Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is extremely slow in regular boot, nothing has helped


  • This topic is locked This topic is locked
4 replies to this topic

#1 Hermesx

Hermesx

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 14 February 2016 - 02:23 PM

I posted a topic a few days ago to the "Am I Infected?" section, you can find that here.
 
So far, I have run rkill, malwarebytes, ESET online scanner, Emisoft, AdWCleaner and Junkware removal tool all in safe mode. Some of these have found PUPs and one trojan titled " HTML/Iframe.B trojan". After deletion of this trojan I attempted a regular boot but no change. 
I have also tried a Ccleaner scan which removed 30gb of data and a command in cmd called "sfc/scannow" which produced no change.
 
Here is my Farbar log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Herron (administrator) on HERRON-HP (14-02-2016 14:14:58)
Running from C:\Users\Herron\Desktop
Loaded Profiles: Herron (Available Profiles: Herron)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Microsoft Default Manager] => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-06] (AVAST Software)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2622432 2016-01-29] (Malwarebytes Corporation)
HKLM\...\RunOnce: [Lexmark 3600-4600 Series] => [X]
HKLM\...\RunOnce: [lxdxUninstallRan] => [X]
HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Herron\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].txt [871 2016-02-12] ()
HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\MountPoints2: J - J:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\MountPoints2: K - K:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\MountPoints2: {186f5434-2b8d-11e5-abfa-d48564c1450e} - J:\Autorun.exe
HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\MountPoints2: {22b26d47-1765-11e5-ad14-d48564c1450e} - K:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-04-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-28] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9AD77578-9B03-42FB-BC66-A6A861FFFD86}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON/4
HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON/4
SearchScopes: HKLM -> {55C17075-8253-4BBA-A07E-DCF48893112E} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {EBEA1F1D-811E-4631-9189-BCF8E86AF82A} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {ED544884-6DEB-43B7-B0F2-E9CFA7D1D107} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {55C17075-8253-4BBA-A07E-DCF48893112E} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {EBEA1F1D-811E-4631-9189-BCF8E86AF82A} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {ED544884-6DEB-43B7-B0F2-E9CFA7D1D107} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000 -> {55C17075-8253-4BBA-A07E-DCF48893112E} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000 -> {EBEA1F1D-811E-4631-9189-BCF8E86AF82A} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000 -> {ED544884-6DEB-43B7-B0F2-E9CFA7D1D107} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-16] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\coIEPlg.dll => No File
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\IPSBHO.DLL => No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-30] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-16] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-30] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\coIEPlg.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Herron\AppData\Roaming\Mozilla\Firefox\Profiles\v395qez2.default
FF Homepage: oldschool.runescape.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1573336260-1148118520-3100803624-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Herron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1573336260-1148118520-3100803624-1000: @talk.google.com/O1DPlugin -> C:\Users\Herron\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1573336260-1148118520-3100803624-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1573336260-1148118520-3100803624-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1573336260-1148118520-3100803624-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Herron\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-26] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Herron\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Herron\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-11]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension => not found
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFF => not found
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Herron\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\pdf.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 8.0.250.18) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 8 U25) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Herron\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Herron\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Herron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Herron\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Profile: C:\Users\Herron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SailPoint) - C:\Users\Herron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajneioealmmeomlfegpbamcjhiiedcag [2015-12-19]
CHR Extension: (Google Docs) - C:\Users\Herron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Herron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Herron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Herron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Herron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-26]
CHR Extension: (AdBlock) - C:\Users\Herron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-08]
CHR Extension: (Universe) - C:\Users\Herron\AppData\Local\Google\Chrome\User Data\Default\Extensions\igcicgpahfpikagbhofhehldknadneld [2014-07-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Herron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (My Directions XP) - C:\Users\Herron\AppData\Local\Google\Chrome\User Data\Default\Extensions\phoidnoiohobnjfnpneiilkgjcobnoag [2016-02-14]
CHR Extension: (Gmail) - C:\Users\Herron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-10]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-28] (AVAST Software)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [740832 2016-01-29] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll" /prefetch:1
S2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [X]
S2 SeaPort; "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-28] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-28] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-28] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-28] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-28] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-07-17] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 epp; C:\EEK\bin64\epp.sys [123992 2015-10-23] (Emsisoft Ltd)
S1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-01-29] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [X]
S1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [X]
S3 EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [X]
S1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20140508.001\IDSvia64.sys [X]
S3 kxqglcrk; \??\C:\Windows\system32\drivers\ngiodriver_x64 [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20140509.004\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20140509.004\EX64.SYS [X]
S3 SRTSP; \SystemRoot\system32\drivers\NISx64\1200000.080\SRTSP64.SYS [X]
S1 SRTSPX; \SystemRoot\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS [X]
S0 SymDS; system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [X]
S0 SymEFA; system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [X]
S3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [X]
S1 SymIRON; \SystemRoot\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [X]
S3 SymNetS; \SystemRoot\system32\drivers\NISx64\1200000.080\SYMNETS.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-14 14:14 - 2016-02-14 14:15 - 00023002 _____ C:\Users\Herron\Desktop\FRST.txt
2016-02-14 11:13 - 2016-02-14 14:14 - 00000000 ____D C:\FRST
2016-02-14 11:13 - 2016-02-14 11:13 - 00017772 _____ C:\Users\Herron\Downloads\FRST.txt
2016-02-14 11:03 - 2016-02-14 11:03 - 02370560 _____ (Farbar) C:\Users\Herron\Desktop\FRST64.exe
2016-02-12 16:12 - 2016-02-12 16:12 - 00002376 _____ C:\Users\Herron\Desktop\JRT.txt
2016-02-12 16:08 - 2016-02-12 16:08 - 01609032 _____ (Malwarebytes) C:\Users\Herron\Downloads\JRT.exe
2016-02-12 15:52 - 2016-02-12 15:52 - 01508352 _____ C:\Users\Herron\Downloads\AdwCleaner.exe
2016-02-12 15:39 - 2016-02-12 16:32 - 00114634 _____ C:\Windows\ntbtlog.txt
2016-02-12 15:39 - 2016-02-12 15:52 - 00000000 ____D C:\EEK
2016-02-12 15:35 - 2016-02-12 15:36 - 212335584 _____ C:\Users\Herron\Downloads\EmsisoftEmergencyKit.exe
2016-02-12 15:34 - 2016-02-12 15:34 - 00000784 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-02-12 15:34 - 2016-02-12 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-02-12 15:34 - 2016-02-12 15:34 - 00000000 ____D C:\Program Files\CCleaner
2016-02-12 15:31 - 2016-02-12 15:31 - 06828320 _____ (Piriform Ltd) C:\Users\Herron\Downloads\ccsetup_514.exe
2016-02-12 15:30 - 2016-02-12 15:33 - 00002590 _____ C:\Users\Herron\Desktop\Rkill.txt
2016-02-12 15:30 - 2016-02-12 15:30 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Herron\Downloads\rkill.com
2016-02-11 11:24 - 2015-09-28 14:30 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-02-11 11:05 - 2016-02-11 11:05 - 00000860 _____ C:\Users\Herron\Desktop\ESET Scan.txt
2016-02-10 19:54 - 2016-02-10 19:54 - 02870984 _____ (ESET) C:\Users\Herron\Downloads\esetsmartinstaller_enu (1).exe
2016-02-02 15:03 - 2016-02-02 15:03 - 00330898 _____ C:\Users\Herron\Desktop\Dark Minimal Wobble 2.wav
2016-02-02 14:58 - 2016-02-02 14:58 - 00330898 _____ C:\Users\Herron\Desktop\Dark Minimal Wobble.wav
2016-01-24 22:32 - 2016-01-24 22:32 - 00223232 _____ C:\Users\Herron\Downloads\256091__soundeffectspodcast-com__game-over-voice-2b.wav
2016-01-24 16:30 - 2016-01-24 16:30 - 00174134 _____ C:\Users\Herron\Downloads\131267__bettsashl__didyou.aiff
2016-01-24 16:29 - 2016-01-24 16:29 - 00073974 _____ C:\Users\Herron\Downloads\250098__pbrechler__i-love-you.aiff
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-12 16:29 - 2015-06-28 13:43 - 00000000 ____D C:\Users\Herron\AppData\Local\Akamai
2016-02-12 16:28 - 2015-08-07 12:13 - 00000000 ____D C:\Users\Herron\AppData\Local\Spotify
2016-02-12 16:26 - 2014-04-26 17:46 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-12 16:23 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-12 16:07 - 2014-07-25 15:17 - 00015097 _____ C:\Windows\system32\LexFiles.ulf
2016-02-12 16:07 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-02-12 16:07 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-02-12 16:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-12 16:01 - 2015-08-07 12:13 - 00000000 ____D C:\Users\Herron\AppData\Roaming\Spotify
2016-02-12 15:56 - 2014-07-14 13:20 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000UA.job
2016-02-12 15:56 - 2014-04-26 17:46 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-12 15:55 - 2014-08-20 15:10 - 00000000 ____D C:\AdwCleaner
2016-02-12 15:37 - 2015-07-17 17:23 - 00000000 ____D C:\Users\Herron\AppData\Roaming\DAEMON Tools Lite
2016-02-12 15:37 - 2014-08-12 15:00 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-12 15:37 - 2014-06-06 17:58 - 00000000 ____D C:\Users\Herron\AppData\Roaming\Azureus
2016-02-12 15:35 - 2016-01-14 04:49 - 00000000 ____D C:\Windows\Minidump
2016-02-12 15:35 - 2014-07-20 19:26 - 00000000 ____D C:\Users\Herron\AppData\Local\CrashDumps
2016-02-12 15:35 - 2009-07-24 14:22 - 00000000 ____D C:\Windows\Panther
2016-02-11 14:36 - 2015-08-30 12:31 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000UA.job
2016-02-11 14:36 - 2014-08-05 22:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-11 14:30 - 2014-04-26 17:48 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-11 13:36 - 2015-08-30 12:31 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000Core.job
2016-02-11 13:32 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-11 13:31 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-11 11:14 - 2014-07-11 20:12 - 00000000 ___RD C:\Users\Herron\Dropbox
2016-02-11 11:14 - 2014-07-11 20:08 - 00000000 ____D C:\Users\Herron\AppData\Roaming\Dropbox
2016-02-10 05:52 - 2015-09-06 16:14 - 00000000 ____D C:\Users\Herron\AppData\Local\Adobe
2016-02-09 20:30 - 2014-05-09 18:50 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-09 20:07 - 2014-07-14 13:20 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000Core.job
2016-02-08 14:37 - 2015-04-18 19:48 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-02-07 15:40 - 2009-07-14 00:13 - 00782744 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-06 20:48 - 2015-07-04 14:53 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForHerron.job
2016-02-02 20:40 - 2014-05-06 15:32 - 00002314 ____H C:\Users\Herron\Documents\Default.rdp
2016-02-02 20:36 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-02-02 08:34 - 2014-07-14 13:20 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000UA
2016-02-02 08:34 - 2014-07-14 13:20 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000Core
2016-02-01 20:39 - 2015-04-18 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-02-01 20:39 - 2015-04-18 19:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-02-01 17:44 - 2014-04-26 17:46 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 17:44 - 2014-04-26 17:46 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-28 16:44 - 2014-04-26 17:47 - 00002174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-28 16:44 - 2014-04-26 17:47 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-25 15:11 - 2014-05-18 21:03 - 00000000 ____D C:\Users\Herron\AppData\Roaming\FlowStone
2016-01-24 22:47 - 2015-08-30 11:49 - 00000000 ____D C:\Users\Herron\Desktop\Sam
2016-01-15 11:40 - 2014-05-17 22:36 - 00000045 _____ C:\Users\Herron\jagex_cl_oldschool_LIVE.dat
2016-01-15 03:00 - 2014-05-09 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2015-02-22 17:49 - 2015-02-22 17:52 - 0002257 _____ () C:\Users\Herron\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-05-31 00:24 - 2014-08-12 22:01 - 0000209 _____ () C:\Users\Herron\AppData\Roaming\turing_files.ini
2015-01-24 20:29 - 2015-01-24 20:29 - 0002126 _____ () C:\Users\Herron\AppData\Local\recently-used.xbel
2014-05-25 19:33 - 2015-06-20 18:22 - 0007595 _____ () C:\Users\Herron\AppData\Local\Resmon.ResmonCfg
2015-03-29 15:02 - 2015-03-29 15:08 - 0000248 _____ () C:\ProgramData\lxdxDiagnostics.log
2015-03-29 15:02 - 2015-03-29 15:02 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Some files in TEMP:
====================
C:\Users\Herron\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-08 00:13
 
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Herron (2016-02-14 14:15:36)
Running from C:\Users\Herron\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-04-26 22:00:59)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1573336260-1148118520-3100803624-500 - Administrator - Disabled)
Guest (S-1-5-21-1573336260-1148118520-3100803624-501 - Limited - Disabled)
Herron (S-1-5-21-1573336260-1148118520-3100803624-1000 - Administrator - Enabled) => C:\Users\Herron

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (32 Bit) (HKLM-x32\...\{7C25E7A0-A0A1-4B87-BB30-BF0FBDC37878}) (Version: 15.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Autodesk Download Manager (HKLM-x32\...\{EC92633C-8F08-470A-BCDF-3FE5FD778C8D}) (Version: 4.0.14.0 - Autodesk, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Bing Bar Platform (x32 Version: 5.0.1438.0 - Microsoft Corporation) Hidden
Blender (HKLM\...\Blender) (Version: 2.70a - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve)
Dropbox (HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FabFilter Volcano 2.23 (HKLM-x32\...\FabFilter Volcano 2.23) (Version: - )
Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version: - Lionhead Studios)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.2.27173 - Hewlett-Packard)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lexmark Fax Solutions (HKLM\...\Lexmark Fax Solutions) (Version: - )
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Malwarebytes Anti-Exploit version 1.8.1.1045 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1045 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.4.2.419 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.9.132 - Native Instruments)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.0.0.128 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.2 - Notepad++ Team)
OldSchool RuneScape Launcher 1.2.5 (HKLM-x32\...\{375893B6-C8DB-42B0-9547-6E4437542C33}) (Version: 1.2.5 - Jagex Ltd)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 - NewspaperDirect Inc.)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spicy Guitar 1.3.0.1 (32 bits) (HKLM-x32\...\KeolabSpicyGuitar32b_is1) (Version: 1.3.0.1 - Keolab)
Spotify (HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\Spotify) (Version: 1.0.21.143.g76c19bcd - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
SyncerSoft Lizard Morph VST (HKLM-x32\...\SyncerSoft Lizard Morph VST) (Version: - )
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd)
The Lord of the Rings Online™ (HKLM-x32\...\Steam App 212500) (Version: - Turbine, Inc.)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD Projekt RED)
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version: - Haemimont Games)
Unity (HKLM-x32\...\Unity) (Version: 4.5.0f6 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\UnityWebPlayer) (Version: 4.5.0f6 - Unity Technologies ApS)
Unreal Development Kit (HKLM-x32\...\Steam App 13260) (Version: - Epic Games)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D264BD11-6A9B-11E4-A4F7-F04DA23A5C58}) (Version: 13.0.428 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Herron\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Herron\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herron\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herron\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herron\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herron\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herron\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herron\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herron\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Herron\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Herron\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06DA0182-C3DF-4F93-8683-F5D1CAFC4242} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000Core => C:\Users\Herron\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-30] (Dropbox, Inc.)
Task: {1B06AFCA-94CD-40D6-8CC4-4F8123C9D18D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-11] (Hewlett-Packard)
Task: {2B474B3D-1214-48A3-A864-CE7A8A6CC8B4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-16] (AVAST Software)
Task: {324FE83B-F37C-45CE-BBD9-1B38C7DD0EA9} - System32\Tasks\HPCeeScheduleForHerron => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {332282A6-2B8C-4F9B-A111-A816323AE0C3} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {4312F6DA-3CDD-49C4-9FED-094C1AE0B935} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {4D8EF502-F519-4619-8FA1-3C8C2CB3EEA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4FC16786-3963-441E-8989-7D257966CFB8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000UA => C:\Users\Herron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {57D351FA-55C6-4279-897E-C24A318EA965} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000UA => C:\Users\Herron\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-30] (Dropbox, Inc.)
Task: {59435126-1219-47BF-B6CE-DC0DC462AC76} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000Core => C:\Users\Herron\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {59F697DD-E7ED-4633-B3A2-1F07184F30C9} - \Symantec\Norton Error Analyzer 18.0.0.128 -> No File <==== ATTENTION
Task: {5FE6B211-0F74-4570-BAE2-6CA126E1B7B5} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe
Task: {614F0487-8F0E-4453-8330-403DB13BCAC9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-09] (Adobe Systems Incorporated)
Task: {92C43A5B-F862-4766-B72C-2944190190A9} - System32\Tasks\{0AB2B65B-4D01-48F2-AEDE-266130C4F6D2} => pcalua.exe -a C:\Users\Herron\Downloads\710_b042_multilanguage.exe -d C:\Users\Herron\Downloads
Task: {932C38C2-D3C3-4D9E-B9DD-70E1D156B06D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-28] (AVAST Software)
Task: {9B7DB35F-A673-4106-BB5E-0DFC17B145E9} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {9D9BB539-EEA1-4B76-A2E7-1C5714EF2AC8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {AA64E082-24C0-4491-A585-E6BE56E558BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AEC1644A-8481-491D-8721-6B0DB6135BC7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {B02C7CDD-8BD5-4A90-9795-49CADB1DB07A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {B39F9987-8E6B-49FB-A95A-7D00EBE82819} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe
Task: {CE71CA7B-F1F7-4E16-B7C6-5DE4D409FBB1} - \Symantec\Norton Error Processor 18.0.0.128 -> No File <==== ATTENTION
Task: {D45C4262-652C-48CA-BE80-E3B63199666C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {D62DAF80-5673-488B-98B1-38D0C2025623} - System32\Tasks\AdobeAAMUpdater-1.0-Herron-HP-Herron => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {EAFE61E4-9FCF-4328-B43B-C210DF99A0BE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000Core.job => C:\Users\Herron\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000UA.job => C:\Users\Herron\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000Core.job => C:\Users\Herron\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1573336260-1148118520-3100803624-1000UA.job => C:\Users\Herron\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHerron.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-28 16:44 - 2016-01-27 12:39 - 16799048 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Herron\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CGVPNCliService => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Herron^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: ADSK DLMSession => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Herron\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: FaxCenterServer => "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
MSCONFIG\startupreg: Google Update => "C:\Users\Herron\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: Spotify => "C:\Users\Herron\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Herron\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C84D9866-8EB1-4C1D-B9BC-AF07262DBC51}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{C19BAD74-C4A4-4470-9534-5A1519718457}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{F236D035-9D69-4DE4-B2EA-93A973FC4A9E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{B9444F86-BD69-4E72-ABB5-416DC9FE506C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{20239234-C207-4EE9-B52D-91C81870AC70}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{B2B7088F-CAD1-41D3-9970-569E6E9215D8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{DFF00560-9D1C-421C-B93C-D016787EDE4C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{B4BA6ADE-A176-4199-A999-B4538B896DC9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{1222102F-9BAB-4392-ACE3-5A9B066D1CF0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4D124F0C-E9B1-4253-B3C7-B3F80761FF96}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{0BC04546-475B-4D69-8184-676C8C5469BF}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [TCP Query User{1E207BCD-BA14-4CDB-A63C-E9305D543169}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{AC9F1E9A-0AA4-4012-B35C-F485B296CA00}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [TCP Query User{F9FCF3A4-E3AD-4EAB-BFF5-C7861A38B35D}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [UDP Query User{299DF7D5-30DD-4925-88F4-324A19DA7710}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [{A1D6C24A-58F0-4438-9E4E-90373199F227}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{46FC99B7-DEFE-4017-A700-2A5EEA5262E7}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{0D9C163A-2191-47A3-8C6E-33082F89F318}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{7F625C0E-5224-4732-A2B7-109E138E5954}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{9C7EB06B-97E3-40DE-A269-A31AB2A9013B}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{0E37FA10-472E-4F96-A276-8C8BB62862F3}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{29D68CB5-EEEB-4E9D-9534-738B6C52932D}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{87885517-9675-4308-831A-FBDFF4784A4D}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{7BAA0C89-0616-4CAC-8C8E-15F5FF526944}] => (Allow) C:\Windows\SysWOW64\lxdxcoms.exe
FirewallRules: [{5A89A8FA-D919-4CBC-A408-EDA5FB3430F9}] => (Allow) C:\Windows\SysWOW64\lxdxcoms.exe
FirewallRules: [{B1A29F5B-4BB0-40CE-9FC8-7E8B81A4CC1A}] => (Allow) C:\Windows\System32\lxdxcoms.exe
FirewallRules: [{51B193F2-F483-4464-A73A-D9BA601C0690}] => (Allow) C:\Windows\System32\lxdxcoms.exe
FirewallRules: [{F392757E-B692-441B-B158-1A98898853A0}] => (Allow) C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe
FirewallRules: [{8ADE0B51-F91F-4EBD-8604-B1528F5F417E}] => (Allow) C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe
FirewallRules: [{0CB2CE11-5DE6-4AC0-9A90-128383ECB589}] => (Allow) C:\Program Files (x86)\Lexmark 3600-4600 Series\frun.exe
FirewallRules: [{50A0DAA3-AC41-4616-99E6-DE305A9486D3}] => (Allow) C:\Program Files (x86)\Lexmark 3600-4600 Series\frun.exe
FirewallRules: [{96C80FA7-F4BC-457C-B94A-E8AFA79FF21A}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{ED641A63-E538-4EDA-9EEE-8168F9352E57}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{D3097558-0C8C-4CC0-A03D-6F16EFDEE2D5}] => (Allow) C:\Program Files (x86)\Lexmark Fax Solutions\FaxCtr.exe
FirewallRules: [{69470654-FA20-4366-84C6-88102AF3BDD9}] => (Allow) C:\Program Files (x86)\Lexmark Fax Solutions\FaxCtr.exe
FirewallRules: [{48DAFD81-3F79-4998-931E-E99940900432}] => (Allow) C:\Users\Herron\AppData\Local\Temp\lxdx\wireless\lxdxwpss.exe
FirewallRules: [{26027E6E-70C7-465D-90A2-974F2227E811}] => (Allow) C:\Users\Herron\AppData\Local\Temp\lxdx\wireless\lxdxwpss.exe
FirewallRules: [{7420486B-D2F2-4EE2-A476-BE89FF300B55}] => (Allow) C:\Windows\System32\lxdxcfg.exe
FirewallRules: [{5A217487-9BE5-4E89-98C6-B11AB39293B6}] => (Allow) C:\Windows\System32\lxdxcfg.exe
FirewallRules: [{7F1187E1-D7D8-4916-B5B1-F2D160274F12}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdxpswx.exe
FirewallRules: [{A789B5BE-561D-425F-A228-300D0E031423}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdxpswx.exe
FirewallRules: [{0DBBB6B1-95AA-4F19-9F77-72A65B485671}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdxtime.exe
FirewallRules: [{B2CEDF3C-246F-46CA-BB9E-1056821EDAC1}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdxtime.exe
FirewallRules: [{53731F98-9C64-44BC-AD6B-71C12833C081}] => (Allow) C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
FirewallRules: [{1B554887-DE6C-4F30-AF6C-8C36520FD3E8}] => (Allow) C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
FirewallRules: [{9A086904-A0EC-4F05-9010-AB0282F0F63E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F6A9B773-BC8C-4FBD-A122-2B7805776051}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7FBF8424-C753-4105-A5A3-35DF4CDB3097}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{99A5340F-6C8D-4DD2-9A27-52EC36F4AE80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7BAFD93F-C82C-47DF-88B5-562BC18A1E14}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5FE06C1C-9553-427D-B3B2-7512FD16BEBF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4E3ED075-9F7B-4231-8040-11622F519E6A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{06C286D8-28F8-4392-91BC-E92DD6911F97}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{BFF2050A-1623-4ABF-A262-77BF9D572A15}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{853C1F9A-66EE-439D-A666-5A23B27C2861}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [TCP Query User{799806B4-E959-4A95-8BB5-F22B3F9F9FD0}C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe
FirewallRules: [UDP Query User{67B810DB-33B5-4015-9141-67526A82FA28}C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win64\cmw.exe
FirewallRules: [{36A42458-F3CD-43D9-96BD-2A3A9C4F0F9E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5D635791-FC10-4280-BD07-67FE0FE51157}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{839915E4-A560-4F46-B85F-FA3056575308}C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\cmw.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\cmw.exe
FirewallRules: [UDP Query User{C02818F8-F46D-4B51-B3F2-D7C241106572}C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\cmw.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\cmw.exe
FirewallRules: [{DB339F05-E5ED-437C-B2C2-0C7728AF2980}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\GameDevTycoon.exe
FirewallRules: [{B6C1EBEA-3D34-4887-9AFD-CD4080625710}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\GameDevTycoon.exe
FirewallRules: [{F91AF9F2-14A3-4C60-8C64-3AA3EB938EC4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C5AB79E5-FB7F-4CD9-BCC4-750D97CA8791}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{5574BE96-64DF-4593-BE94-AFF1C3259C66}C:\users\herron\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\herron\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{4D7F4701-FBBC-483E-8D14-B894F38602FB}C:\users\herron\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\herron\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{910AA9DA-BD09-45D9-8599-B95B8C0554FA}] => (Allow) LPort=4481
FirewallRules: [{59E42775-4630-4E7B-ACD7-918CD1B545E1}] => (Allow) LPort=4481
FirewallRules: [{B9309DAD-2795-49A9-B9F2-498BE4D4E5E0}] => (Allow) LPort=4482
FirewallRules: [{C24D62F0-5FB8-41F6-9647-FE322BDC1045}] => (Allow) LPort=4482
FirewallRules: [{55C0124A-D0CD-4BFD-BAE6-01A311D7BB21}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{AF16F51B-C8F3-444B-8E0A-14CF4CB05880}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{0A63E214-F1C6-4475-B351-AF69DD49DBC2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{9F5E8646-4B31-45EC-B332-4483EE2250D2}C:\users\herron\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\herron\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A9C4C96A-84C5-4C4C-87E9-17A5D23AA24B}C:\users\herron\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\herron\appdata\local\akamai\netsession_win.exe
FirewallRules: [{5DA1D258-9B78-495D-8290-1076F274DC65}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{53C1919D-7F58-4F6A-B3A1-A730F8BF4B32}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{7A3E7EFD-BEAC-404D-8A15-116D244DB0BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{F76A7B92-6824-4E10-A894-0342DEA537F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{9F07ADC6-3AF8-480F-95F6-FDD4D9B818A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{ECCF61AC-4F64-4037-BD43-66FB3FF5A446}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{D743A5E6-A548-444D-A7DA-5AAE9CFA0E46}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{269A42FA-4B86-4EF8-AEAA-722F8752C798}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{D871EDF1-DEB8-498F-B078-D1A23EE4A210}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{F0842EC9-1D01-4799-A3EC-0F275DBDA660}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{6705EA5A-D7EE-4F1A-81F0-D27233A0DF98}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{615F0811-F6B1-49BD-ADCC-2128763CCF75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{911BC40A-BC62-4157-AAE1-E2F1A443189B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{9FBE943B-20A2-4884-8CD2-AA1557439F97}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{679B0AD9-529B-4EFB-8B80-D4EAC8BDF227}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable The Lost Chapters\Fable.exe
FirewallRules: [{C3EC240E-DF2F-4EBF-8418-BF3EE7C5EF7B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable The Lost Chapters\Fable.exe
FirewallRules: [{13757F76-F37C-4E6F-9338-C7092ECE8E9B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{B00C579D-C90B-41D6-9BAD-E696F4BAB6D5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{C9617261-1D5C-40B1-908A-50BE78DEC2B1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tropico 4\Tropico4.exe
FirewallRules: [{23FEB867-FF58-45E6-AA79-9DE392F89E72}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tropico 4\Tropico4.exe
FirewallRules: [{956BE0E5-F88F-4D14-A6B4-5386C8EF3AA6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lord of the Rings Online\TurbineInvoker.exe
FirewallRules: [{D88DE403-2BE3-4F1B-9665-C51DC8DD4ED5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lord of the Rings Online\TurbineInvoker.exe
FirewallRules: [TCP Query User{A9A7E0A8-77B4-4C07-AE59-0B4949B42DFA}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [UDP Query User{A38F78E8-D6BA-4C9E-9666-6FB9D32C3B4D}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [{1F39C481-07E3-4645-90FA-216E1700C968}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Empire Total War\Empire.exe
FirewallRules: [{B599F2B7-BD49-4F2F-A91F-EF1300609605}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Empire Total War\Empire.exe
FirewallRules: [TCP Query User{23565C1A-0718-48A3-8D4B-C3B05CF5AF2E}C:\users\herron\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\herron\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{84E3A2F0-EBB6-4C63-A782-0BE774EB0FD1}C:\users\herron\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\herron\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6B44805F-BB49-4478-862F-A1E6F1F51AA0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{349F09FB-87D8-4098-9B90-7B33A5AD51FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{389E8C96-DBC0-49CD-8BD4-2DF4DE16575D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2016 02:14:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (02/14/2016 02:14:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (02/12/2016 04:29:52 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (02/12/2016 04:29:19 PM) (Source: MsiInstaller) (EventID: 11310) (User: Herron-HP)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Herron\AppData\Local\Akamai\admintool.exe. System error 0. Verify that you have access to that directory.

Error: (02/12/2016 04:29:18 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (02/12/2016 04:28:04 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/12/2016 04:28:04 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/12/2016 04:28:03 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/12/2016 04:28:03 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/12/2016 04:28:03 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)


System errors:
=============
Error: (02/14/2016 11:12:36 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (02/14/2016 11:03:43 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (02/14/2016 03:58:28 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (02/13/2016 04:32:19 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/13/2016 03:44:55 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (02/12/2016 10:38:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (02/12/2016 04:32:34 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (02/12/2016 04:32:33 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (02/12/2016 04:32:27 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/12/2016 04:32:18 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 220 Processor
Percentage of memory in use: 25%
Total physical RAM: 5887.29 MB
Available physical RAM: 4395.14 MB
Total Virtual: 11772.78 MB
Available Virtual: 10380.07 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:685.81 GB) (Free:444 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:12.73 GB) (Free:1.56 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 12852ABA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=685.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 19 February 2016 - 11:58 AM.

I appreciate all the help that anyone ever provides me with. Thank you to everyone that has assisted me in the past. :)


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,797 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:19 PM

Posted 19 February 2016 - 12:05 PM

Greetings Hermesx and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
HKLM\...\RunOnce: [Lexmark 3600-4600 Series] => [X]
HKLM\...\RunOnce: [lxdxUninstallRan] => [X]
HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Herron\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].txt [871 2016-02-12] ()
HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\MountPoints2: {186f5434-2b8d-11e5-abfa-d48564c1450e} - J:\Autorun.exe
HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\MountPoints2: J - J:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\MountPoints2: K - K:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1573336260-1148118520-3100803624-1000\...\MountPoints2: {22b26d47-1765-11e5-ad14-d48564c1450e} - K:\HTC_Sync_Manager_PC.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\coIEPlg.dll => No File
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\IPSBHO.DLL => No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll => No File
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll => No File
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\coIEPlg.dll No File
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension => not found
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFF => not found
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn => not found
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Herron\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\pdf.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.250.18) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java Platform SE 8 U25) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Users\Herron\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
S2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [X]
S2 SeaPort; "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [X]
S3 kxqglcrk; \??\C:\Windows\system32\drivers\ngiodriver_x64 [X]
S1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [X]
S1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [X]
S3 EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [X]
S1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20140508.001\IDSvia64.sys [X]
S3 kxqglcrk; \??\C:\Windows\system32\drivers\ngiodriver_x64 [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20140509.004\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20140509.004\EX64.SYS [X]
S3 SRTSP; \SystemRoot\system32\drivers\NISx64\1200000.080\SRTSP64.SYS [X]
S1 SRTSPX; \SystemRoot\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS [X]
S0 SymDS; system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [X]
S0 SymEFA; system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [X]
S3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [X]
S1 SymIRON; \SystemRoot\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [X]
S3 SymNetS; \SystemRoot\system32\drivers\NISx64\1200000.080\SYMNETS.SYS [X]
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1573336260-1148118520-3100803624-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Herron\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {59F697DD-E7ED-4633-B3A2-1F07184F30C9} - \Symantec\Norton Error Analyzer 18.0.0.128 -> No File <==== ATTENTION
Task: {CE71CA7B-F1F7-4E16-B7C6-5DE4D409FBB1} - \Symantec\Norton Error Processor 18.0.0.128 -> No File <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Rebuilding Windows Indexing

--------------------

Note: This process may take a long time to complete.
  • Click Start, then Control Panel (icons view)
  • Click Indexing Options
  • Click Advanced
  • Click Rebuild, then OK
  • When completed you will see Indexing complete
===================================================

Zoek by Smeenk - Running Commands and Performing a Scan

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected
  • Click More Options and place a check mark in the following boxes:

Do a Deep Scan
Auto Clean

  • Click Run Script and wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Did Indexing run successfully?
  • Zoek report
  • System Summary Information
  • Update on system performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Hermesx

Hermesx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 19 February 2016 - 01:39 PM

I wiped my computer instead. Thanks for your help, but I decided it would be best to wipe it as I had nothing of value to lose. My computer is running perfectly fine now and faster than it has in years. Feel free to close this topic.

Thanks,

Hermesx.


Edited by Hermesx, 19 February 2016 - 01:39 PM.

I appreciate all the help that anyone ever provides me with. Thank you to everyone that has assisted me in the past. :)


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,797 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:19 PM

Posted 19 February 2016 - 01:40 PM

Thanks for letting us know. Nothing like a fresh computer! :)

 

Gary


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,797 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:19 PM

Posted 19 February 2016 - 01:41 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users