_MACHINE\Software\lucky leap -> Found
    [PUP] HKEY_LOCAL_MACHINE\Software\ParetoLogic -> Found
    [PUP] HKEY_USERS\.DEFAULT\Software\AVG Secure Search -> Found
    [PUP] HKEY_USERS\.DEFAULT\Software\IGearSettings -> Found
    [PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\AVG Security Toolbar -> Found
    [PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\lucky leap -> Found
    [PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\ParetoLogic -> Found
    [PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\YahooPartnerToolbar -> Found
    [PUP] HKEY_USERS\S-1-5-18\Software\AVG Secure Search -> Found
    [PUP] HKEY_USERS\S-1-5-18\Software\IGearSettings -> Found
    [PUP] HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar -> Found
    [PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\AppDataLow\Software\AVG Security Toolbar -> Found
    [PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\AppDataLow\Software\ConduitSearchScopes -> Found
    [PUP] HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\AVG Security Toolbar -> Found
    [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap -> Found
    [PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lucky leap -> Found
    [PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup -> Found
    [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} -> Found
    [PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} -> Found
    [PUP] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {CCC7A320-B3CA-4199-B1A6-9F516DD69829} : AVG Security Toolbar -> Found
    [PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {CCC7A320-B3CA-4199-B1A6-9F516DD69829} : -> Found
    [PUP] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Found
    [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ROC_roc_dec12 : "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [x] -> Found
    [PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVG Security Toolbar Service (C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe) -> Found
    [PUP|VT.GrayWare[AdWare]/Win32.Coupons.w] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CouponPrinterService (C:\Program Files\Coupons\CouponPrinterService.exe) -> Found
    [PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Found
    [PUM.SearchPage] HKEY_USERS\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Found

    ¤¤¤ Tasks : 3 ¤¤¤
    [PUP] %WINDIR%\Tasks\ParetoLogic Registration3.job -- C:\Windows\system32\rundll32.exe ("C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns) -> Found
    [PUP] %WINDIR%\Tasks\ParetoLogic Update Version3 Startup Task.job -- C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe (-StartupTask) -> Found
    [PUP] %WINDIR%\Tasks\ParetoLogic Update Version3.job -- C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe -> Found

    ¤¤¤ Files : 22 ¤¤¤
    [PUP][Folder] C:\Users\Sean Harris\AppData\Roaming\DriverCure -> Found
    [PUP][Folder] C:\Users\Sean Harris\AppData\Roaming\HPAppData -> Found
    [PUP][File] C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default\searchplugins\search-simple.xml -> Found
    [PUP][Folder] C:\Users\Sean Harris\AppData\Roaming\ParetoLogic -> Found
    [PUP][Folder] C:\Users\Sean Harris\AppData\Roaming\SearchProtect -> Found
    [PUP][Folder] C:\Users\Sean Harris\AppData\Local\AVG Security Toolbar -> Found
    [PUP][Folder] C:\Users\Sean Harris\AppData\Local\Conduit -> Found
    [PUP][Folder] C:\Users\Sean Harris\AppData\Local\NativeMessaging -> Found
    [PUP][Folder] C:\Users\Sean Harris\AppData\Local\PackageAware -> Found
    [PUP][Folder] C:\Users\Sean Harris\AppData\Local\SlimWare Utilities Inc -> Found
    [PUP][Folder] C:\ProgramData\AVG Security Toolbar -> Found
    [PUP][Folder] C:\ProgramData\Conduit -> Found
    [PUP][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons -> Found
    [PUP][Folder] C:\ProgramData\ParetoLogic -> Found
    [PUP][Folder] C:\ProgramData\SlimWare Utilities Inc -> Found
    [PUP][Folder] C:\Program Files\Conduit -> Found
    [PUP][Folder] C:\Program Files\Coupons -> Found
    [PUP][Folder] C:\Program Files\lucky leap -> Found
    [PUP][Folder] C:\Program Files\MyPC Backup -> Found
    [PUP][Folder] C:\Program Files\SlimCleaner Plus -> Found
    [PUP][Folder] C:\Program Files\SlimService -> Found
    [PUP][File] C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default\searchplugins\search-simple.xml -> Found

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 2 ¤¤¤
    [PUM.SearchEngine][FIREFX:Config] 7ykyy2rz.default : user_pref("browser.search.selectedEngine", "Yahoo! Search"); -> Found
    [PUM.SearchEngine][FIREFX:Config] 7ykyy2rz.default : user_pref("browser.search.defaultenginename", "Yahoo! Search"); -> Found

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS542525K9SA00 ATA Device +++++
    --- User ---
    [MBR] 4ed05cea4e4c094cf49b7066c776fd31
    [BSP] d359f184b4f987f009da31b68d9a3d90 : HP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 229843 MB [Unknown Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 470720565 | Size: 8628 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK



    Not all of the items were selected by RK for removal.. I didn't question it. Let me know if I need to do the scan again..
     
  7. brokensynapse

    brokensynapse TS Enthusiast Topic Starter Posts: 56

    Still having loads of popups on Mozilla .. MBytes is blocking every second


    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 10/4/2016
    Scan Time: 8:47:44 AM
    Logfile: mbytes.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.10.04.07
    Rootkit Database: v2016.09.26.02
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x86
    File System: NTFS
    User: Sean Harris

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 293516
    Time Elapsed: 44 min, 29 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  8. brokensynapse

    brokensynapse TS Enthusiast Topic Starter Posts: 56

    Where is this Threat scan..part of MBytes?
     
  9. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    That's when you already have version 2 or higher installed.
     
  10. brokensynapse

    brokensynapse TS Enthusiast Topic Starter Posts: 56

    All of the boxes weren't checked by the nasties that RogueKiller found.. should I delete all?
     
  11. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Only checked ones. Nothing else.
    Go on...
     
  12. brokensynapse

    brokensynapse TS Enthusiast Topic Starter Posts: 56

    # AdwCleaner v6.020 - Logfile created 04/10/2016 at 22:41:37
    # Updated on 14/09/2016 by ToolsLib
    # Database : 2016-09-14.2 [Local]
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (X86)
    # Username : Sean Harris - DHARMA-PC
    # Running from : C:\Users\Sean Harris\Downloads\AdwCleaner.exe
    # Mode: Clean
    # Support : https://toolslib.net/forum



    ***** [ Services ] *****

    [-] Service deleted: AVG Security Toolbar Service


    ***** [ Folders ] *****

    [-] Folder deleted: C:\Users\Sean Harris\AppData\LocalLow\AVG Security Toolbar
    [-] Folder deleted: C:\Users\Sean Harris\AppData\LocalLow\Conduit
    [-] Folder deleted: C:\Users\Sean Harris\AppData\LocalLow\HPAppData
    [-] Folder deleted: C:\ProgramData\AVG Security Toolbar
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Security Toolbar
    [-] Folder deleted: C:\Program Files\slimcleaner plus
    [#] Folder deleted on reboot: C:\Program Files\SlimCleaner Plus
    [-] Folder deleted: C:\Program Files\Common Files\ParetoLogic
    [-] Folder deleted: C:\Users\SEANHA~1\AppData\Local\Temp\AirInstaller
    [-] Folder deleted: C:\Users\SEANHA~1\AppData\Local\Temp\NativeMessaging
    [-] Folder deleted: C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search


    ***** [ Files ] *****

    [-] File deleted: C:\END
    [-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    [-] File deleted: C:\Program Files\Yahoo!\Common\unyt.exe


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\uus3url-pl
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
    [-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
    [-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    [-] Key deleted: HKU\.DEFAULT\Software\AVG Secure Search
    [-] Key deleted: HKU\.DEFAULT\Software\IGearSettings
    [-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar
    [-] Key deleted: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\AVG Security Toolbar
    [-] Key deleted: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\ParetoLogic
    [-] Key deleted: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\YahooPartnerToolbar
    [-] Key deleted: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\AppDataLow\Software\AVG Security Toolbar
    [-] Key deleted: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\AppDataLow\Software\Yahoo\Companion
    [-] Key deleted: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lucky leap
    [-] Key deleted: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\AVG Secure Search
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\AVG Security Toolbar
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\AVG Secure Search
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\IGearSettings
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\AVG Security Toolbar
    [#] Key deleted on reboot: HKCU\Software\AVG Security Toolbar
    [#] Key deleted on reboot: HKCU\Software\ParetoLogic
    [#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
    [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\AVG Security Toolbar
    [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
    [-] Key deleted: HKLM\SOFTWARE\AVG Security Toolbar
    [-] Key deleted: HKLM\SOFTWARE\Conduit
    [-] Key deleted: HKLM\SOFTWARE\ParetoLogic
    [-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lucky leap
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
    [-] Key deleted: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Internet Explorer\SearchScopes\{037039D8-8C53-43CC-95BE-198556E66531}
    [-] Key deleted: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{037039D8-8C53-43CC-95BE-198556E66531}
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{037039D8-8C53-43CC-95BE-198556E66531}
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ROC_roc_dec12]
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\MyPC Backup


    ***** [ Web browsers ] *****



    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [7764 Bytes] - [04/10/2016 22:41:37]
    C:\AdwCleaner\AdwCleaner[S0].txt - [7685 Bytes] - [04/10/2016 21:00:40]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7910 Bytes] ##########
     
  13. brokensynapse

    brokensynapse TS Enthusiast Topic Starter Posts: 56

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.9 (09.30.2016)
    Operating System: Windows Vista (TM) Home Premium x86
    Ran by Sean Harris (Administrator) on Wed 10/05/2016 at 5:54:13.99
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 21

    Successfully deleted: C:\Users\Sean Harris\AppData\Local\cre (Folder)
    Successfully deleted: C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default\user.js (File)
    Successfully deleted: C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\twe3ly8n.default\user.js (File)
    Successfully deleted: C:\Windows\couponprinter.ocx (File)
    Successfully deleted: C:\Program Files\GUT223.tmp (File)
    Successfully deleted: C:\Program Files\GUTBE6B.tmp (File)
    Successfully deleted: C:\Users\Sean Harris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UM8QQG3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Sean Harris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6CUEI94 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Sean Harris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CV3DW6U7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Sean Harris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D98BWSVK (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Sean Harris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6PG0HW7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Sean Harris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIR69I7V (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Sean Harris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OT9QOO2L (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBAR2USER.EXE-56BEB4C7.pf (File)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UM8QQG3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6CUEI94 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CV3DW6U7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D98BWSVK (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6PG0HW7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIR69I7V (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OT9QOO2L (Temporary Internet Files Folder)



    Registry: 3

    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8E8176CF-3C72-4F29-B0AF-5E670D763FBD} (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E4A7BA5D-1FCA-4261-85CA-307FC5471A6D} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 10/05/2016 at 6:04:54.85
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  14. brokensynapse

    brokensynapse TS Enthusiast Topic Starter Posts: 56

    Firefox seems back to normal.. do you have any browser recommendations for Vista?

    Thank you
     
  15. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Good news :)
    I use Firefox myself.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  16. brokensynapse

    brokensynapse TS Enthusiast Topic Starter Posts: 56

    ComboFix 16-09-28.01 - Sean Harris 10/07/2016 9:02.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.836 [GMT -5:00]
    Running from: c:\users\Sean Harris\Downloads\ComboFix.exe
    AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    FW: Avast Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\ntuser.pol
    c:\users\Sean Harris\Documents\~WRL2278.tmp
    c:\windows\system32\AutoRun.inf
    c:\windows\system32\DEBUG.log
    .
    .
    ((((((((((((((((((((((((( Files Created from 2016-09-07 to 2016-10-07 )))))))))))))))))))))))))))))))
    .
    .
    2016-10-07 14:21 . 2016-10-07 14:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2016-10-05 01:53 . 2016-10-05 03:41 -------- d-----w- C:\AdwCleaner
    2016-10-05 01:46 . 2016-10-05 01:46 -------- d-----w- c:\users\Sean Harris\AppData\Local\CrashDumps
    2016-10-04 13:44 . 2016-10-05 11:21 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2016-10-04 13:39 . 2016-03-10 19:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
    2016-10-04 13:39 . 2016-03-10 19:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2016-10-04 13:39 . 2016-03-10 19:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
    2016-10-04 13:39 . 2016-10-04 13:39 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2016-10-04 11:36 . 2016-10-04 11:36 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2016-10-04 11:34 . 2016-10-04 11:35 -------- d-----w- c:\program files\RogueKiller
    2016-10-04 11:34 . 2016-10-04 11:34 -------- d-----w- c:\programdata\RogueKiller
    2016-10-04 00:50 . 2016-10-04 00:48 295840 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2016-10-04 00:48 . 2016-10-03 11:44 319760 ----a-w- c:\windows\system32\aswBoot.exe
    2016-10-04 00:48 . 2016-10-04 00:48 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
    2016-10-03 13:33 . 2016-10-04 01:37 -------- d-----w- C:\FRST
    2016-10-03 11:46 . 2016-10-04 00:48 184592 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
    2016-10-03 11:46 . 2016-10-03 11:43 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2016-10-03 11:45 . 2016-10-03 11:44 921280 ----a-w- c:\windows\ucrtbase.dll
    2016-10-03 11:44 . 2016-10-03 11:44 53208 ----a-w- c:\windows\avastSS.scr
    2016-09-30 14:49 . 2016-10-04 00:51 39832 ----a-w- c:\windows\system32\drivers\staport.sys
    2016-09-30 14:11 . 2016-09-30 14:11 -------- d-----w- c:\windows\system32\config\systemprofile\.oracle_jre_usage
    2016-09-30 13:48 . 2016-09-30 13:48 -------- d-----w- c:\users\Sean Harris\AppData\Local\CEF
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2016-10-04 12:13 . 2013-03-10 23:15 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2016-10-04 12:13 . 2012-02-17 02:15 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2016-10-03 12:10 . 2012-04-25 19:35 433768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2016-10-03 12:10 . 2012-04-25 19:35 735488 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2016-10-03 11:44 . 2012-04-25 19:35 66688 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2016-10-03 11:44 . 2014-07-28 18:46 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2016-10-03 11:44 . 2013-05-26 22:24 224616 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2016-10-03 11:44 . 2013-05-26 22:24 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2016-10-03 11:44 . 2012-04-25 19:35 64272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2016-10-03 11:44 . 2012-04-25 19:35 92256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2016-08-19 17:24 . 2016-08-19 17:24 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2016-07-15 17:55 . 2016-07-15 17:55 0 ----a-w- c:\windows\ava15B1.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2016-10-03 11:44 832488 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-19 39408]
    "Google Photos Backup"="c:\users\Sean Harris\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" [2016-04-08 3790936]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
    "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-03-20 60712]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-10-04 9107616]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-06-22 598552]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-unins...tUDEwVEIrMi1DMTBBQisyMg&prod=94&ver=10.0.1424" [?]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
    .
    c:\users\Sean Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
    2007-03-20 22:23 1773568 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
    2007-04-24 01:11 176128 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2016-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-10 12:13]
    .
    2016-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf457faa263eb0.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 17:35]
    .
    2016-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 17:35]
    .
    2016-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000Core.job
    - c:\users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 17:36]
    .
    2016-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000UA.job
    - c:\users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 17:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = www.google.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    HKCU-Run-BitTorrent - c:\users\Sean Harris\Desktop\BitTorrent.exe
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    AddRemove-Coupon Printer for Windows5.0.1.2 - c:\program files\Coupons\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2016-10-07 09:21
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2016-10-07 09:25:41
    ComboFix-quarantined-files.txt
    ComboFix 16-09-28.01 - Sean Harris 10/07/2016 9:02.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.836 [GMT -5:00]
    Running from: c:\users\Sean Harris\Downloads\ComboFix.exe
    AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    FW: Avast Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\ntuser.pol
    c:\users\Sean Harris\Documents\~WRL2278.tmp
    c:\windows\system32\AutoRun.inf
    c:\windows\system32\DEBUG.log
    .
    .
    ((((((((((((((((((((((((( Files Created from 2016-09-07 to 2016-10-07 )))))))))))))))))))))))))))))))
    .
    .
    2016-10-07 14:21 . 2016-10-07 14:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2016-10-05 01:53 . 2016-10-05 03:41 -------- d-----w- C:\AdwCleaner
    2016-10-05 01:46 . 2016-10-05 01:46 -------- d-----w- c:\users\Sean Harris\AppData\Local\CrashDumps
    2016-10-04 13:44 . 2016-10-05 11:21 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2016-10-04 13:39 . 2016-03-10 19:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
    2016-10-04 13:39 . 2016-03-10 19:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2016-10-04 13:39 . 2016-03-10 19:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
    2016-10-04 13:39 . 2016-10-04 13:39 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2016-10-04 11:36 . 2016-10-04 11:36 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2016-10-04 11:34 . 2016-10-04 11:35 -------- d-----w- c:\program files\RogueKiller
    2016-10-04 11:34 . 2016-10-04 11:34 -------- d-----w- c:\programdata\RogueKiller
    2016-10-04 00:50 . 2016-10-04 00:48 295840 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2016-10-04 00:48 . 2016-10-03 11:44 319760 ----a-w- c:\windows\system32\aswBoot.exe
    2016-10-04 00:48 . 2016-10-04 00:48 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
    2016-10-03 13:33 . 2016-10-04 01:37 -------- d-----w- C:\FRST
    2016-10-03 11:46 . 2016-10-04 00:48 184592 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
    2016-10-03 11:46 . 2016-10-03 11:43 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2016-10-03 11:45 . 2016-10-03 11:44 921280 ----a-w- c:\windows\ucrtbase.dll
    2016-10-03 11:44 . 2016-10-03 11:44 53208 ----a-w- c:\windows\avastSS.scr
    2016-09-30 14:49 . 2016-10-04 00:51 39832 ----a-w- c:\windows\system32\drivers\staport.sys
    2016-09-30 14:11 . 2016-09-30 14:11 -------- d-----w- c:\windows\system32\config\systemprofile\.oracle_jre_usage
    2016-09-30 13:48 . 2016-09-30 13:48 -------- d-----w- c:\users\Sean Harris\AppData\Local\CEF
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2016-10-04 12:13 . 2013-03-10 23:15 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2016-10-04 12:13 . 2012-02-17 02:15 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2016-10-03 12:10 . 2012-04-25 19:35 433768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2016-10-03 12:10 . 2012-04-25 19:35 735488 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2016-10-03 11:44 . 2012-04-25 19:35 66688 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2016-10-03 11:44 . 2014-07-28 18:46 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2016-10-03 11:44 . 2013-05-26 22:24 224616 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2016-10-03 11:44 . 2013-05-26 22:24 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2016-10-03 11:44 . 2012-04-25 19:35 64272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2016-10-03 11:44 . 2012-04-25 19:35 92256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2016-08-19 17:24 . 2016-08-19 17:24 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2016-07-15 17:55 . 2016-07-15 17:55 0 ----a-w- c:\windows\ava15B1.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2016-10-03 11:44 832488 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-19 39408]
    "Google Photos Backup"="c:\users\Sean Harris\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" [2016-04-08 3790936]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
    "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-03-20 60712]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-10-04 9107616]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-06-22 598552]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-unins...tUDEwVEIrMi1DMTBBQisyMg&prod=94&ver=10.0.1424" [?]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
    .
    c:\users\Sean Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
    2007-03-20 22:23 1773568 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
    2007-04-24 01:11 176128 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2016-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-10 12:13]
    .
    2016-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf457faa263eb0.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 17:35]
    .
    2016-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 17:35]
    .
    2016-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000Core.job
    - c:\users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 17:36]
    .
    2016-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000UA.job
    - c:\users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 17:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = www.google.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    HKCU-Run-BitTorrent - c:\users\Sean Harris\Desktop\BitTorrent.exe
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    AddRemove-Coupon Printer for Windows5.0.1.2 - c:\program files\Coupons\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2016-10-07 09:21
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2016-10-07 09:25:41
    ComboFix-quarantined-files.txt 2016-10-07 14:25
    .
    Pre-Run: 115,460,407,296 bytes free
    Post-Run: 117,049,520,128 bytes free
    .
    - - End Of File - - 6CD47BA6690D03DC1367E0DCA5B4097E
    1A1A06F62E891045814007163C1C76C3

    2016-10-07 14:25
    .
    Pre-Run: 115,460,407,296 bytes free
    Post-Run: 117,049,520,128 bytes free
    .
    - - End Of File - - 6CD47BA6690D03DC1367E0DCA5B4097E
    1A1A06F62E891045814007163C1C76C3
     
  17. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  18. brokensynapse

    brokensynapse TS Enthusiast Topic Starter Posts: 56

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-10-2016
    Ran by Sean Harris (administrator) on DHARMA-PC (10-10-2016 05:27:03)
    Running from C:\Users\Sean Harris\Downloads
    Loaded Profiles: Sean Harris (Available Profiles: Sean Harris)
    Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
    () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Farbar) C:\Users\Sean Harris\Downloads\FRST(2).exe


    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [827392 2007-01-12] (Synaptics, Inc.)
    HKLM\...\Run: [QlbCtrl] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [159744 2007-02-13] ( Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
    HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
    HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13556256 2008-12-04] (NVIDIA Corporation)
    HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2008-12-04] (NVIDIA Corporation)
    HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-10-15] (Adobe Systems Incorporated)
    HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-10-03] (AVAST Software)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
    HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OUktTkgzRjItU1kyNjgtSEdZOUEtRk5DUU4tWDcyWVI"&"inst=NzYtNzk2MzQ1OTE3LVU5MCsxLVRQKzEtWE8zNisxLU4xRCsxLVRCOSsyLVBMKzktVFVHKz (the data entry has 122 more characters).
    HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [44128 2006-11-07] (soft thinks)
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-18] (Google Inc.)
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Run: [Google Photos Backup] => C:\Users\Sean Harris\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1370624 2008-01-19] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-10-03] (AVAST Software)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2008-07-05]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\Sean Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-12-18]
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
    Tcpip\..\Interfaces\{1E4CEE65-A56B-45F2-A303-39A30B421E3B}: [DhcpNameServer] 192.168.100.254
    Tcpip\..\Interfaces\{3BD60310-3959-4C3A-B7B7-C3CE2CEF7A6A}: [DhcpNameServer] 209.18.47.61 209.18.47.62

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKLM -> {8E8176CF-3C72-4F29-B0AF-5E670D763FBD} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    SearchScopes: HKLM -> {E4A7BA5D-1FCA-4261-85CA-307FC5471A6D} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
    SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
    SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
    BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-19] (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-03] (AVAST Software)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-19] (Google Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-19] (Oracle Corporation)
    BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-19] (Google Inc.)
    Toolbar: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-19] (Google Inc.)
    DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} hxxps://www.member-data.com/rdc/EZTwainX.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: 7ykyy2rz.default
    FF ProfilePath: C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default [2016-10-10]
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\7ykyy2rz.default -> Yahoo! Search
    FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\7ykyy2rz.default -> Yahoo! Search
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\7ykyy2rz.default -> Yahoo! Search
    FF Homepage: Mozilla\Firefox\Profiles\7ykyy2rz.default -> hxxps://www.google.com/
    FF Extension: (Firefox Hotfix) - C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Profiles\7ykyy2rz.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-10-03]
    FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2016-10-03] [not signed]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
    FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-06-03] [not signed]
    FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared => not found
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-03]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-03]
    FF HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-10-04] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-11-22] (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
    FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-19] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-19] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2006-03-31] (RealNetworks, Inc.)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2532419472-1891236629-2710359153-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2532419472-1891236629-2710359153-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-11-12] (Sun Microsystems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008-10-14] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-01-29] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-01-29] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-01-29] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-01-29] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-01-29] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-01-29] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-01-29] (Apple Inc.)

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
    CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\SEANHA~1\AppData\Local\Temp\crxBB17.tmp <not found>
    StartMenuInternet: chrome.exe - C:\Users\Sean Harris\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-03] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-10-03] (AVAST Software)
    R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [262243 2007-04-23] () [File not signed]
    S2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [106593 2007-04-23] () [File not signed]
    R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
    R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
    R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-11] (Hewlett-Packard Co.) [File not signed]
    R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2007-02-12] (Sonic Solutions) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-10-03] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-10-03] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-10-03] (AVAST Software)
    R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2016-10-03] (ALWIL Software)
    R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [295840 2016-10-03] (AVAST Software)
    R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-10-03] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-10-03] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-10-03] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-10-03] (AVAST Software)
    R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-10-03] (AVAST Software)
    S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-10-03] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-10-03] (AVAST Software)
    R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
    S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2008-04-01] (LeapFrog) [File not signed]
    R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [160768 2007-04-11] (Conexant Systems Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-10-04] ()
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 catchme; \??\C:\Users\SEANHA~1\AppData\Local\Temp\catchme.sys [X]
    S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-10 05:26 - 2016-10-10 05:26 - 01757184 _____ (Farbar) C:\Users\Sean Harris\Downloads\FRST(2).exe
    2016-10-07 09:32 - 2016-10-07 09:32 - 00011856 _____ C:\Users\Sean Harris\Desktop\combofix log.txt
    2016-10-07 09:25 - 2016-10-07 09:25 - 00011856 _____ C:\ComboFix.txt
    2016-10-07 08:59 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-10-07 08:59 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-10-07 08:59 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-10-07 08:59 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-10-07 08:59 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-10-07 08:59 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
    2016-10-07 08:59 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
    2016-10-07 08:59 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
    2016-10-07 08:58 - 2016-10-07 09:25 - 00000000 ____D C:\Qoobox
    2016-10-07 08:58 - 2016-10-07 09:25 - 00000000 ____D C:\ComboFix
    2016-10-07 08:54 - 2016-10-07 09:23 - 00000000 ____D C:\Windows\erdnt
    2016-10-07 08:53 - 2016-10-07 08:54 - 05659993 ____R (Swearware) C:\Users\Sean Harris\Downloads\ComboFix.exe
    2016-10-07 08:48 - 2016-10-07 08:48 - 05659993 _____ (Swearware) C:\Users\Sean Harris\Downloads\ComboFix.exe.part
    2016-10-05 06:04 - 2016-10-05 06:04 - 00003885 _____ C:\Users\Sean Harris\Desktop\JRT.txt
    2016-10-05 05:52 - 2016-10-05 05:52 - 01631928 _____ (Malwarebytes) C:\Users\Sean Harris\Downloads\JRT.exe
    2016-10-04 21:03 - 2016-10-04 21:03 - 00007685 _____ C:\Users\Sean Harris\Desktop\AdwCleaner[S0].txt
    2016-10-04 20:53 - 2016-10-04 22:41 - 00000000 ____D C:\AdwCleaner
    2016-10-04 20:51 - 2016-10-04 20:52 - 03861056 _____ C:\Users\Sean Harris\Downloads\AdwCleaner.exe
    2016-10-04 20:46 - 2016-10-04 20:46 - 00000000 ____D C:\Users\Sean Harris\AppData\Local\CrashDumps
    2016-10-04 10:01 - 2016-10-04 10:04 - 00000806 _____ C:\Users\Sean Harris\Desktop\firefox.lnk
    2016-10-04 09:47 - 2016-10-04 09:47 - 00001067 _____ C:\Users\Sean Harris\Desktop\mbytes.txt
    2016-10-04 08:44 - 2016-10-05 06:21 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-10-04 08:40 - 2016-10-04 08:40 - 00000859 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-10-04 08:39 - 2016-10-04 08:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-10-04 08:39 - 2016-10-04 08:39 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2016-10-04 08:39 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-10-04 08:39 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-10-04 08:39 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-10-04 08:37 - 2016-10-04 08:37 - 22851472 _____ (Malwarebytes ) C:\Users\Sean Harris\Downloads\mbam-setup-2.2.1.1043.exe
    2016-10-04 08:19 - 2016-10-04 08:19 - 00017182 _____ C:\Users\Sean Harris\Desktop\rk log.txt
    2016-10-04 06:36 - 2016-10-04 06:36 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-10-04 06:35 - 2016-10-04 06:35 - 00000800 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2016-10-04 06:35 - 2016-10-04 06:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2016-10-04 06:34 - 2016-10-04 06:35 - 00000000 ____D C:\Program Files\RogueKiller
    2016-10-04 06:34 - 2016-10-04 06:34 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-10-04 06:32 - 2016-10-04 06:33 - 33624128 _____ (Adlice Software ) C:\Users\Sean Harris\Downloads\setup.exe
    2016-10-04 06:32 - 2016-10-04 06:32 - 33624128 _____ (Adlice Software ) C:\Users\Sean Harris\Downloads\setup.exe.part
    2016-10-03 20:19 - 2016-10-03 20:20 - 01754624 _____ (Farbar) C:\Users\Sean Harris\Downloads\FRST(1).exe
    2016-10-03 20:18 - 2016-10-03 20:19 - 01754624 _____ (Farbar) C:\Users\Sean Harris\Downloads\FRST(1).exe.part
    2016-10-03 19:58 - 2016-10-03 19:58 - 00001789 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
    2016-10-03 19:58 - 2016-10-03 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2016-10-03 19:50 - 2016-10-03 19:48 - 00295840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
    2016-10-03 19:48 - 2016-10-03 19:48 - 00012112 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys
    2016-10-03 19:48 - 2016-10-03 06:44 - 00319760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2016-10-03 14:03 - 2016-10-03 14:03 - 00000856 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2016-10-03 13:58 - 2016-10-03 13:58 - 54359679 _____ C:\unp30547368341249072.mdmp
    2016-10-03 08:38 - 2016-10-03 20:37 - 00046895 _____ C:\Users\Sean Harris\Downloads\Addition.txt
    2016-10-03 08:33 - 2016-10-10 05:28 - 00022377 _____ C:\Users\Sean Harris\Downloads\FRST.txt
    2016-10-03 08:33 - 2016-10-10 05:27 - 00000000 ____D C:\FRST
    2016-10-03 08:32 - 2016-10-03 08:32 - 01754624 _____ (Farbar) C:\Users\Sean Harris\Downloads\FRST.exe
    2016-10-03 07:55 - 2016-10-03 14:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2016-10-03 07:05 - 2016-10-03 07:05 - 06334848 _____ (AVAST Software) C:\Users\Sean Harris\Downloads\avast_free_antivirus_setup_online.exe
    2016-10-03 06:46 - 2016-10-03 19:48 - 00184592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
    2016-10-03 06:46 - 2016-10-03 06:43 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2016-10-03 06:45 - 2016-10-03 06:44 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
    2016-10-03 06:44 - 2016-10-03 06:44 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
    2016-10-03 06:35 - 2016-10-03 06:35 - 00325134 _____ C:\unp305473061302938468.mdmp
    2016-10-03 06:31 - 2016-10-03 06:31 - 00297258 _____ C:\unp305473053059149764.mdmp
    2016-09-30 09:49 - 2016-10-03 19:51 - 00039832 _____ () C:\Windows\system32\Drivers\staport.sys
    2016-09-30 08:48 - 2016-09-30 08:48 - 00000000 ____D C:\Users\Sean Harris\AppData\Local\CEF

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-10 05:21 - 2009-07-02 10:12 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000Core.job
    2016-10-10 05:18 - 2010-02-13 20:39 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-10-10 05:18 - 2009-07-02 10:12 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000UA.job
    2016-10-10 05:16 - 2013-03-10 18:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-10-10 05:15 - 2009-02-19 10:48 - 00070771 _____ C:\ProgramData\nvModes.001
    2016-10-10 05:15 - 2006-11-02 07:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2016-10-10 05:15 - 2006-11-02 07:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2016-10-10 01:53 - 2014-03-21 22:34 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf457faa263eb0.job
    2016-10-07 09:47 - 2011-12-28 10:35 - 00000000 ____D C:\Users\Sean Harris\AppData\Roaming\HpUpdate
    2016-10-07 09:44 - 2007-08-04 06:16 - 00000000 ____D C:\Windows\SMINST
    2016-10-07 09:40 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-10-07 09:38 - 2006-11-02 08:01 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-10-07 09:21 - 2006-11-02 05:23 - 00000215 _____ C:\Windows\system.ini
    2016-10-05 05:53 - 2009-02-19 10:48 - 00070771 _____ C:\ProgramData\nvModes.dat
    2016-10-04 08:39 - 2009-03-03 17:17 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-10-04 07:13 - 2013-03-10 18:15 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2016-10-04 07:13 - 2012-02-16 21:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2016-10-04 07:12 - 2007-08-04 05:30 - 00000000 ____D C:\Windows\system32\Macromed
    2016-10-03 19:54 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
    2016-10-03 14:05 - 2006-11-02 05:23 - 00000362 _____ C:\Windows\win.ini
    2016-10-03 14:01 - 2016-08-19 13:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2016-10-03 09:02 - 2007-12-22 08:39 - 00000000 ____D C:\Users\Sean Harris\AppData\Local\Google
    2016-10-03 07:10 - 2012-04-25 14:35 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2016-10-03 07:10 - 2012-04-25 14:35 - 00433768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2016-10-03 06:44 - 2014-07-28 13:46 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2016-10-03 06:44 - 2013-05-26 17:24 - 00224616 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2016-10-03 06:44 - 2013-05-26 17:24 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2016-10-03 06:44 - 2012-04-25 14:35 - 00092256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2016-10-03 06:44 - 2012-04-25 14:35 - 00066688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
    2016-10-03 06:44 - 2012-04-25 14:35 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
    2016-09-30 09:38 - 2007-12-21 17:31 - 00000000 ____D C:\Users\Sean Harris
    2016-09-30 09:38 - 2006-11-02 05:22 - 52690944 _____ C:\Windows\system32\config\software_previous
    2016-09-30 09:38 - 2006-11-02 05:22 - 45350912 _____ C:\Windows\system32\config\components_previous
    2016-09-30 09:38 - 2006-11-02 05:22 - 38010880 _____ C:\Windows\system32\config\system_previous
    2016-09-30 09:38 - 2006-11-02 05:22 - 00524288 _____ C:\Windows\system32\config\default_previous
    2016-09-30 09:38 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\security_previous
    2016-09-30 09:38 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
    2016-09-30 09:37 - 2016-08-28 15:44 - 00000000 ____D C:\Users\Sean Harris\{1bbcfec6-1859-4565-8a35-895798d9cb1e}
    2016-09-30 09:37 - 2014-04-12 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2016-09-30 09:37 - 2014-04-12 22:04 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2016-09-30 09:37 - 2014-04-12 22:04 - 00000000 ____D C:\Program Files\iTunes
    2016-09-30 09:37 - 2014-04-12 22:04 - 00000000 ____D C:\Program Files\iPod
    2016-09-30 09:37 - 2008-07-05 11:30 - 00000000 ____D C:\ProgramData\HP Product Assistant
    2016-09-30 09:37 - 2007-12-23 16:12 - 00000000 ____D C:\Program Files\Common Files\Apple
    2016-09-30 09:37 - 2007-12-21 17:38 - 00000000 ____D C:\Users\Sean Harris\AppData\Local\QuickPlay
    2016-09-30 09:37 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\spool
    2016-09-30 09:37 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\Msdtc
    2016-09-30 09:36 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\registration
    2016-09-30 09:27 - 2011-10-15 08:04 - 00001356 _____ C:\Users\Sean Harris\AppData\Local\d3d9caps.dat
    2016-09-28 07:26 - 2012-04-25 14:29 - 00000000 ____D C:\ProgramData\AVAST Software

    ==================== Files in the root of some directories =======

    2012-04-22 18:18 - 2012-04-23 20:02 - 0000660 _____ () C:\Users\Sean Harris\AppData\Roaming\bibstats
    2008-01-26 16:44 - 2009-02-19 10:27 - 0028665 _____ () C:\Users\Sean Harris\AppData\Roaming\nvModes.001
    2008-01-25 20:22 - 2008-01-25 20:22 - 0028665 _____ () C:\Users\Sean Harris\AppData\Roaming\nvModes.dat
    2008-01-13 11:50 - 2008-01-13 11:50 - 0000117 _____ () C:\Users\Sean Harris\AppData\Roaming\PodRescue v1 Prefs
    2008-01-12 23:03 - 2008-01-12 23:03 - 0000010 ____H () C:\Users\Sean Harris\AppData\Roaming\PodRescue_Time
    2011-04-07 20:35 - 2011-04-07 20:35 - 0000000 _____ () C:\Users\Sean Harris\AppData\Roaming\wklnhst.dat
    2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\AtStart.txt
    2011-10-15 08:04 - 2016-09-30 09:27 - 0001356 _____ () C:\Users\Sean Harris\AppData\Local\d3d9caps.dat
    2007-12-22 04:18 - 2016-08-28 15:45 - 0224256 _____ () C:\Users\Sean Harris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\DSwitch.txt
    2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\QSwitch.txt
    2007-08-04 05:53 - 2013-11-10 14:38 - 0027973 _____ () C:\ProgramData\hpzinstall.log
    2009-02-19 10:48 - 2016-10-10 05:15 - 0070771 _____ () C:\ProgramData\nvModes.001
    2009-02-19 10:48 - 2016-10-05 05:53 - 0070771 _____ () C:\ProgramData\nvModes.dat

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-10-07 09:52

    ==================== End of FRST.txt ============================
     
  19. brokensynapse

    brokensynapse TS Enthusiast Topic Starter Posts: 56

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-10-2016
    Ran by Sean Harris (10-10-2016 05:29:44)
    Running from C:\Users\Sean Harris\Downloads
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2007-12-10 14:05:09)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2532419472-1891236629-2710359153-500 - Administrator - Disabled)
    Guest (S-1-5-21-2532419472-1891236629-2710359153-501 - Limited - Disabled)
    Sean Harris (S-1-5-21-2532419472-1891236629-2710359153-1000 - Administrator - Enabled) => C:\Users\Sean Harris

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: Avast Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    3ivx MPEG-4 5.0.3 (remove only) (HKLM\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
    ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
    Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
    Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
    Adobe Reader 8.1.4 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.4 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
    AIO_Scan (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
    Avast Internet Security (HKLM\...\avast) (Version: 12.3.2280 - AVAST Software)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    C4200 (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    C4200_doccd (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    c4200_Help (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: 4.18.0.0 - Conexant)
    Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    D1400 (Version: 82.0.201.000 - Hewlett-Packard) Hidden
    D1400_Help (Version: 82.0.201.000 - Hewlett-Packard) Hidden
    Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
    DeviceDiscovery (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    dj_sf_ProductContext (Version: 82.0.201.000 - Hewlett-Packard) Hidden
    dj_sf_software (Version: 82.0.201.000 - Hewlett-Packard) Hidden
    dj_sf_software_req (Version: 82.0.201.000 - Hewlett-Packard) Hidden
    DocProc (Version: 9.0.0.0 - Hewlett-Packard) Hidden
    DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    ESU for Microsoft Vista (HKLM\...\{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}) (Version: 2.0.5.1 - Hewlett-Packard)
    FlipShare (HKLM\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
    Google Chrome (HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
    Google Photos Backup (HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
    HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7) (Version: - )
    HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
    HP Deskjet 8.0 Software (HKLM\...\{58535A90-1788-44f5-80BB-CFF62D9CE6D5}) (Version: 8.0 - HP)
    HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
    HP Help and Support (HKLM\...\{31216452-5540-4C96-B754-94890A63D5AB}) (Version: 2.0.10.0 - Hewlett-Packard)
    HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
    HP OCR Software 9.0 (HKLM\...\HPOCR) (Version: 9.0 - HP)
    HP Photosmart All-In-One Software 9.0 (HKLM\...\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}) (Version: 9.0 - HP)
    HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
    HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
    HP Quick Launch Buttons 6.20 B1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.20 B1 - Hewlett-Packard)
    HP QuickPlay 3.2 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
    HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
    HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
    HP Total Care Advisor (HKLM\...\{F6B29003-A078-4491-AFBE-62EFB6CFFE19}) (Version: 1.1.19 - Hewlett-Packard)
    HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
    HP User Guides 0057 (HKLM\...\{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}) (Version: 1.03.0000 - Hewlett-Packard)
    HP Wireless Assistant (HKLM\...\{D32067CD-7409-4792-BFA0-1469BCD8F0C8}) (Version: 3.00 F1 - Hewlett-Packard)
    HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    HPNetworkAssistant (HKLM\...\{228C6B46-64E2-404E-898A-EF0830603EF4}) (Version: 1.1.70 - Hewlett-Packard.)
    HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
    iRip (HKLM\...\{4D6FAB8B-F22B-4272-AA27-9A188E21D047}) (Version: 1.0.1.26 - The Little App Factory, LLC.)
    iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
    Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
    LightScribe 1.6.43.1 (Version: 1.6.43.1 - hxxp://www.lightscribe.com) Hidden
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
    MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
    Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
    MSCU for Microsoft Vista (HKLM\...\{F7F3B252-E772-48AA-93EB-7964BC326067}) (Version: 1.0.1.3 - Hewlett-Packard)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    muvee autoProducer 6.0 (HKLM\...\{0BFC200F-C45D-4271-AF34-4CA969225DEB}) (Version: 6.00.050 - muvee Technologies)
    My HP Games (HKLM\...\WildTangent hplaptop Master Uninstall) (Version: HPLAP0503 - WildTangent)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - NVIDIA Corporation)
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    PS_AIO_ProductContext (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    PS_AIO_Software (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    PS_AIO_Software_min (Version: 90.0.200.000 - Hewlett-Packard) Hidden
    PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
    QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
    RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
    Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
    Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
    Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
    Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
    Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
    Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
    Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
    Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.551 - Roxio)
    Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
    SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
    Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
    SmartAudio (HKLM\...\SmartAudio) (Version: - Conexant)
    SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
    SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
    Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.11.0 - Synaptics)
    Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00933A8A-3422-4586-9E45-308AD322BEF9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
    Task: {1412B440-FDB7-41E6-8183-27745EBE5E5C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-04] (Adobe Systems Incorporated)
    Task: {1ED2DAD1-B90F-47C4-9AD8-40C635104ABA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000UA => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
    Task: {3FD8946A-E628-4156-8828-714FFBF264AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000Core => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
    Task: {4BCC7A0C-E50E-411F-8F3D-E0EDB7757D2B} - System32\Tasks\Microsoft\Windows\RestartManager\{F4B3AC6E-5272-4ecd-8978-AD89A4B845B7} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
    Task: {4E501739-E756-46DA-853D-28912C450019} - System32\Tasks\{A565FBF5-B545-4ECA-A3D7-9B6C20E5C002} => pcalua.exe -a "C:\Program Files\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime
    Task: {5146E494-7602-4D8D-B59B-4AC8FDB5BDB5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-03] (AVAST Software)
    Task: {747042E3-0465-46ED-8FBD-D10F1237B493} - System32\Tasks\{3E0875DD-48EE-44CE-914E-FFF7328DECE6} => pcalua.exe -a E:\VEWLP.exe -d E:\
    Task: {7ECA859A-C65E-4A4A-8E57-2B933E9D5600} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
    Task: {99F04631-D25B-47D8-83E8-8B7AF9D72CEC} - System32\Tasks\SafeZone scheduled Autoupdate 1475242992 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
    Task: {BEA8B901-0A1F-4F11-BBFE-F4614D338841} - System32\Tasks\Leader Technologies\PowerRegister\Seagate Product Registration (Sean Harris) => C:\Users\Sean Harris\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe
    Task: {CCDB5F33-EE1C-4E35-85EB-F4288B702FA0} - System32\Tasks\GoogleUpdateTaskMachineCore1cf457faa263eb0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
    Task: {CE005CD6-F910-45E8-81EA-191E6AB3E30A} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    Task: {CF985692-40E1-463E-9FC5-23C3BB86519C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-15] (Google Inc.)
    Task: {E873E323-022B-45F0-B512-0F14A92DEC0B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf457faa263eb0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000Core.job => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2532419472-1891236629-2710359153-1000UA.job => C:\Users\Sean Harris\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\Sean Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iRip\iRip Help.lnk -> hxxp://www.ipodrip.com/help/

    ==================== Loaded Modules (Whitelisted) ==============

    2016-10-03 06:44 - 2016-10-03 06:44 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-10-03 06:44 - 2016-10-03 06:44 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-10-09 06:01 - 2016-10-09 06:01 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16100900\algo.dll
    2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2007-08-04 05:40 - 2007-04-23 20:11 - 00262243 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    2007-08-04 05:40 - 2007-04-23 20:11 - 00237673 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
    2011-05-06 14:07 - 2011-05-06 14:07 - 00460144 _____ () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    2010-10-26 01:06 - 2010-10-26 01:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShare\QtCore4.dll
    2011-05-06 14:07 - 2011-05-06 14:07 - 04317184 _____ () C:\Program Files\Flip Video\FlipShare\Core.dll
    2011-05-06 14:02 - 2011-05-06 14:02 - 00737280 _____ () C:\Program Files\Flip Video\FlipShare\qca2.dll
    2010-10-26 01:23 - 2010-10-26 01:23 - 08351744 _____ () C:\Program Files\Flip Video\FlipShare\QtGui4.dll
    2010-10-26 01:08 - 2010-10-26 01:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
    2010-10-26 01:23 - 2010-10-26 01:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShare\QtSql4.dll
    2010-10-26 01:06 - 2010-10-26 01:06 - 00364544 _____ () C:\Program Files\Flip Video\FlipShare\QtXml4.dll
    2010-10-26 09:34 - 2010-10-26 09:34 - 11853824 _____ () C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
    2010-10-26 01:37 - 2010-10-26 01:37 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\phonon4.dll
    2010-05-20 14:49 - 2010-05-20 14:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShare\PocoNet.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShare\PocoXML.dll
    2011-05-06 13:58 - 2011-05-06 13:58 - 01085440 _____ () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    2010-10-26 01:06 - 2010-10-26 01:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
    2010-10-26 01:08 - 2010-10-26 01:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
    2010-10-26 01:23 - 2010-10-26 01:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
    2010-05-20 14:49 - 2010-05-20 14:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 00175616 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 00291840 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
    2010-05-17 10:47 - 2010-05-17 10:47 - 00110592 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
    2013-11-17 12:15 - 2016-10-03 06:44 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2007-02-16 19:40 - 2007-02-16 19:40 - 01466368 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
    2007-02-16 19:40 - 2007-02-16 19:40 - 05521408 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
    2007-08-04 06:15 - 2007-01-30 17:58 - 00677576 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    2007-08-04 05:39 - 2007-04-23 20:10 - 00061440 _____ () C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [149]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 05:23 - 2016-10-07 09:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sean Harris\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 209.18.47.61 - 209.18.47.62
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: HPAdvisor => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
    MSCONFIG\startupreg: QPService => "C:\Program Files\HP\QuickPlay\QPService.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [{5BC58A37-88F1-48D7-8BE5-98236F326965}] => (Allow) C:\Program Files\HP\QuickPlay\QP.exe
    FirewallRules: [{977244DC-0C6F-4602-9E5D-F53F4137696A}] => (Allow) C:\Program Files\HP\QuickPlay\QPService.exe
    FirewallRules: [{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{05F6F3EF-B25C-4001-8372-FE26E6D1B328}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{F238082B-3978-480D-B122-CF2A1C1231A2}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}] => (Allow) C:\Program Files\earthlink totalaccess\TaskPanl.exe
    FirewallRules: [{A7BB0588-8517-458B-B620-0B480C80D0FC}] => (Allow) C:\Program Files\HP\Digital Imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [{0A83C0EF-91EE-40EC-B9DD-94EC2F9C6793}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{AD2D0DB4-8073-4B72-97FA-914302A36EE1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{A45ED214-B796-4345-B13D-CA5D29C899E1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe
    FirewallRules: [{FF3EC5DE-D183-4CC9-986F-7CD0872593E1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{EFB3DB1D-3484-47A4-9202-6A9FE178DEED}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
    FirewallRules: [{41E5F946-A697-4ED1-8D0C-CD91FCAF5FC6}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
    FirewallRules: [{B4798DC6-D4D5-4570-8A2F-71D2E88DD43A}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
    FirewallRules: [{5E1AAB3A-A0D4-49EC-AB04-A097036047DC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
    FirewallRules: [{99CE8B0B-0A89-44B0-AC11-188A247E7521}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
    FirewallRules: [{551C54BC-CD2F-446D-9D0B-61352826742D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{4B7E4457-248F-4BA2-B8A8-00C7062C975D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{A4087168-D94B-4F77-BCAA-54D29F4D37F4}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
    FirewallRules: [TCP Query User{AC8F7B82-0F15-496C-B3DA-34A8E2D33ADE}C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [UDP Query User{928CECF7-5561-42E5-A96F-92BDD4375C78}C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sean harris\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [{BB46DB95-497E-4F81-BB3C-571989FE87BF}] => (Allow) LPort=80
    FirewallRules: [{5748741B-55B0-4A30-B114-9EC7C5ED8D53}] => (Allow) LPort=80
    FirewallRules: [{A314BA29-E94B-4111-B178-7F969512969F}] => (Allow) LPort=80
    FirewallRules: [{B7C28AAB-E2B8-4BE5-8218-A97A13A465E6}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
    FirewallRules: [{869C5BB4-2081-4A8C-BE6B-1309D7AD1721}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
    FirewallRules: [{66C4BA6A-BA64-4BA7-86C2-4D79991E3D06}] => (Allow) LPort=24726
    FirewallRules: [{2E7DE2A1-FE43-492B-A940-46FC5FF331C3}] => (Allow) LPort=24727
    FirewallRules: [{B638C71C-0524-4696-9415-4B37CFAE9837}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{604FD86F-44D0-4D8A-90E6-7563E93CF1C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{EB1059DF-3934-4FD1-BDAD-CE3E4F7ABFD1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{A3C01DD2-B03F-435B-A3A2-A2D39DA42443}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{275871E7-69B6-4FB6-BA8B-92C7DDF9BAE0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{4DBC2E42-7A2F-483D-A697-FB6992600E9A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe] => Enabled:Earthlink

    ==================== Restore Points =========================

    13-04-2014 13:03:44 avast! antivirus system restore point
    19-04-2014 15:13:08 Windows Update
    19-04-2014 15:24:08 Windows Update
    29-04-2014 12:01:42 Windows Update
    29-04-2014 12:07:58 Windows Update
    28-07-2014 13:30:55 avast! antivirus system restore point
    28-07-2014 13:44:23 Installed Java 7 Update 65
    28-07-2014 14:20:09 Windows Update
    30-07-2014 03:01:16 Windows Update
    05-08-2014 01:37:40 Windows Update
    08-08-2014 01:40:41 Windows Update
    12-08-2014 19:50:51 Windows Update
    13-08-2014 03:00:45 Windows Update
    19-08-2014 01:57:53 Windows Update
    06-10-2014 06:07:03 Windows Update
    07-10-2014 03:01:53 Windows Update
    28-08-2016 15:44:52 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
    30-09-2016 08:30:14 Removed DriverUpdate
    30-09-2016 08:55:11 Removed SlimCleaner Plus
    30-09-2016 09:12:28 Removed SlimCleaner Plus
    03-10-2016 19:52:44 Device Driver Package Install: ALWIL Software Network Service
    05-10-2016 05:54:14 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============

    Name: Microsoft ISATAP Adapter #2
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/09/2016 07:53:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 16536

    Error: (10/09/2016 07:53:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 16536

    Error: (10/09/2016 07:53:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (10/09/2016 07:53:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 4056

    Error: (10/09/2016 07:53:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 4056

    Error: (10/09/2016 07:53:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (10/09/2016 07:53:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2808

    Error: (10/09/2016 07:53:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2808

    Error: (10/09/2016 07:53:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (10/09/2016 07:53:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1045


    System errors:
    =============
    Error: (10/08/2016 04:32:42 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.

    Error: (10/07/2016 09:43:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error:
    After starting, the service hung in a start-pending state.

    Error: (10/07/2016 09:43:49 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The CyberLink Background Capture Service (CBCS) service hung on starting.

    Error: (10/07/2016 09:42:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Parallel port driver service failed to start due to the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (10/07/2016 09:38:20 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.

    Error: (10/07/2016 09:21:24 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (10/07/2016 09:12:36 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (10/07/2016 09:04:59 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.

    Error: (10/07/2016 09:02:13 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (10/07/2016 09:00:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The XAudioService service terminated unexpectedly. It has done this 1 time(s).


    CodeIntegrity:
    ===================================
    Date: 2016-10-10 05:29:32.766
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-10-10 05:29:31.216
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-10-10 05:29:29.970
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-10-10 05:29:28.583
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-10-10 05:29:26.720
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-10-10 05:29:25.277
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-10-10 05:29:24.025
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-10-10 05:29:22.694
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-10-10 05:28:30.651
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-10-10 05:28:29.163
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55
    Percentage of memory in use: 63%
    Total physical RAM: 1982.18 MB
    Available physical RAM: 720.98 MB
    Total Virtual: 4207.54 MB
    Available Virtual: 2066.14 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:224.46 GB) (Free:108.69 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (HP_RECOVERY) (Fixed) (Total:8.43 GB) (Free:1.8 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 232.9 GB) (Disk ID: 9E86F523)
    Partition 1: (Active) - (Size=224.5 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=8.4 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  20. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  21. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Still with me?
     
  22. brokensynapse

    brokensynapse TS Enthusiast Topic Starter Posts: 56

    Sorry for the delay..

    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 catchme; \??\C:\Users\SEANHA~1\AppData\Local\Temp\catchme.sys [X]
    S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    2012-04-22 18:18 - 2012-04-23 20:02 - 0000660 _____ () C:\Users\Sean Harris\AppData\Roaming\bibstats
    2008-01-26 16:44 - 2009-02-19 10:27 - 0028665 _____ () C:\Users\Sean Harris\AppData\Roaming\nvModes.001
    2008-01-25 20:22 - 2008-01-25 20:22 - 0028665 _____ () C:\Users\Sean Harris\AppData\Roaming\nvModes.dat
    2008-01-13 11:50 - 2008-01-13 11:50 - 0000117 _____ () C:\Users\Sean Harris\AppData\Roaming\PodRescue v1 Prefs
    2008-01-12 23:03 - 2008-01-12 23:03 - 0000010 ____H () C:\Users\Sean Harris\AppData\Roaming\PodRescue_Time
    2011-04-07 20:35 - 2011-04-07 20:35 - 0000000 _____ () C:\Users\Sean Harris\AppData\Roaming\wklnhst.dat
    2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\AtStart.txt
    2011-10-15 08:04 - 2016-09-30 09:27 - 0001356 _____ () C:\Users\Sean Harris\AppData\Local\d3d9caps.dat
    2007-12-22 04:18 - 2016-08-28 15:45 - 0224256 _____ () C:\Users\Sean Harris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\DSwitch.txt
    2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\QSwitch.txt
    2007-08-04 05:53 - 2013-11-10 14:38 - 0027973 _____ () C:\ProgramData\hpzinstall.log
    2009-02-19 10:48 - 2016-10-10 05:15 - 0070771 _____ () C:\ProgramData\nvModes.001
    2009-02-19 10:48 - 2016-10-05 05:53 - 0070771 _____ () C:\ProgramData\nvModes.dat
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
    AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [149]
    HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
     
  23. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    That's incorrect.
    You just posted content of my "fixlist" file.
    Please, re-read my instructions.
     
  24. brokensynapse

    brokensynapse TS Enthusiast Topic Starter Posts: 56

    Sorry about that..


    Fix result of Farbar Recovery Scan Tool (x86) Version: 09-10-2016
    Ran by Sean Harris (20-10-2016 07:15:14) Run:2
    Running from C:\Users\Sean Harris\Downloads
    Loaded Profiles: Sean Harris (Available Profiles: Sean Harris)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 catchme; \??\C:\Users\SEANHA~1\AppData\Local\Temp\catchme.sys [X]
    S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    2012-04-22 18:18 - 2012-04-23 20:02 - 0000660 _____ () C:\Users\Sean Harris\AppData\Roaming\bibstats
    2008-01-26 16:44 - 2009-02-19 10:27 - 0028665 _____ () C:\Users\Sean Harris\AppData\Roaming\nvModes.001
    2008-01-25 20:22 - 2008-01-25 20:22 - 0028665 _____ () C:\Users\Sean Harris\AppData\Roaming\nvModes.dat
    2008-01-13 11:50 - 2008-01-13 11:50 - 0000117 _____ () C:\Users\Sean Harris\AppData\Roaming\PodRescue v1 Prefs
    2008-01-12 23:03 - 2008-01-12 23:03 - 0000010 ____H () C:\Users\Sean Harris\AppData\Roaming\PodRescue_Time
    2011-04-07 20:35 - 2011-04-07 20:35 - 0000000 _____ () C:\Users\Sean Harris\AppData\Roaming\wklnhst.dat
    2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\AtStart.txt
    2011-10-15 08:04 - 2016-09-30 09:27 - 0001356 _____ () C:\Users\Sean Harris\AppData\Local\d3d9caps.dat
    2007-12-22 04:18 - 2016-08-28 15:45 - 0224256 _____ () C:\Users\Sean Harris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\DSwitch.txt
    2007-12-21 17:38 - 2007-12-21 17:38 - 0000000 _____ () C:\Users\Sean Harris\AppData\Local\QSwitch.txt
    2007-08-04 05:53 - 2013-11-10 14:38 - 0027973 _____ () C:\ProgramData\hpzinstall.log
    2009-02-19 10:48 - 2016-10-10 05:15 - 0070771 _____ () C:\ProgramData\nvModes.001
    2009-02-19 10:48 - 2016-10-05 05:53 - 0070771 _____ () C:\ProgramData\nvModes.dat
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Sean Harris\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
    AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [149]
    HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION

    *****************

    "C:\Windows\system32\GroupPolicy\Machine" => not found.
    HKLM\SOFTWARE\Policies\Google => key not found.
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
    blbdrive => service not found.
    catchme => service not found.
    HTCAND32 => service not found.
    IpInIp => service not found.
    NwlnkFlt => service not found.
    NwlnkFwd => service not found.
    "C:\Users\Sean Harris\AppData\Roaming\bibstats" => not found.
    "C:\Users\Sean Harris\AppData\Roaming\nvModes.001" => not found.
    "C:\Users\Sean Harris\AppData\Roaming\nvModes.dat" => not found.
    "C:\Users\Sean Harris\AppData\Roaming\PodRescue v1 Prefs" => not found.
    "C:\Users\Sean Harris\AppData\Roaming\PodRescue_Time" => not found.
    "C:\Users\Sean Harris\AppData\Roaming\wklnhst.dat" => not found.
    C:\Users\Sean Harris\AppData\Local\AtStart.txt => moved successfully
    "C:\Users\Sean Harris\AppData\Local\d3d9caps.dat" => not found.
    "C:\Users\Sean Harris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found.
    C:\Users\Sean Harris\AppData\Local\DSwitch.txt => moved successfully
    C:\Users\Sean Harris\AppData\Local\QSwitch.txt => moved successfully
    "C:\ProgramData\hpzinstall.log" => not found.
    C:\ProgramData\nvModes.001 => moved successfully
    C:\ProgramData\nvModes.dat => moved successfully
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344} => key not found.
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908} => key not found.
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F} => key not found.
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782} => key not found.
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8} => key not found.
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007} => key not found.
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key not found.
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key not found.
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892} => key not found.
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B} => key not found.
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5} => key not found.
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key not found.
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008} => key not found.
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61} => key not found.
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB} => key not found.
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998} => key not found.
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB} => key not found.
    HKU\S-1-5-21-2532419472-1891236629-2710359153-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9} => key not found.
    "C:\ProgramData\Temp" => ":0B4227B4" ADS not found.
    HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully

    ==== End of Fixlog 07:16:56 ====
     
  25. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...