Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser gradual slow down eventually freezing .


  • This topic is locked This topic is locked
17 replies to this topic

#1 coys500

coys500

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 09 March 2017 - 12:48 PM

First let me say i'm not the most techy person .So my issues started out the blue about 3 or 4 days ago,with no obvious start point.My PC is quite old,maybe 5 years,so possibly it's just it's natural ending,but never had any issues before and would be great if could save it.

 

   On start up,everything  seems fine.,but after about 10 mins things start to slow down.pages won't load in chrome e.t.c till eventually it just totally freezes up ,to the point where i can't even shut it down correctly.in safe mode everything is fine .As i said ,i have had this PC for over 5 years ,but never had a major issue issue with it.And possibly got a bit complacent with it,as in like it was indestructable haha.I'm assuming it is some kind of virus.

 

   I have tried 2 or 3 scans and found some malware and removed it,but it's made no diffrence.the best scan i've used before was malwarebytes,that always resolved any issues.However this time i can't complete a full scan.last time i tried it showed 4 infections,but then froze after 45 mins before completion.I have also seen roguekiller is very good,but i can't seem to run it,even in safe mode.it downloads,but when i click on download to run it nothing happens,like nothing no messages just nothing.

 

 As i said i,m not the most techy person,but will try to follow instruction as best as possible.

 

Regards 



BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:08 AM

Posted 09 March 2017 - 01:13 PM

Hello coys500 and welcome to BleepingComputer!            :)

 

My name is Sirawit and I'm here to help you.

 

If I don't reply after 2 days, feel free to PM me.           :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right-hand corner of the topic, you will see the "Follow this topic" button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 3 days I will bump the topic, if you didn't reply in next 3 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

 

If for some reason the scan can't be completed in normal mode, please try running it in safe mode.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 coys500

coys500
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 10 March 2017 - 05:05 PM

ok thanks for quick response.i will do this on monday and post results thanks .



#4 coys500

coys500
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 10 March 2017 - 05:16 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by trevsears (administrator) on TREVSEARS-PC (10-03-2017 22:07:32)
Running from C:\Users\trevsears\Downloads
Loaded Profiles: trevsears (Available Profiles: trevsears)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\trevsears\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-11-03] (Intel Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239672 2017-02-27] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-01-25] (Apple Inc.)
HKLM-x32\...\Run: [ISTray] => C:\Program Files (x86)\PC Tools Security\pctsGui.exe [1589208 2011-01-13] (PC Tools)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-08-12] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [254776 2017-03-07] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [HPAdvisor] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [AROReminder] => C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe [2132480 2009-10-22] (Sammsoft)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [MsnMsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [9728 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-02-06] (SUPERAntiSpyware)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [Google Update] => C:\Users\trevsears\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [Mozilla] => 78?ˆ–›/*
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [Kaspersky Software Updater] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\NFSBEA~1.SCR
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2010-04-14] (ALWIL Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012-12-03]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe (McAfee, Inc.)
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.0.1
Tcpip\..\Interfaces\{A378301E-4C85-4E89-9F4B-C0D21F502478}: [DhcpNameServer] 192.168.2.1 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=92&bd=Presario&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/?pc=AVBR
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
URLSearchHook: [S-1-5-21-4038976904-1822882696-2036340236-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {6332EB9C-7887-4616-8ECD-33ADC081CA2B} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM -> {D34B3EE1-59E7-40F9-9082-1FF3FE8A8D71} URL = hxxp://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
SearchScopes: HKLM-x32 -> {6332EB9C-7887-4616-8ECD-33ADC081CA2B} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-08-12] (RealPlayer)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [2011-09-22] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL [2009-08-26] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-21] (Sun Microsystems, Inc.)
BHO-x32: AOL Toolbar BHO -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02] (AOL LLC)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-21] (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02] (AOL LLC)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [2011-09-22] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29] (Skype Technologies S.A.)
Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [2011-09-22] (Symantec Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-05-28] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-05-28] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-05-28] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-05-28] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\trevsears\AppData\Roaming\Mozilla\Firefox\Profiles\kuaxo6ms.default [2017-03-09]
FF user.js: detected! => C:\Users\trevsears\AppData\Roaming\Mozilla\Firefox\Profiles\kuaxo6ms.default\user.js [2012-07-04]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\kuaxo6ms.default -> hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=5823743158C41FFDF1B07C50BD3768F8
FF Homepage: Mozilla\Firefox\Profiles\kuaxo6ms.default -> hxxp://www.findamo.com?ch=12
FF Keyword.URL: Mozilla\Firefox\Profiles\kuaxo6ms.default -> hxxp://www.findamo.com/search.html?ch=12&q=
FF Extension: (SpecialSavings) - C:\Users\trevsears\AppData\Roaming\Mozilla\Firefox\Profiles\kuaxo6ms.default\Extensions\specialsavings@superfish.com [2013-01-11] [not signed]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\trevsears\AppData\Roaming\Mozilla\Firefox\Profiles\kuaxo6ms.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-02-26] [not signed]
FF Extension: (Funmoods) - C:\Users\trevsears\AppData\Roaming\Mozilla\Firefox\Profiles\kuaxo6ms.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab} [2014-03-11] [not signed]
FF Extension: (Ask Toolbar for Firefox) - C:\Users\trevsears\AppData\Roaming\Mozilla\Firefox\Profiles\kuaxo6ms.default\Extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2011-06-02] [not signed]
FF Extension: (No Name) - C:\Users\trevsears\AppData\Roaming\Mozilla\Firefox\Profiles\kuaxo6ms.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2013-06-04] [not signed]
FF Extension: (Hide My IP) - C:\Program Files (x86)\Mozilla Firefox\extensions\staff@hide-my-ip.com [2016-02-13] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-02-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF Extension: (Norton Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn [2011-10-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-11-28] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-01-21] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-02-21] (Sun Microsystems, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-08-12] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2012-08-12] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-12] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-12] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2012-08-12] (RealPlayer)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2011-05-26] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4038976904-1822882696-2036340236-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\trevsears\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4038976904-1822882696-2036340236-1000: @talk.google.com/O1DPlugin -> C:\Users\trevsears\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4038976904-1822882696-2036340236-1000: @tools.google.com/Google Update;version=3 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-4038976904-1822882696-2036340236-1000: @tools.google.com/Google Update;version=9 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012-02-21] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2012-08-12] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll [2012-08-12] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012-08-12] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\trevsears\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\trevsears\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://www.findamo.com/search.html?ch=12&q={searchTerms}
CHR DefaultSearchKeyword: Default -> blekko
CHR Profile: C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default [2017-03-10]
CHR Extension: (Google Slides) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-12]
CHR Extension: (Google Docs) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2016-01-17]
CHR Extension: (Google Sheets) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-12]
CHR Extension: (Google Docs Offline) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-08-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-11-29]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-02-06] (SUPERAntiSpyware.com)
S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-04-14] (ALWIL Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-04-14] (ALWIL Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-04-14] (ALWIL Software)
S2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [263720 2017-03-07] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7197976 2017-03-07] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1257384 2017-02-27] (AVG Technologies CZ, s.r.o.)
S2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
S3 HideMyIpSRV; C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe [3249512 2011-06-04] (Hide My IP)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-03-08] (SurfRight B.V.)
S2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
S2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
S3 ksu; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
S2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-10-22] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe [234776 2012-09-11] (McAfee, Inc.)
S2 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [117648 2011-09-22] (Symantec Corporation)
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [22096 2010-04-14] (ALWIL Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [63568 2010-04-14] (ALWIL Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [28752 2010-04-14] (ALWIL Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [121936 2010-04-14] (ALWIL Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [51280 2010-04-14] (ALWIL Software)
S3 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166136 2017-03-07] (AVG Technologies CZ, s.r.o.)
S3 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [311592 2017-03-07] (AVG Technologies CZ, s.r.o.)
S3 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192096 2017-03-07] (AVG Technologies CZ, s.r.o.)
S3 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336920 2017-03-07] (AVG Technologies CZ, s.r.o.)
S3 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [50848 2017-03-07] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39288 2017-03-07] (AVG Technologies CZ, s.r.o.)
S2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [127584 2017-03-07] (AVG Technologies CZ, s.r.o.)
S3 avgRdr; C:\Windows\system32\drivers\avgRdr.sys [71000 2017-03-07] (AVG Technologies CZ, s.r.o.)
S0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76688 2017-03-07] (AVG Technologies CZ, s.r.o.)
S3 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [994592 2017-03-07] (AVG Technologies CZ, s.r.o.)
S1 avgSP; C:\Windows\system32\drivers\avgSP.sys [548888 2017-03-07] (AVG Technologies CZ, s.r.o.)
S3 avgStmXP; C:\Windows\system32\drivers\avgStmXP.sys [225736 2017-03-07] (AVG Technologies CZ, s.r.o.)
S3 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [338576 2017-03-07] (AVG Technologies CZ, s.r.o.)
S1 BHDrvx64; C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [334384 2009-11-18] (Symantec Corporation)
S1 ccHP; C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [561800 2011-10-11] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2009-11-16] (Symantec Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-12-03] (GFI Software)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100116.002\IDSvia64.sys [466992 2009-11-05] (Symantec Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2017-03-08] (Malwarebytes)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [257232 2010-12-10] (PC Tools)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS [476720 2009-08-26] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS [32304 2009-08-26] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1008030.006\SYMEFA64.SYS [402992 2009-08-26] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2009-11-18] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2009-08-26] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS [279160 2011-09-22] (Symantec Corporation)
U3 avgStm; no ImagePath
S3 cpuz134; \??\C:\Users\TREVSE~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100117.002\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100117.002\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [X]
S3 SYMDNS; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SYMDNS.SYS [X]
S3 SYMFW; \SystemRoot\System32\Drivers\NISx64\1007020.00B\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NISx64\1007020.00B\SYMNDISV.SYS [X]
S3 SYMREDRV; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SYMREDRV.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================


#5 coys500

coys500
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 10 March 2017 - 05:20 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
Ran by trevsears (10-03-2017 22:09:05)
Running from C:\Users\trevsears\Downloads
Windows Vista ™ Home Premium Service Pack 2 (X64) (2009-03-23 02:47:37)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4038976904-1822882696-2036340236-500 - Administrator - Disabled)
Guest (S-1-5-21-4038976904-1822882696-2036340236-501 - Limited - Disabled)
trevsears (S-1-5-21-4038976904-1822882696-2036340236-1000 - Administrator - Enabled) => C:\Users\trevsears
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: avast! Antivirus (Disabled - Up to date) {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.7.186 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 1.7.186 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 1.1.18.0 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8900 - Adobe Systems Inc.)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Advanced Registry Optimizer (HKLM-x32\...\Advanced Registry Optimizer_is1) (Version: 5.1 - Sammsoft)
AGT Pro (HKLM-x32\...\{3E38250B-AEEE-4D75-B93E-A261E30C27C4}) (Version: 1.1.11 - The Geek)
AOL Toolbar 5.0 (HKLM-x32\...\AOL Toolbar) (Version: 5.2.78.2 - AOL LLC)
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E5C95CA5-4565-4B9D-97ED-05088D775614}) (Version: 3.3.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
Avant Browser (remove only) (HKLM-x32\...\AvantBrowser) (Version: 12.5.0.0 - Avant Force)
avast! Free Antivirus (HKLM-x32\...\avast5) (Version: 5.0.507.0 - Alwil Software)
AVG (HKLM\...\AvgZen) (Version: 1.162.2.62416 - AVG Technologies)
AVG (Version: 1.162.1 - AVG Technologies) Hidden
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.2.3008 - AVG Technologies)
Betfair Poker (HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Betfair.com Poker) (Version:  - )
Betfair Poker 1.0.0 (HKLM-x32\...\Betfair Poker_is1) (Version: 1.0.0 - Betfair)
BlackBerry Desktop Software 6.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.1.0.36 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.36 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2326 - CyberLink Corp.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FMW 1 (Version: 1.172.2 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Gyazo 1.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc. & Toshiyuki Masui)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5048.14 - PC-Doctor, Inc.)
Hide My IP 2009 (HKLM-x32\...\HMIP2009_is1) (Version:  - )
Hide My IP 5.3 (HKLM-x32\...\HMIP50_is1) (Version:  - )
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{E1591139-8B44-411B-A81B-D35F83A0565A}) (Version: 5.7.0.2875 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)
HP Total Care Advisor (HKLM-x32\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.6171.2860 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{47F36D92-E58E-456D-B73C-3382737E4C42}) (Version: 4.000.013.003 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 2.0.64.3 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{77B8B4A5-EE79-4907-A318-2DA86325B8D7}) (Version: 10.1.2.17 - Apple Inc.)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Software Updater (HKLM-x32\...\InstallWIX_{DEEDA858-A9B4-4212-8873-2F2CE2706E68}) (Version: 2.0.0.623 - Kaspersky Lab)
Kaspersky Software Updater (x32 Version: 2.0.0.623 - Kaspersky Lab) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1103 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1103 - CyberLink Corp.) Hidden
LightScribe System Software  1.14.32.1 (HKLM-x32\...\{CF3D8718-EF21-4408-AE38-A6DA98E1E2B6}) (Version: 1.14.32.1 - LightScribe)
Major Tom Online Casino (HKLM-x32\...\majortom) (Version: 16.10.2.1587 - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.0.3.1000 - Maxthon International Limited)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.287.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MRU-Blaster v1.5 (Database 3.28.04) (HKLM-x32\...\MRU-Blaster_is1) (Version: 1.5 - BrightFort LLC)
muvee Reveal (HKLM-x32\...\{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}) (Version: 7.0.35.7918 - muvee Technologies Pte Ltd)
My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
NewFreeScreensaver nfsBeaches (HKLM-x32\...\nfsBeaches New Free Screensaver_is1) (Version:  - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 16.8.3.6 - Symantec Corporation)
Opera 11.11 (HKLM-x32\...\Opera 11.11.2109) (Version: 11.11.2109 - Opera Software ASA)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2417 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2417 - CyberLink Corp.) Hidden
Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)
Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5740 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Royal Vegas (HKLM-x32\...\royalvegas) (Version: 16.9.2.739 - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.8.8855 - Skype Technologies S.A.)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spyware Doctor 8.0 (HKLM-x32\...\Spyware Doctor) (Version: 8.0 - PC Tools)
Super Hide IP (HKLM-x32\...\SuperHideIP) (Version: 3.1.2.2 - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1108 - SUPERAntiSpyware.com)
Tube2File (HKLM-x32\...\Tube2File) (Version:  - Tube2File)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zoola Games (HKLM-x32\...\Zoola Games) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.)
CustomCLSID: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\trevsears\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0895D027-11E1-4D8B-BC8C-D74D07FDAD47} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-12-10] (Maxthon International ltd.)
Task: {0EA2CC8D-701C-4241-88CD-9169D24B7253} - System32\Tasks\HPCeeScheduleFortrevsears => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-12-16] (Hewlett-Packard)
Task: {2BDB5C8B-4A46-4883-B94F-0D664B58EB9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {62EDCE6D-8DC7-42C4-97D3-AE7E24F37E0E} - System32\Tasks\RecoveryCD => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-12-17] ()
Task: {6AA76E5A-1302-4FDF-B5ED-1D0702D5DC6A} - \Reimage Reminder -> No File <==== ATTENTION
Task: {76F24BA9-98C0-4869-AAB1-C71817F472BF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {84494A48-17CC-46EE-B355-171CC6F4D169} - System32\Tasks\{66EE9827-3A93-415E-A751-6E97A1B81E5B} => c:\program files (x86)\maxthon\bin\maxthon.exe [2015-06-24] (Maxthon International ltd.)
Task: {865FBEA6-B4E2-47AA-AC61-9E1DC51358CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {941454C3-9AF1-49A6-95AB-76095652903E} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-03-07] (AVG Technologies CZ, s.r.o.)
Task: {9765A8C4-829E-4E26-A7A2-25388350FA72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A924EB85-637A-49F7-B71F-30992B9098F8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4038976904-1822882696-2036340236-1000UA => C:\Users\trevsears\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B04BCFB6-2853-45F1-ADB6-745532F34278} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4038976904-1822882696-2036340236-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {B9C16AF9-A8BD-4F91-A8A6-6D4324765040} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4038976904-1822882696-2036340236-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {BD4AFD38-21EF-4DE4-86B7-E847752D0F5D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4038976904-1822882696-2036340236-1000Core => C:\Users\trevsears\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CCBBBCEB-97CB-454E-8885-54458E0FD145} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {CD5C14A8-E939-4302-A2A7-6F36439A7AF6} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe 
Task: {D4339E6D-BF3B-4A5F-8560-5474EED4BF1A} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-11-05] (PC-Doctor, Inc.)
Task: {D555856D-8E8D-41BB-B72D-D1DE088B523B} - \bProtector -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleFortrevsears.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe 5-fh scripts\monthly.xml
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-11-30 16:35 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-11-30 16:35 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [122]
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 [108]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 12:34 - 2006-09-18 21:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
::1             localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\trevsears\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.2.1 - 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{A2E76B40-BE02-4F24-8890-C514E0D05F5B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{477677F2-EB71-426D-A247-CD644013B4D8}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{326A1D87-E319-4AE3-91ED-56750E7F22DB}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{98994606-6971-41B6-9D58-6F7D9EF620EC}] => (Allow) LPort=4481
FirewallRules: [{B261B66D-9094-43CB-819C-613E7B7C375E}] => (Allow) LPort=4481
FirewallRules: [{BA0557B9-55BC-4B67-9B87-7AFA0F56D5FA}] => (Allow) LPort=4482
FirewallRules: [{BF5A805C-5089-4B4C-B8F8-100E6C9EB4F8}] => (Allow) LPort=4482
FirewallRules: [{47399A23-38DB-48E2-B982-33B6F32C21BE}] => (Allow) LPort=80
FirewallRules: [{738B9F24-5F26-4888-882C-DD471C6DD2BA}] => (Allow) LPort=80
FirewallRules: [{F0FEB02C-DEE1-4504-A669-C9435D189078}] => (Allow) LPort=80
FirewallRules: [{3CEA7925-DDEE-45CD-B781-1E82A4A8E395}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CFB44487-30AA-4CDF-B9FD-3ED6CB21DA73}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BC222168-376E-4075-A6A5-EA4EF2D1616B}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{55D8CB85-3E5F-4BF5-AD66-2F96179583D5}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{77A63CDF-0A6C-4D84-8636-531E6510C34E}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{0C2A0071-1D70-478B-A905-1D8FE059DB9E}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{186E9BBD-083A-4F13-BC34-218A363F3B73}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [TCP Query User{FF8D0617-4F7A-49B9-B061-8FD06B68F32D}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{54281B71-EE70-4795-8BF7-69DFA63F045E}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [TCP Query User{13C3BA81-EFF7-4130-ADCC-34BB692C255B}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe
FirewallRules: [UDP Query User{B17D5365-9BDD-4F9B-BBB1-5CFA7F168CD0}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe
FirewallRules: [{D4EE5B8D-81B1-45B4-9FC2-D9CABA8D07FD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9B4E589F-3E6E-432C-8A36-359FFDCC931D}] => (Allow) C:\Users\TREVSE~1\AppData\Local\Temp\ibtmp4bfa424\component_342.decrpt
FirewallRules: [{7FC2AC4E-600E-4B32-A50E-3E88A94ECB9A}] => (Allow) C:\Users\TREVSE~1\AppData\Local\Temp\ibtmp4bfa424\component_336
FirewallRules: [{B9F4F85F-DB91-4B6C-BC61-5F5CBF1324CD}] => (Allow) C:\Users\TREVSE~1\AppData\Local\Temp\ibtmp4bfa424\component_409.decrpt
FirewallRules: [{930FD989-2CCD-420E-B68B-C8FB00B04BA5}] => (Allow) C:\Users\TREVSE~1\AppData\Local\Temp\ibtmp4bfa424\component_402
FirewallRules: [{EB0CACB3-D409-490E-B6D5-E9FAB7E1AFEC}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{3085657D-F7FC-42FD-BFB6-2EDA00A5F424}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{1821A050-E9FC-4A0C-B0CA-99F6A604EFEA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{3BA45729-72B4-4582-93B4-A508C40594A7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{03AFC55C-14DD-465C-B3E0-273EE04128BE}] => (Allow) svchost.exe
FirewallRules: [TCP Query User{C7744EF4-4424-4C40-B708-51AD3BA1BACC}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{ACE9D03F-4BAB-4F79-9FD3-FF45417ACF0A}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{301851E2-265B-4855-9694-716F7CAEC04F}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{4571061D-07A8-40E3-B1B7-5A5349977664}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [{C5DB1A91-10DB-4A19-80B7-C178E881C447}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{843DA28F-ED08-46B7-8044-D53306D6F821}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{20E72719-71CC-4E4B-A34E-E42B4F60F28F}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{2015805C-EAB7-4CB9-B443-9D92E8A8D2D5}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{48653D4E-D3F2-44A7-83AC-C631B5BD3918}] => (Allow) C:\Program Files (x86)\adawaretb\dtUser.exe
FirewallRules: [{2164F703-BB42-4CF4-A238-E45C854E3C9E}] => (Allow) C:\Program Files (x86)\adawaretb\dtUser.exe
FirewallRules: [{767B0E69-57C6-4F8B-B609-D3D3C7642712}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{00158318-3EB5-42E2-9064-D9B529F56F09}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{3855FFAE-37BD-48D0-A962-C223DAB9118B}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{81E952E6-FAA9-43DF-B008-C14D9D9F3607}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{F37C991E-2161-46BE-B12B-27431D2EC105}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{435CF188-F757-4C76-BB59-633C311F0C68}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3D630C98-33C5-4B91-A2B2-87399652CA42}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{30F4E4F3-07A7-4D6C-BB39-69B775EBFB21}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2AE9D6BB-865B-4FDA-82EF-84A9E4C3525B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
19-02-2017 14:42:53 Scheduled Checkpoint
20-02-2017 09:42:09 Windows Update
21-02-2017 09:26:53 Windows Update
21-02-2017 22:39:36 Scheduled Checkpoint
22-02-2017 11:09:54 Windows Update
23-02-2017 10:40:53 Windows Update
24-02-2017 00:18:00 Scheduled Checkpoint
24-02-2017 09:13:37 Windows Update
25-02-2017 10:17:52 Windows Update
26-02-2017 18:02:19 Windows Update
27-02-2017 11:21:40 Windows Update
28-02-2017 09:06:13 Windows Update
01-03-2017 07:59:21 Windows Update
02-03-2017 09:35:55 Windows Update
03-03-2017 09:12:17 Windows Update
04-03-2017 08:17:31 Windows Update
05-03-2017 17:24:12 Windows Update
06-03-2017 10:44:35 Windows Update
07-03-2017 00:02:23 First Restore Point
07-03-2017 10:24:56 Windows Update
08-03-2017 07:49:41 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Consumer IR Devices
Description: Consumer IR Devices
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/10/2017 07:56:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/10/2017 07:55:42 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.
 
Error: (03/09/2017 11:29:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
.
 
Error: (03/09/2017 06:46:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/09/2017 06:45:48 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.
 
Error: (03/09/2017 06:18:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (03/09/2017 06:05:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TREVSEARS\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BACK_20X20-INVERTED.PNG> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (03/09/2017 06:05:15 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TREVSEARS\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BACK_20X20-INVERTED.PNG> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (03/09/2017 06:05:14 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TREVSEARS\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\ARROW_UP_20X20@2X.PNG> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (03/09/2017 06:05:14 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TREVSEARS\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\ARROW_UP_20X20@2X.PNG> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (03/10/2017 07:56:31 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
aswSP
aswTdi
avgRvrt
avgSP
BHDrvx64
ccHP
eeCtrl
i8042prt
IDSVia64
SASDIFSV
SASKUTIL
spldr
SRTSPX
SYMTDI
Wanarpv6
 
Error: (03/10/2017 07:56:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (03/10/2017 07:56:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (03/10/2017 07:56:03 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (03/10/2017 07:55:45 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (03/10/2017 07:55:44 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{145B4335-FE2A-4927-A040-7C35AD3180EF}
 
Error: (03/10/2017 07:55:42 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (03/10/2017 07:55:35 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (03/09/2017 06:46:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
aswSP
aswTdi
avgRvrt
avgSP
BHDrvx64
ccHP
eeCtrl
i8042prt
IDSVia64
SASDIFSV
SASKUTIL
spldr
SRTSPX
SYMTDI
Wanarpv6
 
Error: (03/09/2017 06:46:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
CodeIntegrity:
===================================
  Date: 2017-03-10 22:08:37.432
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-10 22:08:37.292
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-10 22:08:37.148
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-10 22:08:37.008
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-10 22:08:13.537
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-10 22:08:13.396
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-10 22:08:13.256
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-10 22:08:13.112
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-10 22:08:12.941
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-10 22:08:12.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 42%
Total physical RAM: 4085.33 MB
Available physical RAM: 2339.42 MB
Total Virtual: 8343.93 MB
Available Virtual: 6795.86 MB
 
==================== Drives ================================
 
Drive c: (COMPAQ) (Fixed) (Total:285.15 GB) (Free:161.19 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.94 GB) (Free:1.82 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (3088 Guide) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=285.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:08 AM

Posted 11 March 2017 - 11:45 AM

Hi coys500.

 

Looks like your FRST.txt log is incomplete. The complete log will end with this marker, please make sure you get the whole log file.

 

==================== End of FRST.txt ============================

 

---------------------

 

In the meantime, I found that you have 4 Antivirus software running. This is one of the reasons why your computer might be having a problem right now.

 

Using more than one anti-virus program is not advisableWhy? The primary concern with doing so is due to Windows resource management and significant conflicts that can arise especially when they are running in real-time protection mode simultaneously. Even if one of them is disabled for use as a stand-alone on demand scannerit can affect the other and cause conflicts. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up regardless of whether real-time protection is enabled or not. Thus, using multiple anti-virus solutions can result in kernel mode conflicts causing system instability, catastrophic crashes, slow performance and waste vital system resources. When actively running in the background while connected to the Internet, each anti-virus may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

When scanning engines are initiated, each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "false positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that threat. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anit-virus finds and quarantines the file before the other one does, then you may encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found after it has already been neutralized.

Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of another and may insist that it be removed prior to installation. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms as described above while trying to use it. In some cases, one of the anti-virus programs may even get disabled by the other.

To avoid these problems, use only one anti-virus solution.

 

Please uninstall all of these Antivirus software except the one you want to keep:

  • AVG Antivirus
  • Norton Internet Security
  • Avast Antivirus

-----------

 

After that please try using your computer as normal. Any better results?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 coys500

coys500
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 13 March 2017 - 08:31 AM

ok i will do scan again tomorrow when have some time.in regard to the anti virus i downloaded them after issues began .so don't think they are any part of it,but will delete them .



#8 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:08 AM

Posted 13 March 2017 - 10:53 AM

Hi coys500.

 

OK. Please keep me updated. By the way, please create a new FRST log file after you've uninstalled your Antivirus so I have the latest information.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#9 coys500

coys500
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 14 March 2017 - 11:32 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2017
Ran by trevsears (administrator) on TREVSEARS-PC (14-03-2017 16:23:23)
Running from C:\Users\trevsears\Downloads
Loaded Profiles: trevsears (Available Profiles: trevsears)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\trevsears\Downloads\FRST64 (2).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-11-03] (Intel Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239672 2017-02-27] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-01-25] (Apple Inc.)
HKLM-x32\...\Run: [ISTray] => C:\Program Files (x86)\PC Tools Security\pctsGui.exe [1589208 2011-01-13] (PC Tools)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-08-12] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [254776 2017-03-07] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [HPAdvisor] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [966656 2008-12-01] (Hewlett-Packard)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [AROReminder] => C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe [2132480 2009-10-22] (Sammsoft)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [MsnMsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [9728 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-02-06] (SUPERAntiSpyware)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [Google Update] => C:\Users\trevsears\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [Mozilla] => 78?ˆ–›/*
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\...\Run: [Kaspersky Software Updater] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\NFSBEA~1.SCR
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2010-04-14] (ALWIL Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012-12-03]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe (McAfee, Inc.)
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.0.1
Tcpip\..\Interfaces\{A378301E-4C85-4E89-9F4B-C0D21F502478}: [DhcpNameServer] 192.168.2.1 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=92&bd=Presario&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/?pc=AVBR
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-4038976904-1822882696-2036340236-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
URLSearchHook: [S-1-5-21-4038976904-1822882696-2036340236-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {6332EB9C-7887-4616-8ECD-33ADC081CA2B} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM -> {D34B3EE1-59E7-40F9-9082-1FF3FE8A8D71} URL = hxxp://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
SearchScopes: HKLM-x32 -> {6332EB9C-7887-4616-8ECD-33ADC081CA2B} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-08-12] (RealPlayer)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [2011-09-22] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL [2009-08-26] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-21] (Sun Microsystems, Inc.)
BHO-x32: AOL Toolbar BHO -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02] (AOL LLC)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-21] (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02] (AOL LLC)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [2011-09-22] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-4038976904-1822882696-2036340236-1000 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29] (Skype Technologies S.A.)
Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [2011-09-22] (Symantec Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-05-28] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-05-28] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-05-28] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-05-28] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\trevsears\AppData\Roaming\Mozilla\Firefox\Profiles\kuaxo6ms.default [2017-03-09]
FF user.js: detected! => C:\Users\trevsears\AppData\Roaming\Mozilla\Firefox\Profiles\kuaxo6ms.default\user.js [2012-07-04]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\kuaxo6ms.default -> hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=5823743158C41FFDF1B07C50BD3768F8
FF Homepage: Mozilla\Firefox\Profiles\kuaxo6ms.default -> hxxp://www.findamo.com?ch=12
FF Keyword.URL: Mozilla\Firefox\Profiles\kuaxo6ms.default -> hxxp://www.findamo.com/search.html?ch=12&q=
FF Extension: (SpecialSavings) - C:\Users\trevsears\AppData\Roaming\Mozilla\Firefox\Profiles\kuaxo6ms.default\Extensions\specialsavings@superfish.com [2013-01-11] [not signed]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\trevsears\AppData\Roaming\Mozilla\Firefox\Profiles\kuaxo6ms.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-02-26] [not signed]
FF Extension: (Funmoods) - C:\Users\trevsears\AppData\Roaming\Mozilla\Firefox\Profiles\kuaxo6ms.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab} [2014-03-11] [not signed]
FF Extension: (Ask Toolbar for Firefox) - C:\Users\trevsears\AppData\Roaming\Mozilla\Firefox\Profiles\kuaxo6ms.default\Extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2011-06-02] [not signed]
FF Extension: (No Name) - C:\Users\trevsears\AppData\Roaming\Mozilla\Firefox\Profiles\kuaxo6ms.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2013-06-04] [not signed]
FF Extension: (Hide My IP) - C:\Program Files (x86)\Mozilla Firefox\extensions\staff@hide-my-ip.com [2016-02-13] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-02-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF Extension: (Norton Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn [2011-10-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-11-28] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-01-21] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-02-21] (Sun Microsystems, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-08-12] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2012-08-12] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-12] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-12] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2012-08-12] (RealPlayer)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2011-05-26] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4038976904-1822882696-2036340236-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\trevsears\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4038976904-1822882696-2036340236-1000: @talk.google.com/O1DPlugin -> C:\Users\trevsears\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4038976904-1822882696-2036340236-1000: @tools.google.com/Google Update;version=3 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-4038976904-1822882696-2036340236-1000: @tools.google.com/Google Update;version=9 -> C:\Users\trevsears\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012-02-21] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2012-08-12] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-02-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll [2012-08-12] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012-08-12] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\trevsears\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\trevsears\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://www.findamo.com/search.html?ch=12&q={searchTerms}
CHR DefaultSearchKeyword: Default -> blekko
CHR Profile: C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default [2017-03-14]
CHR Extension: (Google Slides) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-12]
CHR Extension: (Google Docs) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2016-01-17]
CHR Extension: (Google Sheets) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-12]
CHR Extension: (Google Docs Offline) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\trevsears\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-08-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-11-29]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-02-06] (SUPERAntiSpyware.com)
S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-04-14] (ALWIL Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-04-14] (ALWIL Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-04-14] (ALWIL Software)
S2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [263720 2017-03-07] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7197976 2017-03-07] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1257384 2017-02-27] (AVG Technologies CZ, s.r.o.)
S2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
S3 HideMyIpSRV; C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe [3249512 2011-06-04] (Hide My IP)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-03-08] (SurfRight B.V.)
S2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
S2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
S3 ksu; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
S2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-10-22] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe [234776 2012-09-11] (McAfee, Inc.)
S2 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [117648 2011-09-22] (Symantec Corporation)
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [22096 2010-04-14] (ALWIL Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [63568 2010-04-14] (ALWIL Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [28752 2010-04-14] (ALWIL Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [121936 2010-04-14] (ALWIL Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [51280 2010-04-14] (ALWIL Software)
S3 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166136 2017-03-07] (AVG Technologies CZ, s.r.o.)
S3 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [311592 2017-03-07] (AVG Technologies CZ, s.r.o.)
S3 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192096 2017-03-07] (AVG Technologies CZ, s.r.o.)
S3 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336920 2017-03-07] (AVG Technologies CZ, s.r.o.)
S3 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [50848 2017-03-07] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39288 2017-03-07] (AVG Technologies CZ, s.r.o.)
S2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [127584 2017-03-07] (AVG Technologies CZ, s.r.o.)
S3 avgRdr; C:\Windows\system32\drivers\avgRdr.sys [71000 2017-03-07] (AVG Technologies CZ, s.r.o.)
S0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76688 2017-03-07] (AVG Technologies CZ, s.r.o.)
S3 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [994592 2017-03-07] (AVG Technologies CZ, s.r.o.)
S1 avgSP; C:\Windows\system32\drivers\avgSP.sys [548888 2017-03-07] (AVG Technologies CZ, s.r.o.)
S3 avgStmXP; C:\Windows\system32\drivers\avgStmXP.sys [225736 2017-03-07] (AVG Technologies CZ, s.r.o.)
S3 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [338576 2017-03-07] (AVG Technologies CZ, s.r.o.)
S1 BHDrvx64; C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [334384 2009-11-18] (Symantec Corporation)
S1 ccHP; C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [561800 2011-10-11] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2009-11-16] (Symantec Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-12-03] (GFI Software)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100116.002\IDSvia64.sys [466992 2009-11-05] (Symantec Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2017-03-08] (Malwarebytes)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [257232 2010-12-10] (PC Tools)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS [476720 2009-08-26] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS [32304 2009-08-26] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1008030.006\SYMEFA64.SYS [402992 2009-08-26] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2009-11-18] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2009-08-26] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS [279160 2011-09-22] (Symantec Corporation)
U3 avgStm; no ImagePath
S3 cpuz134; \??\C:\Users\TREVSE~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100117.002\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100117.002\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [X]
S3 SYMDNS; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SYMDNS.SYS [X]
S3 SYMFW; \SystemRoot\System32\Drivers\NISx64\1007020.00B\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NISx64\1007020.00B\SYMNDISV.SYS [X]
S3 SYMREDRV; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SYMREDRV.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-14 16:23 - 2017-03-14 16:23 - 02424832 _____ (Farbar) C:\Users\trevsears\Downloads\FRST64 (2).exe
2017-03-10 22:06 - 2017-03-10 22:06 - 02423808 _____ (Farbar) C:\Users\trevsears\Downloads\FRST64 (1).exe
2017-03-10 22:06 - 2017-03-10 22:06 - 01765888 _____ (Farbar) C:\Users\trevsears\Downloads\FRST (2).exe
2017-03-09 18:04 - 2017-03-09 18:04 - 00003356 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4038976904-1822882696-2036340236-1000
2017-03-09 17:52 - 2017-03-09 17:53 - 34885984 _____ (Adlice Software ) C:\Users\trevsears\Downloads\setup (7).exe
2017-03-08 21:23 - 2017-03-08 21:23 - 02870984 _____ (ESET) C:\Users\trevsears\Downloads\esetsmartinstaller_enu (3).exe
2017-03-08 21:22 - 2017-03-08 21:22 - 01931088 _____ (Symantec Corporation) C:\Users\trevsears\Downloads\FixTDSS (1).exe
2017-03-08 19:56 - 2017-03-08 19:57 - 34885984 _____ (Adlice Software ) C:\Users\trevsears\Downloads\setup (6).exe
2017-03-08 19:45 - 2017-03-10 22:13 - 00046141 _____ C:\Users\trevsears\Downloads\Addition.txt
2017-03-08 19:43 - 2017-03-14 16:24 - 00031377 _____ C:\Users\trevsears\Downloads\FRST.txt
2017-03-08 19:42 - 2017-03-14 16:23 - 00000000 ____D C:\FRST
2017-03-08 19:42 - 2017-03-08 19:42 - 02423808 _____ (Farbar) C:\Users\trevsears\Downloads\FRST64.exe
2017-03-08 19:40 - 2017-03-08 19:40 - 01765888 _____ (Farbar) C:\Users\trevsears\Downloads\FRST (1).exe
2017-03-08 19:39 - 2017-03-08 19:39 - 01765888 _____ (Farbar) C:\Users\trevsears\Downloads\FRST.exe
2017-03-08 19:32 - 2017-03-08 19:32 - 00468480 _____ () C:\Users\trevsears\Downloads\CKScanner (1).exe
2017-03-08 19:28 - 2017-03-08 19:28 - 00468480 _____ () C:\Users\trevsears\Downloads\CKScanner.exe
2017-03-08 19:14 - 2017-03-08 19:14 - 00088532 _____ C:\Windows\system32\.crusader
2017-03-08 18:59 - 2017-03-08 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-03-08 18:59 - 2017-03-08 18:59 - 00000000 ____D C:\Program Files\HitmanPro
2017-03-08 18:58 - 2017-03-08 18:59 - 11581544 _____ (SurfRight B.V.) C:\Users\trevsears\Downloads\HitmanPro_x64.exe
2017-03-08 18:57 - 2017-03-08 19:14 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-08 18:57 - 2017-03-08 18:57 - 09096848 _____ (SurfRight B.V.) C:\Users\trevsears\Downloads\HitmanPro.exe
2017-03-08 18:29 - 2017-03-08 18:31 - 34885984 _____ (Adlice Software ) C:\Users\trevsears\Downloads\setup (5).exe
2017-03-08 17:43 - 2017-03-08 17:43 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\trevsears\Downloads\iExplore (1).exe
2017-03-08 17:43 - 2017-03-08 17:43 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\trevsears\Downloads\iExplore (1)64.exe
2017-03-08 17:42 - 2017-03-08 17:42 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\trevsears\Downloads\rkill (6).exe
2017-03-08 17:42 - 2017-03-08 17:42 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\trevsears\Downloads\rkill (6)64.exe
2017-03-08 17:39 - 2017-03-08 17:39 - 00000900 _____ C:\Users\trevsears\Downloads\roguekiller.com - Shortcut.lnk
2017-03-08 17:39 - 2017-03-08 17:39 - 00000900 _____ C:\Users\trevsears\Downloads\roguekiller.com - Shortcut (2).lnk
2017-03-08 17:36 - 2017-03-08 17:37 - 34885984 _____ (Adlice Software ) C:\Users\trevsears\Downloads\roguekiller.com.exe
2017-03-08 17:34 - 2017-03-08 17:35 - 21716040 _____ C:\Users\trevsears\Downloads\RogueKiller.exe
2017-03-08 17:30 - 2017-03-08 17:31 - 34885984 _____ (Adlice Software ) C:\Users\trevsears\Downloads\setup (4).exe
2017-03-08 17:17 - 2017-03-08 17:18 - 34885984 _____ (Adlice Software ) C:\Users\trevsears\Downloads\setup (3).exe
2017-03-08 16:50 - 2017-03-08 16:51 - 34885984 _____ (Adlice Software ) C:\Users\trevsears\Downloads\setup (2).exe
2017-03-08 16:41 - 2017-03-08 16:42 - 34885984 _____ (Adlice Software ) C:\Users\trevsears\Downloads\setup (1).exe
2017-03-08 16:37 - 2017-03-08 16:38 - 34885984 _____ (Adlice Software ) C:\Users\trevsears\Downloads\setup.exe
2017-03-08 16:26 - 2017-03-08 16:26 - 16563352 _____ (Malwarebytes Corp.) C:\Users\trevsears\Downloads\mbar-1.09.3.1001 (2).exe
2017-03-08 16:15 - 2017-03-08 16:15 - 00000000 __SHD C:\found.002
2017-03-08 15:06 - 2017-03-08 15:06 - 16563352 _____ (Malwarebytes Corp.) C:\Users\trevsears\Downloads\mbar-1.09.3.1001 (1).exe
2017-03-08 14:32 - 2017-03-08 16:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-08 14:31 - 2017-03-08 16:26 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-03-08 14:30 - 2017-03-08 16:26 - 00000000 ____D C:\Users\trevsears\Desktop\mbar
2017-03-08 14:29 - 2017-03-08 14:30 - 16563352 _____ (Malwarebytes Corp.) C:\Users\trevsears\Downloads\mbar-1.09.3.1001.exe
2017-03-08 14:14 - 2017-03-08 14:27 - 00000000 ___SD C:\ComboFix
2017-03-08 14:14 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe
2017-03-08 14:14 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe
2017-03-08 14:14 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-03-08 14:14 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-03-08 14:14 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-03-08 14:14 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe
2017-03-08 14:14 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe
2017-03-08 14:14 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe
2017-03-08 14:12 - 2017-03-08 14:25 - 05660168 _____ (Swearware) C:\Users\trevsears\Downloads\ComboFix.exe
2017-03-08 14:12 - 2017-03-08 14:14 - 00000000 ____D C:\Qoobox
2017-03-08 14:12 - 2017-03-08 14:12 - 00000000 ____D C:\Windows\erdnt
2017-03-08 14:08 - 2017-03-08 14:09 - 01663736 _____ (Malwarebytes) C:\Users\trevsears\Downloads\JRT (1).exe
2017-03-08 12:34 - 2017-03-08 12:34 - 01663736 _____ (Malwarebytes) C:\Users\trevsears\Downloads\JRT.exe
2017-03-08 12:20 - 2017-03-08 12:25 - 00000000 ____D C:\AdwCleaner
2017-03-08 12:20 - 2017-03-08 12:20 - 04031440 _____ C:\Users\trevsears\Downloads\AdwCleaner.exe
2017-03-08 11:34 - 2017-03-09 18:04 - 00003230 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4038976904-1822882696-2036340236-1000
2017-03-08 08:06 - 2017-03-08 08:06 - 02870984 _____ (ESET) C:\Users\trevsears\Downloads\esetsmartinstaller_enu (2).exe
2017-03-08 07:50 - 2017-03-08 07:50 - 00000000 ____D C:\cc13f6e999c7ca665bdea6ba44
2017-03-08 07:44 - 2017-03-07 14:34 - 00399392 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-03-07 22:36 - 2017-03-07 22:36 - 02870984 _____ (ESET) C:\Users\trevsears\Downloads\esetsmartinstaller_enu (1).exe
2017-03-07 18:34 - 2017-03-07 18:34 - 02870984 _____ (ESET) C:\Users\trevsears\Downloads\esetsmartinstaller_enu.exe
2017-03-07 18:34 - 2017-03-07 18:34 - 00000000 ____D C:\Program Files (x86)\ESET
2017-03-07 15:57 - 2017-03-07 15:57 - 05198336 _____ (AVAST Software) C:\Users\trevsears\Downloads\aswMBR.exe
2017-03-07 15:55 - 2017-03-07 15:57 - 00207360 _____ C:\TDSSKiller.3.1.0.12_07.03.2017_15.55.49_log.txt
2017-03-07 15:55 - 2017-03-07 15:55 - 04747704 _____ (AO Kaspersky Lab) C:\Users\trevsears\Downloads\tdsskiller.exe
2017-03-07 15:47 - 2017-03-07 15:47 - 01931088 _____ (Symantec Corporation) C:\Users\trevsears\Downloads\FixTDSS.exe
2017-03-07 15:43 - 2017-03-07 15:43 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\trevsears\Downloads\rkill (5).exe
2017-03-07 15:43 - 2017-03-07 15:43 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\trevsears\Downloads\rkill (5)64.exe
2017-03-07 15:40 - 2017-03-07 15:41 - 38191600 _____ (Panda Security ) C:\Users\trevsears\Downloads\PandaCloudCleaner (1).exe
2017-03-07 15:38 - 2017-03-07 15:39 - 38191600 _____ (Panda Security ) C:\Users\trevsears\Downloads\PandaCloudCleaner.exe
2017-03-07 15:36 - 2017-03-07 15:36 - 04702544 _____ (Avira Operations GmbH & Co. KG) C:\Users\trevsears\Downloads\avira_en_av_58bed2b92d8dc__ws (1).exe
2017-03-07 15:34 - 2017-03-07 15:34 - 04702544 _____ (Avira Operations GmbH & Co. KG) C:\Users\trevsears\Downloads\avira_en_av_58bed2b92d8dc__ws.exe
2017-03-07 14:57 - 2017-03-07 14:57 - 00000000 ____D C:\ProgramData\Panda Security
2017-03-07 14:56 - 2017-03-07 14:57 - 01980152 _____ (Panda Security, S.L.) C:\Users\trevsears\Downloads\PANDAFREEAV.exe
2017-03-07 14:56 - 2017-03-07 14:56 - 00013343 _____ C:\ProgramData\agent.1488898558.bdinstall.bin
2017-03-07 14:55 - 2017-03-07 14:55 - 08465984 _____ C:\Users\trevsears\Downloads\bitdefender_online.exe
2017-03-07 14:54 - 2017-03-07 14:54 - 04702544 _____ (Avira Operations GmbH & Co. KG) C:\Users\trevsears\Downloads\avira_en_av_58bec94b99fb9__ws (2).exe
2017-03-07 14:53 - 2017-03-07 14:53 - 04702544 _____ (Avira Operations GmbH & Co. KG) C:\Users\trevsears\Downloads\avira_en_av_58bec94b99fb9__ws.exe
2017-03-07 14:53 - 2017-03-07 14:53 - 04702544 _____ (Avira Operations GmbH & Co. KG) C:\Users\trevsears\Downloads\avira_en_av_58bec94b99fb9__ws (1).exe
2017-03-07 14:36 - 2017-03-07 14:36 - 00000000 ____D C:\Users\trevsears\AppData\Roaming\AVG
2017-03-07 14:34 - 2017-03-08 07:47 - 00003834 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-03-07 14:34 - 2017-03-07 14:34 - 00994592 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-03-07 14:34 - 2017-03-07 14:34 - 00548888 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-03-07 14:34 - 2017-03-07 14:34 - 00338576 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-03-07 14:34 - 2017-03-07 14:34 - 00336920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-03-07 14:34 - 2017-03-07 14:34 - 00311592 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-03-07 14:34 - 2017-03-07 14:34 - 00225736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStmXP.sys
2017-03-07 14:34 - 2017-03-07 14:34 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-03-07 14:34 - 2017-03-07 14:34 - 00166136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-03-07 14:34 - 2017-03-07 14:34 - 00127584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-03-07 14:34 - 2017-03-07 14:34 - 00076688 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-03-07 14:34 - 2017-03-07 14:34 - 00071000 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr.sys
2017-03-07 14:34 - 2017-03-07 14:34 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-03-07 14:34 - 2017-03-07 14:34 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-03-07 14:29 - 2017-03-09 18:18 - 00003554 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-03-07 14:28 - 2017-03-07 14:29 - 03449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\trevsears\Downloads\AVG_Protection_Free_1606 (1).exe
2017-03-07 14:14 - 2017-03-07 14:31 - 00000000 ____D C:\Program Files (x86)\AVG
2017-03-07 14:12 - 2017-03-07 14:12 - 03449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\trevsears\Downloads\AVG_Protection_Free_1606.exe
2017-03-07 11:04 - 2017-03-07 11:04 - 06654960 _____ (AVAST Software) C:\Users\trevsears\Downloads\avast_free_antivirus_setup_online_cnet2 (4).exe
2017-03-07 10:24 - 2017-03-07 10:24 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\trevsears\Downloads\rkill (4).exe
2017-03-07 10:24 - 2017-03-07 10:24 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\trevsears\Downloads\rkill (4)64.exe
2017-03-07 00:05 - 2017-03-07 00:05 - 00001150 _____ C:\Users\Public\Desktop\Kaspersky Software Updater.lnk
2017-03-07 00:05 - 2017-03-07 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater
2017-03-07 00:05 - 2017-03-07 00:04 - 00000968 _____ C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
2017-03-07 00:04 - 2017-03-07 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2017-03-07 00:04 - 2017-03-07 00:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-03-07 00:04 - 2017-03-07 00:05 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-03-06 23:58 - 2017-03-06 23:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-03-06 23:57 - 2017-03-06 23:58 - 02623496 _____ (Kaspersky Lab) C:\Users\trevsears\Downloads\kss16.0.0.1344mlg_10004.exe
2017-03-06 22:40 - 2017-03-06 22:40 - 06654960 _____ (AVAST Software) C:\Users\trevsears\Downloads\avast_free_antivirus_setup_online_cnet2 (3).exe
2017-03-06 22:31 - 2017-03-06 22:31 - 06654960 _____ (AVAST Software) C:\Users\trevsears\Downloads\avast_free_antivirus_setup_online_cnet2 (2).exe
2017-03-06 22:27 - 2017-03-06 22:27 - 06654960 _____ (AVAST Software) C:\Users\trevsears\Downloads\avast_free_antivirus_setup_online_cnet2 (1).exe
2017-03-06 22:13 - 2017-03-06 22:13 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\trevsears\Downloads\rkill (2)64.exe
2017-03-06 22:10 - 2017-03-06 22:12 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\trevsears\Downloads\rkill (3).exe
2017-03-06 22:09 - 2017-03-06 22:10 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\trevsears\Downloads\rkill (2).exe
2017-03-06 21:54 - 2017-03-06 21:54 - 06654960 _____ (AVAST Software) C:\Users\trevsears\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2017-03-06 21:54 - 2017-03-06 21:54 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-06 21:50 - 2017-03-06 21:50 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\trevsears\Downloads\rkill64.exe
2017-03-06 21:49 - 2017-03-06 21:49 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\trevsears\Downloads\rkill.exe
2017-03-06 21:49 - 2017-03-06 21:49 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\trevsears\Downloads\rkill (1).exe
2017-03-06 15:54 - 2017-03-06 15:54 - 00000000 ____D C:\Users\trevsears\AppData\Local\CEF
2017-03-06 15:53 - 2017-03-07 16:11 - 00000000 ____D C:\ProgramData\Avg
2017-03-06 15:53 - 2017-03-07 14:29 - 00000000 ____D C:\Users\trevsears\AppData\Local\AvgSetupLog
2017-03-06 15:53 - 2017-03-06 15:53 - 00000000 ____D C:\Users\trevsears\AppData\Local\Avg
2017-03-06 15:51 - 2017-03-06 15:51 - 00013347 _____ C:\ProgramData\agent.1488815445.bdinstall.bin
2017-03-06 15:51 - 2017-03-06 15:51 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-03-01 17:06 - 2017-03-01 17:06 - 00030895 _____ C:\Users\trevsears\Downloads\Oral Sex and Transmission of HIV.pdf
2017-03-01 17:06 - 2017-03-01 17:06 - 00030895 _____ C:\Users\trevsears\Downloads\Oral Sex and Transmission of HIV (1).pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-14 09:09 - 2006-11-02 13:33 - 00000000 ____D C:\Windows\inf
2017-03-14 09:09 - 2006-11-02 12:46 - 00751096 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-14 09:05 - 2012-07-15 10:26 - 02705484 _____ C:\Windows\ntbtlog.txt
2017-03-09 18:23 - 2006-11-02 15:42 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-09 18:23 - 2006-11-02 15:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-09 18:23 - 2006-11-02 15:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-09 18:23 - 2006-11-02 15:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-09 18:05 - 2009-03-16 17:20 - 00003586 _____ C:\Windows\System32\Tasks\HP Health Check
2017-03-09 18:02 - 2009-03-16 16:53 - 00000000 ___HD C:\ProgramData\Temp
2017-03-09 16:47 - 2012-11-29 19:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-08 19:14 - 2010-08-12 14:49 - 00000000 ___HD C:\Users\trevsears\AppData\Roaming\Yahoo!
2017-03-08 19:14 - 2010-08-12 14:46 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-03-08 17:43 - 2012-12-03 21:41 - 00002228 _____ C:\Users\trevsears\Desktop\Rkill.txt
2017-03-08 17:39 - 2009-12-30 07:16 - 00014848 ____H C:\Users\trevsears\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-08 07:54 - 2010-08-31 17:08 - 00743164 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-03-08 00:41 - 2009-11-17 17:43 - 00000000 ___HD C:\Users\trevsears\AppData\Local\Mozilla
2017-03-08 00:40 - 2009-11-26 19:13 - 00000000 ____D C:\Program Files (x86)\Hide My IP 2009
2017-03-07 13:37 - 2009-12-30 17:29 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2017-02-14 16:46 - 2017-01-10 23:46 - 20359768 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2017-02-14 16:46 - 2012-11-29 19:17 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 16:46 - 2012-11-29 19:17 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 16:46 - 2012-11-29 19:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-14 16:46 - 2011-08-17 23:19 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 16:46 - 2009-03-16 16:53 - 00000000 ____D C:\Windows\SysWOW64\Macromed
 
==================== Files in the root of some directories =======
 
2010-12-28 18:43 - 2011-02-08 08:15 - 0000385 ____H () C:\Users\trevsears\AppData\Roaming\Rim.Desktop.Exception.log
2010-12-28 18:41 - 2012-05-14 13:47 - 0002257 ____H () C:\Users\trevsears\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-05-14 14:05 - 2012-05-14 14:05 - 0000000 _____ () C:\Users\trevsears\AppData\Roaming\Rim.DesktopHelper.Exception.log
2009-12-30 09:09 - 2010-11-17 19:28 - 0000932 ____H () C:\Users\trevsears\AppData\Roaming\wklnhst.dat
2011-06-23 11:46 - 2011-06-23 12:55 - 0009698 ____H () C:\Users\trevsears\AppData\Local\2as1d1j2h788ur27xk2gg40c76a183572il71241585exy
2011-12-28 09:52 - 2011-12-28 09:59 - 0009640 ___SH () C:\Users\trevsears\AppData\Local\4602y0523k5h3mqr52i3
2010-10-26 17:54 - 2012-07-15 12:36 - 0001356 _____ () C:\Users\trevsears\AppData\Local\d3d9caps.dat
2014-09-11 08:00 - 2014-09-11 08:00 - 0000732 _____ () C:\Users\trevsears\AppData\Local\d3d9caps64.dat
2009-12-30 07:16 - 2017-03-08 17:39 - 0014848 ____H () C:\Users\trevsears\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-11 14:24 - 2011-12-11 14:24 - 0413206 ____H () C:\Users\trevsears\AppData\Local\dd_vcredistMSI0CFE.txt
2010-07-01 05:28 - 2010-07-01 05:28 - 0419806 ____H () C:\Users\trevsears\AppData\Local\dd_vcredistMSI4C37.txt
2011-12-11 14:24 - 2011-12-11 14:24 - 0013666 ____H () C:\Users\trevsears\AppData\Local\dd_vcredistUI0CFE.txt
2011-12-11 14:24 - 2011-12-11 14:24 - 0012806 ____H () C:\Users\trevsears\AppData\Local\dd_vcredistUI0CFF.txt
2010-07-01 05:28 - 2010-07-01 05:28 - 0011610 ____H () C:\Users\trevsears\AppData\Local\dd_vcredistUI4C37.txt
2011-06-23 11:46 - 2011-06-23 12:55 - 0009698 ____H () C:\ProgramData\2as1d1j2h788ur27xk2gg40c76a183572il71241585exy
2011-06-02 08:02 - 2011-06-02 08:02 - 0000336 ____H () C:\ProgramData\43638520
2011-06-02 06:52 - 2011-06-02 06:52 - 0000344 ____H () C:\ProgramData\44949240
2011-12-28 09:52 - 2011-12-28 09:59 - 0009640 ___SH () C:\ProgramData\4602y0523k5h3mqr52i3
2011-12-11 13:17 - 2011-12-11 13:19 - 0000448 ____H () C:\ProgramData\6A94Z2Y3fqm0rt
2017-03-06 15:51 - 2017-03-06 15:51 - 0013347 _____ () C:\ProgramData\agent.1488815445.bdinstall.bin
2017-03-07 14:56 - 2017-03-07 14:56 - 0013343 _____ () C:\ProgramData\agent.1488898558.bdinstall.bin
2011-12-16 09:34 - 2011-12-16 09:35 - 0000448 ____H () C:\ProgramData\bB1QvijgvFVDYM
2012-05-09 07:41 - 2012-11-28 11:28 - 0000033 _____ () C:\ProgramData\ftstate.ini
2011-06-02 08:03 - 2011-06-02 08:03 - 0000136 ____H () C:\ProgramData\~43638520
2011-06-02 08:03 - 2011-06-02 08:03 - 0000160 ____H () C:\ProgramData\~43638520r
2011-06-02 06:52 - 2011-06-02 06:52 - 0000136 ____H () C:\ProgramData\~44949240
2011-06-02 06:52 - 2011-06-02 06:52 - 0000160 ____H () C:\ProgramData\~44949240r
2011-12-11 13:17 - 2011-12-11 13:17 - 0000304 ____H () C:\ProgramData\~6A94Z2Y3fqm0rt
2011-12-11 13:17 - 2011-12-11 13:17 - 0000224 ____H () C:\ProgramData\~6A94Z2Y3fqm0rtr
2011-12-16 09:34 - 2011-12-16 09:34 - 0000304 ____H () C:\ProgramData\~bB1QvijgvFVDYM
2011-12-16 09:34 - 2011-12-16 09:34 - 0000208 ____H () C:\ProgramData\~bB1QvijgvFVDYMr
 
Some files in TEMP:
====================
2015-05-06 06:57 - 2015-05-06 06:57 - 0880208 _____ (Google Inc.) C:\Users\trevsears\AppData\Local\Temp\ChromeSetup.exe
2017-03-07 00:16 - 2017-03-07 00:16 - 98302732 _____ () C:\Users\trevsears\AppData\Local\Temp\dl8F90A1C6-C248-1044-BB2D-E935922D4518.exe
2016-03-23 01:22 - 2016-03-23 01:22 - 0000000 _____ () C:\Users\trevsears\AppData\Local\Temp\GURF325.exe
2015-02-06 09:26 - 2015-02-06 09:26 - 0142616 _____ (Support.com) C:\Users\trevsears\AppData\Local\Temp\SAS6_Update.exe
2017-03-07 14:57 - 2017-03-07 14:57 - 0889416 _____ (Microsoft Corporation) C:\Users\trevsears\AppData\Local\Temp\{877B69DC-A337-4B13-959F-C92ED4FFB183}.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-14 09:23
 
==================== End of FRST.txt ============================


#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:08 AM

Posted 14 March 2017 - 12:24 PM

coys500:

 

Sirawit has to be away for a few days, so I am going to be assisting you until he gets back.  My name is Phil.  May I address you by your first name?

 

Would you please also uninstall either AVG or Kaspersky, as well as McAfee Security Scan.  Having multiple anti-virus applications is guaranteed to bog down your computer and also to lessen your protection, as Sirawit explained to you.

 

Also, if possible, I would like to get fresh FRST scan logs run in Normal Boot mode, not Safe Mode, if you can manage to do that?  Many processes do not run in Safe Mode, and I want to get a full picture of what is running on your computer that might be causing your issues.  Please copy and paste the contents of both the "FRST.txt" and "Addition.txt" logs into your next reply.

 

If you can not get FRST to run in Normal Mode, then please run the FRST scans again in Safe Mode.

 

Thank you and have a great day.  Sorry for the inconvenience.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#11 coys500

coys500
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 16 March 2017 - 12:42 PM

sorry been really busy this week,will try and do what you asked at weekend 



#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:08 AM

Posted 16 March 2017 - 02:43 PM

coys500:
 
Thank you for your post.  When you get the chance to respond to my requests this weekend, that will be great.  I expect that Sirawit will be back with you by the weekend; but, if not, we will continue together until he is able to resume helping you with your issues.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#13 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:08 AM

Posted 17 March 2017 - 12:49 PM

Hi coys500.

 

I'm back here at my home now and will be able to continue on helping you. :)

 

Like Phil said, try to do the FRST scan in normal mode first, if that failed then do the scan in safe mode and post the log files here.

 

Thank you.

 

PS: To Phil, thanks for looking over this topic for me. :thumbsup:


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#14 coys500

coys500
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 17 March 2017 - 01:07 PM

ok cool,i'm actually away for weekend but will defo get on this monday,need to get it sorted out next week



#15 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:08 AM

Posted 20 March 2017 - 10:09 PM

Are you still there?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users