Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple iexplorer.exe *32, chrome.exe and SZBrowser.exe *32 processes running


  • This topic is locked This topic is locked
17 replies to this topic

#1 Psychologique21

Psychologique21

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 22 December 2016 - 08:40 PM

Hello,

I have been having multiple browser processes running with each one of my browsers and taking up excessive memory. I had some adware redirects going on but after running Malwarebytes, Emsisoft , and hitman pro that has cleared up but still having the excessive processes running: iexplorer.exe *32, chrome.exe and SZBrowser.exe *32. It also appears that C:\ProgramData\ may be hidden.

Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by Travis (administrator) on SHADOWBOX (22-12-2016 15:41:45)
Running from C:\Users\Travis\Downloads
Loaded Profiles: Travis (Available Profiles: Travis)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_24_0_0_186_ActiveX.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-18] (AVAST Software)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-05-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE [24576 2014-02-28] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\...\Run: [CreativeTaskScheduler] => C:\Program Files (x86)\Creative\Shared Files\CTSched.exe [53341 2006-11-17] (Creative Technology Ltd)
HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\...\MountPoints2: {ba6ca7cd-b79c-11e2-9b96-90e6ba659846} - M:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-13] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Evoluent Mouse Manager.lnk [2014-07-22]
ShortcutTarget: Evoluent Mouse Manager.lnk -> C:\Windows\Installer\{0F8F4447-1F0B-4703-9BD5-53F0274CE856}\_B5CB566BBFE908A7621D0F.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LoopBe1 Monitor.lnk [2013-02-04]
ShortcutTarget: LoopBe1 Monitor.lnk -> C:\Program Files (x86)\nerds.de\LoopBe1\loopBeMon.exe (nerds.de)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2009-11-10]
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
BootExecute: PDBoot.exeautocheck autochk *
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{04E9AE8E-9BAE-4509-B725-DE965B286313}: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{3FE4BBB9-9869-4A64-985D-E19744B871FD}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{41549DBE-D2D0-48E6-9CD5-D04B93F586D4}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{D823E7D3-1581-455C-B97E-F7D70F39CEF6}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E0DADF07-7116-4D32-B60E-2CF02FDE70FE}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E421C30B-9DC3-4E73-850B-BDB85E5AD1A6}: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{F3CEF1C2-F21C-4DA3-8DD9-9D1C90B1E347}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {DC578ABE-6CDC-421A-8EDF-82E738BFC057} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM -> {DC578ABE-6CDC-421A-8EDF-82E738BFC057} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {DC578ABE-6CDC-421A-8EDF-82E738BFC057} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {DC578ABE-6CDC-421A-8EDF-82E738BFC057} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-08-22] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-11-07] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-08-22] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-03-06] (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-10] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-07] (AVAST Software)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-10] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-1159617972-1503282002-2484639351-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-1159617972-1503282002-2484639351-1000 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: 7lc53yhc.default-1476598833778
FF ProfilePath: C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\7lc53yhc.default-1476598833778 [2016-12-22]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-08-16] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-21] [not signed]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-15]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-08-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-05-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-18] ()
FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\system32\npDeployJava1.dll [2012-08-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.6.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-08-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-05-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-05-06] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-03-06] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1159617972-1503282002-2484639351-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll [2012-08-28] (Amazon.com, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Travis\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Google Update) - C:\Users\Travis\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll => No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Profile: C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default [2016-12-22]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2016-10-13]
CHR Extension: (YouTube) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-13]
CHR Extension: (Google Search) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-27]
CHR Extension: (Pixlr-o-matic) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2014-02-25]
CHR Extension: (Avast SafePrice) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-10-13]
CHR Extension: (Avast Online Security) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-13]
CHR Extension: (Abstracto) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdnacglpcbdodfpahmaemmomjaaejbl [2012-08-01]
CHR Extension: (Until AM for Chrome) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjafmkicbmhcbapadecadciafbkecofl [2014-09-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-13]
CHR Extension: (Gmail) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-13]
CHR Extension: (Chrome Media Router) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-13]
CHR HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Travis\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
StartMenuInternet: Google Chrome.5L2I2JEXDY6CJ7MMIQKOUZNMMI - C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9388576 2016-10-27] (Emsisoft Ltd)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-13] (AVAST Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-12-05] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2009-11-10] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2012-08-15] (Creative Labs) [File not signed]
R3 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-12-11] (SurfRight B.V.)
R3 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
S3 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () [File not signed]
R3 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R3 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S3 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [183264 2013-01-27] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1239552 2014-07-22] (Soluto) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-02-12] (Ralink Technology Corp.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2012-03-07] (Google Inc)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-10-13] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-10-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-10-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-10-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-10-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-10-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-10-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-10-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124304 2016-10-05] (Emsisoft Ltd)
S3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [25144 2010-06-23] (Evoluent)
R3 EvoMouseDriverMini; C:\Windows\System32\drivers\EvoMouseDriverMini.sys [22584 2010-06-23] ()
R3 LoopBeMidi1; C:\Windows\System32\drivers\loopbe1.sys [13824 2011-04-09] (nerds.de)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-08-01] (Duplex Secure Ltd.)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-22 15:41 - 2016-12-22 15:42 - 00030270 _____ C:\Users\Travis\Downloads\FRST.txt
2016-12-22 15:41 - 2016-12-22 15:41 - 00000000 ____D C:\FRST
2016-12-22 15:40 - 2016-12-22 15:40 - 02420736 _____ (Farbar) C:\Users\Travis\Downloads\FRST64.exe
2016-12-22 15:17 - 2016-12-22 15:20 - 00226342 _____ C:\TDSSKiller.3.1.0.12_22.12.2016_15.17.38_log.txt
2016-12-22 15:01 - 2016-12-22 15:13 - 00000000 ____D C:\Windows\pss
2016-12-22 14:31 - 2016-12-22 14:47 - 00450296 _____ C:\TDSSKiller.3.1.0.12_22.12.2016_14.31.13_log.txt
2016-12-22 14:30 - 2016-12-22 14:30 - 00000492 _____ C:\TDSSKiller.3.1.0.12_22.12.2016_14.30.42_log.txt
2016-12-22 13:53 - 2016-12-22 15:16 - 00003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1159617972-1503282002-2484639351-1000
2016-12-22 13:46 - 2016-12-22 13:46 - 05453544 _____ ( ) C:\Users\Travis\Downloads\Zemana.AntiMalware.Setup.exe
2016-12-22 13:45 - 2016-12-22 13:45 - 11581544 _____ (SurfRight B.V.) C:\Users\Travis\Downloads\hitmanpro_x64 (1).exe
2016-12-22 13:43 - 2016-12-22 13:43 - 54199488 _____ (Malwarebytes ) C:\Users\Travis\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2016-12-22 13:40 - 2016-12-22 13:41 - 03977168 _____ C:\Users\Travis\Downloads\AdwCleaner.exe
2016-12-22 13:39 - 2016-12-22 13:39 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Travis\Downloads\rkill.com
2016-12-22 13:35 - 2016-12-22 13:37 - 00228428 _____ C:\TDSSKiller.3.1.0.12_22.12.2016_13.35.13_log.txt
2016-12-22 13:35 - 2016-12-22 13:35 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Travis\Downloads\tdsskiller.exe
2016-12-22 13:31 - 2016-12-22 13:31 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-12-11 23:05 - 2016-12-18 17:13 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-12-11 23:05 - 2016-12-12 00:28 - 00017837 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-12-11 23:05 - 2016-12-11 23:41 - 00075971 _____ C:\Windows\ZAM.krnl.trace
2016-12-11 23:05 - 2016-12-11 23:05 - 00000000 ____D C:\Users\Travis\AppData\Local\Zemana
2016-12-11 20:45 - 2016-12-22 13:42 - 00003500 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Travis
2016-12-11 20:45 - 2016-12-22 13:42 - 00003494 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Travis
2016-12-11 20:45 - 2016-12-11 20:45 - 00003618 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Travis
2016-12-11 20:45 - 2016-12-11 20:45 - 00003208 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Travis
2016-12-11 17:59 - 2016-12-11 17:59 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-11 17:58 - 2016-12-22 15:03 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-12-11 17:58 - 2016-12-22 13:51 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-12-11 17:50 - 2016-12-22 13:26 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-11 17:50 - 2016-12-18 19:28 - 00003890 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-11 17:49 - 2016-12-11 17:49 - 01198288 _____ (Adobe Systems Incorporated) C:\Users\Travis\Downloads\flashplayer23pp_ka_install.exe
2016-12-11 17:42 - 2016-12-22 15:16 - 00003344 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1159617972-1503282002-2484639351-1000

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-22 15:28 - 2012-08-05 07:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-22 15:13 - 2009-07-13 20:45 - 00018928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-22 15:13 - 2009-07-13 20:45 - 00018928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-22 15:06 - 2016-10-15 23:27 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-12-22 15:04 - 2016-10-13 17:01 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-22 15:04 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-22 15:02 - 2009-11-10 13:37 - 00062308 _____ C:\Windows\system32\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00451102}.rfx
2016-12-22 15:02 - 2009-11-10 13:37 - 00062308 _____ C:\Windows\system32\BMXState-{00000004-00000000-00000000-00001102-0000000B-00451102}.rfx
2016-12-22 15:02 - 2009-11-10 13:37 - 00000820 _____ C:\Windows\system32\DVCState-{00000004-00000000-00000000-00001102-0000000B-00451102}.rfx
2016-12-22 14:12 - 2012-08-21 15:31 - 00000000 ____D C:\ProgramData\McAfee
2016-12-22 14:08 - 2012-12-19 06:50 - 00000000 ____D C:\Users\Travis\AppData\Roaming\Dropbox
2016-12-22 14:08 - 2009-11-10 13:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2016-12-22 13:48 - 2016-10-15 21:28 - 00000000 ____D C:\AdwCleaner
2016-12-22 13:42 - 2014-06-21 01:00 - 00000000 ____D C:\Users\Travis\AppData\Local\Adobe
2016-12-22 13:39 - 2013-10-25 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-12-18 19:28 - 2012-08-05 07:20 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-18 19:28 - 2012-08-05 07:20 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-18 19:28 - 2012-08-05 07:20 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-18 19:28 - 2012-08-05 07:20 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-18 19:28 - 2009-11-10 13:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-18 17:54 - 2016-11-07 10:11 - 00003194 _____ C:\Windows\System32\Tasks\HPCeeScheduleForTravis
2016-12-18 17:54 - 2016-11-07 10:11 - 00000338 _____ C:\Windows\Tasks\HPCeeScheduleForTravis.job
2016-12-18 17:32 - 2013-10-25 12:03 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-18 17:32 - 2013-10-25 12:03 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-18 17:28 - 2012-08-02 13:59 - 00000000 ____D C:\Users\Travis\AppData\Roaming\HpUpdate
2016-12-11 23:46 - 2013-01-18 10:48 - 02186240 ___SH C:\Users\Travis\Desktop\Thumbs.db
2016-12-11 23:37 - 2013-07-29 08:43 - 00000000 ____D C:\Users\Travis\Downloads\Drunk cam fix
2016-12-11 23:37 - 2013-02-23 04:39 - 00000000 ____D C:\Users\Travis\Downloads\Wise.Registry.Cleaner.Pro.(trees)
2016-12-11 23:12 - 2012-08-01 07:37 - 00000000 ____D C:\Users\Travis
2016-12-11 22:40 - 2012-08-06 21:45 - 00007605 _____ C:\Users\Travis\AppData\Local\Resmon.ResmonCfg
2016-12-11 22:19 - 2012-08-01 08:47 - 00000000 ____D C:\Users\Travis\AppData\Roaming\uTorrent
2016-12-11 18:10 - 2016-10-13 17:26 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-11 18:10 - 2016-10-13 17:26 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-11 17:45 - 2016-10-15 20:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-11 17:45 - 2012-08-05 06:48 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2012-08-05 06:58 - 2012-08-05 06:58 - 0099384 _____ () C:\Users\Travis\AppData\Roaming\inst.exe
2012-08-05 06:58 - 2012-08-05 06:58 - 0007859 _____ () C:\Users\Travis\AppData\Roaming\pcouffin.cat
2012-08-05 06:58 - 2012-08-05 06:58 - 0001167 _____ () C:\Users\Travis\AppData\Roaming\pcouffin.inf
2012-08-05 06:58 - 2012-08-05 06:58 - 0000034 _____ () C:\Users\Travis\AppData\Roaming\pcouffin.log
2012-08-05 06:58 - 2012-08-05 06:58 - 0082816 _____ (VSO Software) C:\Users\Travis\AppData\Roaming\pcouffin.sys
2014-09-27 19:05 - 2014-09-28 23:05 - 0000065 _____ () C:\Users\Travis\AppData\Roaming\WB.CFG
2012-09-06 16:02 - 2012-10-22 21:13 - 0004608 _____ () C:\Users\Travis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-06 21:45 - 2016-12-11 22:40 - 0007605 _____ () C:\Users\Travis\AppData\Local\Resmon.ResmonCfg
2013-08-02 08:15 - 2013-08-02 08:15 - 1214959 _____ () C:\Users\Travis\AppData\Local\tmp20130802_090819.0
2013-08-02 08:15 - 2013-08-02 08:15 - 0355708 _____ () C:\Users\Travis\AppData\Local\tmp20130802_090819.JPG
2014-06-28 22:06 - 2014-06-28 22:06 - 0218203 _____ () C:\Users\Travis\AppData\Local\tmpFLUMES 6-21-14.JPG
2014-02-13 17:48 - 2014-02-13 17:48 - 1968983 _____ () C:\Users\Travis\AppData\Local\tmpIMG_0477.0
2014-02-13 17:48 - 2014-02-13 17:48 - 0732542 _____ () C:\Users\Travis\AppData\Local\tmpIMG_0477.1
2014-02-13 17:48 - 2014-02-13 17:48 - 0732597 _____ () C:\Users\Travis\AppData\Local\tmpIMG_0477.JPG
2013-04-26 16:09 - 2013-04-26 16:09 - 2250054 _____ () C:\ProgramData\1.bmp
2013-04-26 16:08 - 2013-04-26 16:09 - 0787681 _____ () C:\ProgramData\1.jpg
2012-08-19 11:31 - 2013-02-08 11:34 - 0001797 _____ () C:\ProgramData\hpzinstall.log
2012-08-09 07:14 - 2012-08-19 15:10 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\Travis\AppData\Local\Temp\0275201482444736McInst.exe
C:\Users\Travis\AppData\Local\Temp\CloudBackup1114.exe
C:\Users\Travis\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjoil4k.dll
C:\Users\Travis\AppData\Local\Temp\fxvqfuzi.dll
C:\Users\Travis\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Travis\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Travis\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Travis\AppData\Local\Temp\libeay32.dll
C:\Users\Travis\AppData\Local\Temp\msvcr120.dll
C:\Users\Travis\AppData\Local\Temp\SHSetup.exe
C:\Users\Travis\AppData\Local\Temp\sqlite3.dll
C:\Users\Travis\AppData\Local\Temp\utt9AD2.tmp.exe
C:\Users\Travis\AppData\Local\Temp\vlc-2.1.5-win32.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-25 23:58

==================== End of FRST.txt ============================

Attached Files


Edited by Psychologique21, 23 December 2016 - 12:36 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 23 December 2016 - 10:06 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-1159617972-1503282002-2484639351-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-1159617972-1503282002-2484639351-1000 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-08-16] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-21] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Travis\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Google Update) - C:\Users\Travis\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll => No File
CHR Extension: (Avast SafePrice) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-10-13]
CHR Extension: (Avast Online Security) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-13]
CHR Extension: (Chrome Media Router) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-13]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
StartMenuInternet: Google Chrome.5L2I2JEXDY6CJ7MMIQKOUZNMMI - C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
----

Please post the fixlog.txt and include the Addition.txt file also created by the Farbat tool.

Let me know what problem persists with this computer.

#3 Psychologique21

Psychologique21
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 23 December 2016 - 04:17 PM

Hey Nasdaq,

Thank you for your help. I am still seeing multiple chrome.exe , iexplorer.exe *32 and SZBrowser.exe *32 processes running. Attached is the addition.txt from the original Farbar tool scan.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Travis (23-12-2016 12:52:16) Run:1
Running from C:\Users\Travis\Desktop\Farbar tool
Loaded Profiles: Travis (Available Profiles: Travis)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-1159617972-1503282002-2484639351-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-1159617972-1503282002-2484639351-1000 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-08-16] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-21] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Travis\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Google Update) - C:\Users\Travis\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll => No File
CHR Extension: (Avast SafePrice) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-10-13]
CHR Extension: (Avast Online Security) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-13]
CHR Extension: (Chrome Media Router) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-13]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
StartMenuInternet: Google Chrome.5L2I2JEXDY6CJ7MMIQKOUZNMMI - C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => key removed successfully
HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value not found.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found.
HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => value removed successfully
HKCR\CLSID\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => key not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} => moved successfully
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} => moved successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.67.2" => key removed successfully
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2" => key removed successfully
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Travis\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => not found.
C:\Users\Travis\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\Users\Travis\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll => not found.
C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll => not found.
C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => moved successfully
C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome.5L2I2JEXDY6CJ7MMIQKOUZNMMI\shell\open\command\\Default => value restored successfully
ZAMSvc => service removed successfully
cpuz135 => service removed successfully
cpuz136 => Service stopped successfully.
cpuz136 => service removed successfully
ZAM => service removed successfully
ZAM_Guard => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16399170 B
Java, Flash, Steam htmlcache => 10115 B
Windows/system/drivers => 318088508 B
Edge => 0 B
Chrome => 29857286 B
Firefox => 3221159 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 166968 B
systemprofile32 => 118694 B
LocalService => 66228 B
NetworkService => 549636 B
Travis => 625908443 B

RecycleBin => 2712309191 B
EmptyTemp: => 3.5 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 12:54:25 ====

 

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Travis (22-12-2016 15:42:30)
Running from C:\Users\Travis\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-01 15:37:46)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1159617972-1503282002-2484639351-500 - Administrator - Disabled)
Guest (S-1-5-21-1159617972-1503282002-2484639351-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1159617972-1503282002-2484639351-1002 - Limited - Enabled)
Travis (S-1-5-21-1159617972-1503282002-2484639351-1000 - Administrator - Enabled) => C:\Users\Travis

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Disabled - Out of date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Emsisoft Anti-Malware (Disabled - Out of date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.0 - )
µTorrent (HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\...\uTorrent) (Version: 3.4.9.42973 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{BCE26847-79A9-56FF-908E-C02FAA7705B3}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
Avast Pro Antivirus (HKLM-x32\...\avast) (Version: 12.3.2280 - AVAST Software)
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Bigasoft Audio Converter 3.6.25.4532 (HKLM-x32\...\{E6333CE4-9DC0-455C-9D43-E011CE33F5FA}_is1) (Version:  - Bigasoft Corporation)
Bome's Mouse Keyboard 2.00 (HKLM-x32\...\Bome's Mouse Keyboard_is1) (Version:  - Bome Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2010.0930.2237.38732 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Creative 3DMIDI Player (HKLM-x32\...\3DMIDI) (Version: 1.11 - Creative Technology Limited)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Diagnostics (HKLM-x32\...\Diagnostics 4_5) (Version: 5.11 - Creative Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D110 (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
DVDFab 7.0.7.0 (08/06/2010) (HKLM-x32\...\DVDFab 7_is1) (Version:  - Fengtao Software Inc.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.8 - Emsisoft Ltd.)
Epubor Adobe DRM Removal (HKLM-x32\...\Epubor Adobe DRM Removal) (Version: 2.0.7.5 - Epubor Inc.)
Evoluent Mouse Manager (HKLM\...\{0F8F4447-1F0B-4703-9BD5-53F0274CE856}) (Version: 4.0.0 - Evoluent)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version:  - AOL Products)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Easy Backup (HKLM-x32\...\{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1) (Version: 1.0.8.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.0.4215 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.98.0 - ATI Technologies Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 6 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417006FF}) (Version: 7.0.60 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java™ 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.7.2.0 - LG Electronics)
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
LoopBe1 - Internal MIDI Port (HKLM-x32\...\LoopBe1) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Morphyre (HKLM-x32\...\Morphyre) (Version:  - )
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 14.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NHL® 09 (HKLM-x32\...\{F2B5A2A7-2DF9-4361-8BD5-362714528B51}) (Version: 2.0.1.0 - Electronic Arts)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PerfectDisk 12.5 Professional (HKLM\...\{FD310764-B3E5-430F-980E-D6C0016B2660}) (Version: 12.05.312 - Raxco Software Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1931 - CyberLink Corp.) Hidden
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Reason 4.0 (HKLM-x32\...\Reason4_is1) (Version: 4.0 - Propellerhead Software AB)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Soluto (HKLM\...\{32F9DBC7-95D1-469F-B7A3-678948D6DA32}) (Version: 1.3.1140.0 - Soluto)
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - Creative Technology Limited)
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Virtual MIDI Piano Keyboard (HKLM-x32\...\Virtual MIDI Piano Keyboard) (Version: 0.5.0 - VMPK)
VirtualDJ PRO Full (HKLM-x32\...\{74F28F11-404B-4CEA-92FF-37BF476F239E}) (Version: 7.0.3 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wise Registry Cleaner 4 Professional V4.73 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version:  - WiseCleaner.com, Inc.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1159617972-1503282002-2484639351-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Travis\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1159617972-1503282002-2484639351-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1159617972-1503282002-2484639351-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1159617972-1503282002-2484639351-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02BA4B52-D2D8-48F9-A1A6-0DCA5B3E48AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2016-12-06] (Microsoft)
Task: {0B3BA3BB-B567-45A6-9E93-D0F4EB09B36E} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {0DCD4C36-8754-41CF-8774-E46F0A76E7F7} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe [2016-12-18] (Adobe Systems Incorporated)
Task: {14E714EE-95FF-4F21-89B7-27EC891F4AE2} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {15D7014A-6FEC-40D8-9919-4E29EC9DBD85} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1159617972-1503282002-2484639351-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {1A599843-5189-4EFC-B022-34FC7A52C778} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-05] (CyberLink)
Task: {256267B6-9AC2-4CF6-B666-09DD2710A145} - System32\Tasks\RNUpgradeHelperLogonPrompt_Travis => C:\Users\Travis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.05\agent\rnupgagent.exe [2016-12-11] (RealNetworks, Inc.)
Task: {30BA4E31-35D2-4767-93F8-A52FC7350E15} - System32\Tasks\AdobeAAMUpdater-1.0-ShadowBox-Travis => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {35BE1ABC-5BBA-4955-AD0D-4A2B5BFB3ECA} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1159617972-1503282002-2484639351-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {3F6042B4-AFB5-4F49-A06A-9BB26007F22E} - System32\Tasks\{2E2AB8B2-FB41-4646-9F34-36EBC5B6068A} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Digital Editions\uninstall.exe"
Task: {4D603E48-555B-43B5-AC49-F6BF34934F2F} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {504E93DA-4FE7-4A5A-8666-006FDBDDD633} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-13] (AVAST Software)
Task: {53ED88BB-98C3-46AD-845E-5DB58856D269} - System32\Tasks\ReclaimerUpdateFiles_Travis => C:\Users\Travis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.05\agent\rnupgagent.exe [2016-12-11] (RealNetworks, Inc.)
Task: {59AFEAB7-95C8-465D-8B5B-76FB69DDF322} - System32\Tasks\DVDAgent => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {6341A684-E5C5-47EA-8391-BCB9B0E58673} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-13] (Google Inc.)
Task: {645455C4-40C9-44E2-86FD-9602391F8CED} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {6524BF1C-F8E9-4CD7-B1D0-083A915A8E15} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-18] (Adobe Systems Incorporated)
Task: {806E6338-739C-46D6-AE0F-D75954091B3C} - System32\Tasks\SafeZone scheduled Autoupdate 1476411579 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {89C422FC-6A31-4597-A7BC-79A612E27A12} - System32\Tasks\RNUpgradeHelperResumePrompt_Travis => C:\Users\Travis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.05\agent\rnupgagent.exe [2016-12-11] (RealNetworks, Inc.)
Task: {927E09BC-D757-457E-B02E-88EEA626DCBD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2016-12-06] (Microsoft)
Task: {A5BA20A9-6596-47D4-BDD5-035788590AE7} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1159617972-1503282002-2484639351-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {A7A035EE-3A19-4892-BE10-1C67DEDC9159} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-13] (Google Inc.)
Task: {AF96234A-0204-4672-B5EE-B1E0CFAFE110} - System32\Tasks\{2D16B322-F69D-4F17-8273-A8F449872AB2} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.0.0.156.259&amp;LastError=404
Task: {CE6167C9-B5D4-478F-86F6-248CEC9315FA} - System32\Tasks\ReclaimerUpdateXML_Travis => C:\Users\Travis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.05\agent\rnupgagent.exe [2016-12-11] (RealNetworks, Inc.)
Task: {E111637A-3520-401D-8B37-195518433EF2} - System32\Tasks\HPCeeScheduleForTravis => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-26] (Hewlett-Packard)
Task: {F5E099DE-ECA9-4878-BCA2-AD487938C3AF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-10-13] (AVAST Software)
Task: {F82914AB-0504-4FDA-9327-1452B060178A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1159617972-1503282002-2484639351-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTravis.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki/
Shortcut: C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com/

ShortcutWithArgument: C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Until AM for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjafmkicbmhcbapadecadciafbkecofl

==================== Loaded Modules (Whitelisted) ==============

2014-09-24 11:45 - 2014-09-24 11:45 - 00237568 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGAppControlPlugin#\14743bb37374ee94b3a3b44628ce9f58\PCGAppControlPluginLoader.ni.dll
2014-09-24 11:44 - 2014-09-24 11:44 - 01665024 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGPreCompiled\956b5607a5ae9187a31074fe0792d4e9\PCGPreCompiled.ni.dll
2013-01-27 08:00 - 2013-01-27 08:00 - 00091192 _____ () c:\program files\soluto\PCGDllExportInspector.dll
2013-03-06 00:21 - 2013-03-06 00:21 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-01-27 08:00 - 2013-01-27 08:00 - 00091192 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2013-01-27 08:00 - 2013-01-27 08:00 - 00055352 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
2016-10-13 17:21 - 2016-10-13 17:21 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-12-22 13:30 - 2016-12-22 13:30 - 03131344 _____ () C:\Program Files\AVAST Software\Avast\defs\16122204\algo.dll
2016-10-13 17:21 - 2016-10-13 17:21 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-13 17:22 - 2016-10-13 17:22 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-08-05 13:45 - 2009-08-05 13:45 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2016-12-22 14:06 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1641B961-68BD-4831-B84F-A74F9166E0AE}] => c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{0B2AE5E3-75EF-4E24-BE7B-5B81662ABB3D}] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{5505C46B-0EEC-4068-BD9B-A24A52FCCD89}] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{CDCDB1FA-F88C-457C-BA8A-FF82AC669D01}] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{4698E3FD-F8C1-4047-A458-5C84F66A5159}] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{43E042C5-5711-43B2-A6BD-5E10D9B37637}] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{3F8A40B5-933E-40BD-A750-3DBD254B0D86}] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{AD5158A2-77CF-494D-A482-726B5FBFC523}] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{DEB1909F-609E-4DAD-9883-8B98E3C2FBA1}] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{3BB98717-6E22-48F0-ADC8-3F5AB73F9972}] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{FD9DBAD4-A358-4D11-A69A-B0830C18BF46}] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{7E2EBF1D-6941-4BA0-B3D6-F96A54B1DB62}] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{FACFC21E-859B-4518-A88B-2BEE29AF346B}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{04BBE84D-B692-41FB-AA9C-10CC711EFAF5}] => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{50D2C253-834C-4B17-98C1-A96E17FF0469}] => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{2B052D66-C43C-41E1-BE66-AE9027993CCE}] => C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{2178A35E-3D11-49B3-ADB2-84C727606E60}] => C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{451D122E-F687-497B-816D-BC0A1B5486BB}] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{A018E8D3-314F-42C4-9A35-BF16D9CDF46D}] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{82AA6FC6-E35D-4C60-86E0-76D307C08392}] => C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{7B87FCB6-2ED2-4A5C-A540-9EA997CBC828}] => C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{73F20277-5670-429B-93E3-98C2F4E1595C}] => C:\Users\Travis\Downloads\solutoinstaller-Xw2j8E9MpD.exe
FirewallRules: [{AC488CA8-4BC3-4310-9854-46BFE6E5B8D5}] => C:\Users\Travis\Downloads\solutoinstaller-Xw2j8E9MpD.exe
FirewallRules: [{9EB1FE97-5574-4AB3-946C-8410D109FB5D}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5CCC7FC1-E8FB-4461-A391-07EE7D2AD70C}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{15321B42-2817-483A-8504-0ED20F1E254E}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BFB74EC7-F5F1-4E17-B6E2-F8037045A882}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{50AE6229-720C-4529-BE47-DD0F78FDC8D6}] => C:\Users\Travis\AppData\Local\Temp\7zS5EC5\setup\hpznui40.exe
FirewallRules: [{32F4B57B-1072-4051-973E-7DFC2D668D91}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{24F28482-6497-4AD0-971D-D74A35FD0903}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{6712B408-E13D-4ADE-AC37-3EAB8BBCDE46}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{7683E1C0-B84E-4EE2-80D0-F746CE4BA3D8}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{9E3B620E-7A2E-469D-BCCA-109645DA2CDB}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{DA63EB76-FED7-44F4-9963-1AB04F079F98}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{18037C87-627C-4772-A9BD-2EE6984619BC}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{65ADE73E-5FB4-4A44-8B22-CE5610879A01}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{0FF62FFE-E27A-41D7-B8F6-4129CDCA3281}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{644FA9DD-CBF5-4A8C-8255-C0A63543F844}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{BBAFACBF-FD61-43FE-9C51-3977B7AE3C03}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{E332478B-BFAE-4692-AC93-C343AD3E5CD4}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{C0792D4E-81B6-42E8-8AA3-8E2E58CFBD67}] => C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{856927A8-4DBC-470D-942A-01EFC772BEB9}] => C:\Users\Travis\AppData\Local\Temp\7zS69B0\HPDiagnosticCoreUI.exe
FirewallRules: [{DA6E5E90-7AFB-4298-9EBC-ABCD948D0F2B}] => C:\Users\Travis\AppData\Local\Temp\7zS69B0\HPDiagnosticCoreUI.exe
FirewallRules: [{DEA5A698-41CB-4467-8825-093A71879E76}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{104C4AF8-2A2D-454E-A3D5-775B0CF86FC5}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{4A0DE366-5BEE-4245-82F8-EF693117EE64}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{69B56946-86D3-4097-A4A9-9A85AB81BF24}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{23213F16-5754-46B9-B33F-547F91735EF0}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{79434283-B396-4783-B72E-F2E60B5CEF84}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [TCP Query User{C04F4B52-F48F-4861-AF7F-448BF792E26C}C:\users\travis\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\travis\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{4F552500-F23E-4579-AA20-E7C5E98809F3}C:\users\travis\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\travis\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{405B8FF3-8F69-4E9F-AC8C-0AA6F45A80DB}C:\program files (x86)\real\realplayer\realplay.exe] => C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{B4B7C4F7-245D-4FBC-BB25-E96537AF905C}C:\program files (x86)\real\realplayer\realplay.exe] => C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [{54A3CFF8-E756-4D29-BCBD-AD6DCD9A28C6}] => C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{9B8BBE44-6B57-4307-96BF-B195329C601D}] => C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{F58181C3-673A-49AE-9D6F-E0CCD41DCCD4}] => C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{514E4F0F-2119-4A88-B92D-D420B7D890E6}] => C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{3FFFF512-6614-4FC8-862C-2A8E6F351F8E}] => C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{3B0F97D7-FA5B-4312-A945-9FE233C2D1EC}] => C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{9314C6A9-2C7B-46F4-9455-D96BF3191D44}] => C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{0B9973EB-67F9-4C52-A772-DC521B72E6EB}] => C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{A7718D9A-7DBB-4A41-B82E-C3BA8674699C}] => C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [{FB3EA502-866C-4B7F-B6AA-1C39351CBAA6}] => C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [TCP Query User{534A749B-500F-4954-9052-2205DB370923}C:\program files (x86)\call of duty black ops ii\t6sp.exe] => C:\program files (x86)\call of duty black ops ii\t6sp.exe
FirewallRules: [UDP Query User{1F8386C5-251C-4818-9618-5888C4B7BF75}C:\program files (x86)\call of duty black ops ii\t6sp.exe] => C:\program files (x86)\call of duty black ops ii\t6sp.exe
FirewallRules: [TCP Query User{CBDFF37B-FAC9-4737-85B1-DF05CCAB0955}C:\users\travis\downloads\call of duty modern warfare 3 pc multiplayer 4d1 ^^nosteam^^\call of duty modern warfare 3 multiplayer 4d1\iw5m.dat] => C:\users\travis\downloads\call of duty modern warfare 3 pc multiplayer 4d1 ^^nosteam^^\call of duty modern warfare 3 multiplayer 4d1\iw5m.dat
FirewallRules: [UDP Query User{A1BC2DE1-3239-4A05-9A6B-ADA37FF7B96C}C:\users\travis\downloads\call of duty modern warfare 3 pc multiplayer 4d1 ^^nosteam^^\call of duty modern warfare 3 multiplayer 4d1\iw5m.dat] => C:\users\travis\downloads\call of duty modern warfare 3 pc multiplayer 4d1 ^^nosteam^^\call of duty modern warfare 3 multiplayer 4d1\iw5m.dat
FirewallRules: [TCP Query User{39ECCEC6-B74D-4076-992B-5C778F1482B5}C:\program files (x86)\utorrent\utorrent.exe] => C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{9DF7DD07-BCB6-42CB-BA70-511443DB1A02}C:\program files (x86)\utorrent\utorrent.exe] => C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [{747FB71E-D6B5-4678-9B05-B09A4E787D06}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{32E3A3D3-F081-4B3C-A9B0-F9A499EED947}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{105A6CBC-8AD6-45E2-A9E0-CA44C7ADCD6C}] => C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{E2D3FB89-0751-46C7-9E16-685F1CACDFF0}] => C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{8D40BE5B-17C2-46DA-9B5B-DF257F422D91}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1EA74234-2AC7-447D-8CEC-1505449AAA4B}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{854D01FC-9495-4D41-AAD2-79815FB69A9C}] => C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{1313DF65-8795-4A6E-B387-16C3B9D228E8}] => C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D5E1950C-357D-4FB3-8398-1FEBB4EE91F4}] => C:\Users\Travis\AppData\Local\Temp\utt6FFB.tmp.exe
FirewallRules: [{199713E9-38AD-4275-ABD1-29CD50E2C93B}] => C:\Users\Travis\AppData\Local\Temp\utt6FFB.tmp.exe
FirewallRules: [TCP Query User{E94D251A-12BE-43F6-8289-817C5126F8B6}C:\program files (x86)\itunes\itunes.exe] => C:\program files (x86)\itunes\itunes.exe
FirewallRules: [UDP Query User{DBCF3EA6-7026-4B07-8DAF-706BEF18C07A}C:\program files (x86)\itunes\itunes.exe] => C:\program files (x86)\itunes\itunes.exe
FirewallRules: [{57BFDC1E-48C4-4138-B258-E331046661C6}] => C:\Users\Travis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0CC655DD-8098-49F0-8155-A1F02F45432F}] => C:\Users\Travis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{72B4C4D6-3EB7-48E3-8074-E8730901E45E}] => C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{5E58E366-C2CD-4829-B0BB-06285911B921}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4563F673-5FAD-4C64-9094-656960EE67A3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BA47C2D6-96BF-4528-970C-B97D7FFE8E21}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

28-09-2014 23:00:00 Scheduled Checkpoint
30-09-2014 08:57:40 Windows Update
15-10-2016 22:40:22 Checkpoint by HitmanPro
15-10-2016 22:41:30 Checkpoint by HitmanPro
15-10-2016 23:14:07 Checkpoint by HitmanPro
11-12-2016 17:59:05 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
18-12-2016 21:20:09 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/22/2016 01:29:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McAfee.TrueKey.Service.exe, version: 4.9.108.0, time stamp: 0x58140007
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc000000d
Fault offset: 0x0000000000078fd1
Faulting process id: 0xc9c
Faulting application start time: 0x01d25c9a31c0794d
Faulting application path: C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: c506c048-c88d-11e6-adcf-90e6ba659846

Error: (12/18/2016 06:00:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17280, time stamp: 0x53f262ac
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe06d7363
Fault offset: 0x0000c42d
Faulting process id: 0x1220
Faulting application start time: 0x01d25995809534f4
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: eab1d4e9-c58e-11e6-a740-90e6ba659846

Error: (12/11/2016 05:44:39 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
Description: Failed to begin a Windows Installer transaction ASU_MSI_TRAN. Error 1603 occurred while beginning the transaction.

Error: (11/07/2016 09:55:26 AM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
Description: Failed to begin a Windows Installer transaction ASU_MSI_TRAN. Error 1603 occurred while beginning the transaction.

Error: (10/15/2016 10:51:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> with error: The specified server cannot perform the requested operation.
.

Error: (10/15/2016 10:51:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> with error: The specified server cannot perform the requested operation.
.

Error: (10/15/2016 10:51:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> with error: The specified server cannot perform the requested operation.
.

Error: (10/15/2016 10:51:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> with error: This operation returned because the timeout period expired.
.

Error: (10/15/2016 10:51:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> with error: This operation returned because the timeout period expired.
.

Error: (10/15/2016 10:51:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> with error: The specified server cannot perform the requested operation.
.

System errors:
=============
Error: (12/22/2016 03:05:37 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (12/22/2016 03:05:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/22/2016 03:05:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Error: (12/22/2016 02:56:07 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/22/2016 02:56:00 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/22/2016 01:51:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/22/2016 01:48:36 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (12/22/2016 01:48:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/22/2016 01:48:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDEngine service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/22/2016 01:48:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LightScribeService Direct Disc Labeling Service service terminated unexpectedly.  It has done this 1 time(s).

CodeIntegrity:
===================================
  Date: 2016-12-22 13:57:00.398
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-22 13:33:47.586
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 51%
Total physical RAM: 9207.16 MB
Available physical RAM: 4498.64 MB
Total Virtual: 23015.34 MB
Available Virtual: 16888.09 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:685.72 GB) (Free:211.44 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.82 GB) (Free:2.29 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive l: (NHL_09) (CDROM) (Total:2.71 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=685.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Psychologique21, 23 December 2016 - 05:05 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 24 December 2016 - 08:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CustomCLSID: HKU\S-1-5-21-1159617972-1503282002-2484639351-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Travis\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1159617972-1503282002-2484639351-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1159617972-1503282002-2484639351-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1159617972-1503282002-2484639351-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {AF96234A-0204-4672-B5EE-B1E0CFAFE110} - System32\Tasks\{2D16B322-F69D-4F17-8273-A8F449872AB2} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.0.0.156.259&amp;LastError=404

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.
===

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 7 Update 6 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417006FF}) (Version: 7.0.60 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java™ 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
===

Nothing suspicious was found on your logs.
Numerous processes are started by the programs when needed.

Do you other issues with this computer.

#5 Psychologique21

Psychologique21
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 25 December 2016 - 06:07 PM

Thank you, once again, for your help, it has been greatly appreciated. One other thing that I noticed is that when I would close an iexplore.exe *32 process it would reappear immediately and the page would reload with a message reading that there was a problem with the webpage that caused it to close and IE reopened it. Is there anything strange about this happening?

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Travis (25-12-2016 14:30:37) Run:2
Running from C:\Users\Travis\Desktop\Farbar tool
Loaded Profiles: Travis (Available Profiles: Travis)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CustomCLSID: HKU\S-1-5-21-1159617972-1503282002-2484639351-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Travis\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1159617972-1503282002-2484639351-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1159617972-1503282002-2484639351-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1159617972-1503282002-2484639351-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Travis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {AF96234A-0204-4672-B5EE-B1E0CFAFE110} - System32\Tasks\{2D16B322-F69D-4F17-8273-A8F449872AB2} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.0.0.156.259&amp;LastError=404

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1159617972-1503282002-2484639351-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfully
"HKU\S-1-5-21-1159617972-1503282002-2484639351-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-1159617972-1503282002-2484639351-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-1159617972-1503282002-2484639351-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF96234A-0204-4672-B5EE-B1E0CFAFE110}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF96234A-0204-4672-B5EE-B1E0CFAFE110}" => key removed successfully
C:\Windows\System32\Tasks\{2D16B322-F69D-4F17-8273-A8F449872AB2} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2D16B322-F69D-4F17-8273-A8F449872AB2}" => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8537247 B
Java, Flash, Steam htmlcache => 1111 B
Windows/system/drivers => 4848804 B
Edge => 0 B
Chrome => 350642295 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Travis => 528800622 B

RecycleBin => 0 B
EmptyTemp: => 859.5 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 14:31:52 ====

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 26 December 2016 - 07:41 AM

Did you Update Java as I have suggested?

If not please do and remove the old versions.

If the problem persists run the Farbar tool normally and post fresh FRST and Addition.txt for my review.

#7 Psychologique21

Psychologique21
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 26 December 2016 - 06:57 PM

Alright so I uninstalled Java and everything appears to be working alight. I did one more Farbar scan JIC. Thank you so very much for your patience and help. ~ Travis

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by Travis (administrator) on SHADOWBOX (26-12-2016 15:42:37)
Running from C:\Users\Travis\Desktop\Farbar tool
Loaded Profiles: Travis (Available Profiles: Travis)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
(Evoluent) C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe
(nerds.de) C:\Program Files (x86)\nerds.de\LoopBe1\loopBeMon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_24_0_0_186_ActiveX.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-18] (AVAST Software)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-05-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE [24576 2014-02-28] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\...\Run: [CreativeTaskScheduler] => C:\Program Files (x86)\Creative\Shared Files\CTSched.exe [53341 2006-11-17] (Creative Technology Ltd)
HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\...\MountPoints2: {ba6ca7cd-b79c-11e2-9b96-90e6ba659846} - M:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-13] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Evoluent Mouse Manager.lnk [2014-07-22]
ShortcutTarget: Evoluent Mouse Manager.lnk -> C:\Windows\Installer\{0F8F4447-1F0B-4703-9BD5-53F0274CE856}\_B5CB566BBFE908A7621D0F.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LoopBe1 Monitor.lnk [2013-02-04]
ShortcutTarget: LoopBe1 Monitor.lnk -> C:\Program Files (x86)\nerds.de\LoopBe1\loopBeMon.exe (nerds.de)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2009-11-10]
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
BootExecute: PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{04E9AE8E-9BAE-4509-B725-DE965B286313}: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{3FE4BBB9-9869-4A64-985D-E19744B871FD}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{41549DBE-D2D0-48E6-9CD5-D04B93F586D4}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{D823E7D3-1581-455C-B97E-F7D70F39CEF6}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E0DADF07-7116-4D32-B60E-2CF02FDE70FE}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E421C30B-9DC3-4E73-850B-BDB85E5AD1A6}: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{F3CEF1C2-F21C-4DA3-8DD9-9D1C90B1E347}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {DC578ABE-6CDC-421A-8EDF-82E738BFC057} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {DC578ABE-6CDC-421A-8EDF-82E738BFC057} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {DC578ABE-6CDC-421A-8EDF-82E738BFC057} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {DC578ABE-6CDC-421A-8EDF-82E738BFC057} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-11-07] (AVAST Software)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-03-06] (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-07] (AVAST Software)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: 7lc53yhc.default-1476598833778
FF ProfilePath: C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\7lc53yhc.default-1476598833778 [2016-12-23]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-15]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-08-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-05-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-18] ()
FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\system32\npDeployJava1.dll [2012-08-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-05-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-05-06] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-03-06] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1159617972-1503282002-2484639351-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll [2012-08-28] (Amazon.com, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Travis\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Google Update) - C:\Users\Travis\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll => No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Profile: C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default [2016-12-26]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2016-10-13]
CHR Extension: (YouTube) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-13]
CHR Extension: (Google Search) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-27]
CHR Extension: (Pixlr-o-matic) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2014-02-25]
CHR Extension: (Abstracto) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdnacglpcbdodfpahmaemmomjaaejbl [2012-08-01]
CHR Extension: (Until AM for Chrome) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjafmkicbmhcbapadecadciafbkecofl [2014-09-09]
CHR Extension: (Gmail) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-13]
CHR HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Travis\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9432760 2016-12-22] (Emsisoft Ltd)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-13] (AVAST Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-12-05] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2009-11-10] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2012-08-15] (Creative Labs) [File not signed]
R3 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-12-11] (SurfRight B.V.)
R3 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
S3 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () [File not signed]
R3 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R3 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S3 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [183264 2013-01-27] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1239552 2014-07-22] (Soluto) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-02-12] (Ralink Technology Corp.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2012-03-07] (Google Inc)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-10-13] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-10-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-10-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-10-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-10-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-10-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-10-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-10-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
S3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [25144 2010-06-23] (Evoluent)
R3 EvoMouseDriverMini; C:\Windows\System32\drivers\EvoMouseDriverMini.sys [22584 2010-06-23] ()
R3 LoopBeMidi1; C:\Windows\System32\drivers\loopbe1.sys [13824 2011-04-09] (nerds.de)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-08-01] (Duplex Secure Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-26 15:37 - 2016-12-26 15:42 - 00003344 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1159617972-1503282002-2484639351-1000
2016-12-26 15:37 - 2016-12-26 15:42 - 00003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1159617972-1503282002-2484639351-1000
2016-12-25 21:30 - 2016-12-25 21:30 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-12-25 21:30 - 2016-12-25 21:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2016-12-25 12:45 - 2016-12-25 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-12-25 12:42 - 2016-12-25 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-12-25 12:42 - 2016-12-25 12:42 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-12-25 12:37 - 2016-12-25 12:42 - 00000000 ____D C:\Program Files\iPod
2016-12-25 12:36 - 2016-12-25 14:32 - 00000000 ____D C:\Program Files\iTunes
2016-12-25 12:33 - 2016-12-25 12:33 - 00000000 ____D C:\Program Files\Bonjour
2016-12-25 12:33 - 2016-12-25 12:33 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-12-25 12:32 - 2016-12-25 12:32 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-12-25 12:32 - 2016-12-25 12:32 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-12-23 15:04 - 2016-12-23 15:04 - 00000000 ___DL C:\Users\Travis\AppData\LocalLow\PlayReady
2016-12-23 13:53 - 2016-12-23 13:53 - 13165792 _____ (Microsoft Corporation) C:\Users\Travis\Downloads\Silverlight_x64.exe
2016-12-23 12:49 - 2016-12-26 15:42 - 00000000 ____D C:\Users\Travis\Desktop\Farbar tool
2016-12-22 17:35 - 2016-12-22 17:35 - 01663040 _____ (Malwarebytes) C:\Users\Travis\Downloads\JRT.exe
2016-12-22 15:42 - 2016-12-22 15:43 - 00052605 _____ C:\Users\Travis\Downloads\Addition.txt
2016-12-22 15:41 - 2016-12-26 15:42 - 00000000 ____D C:\FRST
2016-12-22 15:41 - 2016-12-22 15:43 - 00041369 _____ C:\Users\Travis\Downloads\FRST.txt
2016-12-22 15:17 - 2016-12-22 15:20 - 00226342 _____ C:\TDSSKiller.3.1.0.12_22.12.2016_15.17.38_log.txt
2016-12-22 15:01 - 2016-12-22 15:13 - 00000000 ____D C:\Windows\pss
2016-12-22 14:31 - 2016-12-22 14:47 - 00450296 _____ C:\TDSSKiller.3.1.0.12_22.12.2016_14.31.13_log.txt
2016-12-22 14:30 - 2016-12-22 14:30 - 00000492 _____ C:\TDSSKiller.3.1.0.12_22.12.2016_14.30.42_log.txt
2016-12-22 13:46 - 2016-12-22 13:46 - 05453544 _____ ( ) C:\Users\Travis\Downloads\Zemana.AntiMalware.Setup.exe
2016-12-22 13:45 - 2016-12-22 13:45 - 11581544 _____ (SurfRight B.V.) C:\Users\Travis\Downloads\hitmanpro_x64 (1).exe
2016-12-22 13:43 - 2016-12-22 13:43 - 54199488 _____ (Malwarebytes ) C:\Users\Travis\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2016-12-22 13:40 - 2016-12-22 13:41 - 03977168 _____ C:\Users\Travis\Downloads\AdwCleaner.exe
2016-12-22 13:39 - 2016-12-22 13:39 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Travis\Downloads\rkill.com
2016-12-22 13:35 - 2016-12-22 13:37 - 00228428 _____ C:\TDSSKiller.3.1.0.12_22.12.2016_13.35.13_log.txt
2016-12-22 13:35 - 2016-12-22 13:35 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Travis\Downloads\tdsskiller.exe
2016-12-22 13:31 - 2016-12-22 13:31 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-12-11 23:05 - 2016-12-18 17:13 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-12-11 23:05 - 2016-12-12 00:28 - 00017837 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-12-11 23:05 - 2016-12-11 23:41 - 00075971 _____ C:\Windows\ZAM.krnl.trace
2016-12-11 23:05 - 2016-12-11 23:05 - 00000000 ____D C:\Users\Travis\AppData\Local\Zemana
2016-12-11 20:45 - 2016-12-26 10:40 - 00003494 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Travis
2016-12-11 20:45 - 2016-12-25 10:28 - 00003500 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Travis
2016-12-11 20:45 - 2016-12-11 20:45 - 00003618 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Travis
2016-12-11 20:45 - 2016-12-11 20:45 - 00003208 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Travis
2016-12-11 17:59 - 2016-12-11 17:59 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-11 17:58 - 2016-12-22 15:03 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-12-11 17:58 - 2016-12-22 13:51 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-12-11 17:50 - 2016-12-24 00:01 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-11 17:50 - 2016-12-18 19:28 - 00003890 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-11 17:49 - 2016-12-11 17:49 - 01198288 _____ (Adobe Systems Incorporated) C:\Users\Travis\Downloads\flashplayer23pp_ka_install.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-26 15:35 - 2009-07-13 20:45 - 00018928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-26 15:35 - 2009-07-13 20:45 - 00018928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-26 15:28 - 2012-08-05 07:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-26 15:27 - 2016-10-15 23:27 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-12-26 15:23 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-26 13:00 - 2009-11-10 13:37 - 00062308 _____ C:\Windows\system32\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00451102}.rfx
2016-12-26 13:00 - 2009-11-10 13:37 - 00062308 _____ C:\Windows\system32\BMXState-{00000004-00000000-00000000-00001102-0000000B-00451102}.rfx
2016-12-26 13:00 - 2009-11-10 13:37 - 00000820 _____ C:\Windows\system32\DVCState-{00000004-00000000-00000000-00001102-0000000B-00451102}.rfx
2016-12-26 02:00 - 2014-06-21 01:00 - 00000000 ____D C:\Users\Travis\AppData\Local\Adobe
2016-12-25 12:36 - 2012-08-09 14:12 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-25 12:32 - 2012-08-09 14:12 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-12-25 12:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-12-23 19:39 - 2013-03-16 21:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-12-23 19:39 - 2013-03-16 21:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-12-23 18:23 - 2013-02-23 04:39 - 00000000 ____D C:\Users\Travis\Downloads\Wise.Registry.Cleaner.Pro.(trees)
2016-12-23 17:19 - 2014-07-03 11:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-23 16:40 - 2012-08-05 07:30 - 00000000 ____D C:\Users\Travis\Desktop\Utility
2016-12-23 13:53 - 2013-03-16 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-12-23 12:53 - 2012-08-01 08:48 - 00000000 ____D C:\Users\Travis\AppData\LocalLow\Temp
2016-12-22 21:44 - 2016-11-07 10:11 - 00000338 _____ C:\Windows\Tasks\HPCeeScheduleForTravis.job
2016-12-22 20:58 - 2014-07-12 16:07 - 00000000 ____D C:\Users\Travis\Desktop\Skate vids
2016-12-22 20:58 - 2013-01-18 10:48 - 02186240 ___SH C:\Users\Travis\Desktop\Thumbs.db
2016-12-22 20:45 - 2016-11-07 10:11 - 00003194 _____ C:\Windows\System32\Tasks\HPCeeScheduleForTravis
2016-12-22 19:05 - 2012-08-02 13:59 - 00000000 ____D C:\Users\Travis\AppData\Roaming\HpUpdate
2016-12-22 16:07 - 2016-10-15 21:28 - 00000000 ____D C:\AdwCleaner
2016-12-22 15:04 - 2016-10-13 17:01 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-22 14:12 - 2012-08-21 15:31 - 00000000 ____D C:\ProgramData\McAfee
2016-12-22 14:08 - 2012-12-19 06:50 - 00000000 ____D C:\Users\Travis\AppData\Roaming\Dropbox
2016-12-22 14:08 - 2009-11-10 13:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2016-12-22 13:39 - 2013-10-25 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-12-18 19:28 - 2012-08-05 07:20 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-18 19:28 - 2012-08-05 07:20 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-18 19:28 - 2012-08-05 07:20 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-18 19:28 - 2012-08-05 07:20 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-18 19:28 - 2009-11-10 13:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-18 17:32 - 2013-10-25 12:03 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-18 17:32 - 2013-10-25 12:03 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-11 23:37 - 2013-07-29 08:43 - 00000000 ____D C:\Users\Travis\Downloads\Drunk cam fix
2016-12-11 23:12 - 2012-08-01 07:37 - 00000000 ____D C:\Users\Travis
2016-12-11 22:40 - 2012-08-06 21:45 - 00007605 _____ C:\Users\Travis\AppData\Local\Resmon.ResmonCfg
2016-12-11 22:19 - 2012-08-01 08:47 - 00000000 ____D C:\Users\Travis\AppData\Roaming\uTorrent
2016-12-11 18:10 - 2016-10-13 17:26 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-11 17:45 - 2016-10-15 20:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-11 17:45 - 2012-08-05 06:48 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2012-08-05 06:58 - 2012-08-05 06:58 - 0099384 _____ () C:\Users\Travis\AppData\Roaming\inst.exe
2012-08-05 06:58 - 2012-08-05 06:58 - 0007859 _____ () C:\Users\Travis\AppData\Roaming\pcouffin.cat
2012-08-05 06:58 - 2012-08-05 06:58 - 0001167 _____ () C:\Users\Travis\AppData\Roaming\pcouffin.inf
2012-08-05 06:58 - 2012-08-05 06:58 - 0000034 _____ () C:\Users\Travis\AppData\Roaming\pcouffin.log
2012-08-05 06:58 - 2012-08-05 06:58 - 0082816 _____ (VSO Software) C:\Users\Travis\AppData\Roaming\pcouffin.sys
2014-09-27 19:05 - 2014-09-28 23:05 - 0000065 _____ () C:\Users\Travis\AppData\Roaming\WB.CFG
2012-09-06 16:02 - 2012-10-22 21:13 - 0004608 _____ () C:\Users\Travis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-06 21:45 - 2016-12-11 22:40 - 0007605 _____ () C:\Users\Travis\AppData\Local\Resmon.ResmonCfg
2013-08-02 08:15 - 2013-08-02 08:15 - 1214959 _____ () C:\Users\Travis\AppData\Local\tmp20130802_090819.0
2013-08-02 08:15 - 2013-08-02 08:15 - 0355708 _____ () C:\Users\Travis\AppData\Local\tmp20130802_090819.JPG
2014-06-28 22:06 - 2014-06-28 22:06 - 0218203 _____ () C:\Users\Travis\AppData\Local\tmpFLUMES 6-21-14.JPG
2014-02-13 17:48 - 2014-02-13 17:48 - 1968983 _____ () C:\Users\Travis\AppData\Local\tmpIMG_0477.0
2014-02-13 17:48 - 2014-02-13 17:48 - 0732542 _____ () C:\Users\Travis\AppData\Local\tmpIMG_0477.1
2014-02-13 17:48 - 2014-02-13 17:48 - 0732597 _____ () C:\Users\Travis\AppData\Local\tmpIMG_0477.JPG
2013-04-26 16:09 - 2013-04-26 16:09 - 2250054 _____ () C:\ProgramData\1.bmp
2013-04-26 16:08 - 2013-04-26 16:09 - 0787681 _____ () C:\ProgramData\1.jpg
2012-08-19 11:31 - 2013-02-08 11:34 - 0001797 _____ () C:\ProgramData\hpzinstall.log
2012-08-09 07:14 - 2012-08-19 15:10 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-25 23:58

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Travis (26-12-2016 15:43:23)
Running from C:\Users\Travis\Desktop\Farbar tool
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-01 15:37:46)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1159617972-1503282002-2484639351-500 - Administrator - Disabled)
Guest (S-1-5-21-1159617972-1503282002-2484639351-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1159617972-1503282002-2484639351-1002 - Limited - Enabled)
Travis (S-1-5-21-1159617972-1503282002-2484639351-1000 - Administrator - Enabled) => C:\Users\Travis

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Disabled - Up to date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Emsisoft Anti-Malware (Disabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.0 - )
µTorrent (HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\...\uTorrent) (Version: 3.4.9.42973 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{BCE26847-79A9-56FF-908E-C02FAA7705B3}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
Avast Pro Antivirus (HKLM-x32\...\avast) (Version: 12.3.2280 - AVAST Software)
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Bigasoft Audio Converter 3.6.25.4532 (HKLM-x32\...\{E6333CE4-9DC0-455C-9D43-E011CE33F5FA}_is1) (Version:  - Bigasoft Corporation)
Bome's Mouse Keyboard 2.00 (HKLM-x32\...\Bome's Mouse Keyboard_is1) (Version:  - Bome Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2010.0930.2237.38732 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Creative 3DMIDI Player (HKLM-x32\...\3DMIDI) (Version: 1.11 - Creative Technology Limited)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Diagnostics (HKLM-x32\...\Diagnostics 4_5) (Version: 5.11 - Creative Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D110 (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
DVDFab 7.0.7.0 (08/06/2010) (HKLM-x32\...\DVDFab 7_is1) (Version:  - Fengtao Software Inc.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.8 - Emsisoft Ltd.)
Epubor Adobe DRM Removal (HKLM-x32\...\Epubor Adobe DRM Removal) (Version: 2.0.7.5 - Epubor Inc.)
Evoluent Mouse Manager (HKLM\...\{0F8F4447-1F0B-4703-9BD5-53F0274CE856}) (Version: 4.0.0 - Evoluent)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version:  - AOL Products)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Easy Backup (HKLM-x32\...\{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1) (Version: 1.0.8.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.0.4215 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.98.0 - ATI Technologies Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.7.2.0 - LG Electronics)
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
LoopBe1 - Internal MIDI Port (HKLM-x32\...\LoopBe1) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Morphyre (HKLM-x32\...\Morphyre) (Version:  - )
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 14.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NHL® 09 (HKLM-x32\...\{F2B5A2A7-2DF9-4361-8BD5-362714528B51}) (Version: 2.0.1.0 - Electronic Arts)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PerfectDisk 12.5 Professional (HKLM\...\{FD310764-B3E5-430F-980E-D6C0016B2660}) (Version: 12.05.312 - Raxco Software Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1931 - CyberLink Corp.) Hidden
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Reason 4.0 (HKLM-x32\...\Reason4_is1) (Version: 4.0 - Propellerhead Software AB)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Soluto (HKLM\...\{32F9DBC7-95D1-469F-B7A3-678948D6DA32}) (Version: 1.3.1140.0 - Soluto)
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - Creative Technology Limited)
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Virtual MIDI Piano Keyboard (HKLM-x32\...\Virtual MIDI Piano Keyboard) (Version: 0.5.0 - VMPK)
VirtualDJ PRO Full (HKLM-x32\...\{74F28F11-404B-4CEA-92FF-37BF476F239E}) (Version: 7.0.3 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02BA4B52-D2D8-48F9-A1A6-0DCA5B3E48AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2016-12-20] (Microsoft)
Task: {0B3BA3BB-B567-45A6-9E93-D0F4EB09B36E} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {0DCD4C36-8754-41CF-8774-E46F0A76E7F7} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe [2016-12-18] (Adobe Systems Incorporated)
Task: {14E714EE-95FF-4F21-89B7-27EC891F4AE2} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {1A599843-5189-4EFC-B022-34FC7A52C778} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-05] (CyberLink)
Task: {256267B6-9AC2-4CF6-B666-09DD2710A145} - System32\Tasks\RNUpgradeHelperLogonPrompt_Travis => C:\Users\Travis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.05\agent\rnupgagent.exe [2016-12-11] (RealNetworks, Inc.)
Task: {30BA4E31-35D2-4767-93F8-A52FC7350E15} - System32\Tasks\AdobeAAMUpdater-1.0-ShadowBox-Travis => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {3CEC6868-B8E6-4F1F-B398-32C881220EC2} - System32\Tasks\HPCeeScheduleForTravis => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-26] (Hewlett-Packard)
Task: {3F6042B4-AFB5-4F49-A06A-9BB26007F22E} - System32\Tasks\{2E2AB8B2-FB41-4646-9F34-36EBC5B6068A} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Digital Editions\uninstall.exe"
Task: {4D603E48-555B-43B5-AC49-F6BF34934F2F} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {504E93DA-4FE7-4A5A-8666-006FDBDDD633} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-13] (AVAST Software)
Task: {59AFEAB7-95C8-465D-8B5B-76FB69DDF322} - System32\Tasks\DVDAgent => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {6341A684-E5C5-47EA-8391-BCB9B0E58673} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-13] (Google Inc.)
Task: {6524BF1C-F8E9-4CD7-B1D0-083A915A8E15} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-18] (Adobe Systems Incorporated)
Task: {67260CA1-7A40-49D4-B688-F76C2585343A} - System32\Tasks\ReclaimerUpdateFiles_Travis => C:\Users\Travis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.05\agent\rnupgagent.exe [2016-12-11] (RealNetworks, Inc.)
Task: {806E6338-739C-46D6-AE0F-D75954091B3C} - System32\Tasks\SafeZone scheduled Autoupdate 1476411579 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {84E3D1BA-FD6B-416C-B640-C47620B9B273} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1159617972-1503282002-2484639351-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {89C422FC-6A31-4597-A7BC-79A612E27A12} - System32\Tasks\RNUpgradeHelperResumePrompt_Travis => C:\Users\Travis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.05\agent\rnupgagent.exe [2016-12-11] (RealNetworks, Inc.)
Task: {927E09BC-D757-457E-B02E-88EEA626DCBD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2016-12-20] (Microsoft)
Task: {97D9B629-F156-447A-A212-E727AECD50A3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {A5BA20A9-6596-47D4-BDD5-035788590AE7} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1159617972-1503282002-2484639351-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {A7A035EE-3A19-4892-BE10-1C67DEDC9159} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-13] (Google Inc.)
Task: {AF026CA1-A641-42D5-BD0B-5C14F842950F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1159617972-1503282002-2484639351-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {CCF03939-A135-4CE3-AAFE-58BA5279B086} - System32\Tasks\ReclaimerUpdateXML_Travis => C:\Users\Travis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.05\agent\rnupgagent.exe [2016-12-11] (RealNetworks, Inc.)
Task: {F5E099DE-ECA9-4878-BCA2-AD487938C3AF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F82914AB-0504-4FDA-9327-1452B060178A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1159617972-1503282002-2484639351-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTravis.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki/
Shortcut: C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com/

ShortcutWithArgument: C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Until AM for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjafmkicbmhcbapadecadciafbkecofl

==================== Loaded Modules (Whitelisted) ==============

2014-09-24 11:45 - 2014-09-24 11:45 - 00237568 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGAppControlPlugin#\14743bb37374ee94b3a3b44628ce9f58\PCGAppControlPluginLoader.ni.dll
2014-09-24 11:44 - 2014-09-24 11:44 - 01665024 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGPreCompiled\956b5607a5ae9187a31074fe0792d4e9\PCGPreCompiled.ni.dll
2013-01-27 08:00 - 2013-01-27 08:00 - 00091192 _____ () c:\program files\soluto\PCGDllExportInspector.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-06 00:21 - 2013-03-06 00:21 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-01-27 08:00 - 2013-01-27 08:00 - 00091192 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2010-04-12 14:59 - 2010-04-12 14:59 - 00430080 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-30 20:36 - 2010-09-30 20:36 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-10-13 17:21 - 2016-10-13 17:21 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-12-26 10:35 - 2016-12-26 10:35 - 03131344 _____ () C:\Program Files\AVAST Software\Avast\defs\16122600\algo.dll
2016-10-13 17:21 - 2016-10-13 17:21 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-10-13 17:22 - 2016-10-13 17:22 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-11-10 13:35 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2009-11-10 13:35 - 2009-07-10 09:07 - 00166912 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-02-28 19:14 - 2014-02-28 19:14 - 00002560 _____ () C:\Windows\system32\CTXFIRES.DLL
2009-08-05 13:45 - 2009-08-05 13:45 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2016-12-22 14:06 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1641B961-68BD-4831-B84F-A74F9166E0AE}] => c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{0B2AE5E3-75EF-4E24-BE7B-5B81662ABB3D}] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{5505C46B-0EEC-4068-BD9B-A24A52FCCD89}] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{CDCDB1FA-F88C-457C-BA8A-FF82AC669D01}] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{4698E3FD-F8C1-4047-A458-5C84F66A5159}] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{43E042C5-5711-43B2-A6BD-5E10D9B37637}] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{3F8A40B5-933E-40BD-A750-3DBD254B0D86}] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{AD5158A2-77CF-494D-A482-726B5FBFC523}] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{DEB1909F-609E-4DAD-9883-8B98E3C2FBA1}] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{3BB98717-6E22-48F0-ADC8-3F5AB73F9972}] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{FD9DBAD4-A358-4D11-A69A-B0830C18BF46}] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{7E2EBF1D-6941-4BA0-B3D6-F96A54B1DB62}] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{FACFC21E-859B-4518-A88B-2BEE29AF346B}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{04BBE84D-B692-41FB-AA9C-10CC711EFAF5}] => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{50D2C253-834C-4B17-98C1-A96E17FF0469}] => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{2B052D66-C43C-41E1-BE66-AE9027993CCE}] => C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{2178A35E-3D11-49B3-ADB2-84C727606E60}] => C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{451D122E-F687-497B-816D-BC0A1B5486BB}] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{A018E8D3-314F-42C4-9A35-BF16D9CDF46D}] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{82AA6FC6-E35D-4C60-86E0-76D307C08392}] => C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{7B87FCB6-2ED2-4A5C-A540-9EA997CBC828}] => C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{73F20277-5670-429B-93E3-98C2F4E1595C}] => C:\Users\Travis\Downloads\solutoinstaller-Xw2j8E9MpD.exe
FirewallRules: [{AC488CA8-4BC3-4310-9854-46BFE6E5B8D5}] => C:\Users\Travis\Downloads\solutoinstaller-Xw2j8E9MpD.exe
FirewallRules: [{50AE6229-720C-4529-BE47-DD0F78FDC8D6}] => C:\Users\Travis\AppData\Local\Temp\7zS5EC5\setup\hpznui40.exe
FirewallRules: [{32F4B57B-1072-4051-973E-7DFC2D668D91}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{24F28482-6497-4AD0-971D-D74A35FD0903}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{6712B408-E13D-4ADE-AC37-3EAB8BBCDE46}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{7683E1C0-B84E-4EE2-80D0-F746CE4BA3D8}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{9E3B620E-7A2E-469D-BCCA-109645DA2CDB}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{DA63EB76-FED7-44F4-9963-1AB04F079F98}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{18037C87-627C-4772-A9BD-2EE6984619BC}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{65ADE73E-5FB4-4A44-8B22-CE5610879A01}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{0FF62FFE-E27A-41D7-B8F6-4129CDCA3281}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{644FA9DD-CBF5-4A8C-8255-C0A63543F844}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{BBAFACBF-FD61-43FE-9C51-3977B7AE3C03}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{E332478B-BFAE-4692-AC93-C343AD3E5CD4}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{C0792D4E-81B6-42E8-8AA3-8E2E58CFBD67}] => C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{856927A8-4DBC-470D-942A-01EFC772BEB9}] => C:\Users\Travis\AppData\Local\Temp\7zS69B0\HPDiagnosticCoreUI.exe
FirewallRules: [{DA6E5E90-7AFB-4298-9EBC-ABCD948D0F2B}] => C:\Users\Travis\AppData\Local\Temp\7zS69B0\HPDiagnosticCoreUI.exe
FirewallRules: [{DEA5A698-41CB-4467-8825-093A71879E76}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{104C4AF8-2A2D-454E-A3D5-775B0CF86FC5}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{4A0DE366-5BEE-4245-82F8-EF693117EE64}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{69B56946-86D3-4097-A4A9-9A85AB81BF24}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{23213F16-5754-46B9-B33F-547F91735EF0}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{79434283-B396-4783-B72E-F2E60B5CEF84}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [TCP Query User{C04F4B52-F48F-4861-AF7F-448BF792E26C}C:\users\travis\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\travis\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{4F552500-F23E-4579-AA20-E7C5E98809F3}C:\users\travis\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\travis\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{405B8FF3-8F69-4E9F-AC8C-0AA6F45A80DB}C:\program files (x86)\real\realplayer\realplay.exe] => C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{B4B7C4F7-245D-4FBC-BB25-E96537AF905C}C:\program files (x86)\real\realplayer\realplay.exe] => C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [{54A3CFF8-E756-4D29-BCBD-AD6DCD9A28C6}] => C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{9B8BBE44-6B57-4307-96BF-B195329C601D}] => C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{F58181C3-673A-49AE-9D6F-E0CCD41DCCD4}] => C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{514E4F0F-2119-4A88-B92D-D420B7D890E6}] => C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{3FFFF512-6614-4FC8-862C-2A8E6F351F8E}] => C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{3B0F97D7-FA5B-4312-A945-9FE233C2D1EC}] => C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{9314C6A9-2C7B-46F4-9455-D96BF3191D44}] => C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{0B9973EB-67F9-4C52-A772-DC521B72E6EB}] => C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{A7718D9A-7DBB-4A41-B82E-C3BA8674699C}] => C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [{FB3EA502-866C-4B7F-B6AA-1C39351CBAA6}] => C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [TCP Query User{534A749B-500F-4954-9052-2205DB370923}C:\program files (x86)\call of duty black ops ii\t6sp.exe] => C:\program files (x86)\call of duty black ops ii\t6sp.exe
FirewallRules: [UDP Query User{1F8386C5-251C-4818-9618-5888C4B7BF75}C:\program files (x86)\call of duty black ops ii\t6sp.exe] => C:\program files (x86)\call of duty black ops ii\t6sp.exe
FirewallRules: [TCP Query User{CBDFF37B-FAC9-4737-85B1-DF05CCAB0955}C:\users\travis\downloads\call of duty modern warfare 3 pc multiplayer 4d1 ^^nosteam^^\call of duty modern warfare 3 multiplayer 4d1\iw5m.dat] => C:\users\travis\downloads\call of duty modern warfare 3 pc multiplayer 4d1 ^^nosteam^^\call of duty modern warfare 3 multiplayer 4d1\iw5m.dat
FirewallRules: [UDP Query User{A1BC2DE1-3239-4A05-9A6B-ADA37FF7B96C}C:\users\travis\downloads\call of duty modern warfare 3 pc multiplayer 4d1 ^^nosteam^^\call of duty modern warfare 3 multiplayer 4d1\iw5m.dat] => C:\users\travis\downloads\call of duty modern warfare 3 pc multiplayer 4d1 ^^nosteam^^\call of duty modern warfare 3 multiplayer 4d1\iw5m.dat
FirewallRules: [TCP Query User{39ECCEC6-B74D-4076-992B-5C778F1482B5}C:\program files (x86)\utorrent\utorrent.exe] => C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{9DF7DD07-BCB6-42CB-BA70-511443DB1A02}C:\program files (x86)\utorrent\utorrent.exe] => C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [{747FB71E-D6B5-4678-9B05-B09A4E787D06}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{32E3A3D3-F081-4B3C-A9B0-F9A499EED947}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{105A6CBC-8AD6-45E2-A9E0-CA44C7ADCD6C}] => C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{E2D3FB89-0751-46C7-9E16-685F1CACDFF0}] => C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{8D40BE5B-17C2-46DA-9B5B-DF257F422D91}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1EA74234-2AC7-447D-8CEC-1505449AAA4B}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{854D01FC-9495-4D41-AAD2-79815FB69A9C}] => C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{1313DF65-8795-4A6E-B387-16C3B9D228E8}] => C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D5E1950C-357D-4FB3-8398-1FEBB4EE91F4}] => C:\Users\Travis\AppData\Local\Temp\utt6FFB.tmp.exe
FirewallRules: [{199713E9-38AD-4275-ABD1-29CD50E2C93B}] => C:\Users\Travis\AppData\Local\Temp\utt6FFB.tmp.exe
FirewallRules: [TCP Query User{E94D251A-12BE-43F6-8289-817C5126F8B6}C:\program files (x86)\itunes\itunes.exe] => C:\program files (x86)\itunes\itunes.exe
FirewallRules: [UDP Query User{DBCF3EA6-7026-4B07-8DAF-706BEF18C07A}C:\program files (x86)\itunes\itunes.exe] => C:\program files (x86)\itunes\itunes.exe
FirewallRules: [{57BFDC1E-48C4-4138-B258-E331046661C6}] => C:\Users\Travis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0CC655DD-8098-49F0-8155-A1F02F45432F}] => C:\Users\Travis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5E58E366-C2CD-4829-B0BB-06285911B921}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4563F673-5FAD-4C64-9094-656960EE67A3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BA47C2D6-96BF-4528-970C-B97D7FFE8E21}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FB717E13-024C-44D9-A242-5D03FCFC9D9D}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A23EEB6-A435-4F05-820F-3F41059B66A7}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B877855A-6335-4C22-9A57-2C5876E26E48}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CBE4B204-46AD-4032-BAFF-AAD141D21827}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{00F043DA-FE7B-4F1F-935D-FDBC75E4CA7E}] => C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{8DF89464-4B5F-4156-A9AD-CF896DE6AA59}C:\program files\itunes\itunes.exe] => C:\program files\itunes\itunes.exe
FirewallRules: [UDP Query User{002CC12A-4553-4293-90AB-A2438806618E}C:\program files\itunes\itunes.exe] => C:\program files\itunes\itunes.exe

==================== Restore Points =========================

15-10-2016 22:41:30 Checkpoint by HitmanPro
15-10-2016 23:14:07 Checkpoint by HitmanPro
11-12-2016 17:59:05 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
18-12-2016 21:20:09 Checkpoint by HitmanPro
22-12-2016 15:59:56 JRT Pre-Junkware Removal
22-12-2016 17:28:00 JRT Pre-Junkware Removal
23-12-2016 12:52:21 Restore Point Created by FRST
25-12-2016 14:30:42 Restore Point Created by FRST
26-12-2016 15:35:29 Removed Java 7 Update 6 (64-bit)
26-12-2016 15:36:52 Removed Java™ 6 Update 37
26-12-2016 15:38:21 Removed Java 7 Update 67

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/25/2016 02:30:41 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {197f497c-b275-4340-8b83-e63d26ae42a8}

Error: (12/25/2016 12:45:10 PM) (Source: MsiInstaller) (EventID: 11722) (User: ShadowBox)
Description: Product: iCloud -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.  Action RuniCloudUpgradeMigration, location: C:\Program Files (x86)\Common Files\Apple\Internet Services\, command: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe /upgrade5

Error: (12/25/2016 12:41:41 PM) (Source: MsiInstaller) (EventID: 11923) (User: ShadowBox)
Description: Product: iTunes -- Error 1923. Service 'iPod Service' (iPod Service) could not be installed.  Verify that you have sufficient privileges to install system services.

Error: (12/25/2016 12:36:58 PM) (Source: MsiInstaller) (EventID: 11923) (User: ShadowBox)
Description: Product: iTunes -- Error 1923. Service 'iPod Service' (iPod Service) could not be installed.  Verify that you have sufficient privileges to install system services.

Error: (12/23/2016 08:04:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14bc

Start Time: 01d25d9aada323e4

Termination Time: 7

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/23/2016 12:52:21 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {49e60f03-e503-46df-8856-a7d8c9543a57}

Error: (12/22/2016 01:29:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McAfee.TrueKey.Service.exe, version: 4.9.108.0, time stamp: 0x58140007
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc000000d
Fault offset: 0x0000000000078fd1
Faulting process id: 0xc9c
Faulting application start time: 0x01d25c9a31c0794d
Faulting application path: C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: c506c048-c88d-11e6-adcf-90e6ba659846

Error: (12/18/2016 06:00:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17280, time stamp: 0x53f262ac
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe06d7363
Fault offset: 0x0000c42d
Faulting process id: 0x1220
Faulting application start time: 0x01d25995809534f4
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: eab1d4e9-c58e-11e6-a740-90e6ba659846

Error: (12/11/2016 05:44:39 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
Description: Failed to begin a Windows Installer transaction ASU_MSI_TRAN. Error 1603 occurred while beginning the transaction.

Error: (11/07/2016 09:55:26 AM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
Description: Failed to begin a Windows Installer transaction ASU_MSI_TRAN. Error 1603 occurred while beginning the transaction.

System errors:
=============
Error: (12/26/2016 03:29:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (12/26/2016 10:35:22 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (12/25/2016 02:31:33 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (12/25/2016 02:31:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/25/2016 02:31:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/25/2016 02:31:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDAgent service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/25/2016 02:31:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/25/2016 02:31:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/25/2016 02:31:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Creative Audio Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/25/2016 02:31:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDEngine service terminated unexpectedly.  It has done this 1 time(s).

CodeIntegrity:
===================================
  Date: 2016-12-26 15:30:36.647
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-26 10:39:31.683
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-25 21:26:08.825
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-25 14:43:59.796
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-25 10:26:16.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-23 19:51:24.647
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-23 13:07:08.209
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-23 12:47:02.167
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-22 21:51:29.755
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-22 13:57:00.398
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 43%
Total physical RAM: 9207.16 MB
Available physical RAM: 5156.32 MB
Total Virtual: 23015.34 MB
Available Virtual: 17639.93 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:685.72 GB) (Free:212.68 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.82 GB) (Free:2.29 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive l: (NHL_09) (CDROM) (Total:2.71 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=685.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 27 December 2016 - 08:43 AM

Clean these empty registry items.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Travis\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Users\Travis\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll => No File
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#9 Psychologique21

Psychologique21
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 29 December 2016 - 12:26 AM

Thank you, again. Everything appears to be working well. The processes are not taking extreme amounts of memory.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Travis (28-12-2016 19:53:08) Run:3
Running from C:\Users\Travis\Desktop\Farbar tool
Loaded Profiles: Travis (Available Profiles: Travis)
Boot Mode: Normal
==============================================

fixlist content:
*****************

Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Travis\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Travis\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Users\Travis\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll => No File
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Travis\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => not found.
C:\Users\Travis\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\Users\Travis\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll => not found.
C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll => not found.
cpuz136 => Service stopped successfully.
cpuz136 => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12922772 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 4819559 B
Edge => 0 B
Chrome => 378679441 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Travis => 135610333 B

RecycleBin => 0 B
EmptyTemp: => 515.4 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 19:54:09 ====

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Travis (26-12-2016 15:43:23)
Running from C:\Users\Travis\Desktop\Farbar tool
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-01 15:37:46)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1159617972-1503282002-2484639351-500 - Administrator - Disabled)
Guest (S-1-5-21-1159617972-1503282002-2484639351-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1159617972-1503282002-2484639351-1002 - Limited - Enabled)
Travis (S-1-5-21-1159617972-1503282002-2484639351-1000 - Administrator - Enabled) => C:\Users\Travis

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Disabled - Up to date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Emsisoft Anti-Malware (Disabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.0 - )
µTorrent (HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\...\uTorrent) (Version: 3.4.9.42973 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{BCE26847-79A9-56FF-908E-C02FAA7705B3}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
Avast Pro Antivirus (HKLM-x32\...\avast) (Version: 12.3.2280 - AVAST Software)
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Bigasoft Audio Converter 3.6.25.4532 (HKLM-x32\...\{E6333CE4-9DC0-455C-9D43-E011CE33F5FA}_is1) (Version:  - Bigasoft Corporation)
Bome's Mouse Keyboard 2.00 (HKLM-x32\...\Bome's Mouse Keyboard_is1) (Version:  - Bome Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2010.0930.2237.38732 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Creative 3DMIDI Player (HKLM-x32\...\3DMIDI) (Version: 1.11 - Creative Technology Limited)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Diagnostics (HKLM-x32\...\Diagnostics 4_5) (Version: 5.11 - Creative Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D110 (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
DVDFab 7.0.7.0 (08/06/2010) (HKLM-x32\...\DVDFab 7_is1) (Version:  - Fengtao Software Inc.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.8 - Emsisoft Ltd.)
Epubor Adobe DRM Removal (HKLM-x32\...\Epubor Adobe DRM Removal) (Version: 2.0.7.5 - Epubor Inc.)
Evoluent Mouse Manager (HKLM\...\{0F8F4447-1F0B-4703-9BD5-53F0274CE856}) (Version: 4.0.0 - Evoluent)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version:  - AOL Products)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Easy Backup (HKLM-x32\...\{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1) (Version: 1.0.8.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.0.4215 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.98.0 - ATI Technologies Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.7.2.0 - LG Electronics)
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
LoopBe1 - Internal MIDI Port (HKLM-x32\...\LoopBe1) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Morphyre (HKLM-x32\...\Morphyre) (Version:  - )
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 14.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NHL® 09 (HKLM-x32\...\{F2B5A2A7-2DF9-4361-8BD5-362714528B51}) (Version: 2.0.1.0 - Electronic Arts)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PerfectDisk 12.5 Professional (HKLM\...\{FD310764-B3E5-430F-980E-D6C0016B2660}) (Version: 12.05.312 - Raxco Software Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1931 - CyberLink Corp.) Hidden
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Reason 4.0 (HKLM-x32\...\Reason4_is1) (Version: 4.0 - Propellerhead Software AB)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Soluto (HKLM\...\{32F9DBC7-95D1-469F-B7A3-678948D6DA32}) (Version: 1.3.1140.0 - Soluto)
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - Creative Technology Limited)
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Virtual MIDI Piano Keyboard (HKLM-x32\...\Virtual MIDI Piano Keyboard) (Version: 0.5.0 - VMPK)
VirtualDJ PRO Full (HKLM-x32\...\{74F28F11-404B-4CEA-92FF-37BF476F239E}) (Version: 7.0.3 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02BA4B52-D2D8-48F9-A1A6-0DCA5B3E48AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2016-12-20] (Microsoft)
Task: {0B3BA3BB-B567-45A6-9E93-D0F4EB09B36E} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {0DCD4C36-8754-41CF-8774-E46F0A76E7F7} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe [2016-12-18] (Adobe Systems Incorporated)
Task: {14E714EE-95FF-4F21-89B7-27EC891F4AE2} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {1A599843-5189-4EFC-B022-34FC7A52C778} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-05] (CyberLink)
Task: {256267B6-9AC2-4CF6-B666-09DD2710A145} - System32\Tasks\RNUpgradeHelperLogonPrompt_Travis => C:\Users\Travis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.05\agent\rnupgagent.exe [2016-12-11] (RealNetworks, Inc.)
Task: {30BA4E31-35D2-4767-93F8-A52FC7350E15} - System32\Tasks\AdobeAAMUpdater-1.0-ShadowBox-Travis => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {3CEC6868-B8E6-4F1F-B398-32C881220EC2} - System32\Tasks\HPCeeScheduleForTravis => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-26] (Hewlett-Packard)
Task: {3F6042B4-AFB5-4F49-A06A-9BB26007F22E} - System32\Tasks\{2E2AB8B2-FB41-4646-9F34-36EBC5B6068A} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Digital Editions\uninstall.exe"
Task: {4D603E48-555B-43B5-AC49-F6BF34934F2F} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {504E93DA-4FE7-4A5A-8666-006FDBDDD633} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-13] (AVAST Software)
Task: {59AFEAB7-95C8-465D-8B5B-76FB69DDF322} - System32\Tasks\DVDAgent => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {6341A684-E5C5-47EA-8391-BCB9B0E58673} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-13] (Google Inc.)
Task: {6524BF1C-F8E9-4CD7-B1D0-083A915A8E15} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-18] (Adobe Systems Incorporated)
Task: {67260CA1-7A40-49D4-B688-F76C2585343A} - System32\Tasks\ReclaimerUpdateFiles_Travis => C:\Users\Travis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.05\agent\rnupgagent.exe [2016-12-11] (RealNetworks, Inc.)
Task: {806E6338-739C-46D6-AE0F-D75954091B3C} - System32\Tasks\SafeZone scheduled Autoupdate 1476411579 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {84E3D1BA-FD6B-416C-B640-C47620B9B273} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1159617972-1503282002-2484639351-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {89C422FC-6A31-4597-A7BC-79A612E27A12} - System32\Tasks\RNUpgradeHelperResumePrompt_Travis => C:\Users\Travis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.05\agent\rnupgagent.exe [2016-12-11] (RealNetworks, Inc.)
Task: {927E09BC-D757-457E-B02E-88EEA626DCBD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2016-12-20] (Microsoft)
Task: {97D9B629-F156-447A-A212-E727AECD50A3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {A5BA20A9-6596-47D4-BDD5-035788590AE7} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1159617972-1503282002-2484639351-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {A7A035EE-3A19-4892-BE10-1C67DEDC9159} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-13] (Google Inc.)
Task: {AF026CA1-A641-42D5-BD0B-5C14F842950F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1159617972-1503282002-2484639351-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {CCF03939-A135-4CE3-AAFE-58BA5279B086} - System32\Tasks\ReclaimerUpdateXML_Travis => C:\Users\Travis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.05\agent\rnupgagent.exe [2016-12-11] (RealNetworks, Inc.)
Task: {F5E099DE-ECA9-4878-BCA2-AD487938C3AF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F82914AB-0504-4FDA-9327-1452B060178A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1159617972-1503282002-2484639351-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTravis.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki/
Shortcut: C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com/

ShortcutWithArgument: C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Until AM for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjafmkicbmhcbapadecadciafbkecofl

==================== Loaded Modules (Whitelisted) ==============

2014-09-24 11:45 - 2014-09-24 11:45 - 00237568 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGAppControlPlugin#\14743bb37374ee94b3a3b44628ce9f58\PCGAppControlPluginLoader.ni.dll
2014-09-24 11:44 - 2014-09-24 11:44 - 01665024 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGPreCompiled\956b5607a5ae9187a31074fe0792d4e9\PCGPreCompiled.ni.dll
2013-01-27 08:00 - 2013-01-27 08:00 - 00091192 _____ () c:\program files\soluto\PCGDllExportInspector.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-06 00:21 - 2013-03-06 00:21 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-01-27 08:00 - 2013-01-27 08:00 - 00091192 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2010-04-12 14:59 - 2010-04-12 14:59 - 00430080 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-30 20:36 - 2010-09-30 20:36 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-10-13 17:21 - 2016-10-13 17:21 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-12-26 10:35 - 2016-12-26 10:35 - 03131344 _____ () C:\Program Files\AVAST Software\Avast\defs\16122600\algo.dll
2016-10-13 17:21 - 2016-10-13 17:21 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-10-13 17:22 - 2016-10-13 17:22 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-11-10 13:35 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2009-11-10 13:35 - 2009-07-10 09:07 - 00166912 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-02-28 19:14 - 2014-02-28 19:14 - 00002560 _____ () C:\Windows\system32\CTXFIRES.DLL
2009-08-05 13:45 - 2009-08-05 13:45 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2016-12-22 14:06 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1159617972-1503282002-2484639351-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1641B961-68BD-4831-B84F-A74F9166E0AE}] => c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{0B2AE5E3-75EF-4E24-BE7B-5B81662ABB3D}] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{5505C46B-0EEC-4068-BD9B-A24A52FCCD89}] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{CDCDB1FA-F88C-457C-BA8A-FF82AC669D01}] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{4698E3FD-F8C1-4047-A458-5C84F66A5159}] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{43E042C5-5711-43B2-A6BD-5E10D9B37637}] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{3F8A40B5-933E-40BD-A750-3DBD254B0D86}] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{AD5158A2-77CF-494D-A482-726B5FBFC523}] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{DEB1909F-609E-4DAD-9883-8B98E3C2FBA1}] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{3BB98717-6E22-48F0-ADC8-3F5AB73F9972}] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{FD9DBAD4-A358-4D11-A69A-B0830C18BF46}] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{7E2EBF1D-6941-4BA0-B3D6-F96A54B1DB62}] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{FACFC21E-859B-4518-A88B-2BEE29AF346B}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{04BBE84D-B692-41FB-AA9C-10CC711EFAF5}] => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{50D2C253-834C-4B17-98C1-A96E17FF0469}] => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{2B052D66-C43C-41E1-BE66-AE9027993CCE}] => C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{2178A35E-3D11-49B3-ADB2-84C727606E60}] => C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{451D122E-F687-497B-816D-BC0A1B5486BB}] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{A018E8D3-314F-42C4-9A35-BF16D9CDF46D}] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{82AA6FC6-E35D-4C60-86E0-76D307C08392}] => C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{7B87FCB6-2ED2-4A5C-A540-9EA997CBC828}] => C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{73F20277-5670-429B-93E3-98C2F4E1595C}] => C:\Users\Travis\Downloads\solutoinstaller-Xw2j8E9MpD.exe
FirewallRules: [{AC488CA8-4BC3-4310-9854-46BFE6E5B8D5}] => C:\Users\Travis\Downloads\solutoinstaller-Xw2j8E9MpD.exe
FirewallRules: [{50AE6229-720C-4529-BE47-DD0F78FDC8D6}] => C:\Users\Travis\AppData\Local\Temp\7zS5EC5\setup\hpznui40.exe
FirewallRules: [{32F4B57B-1072-4051-973E-7DFC2D668D91}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{24F28482-6497-4AD0-971D-D74A35FD0903}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{6712B408-E13D-4ADE-AC37-3EAB8BBCDE46}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{7683E1C0-B84E-4EE2-80D0-F746CE4BA3D8}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{9E3B620E-7A2E-469D-BCCA-109645DA2CDB}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{DA63EB76-FED7-44F4-9963-1AB04F079F98}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{18037C87-627C-4772-A9BD-2EE6984619BC}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{65ADE73E-5FB4-4A44-8B22-CE5610879A01}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{0FF62FFE-E27A-41D7-B8F6-4129CDCA3281}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{644FA9DD-CBF5-4A8C-8255-C0A63543F844}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{BBAFACBF-FD61-43FE-9C51-3977B7AE3C03}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{E332478B-BFAE-4692-AC93-C343AD3E5CD4}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{C0792D4E-81B6-42E8-8AA3-8E2E58CFBD67}] => C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{856927A8-4DBC-470D-942A-01EFC772BEB9}] => C:\Users\Travis\AppData\Local\Temp\7zS69B0\HPDiagnosticCoreUI.exe
FirewallRules: [{DA6E5E90-7AFB-4298-9EBC-ABCD948D0F2B}] => C:\Users\Travis\AppData\Local\Temp\7zS69B0\HPDiagnosticCoreUI.exe
FirewallRules: [{DEA5A698-41CB-4467-8825-093A71879E76}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{104C4AF8-2A2D-454E-A3D5-775B0CF86FC5}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{4A0DE366-5BEE-4245-82F8-EF693117EE64}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{69B56946-86D3-4097-A4A9-9A85AB81BF24}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{23213F16-5754-46B9-B33F-547F91735EF0}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{79434283-B396-4783-B72E-F2E60B5CEF84}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [TCP Query User{C04F4B52-F48F-4861-AF7F-448BF792E26C}C:\users\travis\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\travis\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{4F552500-F23E-4579-AA20-E7C5E98809F3}C:\users\travis\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\travis\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{405B8FF3-8F69-4E9F-AC8C-0AA6F45A80DB}C:\program files (x86)\real\realplayer\realplay.exe] => C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{B4B7C4F7-245D-4FBC-BB25-E96537AF905C}C:\program files (x86)\real\realplayer\realplay.exe] => C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [{54A3CFF8-E756-4D29-BCBD-AD6DCD9A28C6}] => C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{9B8BBE44-6B57-4307-96BF-B195329C601D}] => C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{F58181C3-673A-49AE-9D6F-E0CCD41DCCD4}] => C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{514E4F0F-2119-4A88-B92D-D420B7D890E6}] => C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{3FFFF512-6614-4FC8-862C-2A8E6F351F8E}] => C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{3B0F97D7-FA5B-4312-A945-9FE233C2D1EC}] => C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{9314C6A9-2C7B-46F4-9455-D96BF3191D44}] => C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{0B9973EB-67F9-4C52-A772-DC521B72E6EB}] => C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{A7718D9A-7DBB-4A41-B82E-C3BA8674699C}] => C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [{FB3EA502-866C-4B7F-B6AA-1C39351CBAA6}] => C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [TCP Query User{534A749B-500F-4954-9052-2205DB370923}C:\program files (x86)\call of duty black ops ii\t6sp.exe] => C:\program files (x86)\call of duty black ops ii\t6sp.exe
FirewallRules: [UDP Query User{1F8386C5-251C-4818-9618-5888C4B7BF75}C:\program files (x86)\call of duty black ops ii\t6sp.exe] => C:\program files (x86)\call of duty black ops ii\t6sp.exe
FirewallRules: [TCP Query User{CBDFF37B-FAC9-4737-85B1-DF05CCAB0955}C:\users\travis\downloads\call of duty modern warfare 3 pc multiplayer 4d1 ^^nosteam^^\call of duty modern warfare 3 multiplayer 4d1\iw5m.dat] => C:\users\travis\downloads\call of duty modern warfare 3 pc multiplayer 4d1 ^^nosteam^^\call of duty modern warfare 3 multiplayer 4d1\iw5m.dat
FirewallRules: [UDP Query User{A1BC2DE1-3239-4A05-9A6B-ADA37FF7B96C}C:\users\travis\downloads\call of duty modern warfare 3 pc multiplayer 4d1 ^^nosteam^^\call of duty modern warfare 3 multiplayer 4d1\iw5m.dat] => C:\users\travis\downloads\call of duty modern warfare 3 pc multiplayer 4d1 ^^nosteam^^\call of duty modern warfare 3 multiplayer 4d1\iw5m.dat
FirewallRules: [TCP Query User{39ECCEC6-B74D-4076-992B-5C778F1482B5}C:\program files (x86)\utorrent\utorrent.exe] => C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{9DF7DD07-BCB6-42CB-BA70-511443DB1A02}C:\program files (x86)\utorrent\utorrent.exe] => C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [{747FB71E-D6B5-4678-9B05-B09A4E787D06}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{32E3A3D3-F081-4B3C-A9B0-F9A499EED947}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{105A6CBC-8AD6-45E2-A9E0-CA44C7ADCD6C}] => C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{E2D3FB89-0751-46C7-9E16-685F1CACDFF0}] => C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{8D40BE5B-17C2-46DA-9B5B-DF257F422D91}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1EA74234-2AC7-447D-8CEC-1505449AAA4B}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{854D01FC-9495-4D41-AAD2-79815FB69A9C}] => C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{1313DF65-8795-4A6E-B387-16C3B9D228E8}] => C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D5E1950C-357D-4FB3-8398-1FEBB4EE91F4}] => C:\Users\Travis\AppData\Local\Temp\utt6FFB.tmp.exe
FirewallRules: [{199713E9-38AD-4275-ABD1-29CD50E2C93B}] => C:\Users\Travis\AppData\Local\Temp\utt6FFB.tmp.exe
FirewallRules: [TCP Query User{E94D251A-12BE-43F6-8289-817C5126F8B6}C:\program files (x86)\itunes\itunes.exe] => C:\program files (x86)\itunes\itunes.exe
FirewallRules: [UDP Query User{DBCF3EA6-7026-4B07-8DAF-706BEF18C07A}C:\program files (x86)\itunes\itunes.exe] => C:\program files (x86)\itunes\itunes.exe
FirewallRules: [{57BFDC1E-48C4-4138-B258-E331046661C6}] => C:\Users\Travis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0CC655DD-8098-49F0-8155-A1F02F45432F}] => C:\Users\Travis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5E58E366-C2CD-4829-B0BB-06285911B921}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4563F673-5FAD-4C64-9094-656960EE67A3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BA47C2D6-96BF-4528-970C-B97D7FFE8E21}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FB717E13-024C-44D9-A242-5D03FCFC9D9D}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A23EEB6-A435-4F05-820F-3F41059B66A7}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B877855A-6335-4C22-9A57-2C5876E26E48}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CBE4B204-46AD-4032-BAFF-AAD141D21827}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{00F043DA-FE7B-4F1F-935D-FDBC75E4CA7E}] => C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{8DF89464-4B5F-4156-A9AD-CF896DE6AA59}C:\program files\itunes\itunes.exe] => C:\program files\itunes\itunes.exe
FirewallRules: [UDP Query User{002CC12A-4553-4293-90AB-A2438806618E}C:\program files\itunes\itunes.exe] => C:\program files\itunes\itunes.exe

==================== Restore Points =========================

15-10-2016 22:41:30 Checkpoint by HitmanPro
15-10-2016 23:14:07 Checkpoint by HitmanPro
11-12-2016 17:59:05 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
18-12-2016 21:20:09 Checkpoint by HitmanPro
22-12-2016 15:59:56 JRT Pre-Junkware Removal
22-12-2016 17:28:00 JRT Pre-Junkware Removal
23-12-2016 12:52:21 Restore Point Created by FRST
25-12-2016 14:30:42 Restore Point Created by FRST
26-12-2016 15:35:29 Removed Java 7 Update 6 (64-bit)
26-12-2016 15:36:52 Removed Java™ 6 Update 37
26-12-2016 15:38:21 Removed Java 7 Update 67

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/25/2016 02:30:41 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {197f497c-b275-4340-8b83-e63d26ae42a8}

Error: (12/25/2016 12:45:10 PM) (Source: MsiInstaller) (EventID: 11722) (User: ShadowBox)
Description: Product: iCloud -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.  Action RuniCloudUpgradeMigration, location: C:\Program Files (x86)\Common Files\Apple\Internet Services\, command: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe /upgrade5

Error: (12/25/2016 12:41:41 PM) (Source: MsiInstaller) (EventID: 11923) (User: ShadowBox)
Description: Product: iTunes -- Error 1923. Service 'iPod Service' (iPod Service) could not be installed.  Verify that you have sufficient privileges to install system services.

Error: (12/25/2016 12:36:58 PM) (Source: MsiInstaller) (EventID: 11923) (User: ShadowBox)
Description: Product: iTunes -- Error 1923. Service 'iPod Service' (iPod Service) could not be installed.  Verify that you have sufficient privileges to install system services.

Error: (12/23/2016 08:04:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14bc

Start Time: 01d25d9aada323e4

Termination Time: 7

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/23/2016 12:52:21 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {49e60f03-e503-46df-8856-a7d8c9543a57}

Error: (12/22/2016 01:29:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McAfee.TrueKey.Service.exe, version: 4.9.108.0, time stamp: 0x58140007
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc000000d
Fault offset: 0x0000000000078fd1
Faulting process id: 0xc9c
Faulting application start time: 0x01d25c9a31c0794d
Faulting application path: C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: c506c048-c88d-11e6-adcf-90e6ba659846

Error: (12/18/2016 06:00:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17280, time stamp: 0x53f262ac
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe06d7363
Fault offset: 0x0000c42d
Faulting process id: 0x1220
Faulting application start time: 0x01d25995809534f4
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: eab1d4e9-c58e-11e6-a740-90e6ba659846

Error: (12/11/2016 05:44:39 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
Description: Failed to begin a Windows Installer transaction ASU_MSI_TRAN. Error 1603 occurred while beginning the transaction.

Error: (11/07/2016 09:55:26 AM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
Description: Failed to begin a Windows Installer transaction ASU_MSI_TRAN. Error 1603 occurred while beginning the transaction.

System errors:
=============
Error: (12/26/2016 03:29:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (12/26/2016 10:35:22 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (12/25/2016 02:31:33 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (12/25/2016 02:31:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/25/2016 02:31:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/25/2016 02:31:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDAgent service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/25/2016 02:31:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/25/2016 02:31:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/25/2016 02:31:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Creative Audio Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/25/2016 02:31:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDEngine service terminated unexpectedly.  It has done this 1 time(s).

CodeIntegrity:
===================================
  Date: 2016-12-26 15:30:36.647
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-26 10:39:31.683
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-25 21:26:08.825
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-25 14:43:59.796
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-25 10:26:16.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-23 19:51:24.647
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-23 13:07:08.209
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-23 12:47:02.167
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-22 21:51:29.755
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-22 13:57:00.398
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 43%
Total physical RAM: 9207.16 MB
Available physical RAM: 5156.32 MB
Total Virtual: 23015.34 MB
Available Virtual: 17639.93 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:685.72 GB) (Free:212.68 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.82 GB) (Free:2.29 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive l: (NHL_09) (CDROM) (Total:2.71 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=685.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 29 December 2016 - 09:39 AM

Looking good.

#11 Psychologique21

Psychologique21
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 30 December 2016 - 11:31 PM

Alright I finally figured out what's taking up so much memory. It's the svchost.exe (netsvcs) using about 2gb of memory. I see that this has been a known problem to Microsoft and that they have a hotfix for it but I would like to know how you think I should proceed.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 31 December 2016 - 09:40 AM

Give the the Microsoft link.

#13 Psychologique21

Psychologique21
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 31 December 2016 - 03:25 PM

https://support.microsoft.com/en-us/kb/2889748



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 01 January 2017 - 09:09 AM

Yes you should run that suggested fix.

Keep me posted.

#15 Psychologique21

Psychologique21
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 02 January 2017 - 01:24 AM

So I have just turned this cpu on for the first time in several years and Windows 7 has not been updated since 9/30/14. While I was trying to search for updates it was taking forever but I finally found a workaround that got Windows Update working properly. I'm downloading and installing the 135 updates and I already see a moderate improvement of the memory usage of svchost.exe (netsvcs). Currently only using around 500mb and I have yet to apply the hotfix yet. I'll get back to you after the updates have completed.


Edited by Psychologique21, 02 January 2017 - 04:53 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users