Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop slows and then becomes unresponsive.


  • This topic is locked This topic is locked
15 replies to this topic

#1 Den.

Den.

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 12 March 2017 - 04:15 PM

Hi...
I am going to try to help a friend with her Vista HP laptop. I have the laptop at my residence. She reports that after working on the computer for a short while it will start to slow down then it will freeze completely. She says that she then cannot do a normal shutdown or even a forced shutdown by holding down the power button. She has been having to unplug the power cord AND remove the battery to shut it down. She also reported that it seemed to be running hot. I thought so too so I dissembled the laptop and did a thorough cleaning by blowing out all the dust and cat hair using my shop compressed air hose. Now Piriform Speccy reports a 135 deg. CPU at idle. I have noticed that the Advance SystemCare performance monitor shows that at idle the RAM is  65% and the CPU 50%.
 
Thanks. Here are the requested logs:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-03-2017
Ran by Lora (administrator) on LORA-PC (12-03-2017 16:19:29)
Running from C:\Users\Lora\Desktop
Loaded Profiles: Lora (Available Profiles: Lora)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DigiData Corp.) C:\Program Files\Verizon\Online Backup and Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files\Verizon\Online Backup and Sharing\Scheduler\OnlineBackup.SchedulerService.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(SupportSoft, Inc.) C:\Program Files\VERIZONDM\bin\sprtsvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SupportSoft, Inc.) C:\Program Files\VERIZONDM\bin\sprtcmd.exe
() C:\Program Files\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe
(SupportSoft, Inc.) C:\Program Files\VERIZONDM\bin\tgsrvc.exe
(DigiData Corp.) C:\Program Files\Verizon\Online Backup and Sharing\vewatch.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCService.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASC.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\Monitor.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-03-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174616 2007-07-25] (Intel Corporation)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2007-12-19] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2007-09-19] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [OnScreenDisplay] => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554320 2007-09-04] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2007-08-17] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [VERIZONDM] => C:\Program Files\VERIZONDM\bin\sprtcmd.exe [206120 2011-12-01] (SupportSoft, Inc.)
HKLM\...\Run: [Online Backup Auto Update] => C:\Program Files\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe [233472 2011-02-01] ()
HKLM\...\Run: [Vault Explorer Cache Watcher] => C:\Program Files\Verizon\Online Backup and Sharing\vewatch.exe [28672 2010-10-20] (DigiData Corp.)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [30248 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] => "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [562688 2015-02-11] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2014-10-12] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [820208 2015-08-10] (Highresolution Enterprises)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-10] (AVAST Software)
HKU\S-1-5-21-822631117-2597918515-961875465-1000\...\Run: [Advanced SystemCare 10] => C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [3919136 2017-02-08] (IObit)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-03-10] (AVAST Software)
Startup: C:\Users\Lora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Backup.lnk [2012-01-24]
ShortcutTarget: Backup.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
Startup: C:\Users\Lora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2009-10-14]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1F818321-7941-4906-A95E-C1A735BDB919}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{50D96EAA-01A1-4EDB-94AD-362D47C82888}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-822631117-2597918515-961875465-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-822631117-2597918515-961875465-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
HKU\S-1-5-21-822631117-2597918515-961875465-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
SearchScopes: HKLM -> DefaultScope {EA7C8ACD-C678-4779-A514-E2D84671CBD8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM -> {EA7C8ACD-C678-4779-A514-E2D84671CBD8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKU\S-1-5-21-822631117-2597918515-961875465-1000 -> DefaultScope {30E805FD-1B92-4969-AB59-6E2558EB43AB} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US756D20140705&p={searchTerms}
SearchScopes: HKU\S-1-5-21-822631117-2597918515-961875465-1000 -> {30E805FD-1B92-4969-AB59-6E2558EB43AB} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US756D20140705&p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-08-12] (RealDownloader)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-10] (AVAST Software)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-13] (Oracle Corporation)
BHO: HP Print Clips -> {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} -> c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-08-31] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_66-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0066-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_66-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_66-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2015-03-03] (McAfee, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Lora\AppData\Roaming\Mozilla\Firefox\Profiles\oxfprumv.default [2017-03-12]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\oxfprumv.default -> Secure Search
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\oxfprumv.default -> Secure Search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\oxfprumv.default -> Secure Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\oxfprumv.default -> Secure Search
FF Homepage: Mozilla\Firefox\Profiles\oxfprumv.default -> hxxp://www.foxnews.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\oxfprumv.default -> hxxps://search.yahoo.com/search?fr=mcafee&type=B111US756D20140705&p=
FF NetworkProxy: Mozilla\Firefox\Profiles\oxfprumv.default -> type", 0
FF Extension: (McAfee WebAdvisor) - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2017-02-25]
FF SearchPlugin: C:\Users\Lora\AppData\Roaming\Mozilla\Firefox\Profiles\oxfprumv.default\searchplugins\McSiteAdvisor.xml [2015-11-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-31] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM\...\Firefox\Extensions: [{1B12EF76-2B5E-4DA1-B587-4762D49BFE03}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-03-09]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2015-06-24] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-22] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-13] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-03-03] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.4.19 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-10-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.4 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-08-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.4.19 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-10-12] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2014-08-12] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-822631117-2597918515-961875465-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Lora\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-06-27] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Lora\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-01-16] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=B211US756D20140705&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default [2017-03-12]
CHR Extension: (Google Docs) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-17]
CHR Extension: (Google Drive) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbkfbadbicgpkjjlboknaiiljjpfgmen [2016-12-20]
CHR Extension: (Google Search) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Avast SafePrice) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-15]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-03-10]
CHR Extension: (Google Docs Offline) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (tampa bay musical instruments - craig...) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdhcepkgajfjbbadhadlpmocapplekd [2017-03-08]
CHR Extension: (tampa bay computers - by owner - crai...) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlocbjelkgbnjnmpeffpehdafdmcdbgn [2017-03-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-17]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-05-09]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService10; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [462624 2016-12-12] (IObit)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5545144 2017-03-10] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-10] (AVAST Software)
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 FilesystemWatcher; C:\Program Files\Verizon\Online Backup and Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [24576 2010-12-28] (DigiData Corp.) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) [File not signed]
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2015-01-27] (Verizon) [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2016-02-12] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [690408 2015-03-03] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\Mcafee\ActWiz\McAWFwk.exe [287728 2013-07-24] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [476680 2015-02-27] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196600 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [334576 2015-03-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [238288 2015-02-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 OnlineBackupSchedulerService; C:\Program Files\Verizon\Online Backup and Sharing\Scheduler\OnlineBackup.SchedulerService.exe [24576 2011-02-01] () [File not signed]
R2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [271760 2007-12-19] ()
S2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [112016 2007-12-19] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2014-08-12] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 sprtsvc_verizondm; C:\Program Files\VERIZONDM\bin\sprtsvc.exe [206120 2011-12-01] (SupportSoft, Inc.)
S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [382240 2008-07-14] (SupportSoft, Inc.)
R2 tgsrvc_verizondm; C:\Program Files\VERIZONDM\bin\tgsrvc.exe [185640 2011-12-01] (SupportSoft, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 0224911489346836mcinstcleanup; C:\Windows\TEMP\022491~1.EXE -cleanup -nolog [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [257288 2017-03-10] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148720 2017-03-10] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [267016 2017-03-10] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41176 2017-03-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-03-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [106392 2017-03-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [60632 2017-03-10] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-03-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [756200 2017-03-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465024 2017-03-10] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184208 2017-03-10] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [278776 2017-03-10] (AVAST Software)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61848 2015-02-17] (McAfee, Inc.)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [183352 2007-10-01] (Conexant Systems Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [67800 2015-02-28] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [304928 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [260248 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [82800 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371648 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648552 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [380496 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80760 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217584 2015-02-17] (McAfee, Inc.)
U1 eabfiltr; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-12 16:19 - 2017-03-12 16:20 - 00028426 _____ C:\Users\Lora\Desktop\FRST.txt
2017-03-12 16:19 - 2017-03-12 16:19 - 00000000 ____D C:\Users\Lora\Desktop\FRST-OlderVersion
2017-03-12 15:43 - 2017-03-12 16:14 - 00001946 _____ C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
2017-03-12 15:43 - 2017-03-12 15:47 - 00000000 ____D C:\Users\Lora\AppData\LocalLow\IObit
2017-03-12 15:43 - 2017-03-12 15:43 - 00001968 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2017-03-12 15:43 - 2017-03-12 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2017-03-12 15:29 - 2017-03-12 15:34 - 00002542 _____ C:\Users\Lora\Desktop\Rkill.txt
2017-03-12 15:28 - 2017-03-12 16:19 - 01766912 _____ (Farbar) C:\Users\Lora\Desktop\FRST.exe
2017-03-12 15:28 - 2016-12-04 10:59 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Lora\Desktop\rkill.exe
2017-03-12 15:28 - 2016-03-10 13:07 - 09926112 _____ (Malwarebytes) C:\Users\Lora\Desktop\mbam.exe
2017-03-12 15:27 - 2017-03-03 19:43 - 00752296 _____ C:\Users\Lora\Desktop\Adware Removal Tool by TSA.exe
2017-03-12 15:27 - 2017-02-16 09:03 - 42903456 _____ (IObit ) C:\Users\Lora\Desktop\advanced-systemcare-setup (9).exe
2017-03-12 15:27 - 2016-12-10 12:50 - 03968464 _____ C:\Users\Lora\Desktop\adwcleaner_6.040 (1).exe
2017-03-12 15:27 - 2016-11-18 11:00 - 05470936 _____ (Piriform Ltd) C:\Users\Lora\Desktop\Speccy.exe
2017-03-12 15:27 - 2014-04-09 06:05 - 03503384 _____ (Piriform Ltd) C:\Users\Lora\Desktop\Defraggler.exe
2017-03-12 15:26 - 2017-03-10 23:04 - 05660168 ____R (Swearware) C:\Users\Lora\Desktop\ComboFix.exe
2017-03-12 15:24 - 2017-03-12 15:24 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-10 16:08 - 2017-03-10 16:08 - 19827800 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2017-03-10 16:05 - 2017-03-10 16:09 - 42901248 _____ (IObit ) C:\Users\Lora\Downloads\cbsasctrial_102.exe
2017-03-10 15:44 - 2017-03-10 15:49 - 00000000 _____ C:\Windows\system32\last.dump
2017-03-10 14:21 - 2017-03-10 14:19 - 00267016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-03-10 14:21 - 2017-03-10 14:19 - 00257288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-03-10 14:21 - 2017-03-10 14:19 - 00148720 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-03-10 14:21 - 2017-03-10 14:19 - 00041176 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-03-10 14:20 - 2017-03-10 14:20 - 00328208 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-03-10 12:31 - 2015-12-25 12:00 - 00927824 _____ (Google Inc.) C:\Users\Lora\Desktop\ChromeSetup (1).exe
2017-03-10 12:10 - 2017-03-10 12:10 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2017-03-09 16:19 - 2017-03-09 16:19 - 00000294 _____ C:\Users\Lora\Desktop\Lora.lnk
2017-03-09 15:36 - 2017-03-09 15:36 - 00001829 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-03-08 22:38 - 2017-03-08 22:40 - 00038305 _____ C:\Users\Lora\Desktop\Addition 1.txt
2017-03-08 22:37 - 2017-03-08 22:40 - 00036115 _____ C:\Users\Lora\Desktop\FRST 2.txt
2017-03-08 22:36 - 2017-03-12 16:19 - 00000000 ____D C:\FRST
2017-03-08 18:01 - 2017-03-08 18:01 - 00000000 ____D C:\Users\Lora\AppData\RoamingStartup Manager
2017-03-08 17:59 - 2017-03-12 15:47 - 00000000 ____D C:\ProgramData\ProductData
2017-03-08 17:59 - 2017-03-08 17:59 - 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-03-08 17:58 - 2017-03-08 17:58 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2017-03-08 17:58 - 2017-03-08 17:58 - 00000000 ____D C:\Program Files\Common Files\IObit
2017-03-08 17:55 - 2017-03-12 15:47 - 00000000 ____D C:\Users\Lora\AppData\Roaming\IObit
2017-03-08 17:55 - 2017-03-12 15:47 - 00000000 ____D C:\ProgramData\IObit
2017-03-08 17:55 - 2017-03-08 17:55 - 00000000 ____D C:\Program Files\IObit
2017-03-07 23:20 - 2017-03-07 23:20 - 00000000 ____D C:\Program Files\Adware Removal Tool by TSA
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-12 16:18 - 2015-07-17 15:02 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-03-12 16:14 - 2014-07-31 21:44 - 00000556 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-822631117-2597918515-961875465-1000.job
2017-03-12 16:13 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2017-03-12 16:11 - 2012-01-24 21:11 - 00000617 _____ C:\Windows\Tasks\OnlineBackupManager.job
2017-03-12 16:07 - 2012-08-26 23:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-12 15:37 - 2015-05-30 19:31 - 00000652 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-822631117-2597918515-961875465-1000.job
2017-03-12 15:28 - 2006-11-02 06:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-12 15:24 - 2015-08-27 18:13 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e115a33dfd09.job
2017-03-12 15:22 - 2014-05-09 10:20 - 00000000 __RSD C:\Users\Lora\Documents\McAfee Vaults
2017-03-12 15:20 - 2008-07-24 11:10 - 00000279 _____ C:\Users\Public\Documents\hpqp.ini
2017-03-12 15:19 - 2015-07-17 15:02 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-03-12 15:19 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-12 15:19 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-12 15:19 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-11 22:16 - 2006-11-02 09:01 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-10 16:08 - 2012-08-26 23:50 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-10 16:08 - 2011-08-30 12:11 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-10 16:08 - 2008-07-01 09:44 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-10 15:42 - 2007-05-11 11:38 - 00000000 ____D C:\Users\Lora\Desktop\Computer problem 12-19-16
2017-03-10 14:21 - 2016-12-20 16:33 - 00465024 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-03-10 14:20 - 2016-12-20 16:33 - 00278776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-03-10 14:20 - 2016-12-20 16:33 - 00184208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2017-03-10 14:20 - 2016-12-20 16:33 - 00106392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-03-10 14:20 - 2016-12-20 16:33 - 00062152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-03-10 14:20 - 2016-12-20 16:33 - 00060632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2017-03-10 14:20 - 2016-12-20 16:33 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-03-10 14:19 - 2016-12-20 16:33 - 00756200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-03-10 13:34 - 2007-05-11 11:31 - 00000000 ____D C:\AdwCleaner
2017-03-10 12:33 - 2015-07-17 15:03 - 00001983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-10 12:33 - 2015-07-17 15:03 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-10 11:54 - 2014-05-01 09:50 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-09 18:31 - 2014-05-09 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
2017-03-09 18:31 - 2013-07-11 23:38 - 00000000 ____D C:\Program Files\Google
2017-03-09 18:31 - 2008-08-12 07:12 - 00000000 ____D C:\Users\Lora\AppData\Local\QuickPlay
2017-03-09 18:31 - 2008-08-12 07:00 - 00000000 ____D C:\Users\Lora
2017-03-09 18:31 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\spool
2017-03-09 18:31 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\Msdtc
2017-03-09 18:31 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\registration
2017-03-09 18:31 - 2006-11-02 06:22 - 52428800 _____ C:\Windows\system32\config\software_previous
2017-03-09 18:31 - 2006-11-02 06:22 - 27525120 _____ C:\Windows\system32\config\system_previous
2017-03-09 18:22 - 2006-11-02 06:22 - 45088768 _____ C:\Windows\system32\config\components_previous
2017-03-09 18:22 - 2006-11-02 06:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2017-03-08 23:55 - 2006-11-02 06:22 - 01048576 _____ C:\Windows\system32\config\default_previous
2017-03-08 23:55 - 2006-11-02 06:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2017-03-08 22:03 - 2012-01-24 18:36 - 00000000 ____D C:\Users\Lora\AppData\Local\Deployment
2017-03-08 18:48 - 2008-07-01 07:45 - 00000000 ____D C:\Windows\panther
2017-03-08 00:03 - 2014-01-05 18:44 - 00000000 ____D C:\Windows\Minidump
2017-03-07 22:57 - 2008-08-12 08:09 - 00000000 ____D C:\Temp
 
==================== Files in the root of some directories =======
 
2016-05-13 23:26 - 2016-05-13 23:26 - 6748160 _____ () C:\Program Files\GUT7030.tmp
2012-03-14 12:06 - 2015-04-07 22:38 - 0002448 _____ () C:\Users\Lora\AppData\Roaming\wklnhst.dat
2008-08-12 07:12 - 2008-08-12 07:12 - 0000000 _____ () C:\Users\Lora\AppData\Local\AtStart.txt
2008-08-12 07:50 - 2017-01-27 19:30 - 0005864 _____ () C:\Users\Lora\AppData\Local\d3d9caps.dat
2012-03-07 13:12 - 2012-04-05 12:31 - 0007168 _____ () C:\Users\Lora\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-08-12 07:12 - 2008-08-12 07:12 - 0000000 _____ () C:\Users\Lora\AppData\Local\DSwitch.txt
2008-08-12 07:12 - 2008-08-12 07:12 - 0000000 _____ () C:\Users\Lora\AppData\Local\QSwitch.txt
2008-07-01 10:11 - 2008-07-01 10:12 - 0000372 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
2017-03-10 14:35 - 2017-03-10 14:35 - 0739904 _____ (Oracle Corporation) C:\Users\Lora\AppData\Local\Temp\jre-8u121-windows-au.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-12 15:27
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-03-2017
Ran by Lora (12-03-2017 16:20:40)
Running from C:\Users\Lora\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2008-07-24 14:52:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-822631117-2597918515-961875465-500 - Administrator - Disabled)
Guest (S-1-5-21-822631117-2597918515-961875465-501 - Limited - Disabled)
Lora (S-1-5-21-822631117-2597918515-961875465-1000 - Administrator - Enabled) => C:\Users\Lora

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
AS: Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.9.159 - Adobe Systems, Inc.)
Advanced SystemCare 10 (HKLM\...\Advanced SystemCare_is1) (Version: 10.2.0 - IObit)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
Citrix Online Launcher (HKLM\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.7.60 - Conexant)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1002 - CyberLink Corp.)
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.0928 - CyberLink Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 7.14.1.4670 (HKU\S-1-5-21-822631117-2597918515-961875465-1000\...\GoToMeeting) (Version: 7.14.1.4670 - CitrixOnline)
Hauppauge MCE XP/Vista Software Encoder (2.0.25149) (HKLM\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25149 - Hauppauge Computer Works, Inc.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: - )
Hewlett-Packard Active Check (Version: 1.1.11.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5 - HP) Hidden
HP Active Support Library (HKLM\...\{11BB336F-0E58-4977-B866-F24FA334616B}) (Version: 2.3.0.2 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{BD0E2B92-3814-46F0-893B-4612EA010C7E}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.02.0001 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Help and Support (HKLM\...\{31216452-5540-4C96-B754-94890A63D5AB}) (Version: 2.0.10.0 - Hewlett-Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Quick Launch Buttons 6.30 E1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.30 E1 - Hewlett-Packard)
HP QuickPlay 3.6 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP QuickTouch 1.00 C4 (HKLM\...\{7DC4A410-9986-4329-9E5D-687B2C42CA39}) (Version: 1.0.7 - Hewlett-Packard)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.0.17.0 - Hewlett-Packard)
HP Total Care Advisor (HKLM\...\{b02df929-29a7-4fd2-9a70-81a644b635f7}) (Version: 1.4.19.2433 - Hewlett-Packard)
HP Update (HKLM\...\{D063F201-FAC4-4D5C-B10B-615058ADE5A7}) (Version: 4.000.009.002 - Hewlett-Packard)
HP User Guides 0090 (HKLM\...\{B53620C0-3A83-4F50-A7AB-175DB64C1CE3}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}) (Version: 3.00 H2 - Hewlett-Packard)
HPNetworkAssistant (HKLM\...\{228C6B46-64E2-404E-898A-EF0830603EF4}) (Version: 1.1.70 - Hewlett-Packard.)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_Tattoo (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookHolidayPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookModernPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookPlayfulPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookScrapbookPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
IHA_MessageCenter (HKLM\...\{BE2DDF55-4C42-44CC-A56E-C8E4A65CB2FF}) (Version: 1.6.0 - Verizon)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2128 - CyberLink Corp.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.22.4.3 - Marvell)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.290 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 43.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.3 (x86 en-US)) (Version: 43.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.46 - BVRP Software, Inc)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PaperPort Image Printer (HKLM\...\{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3327 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2129 - CyberLink Corp.)
PowerDirector (Version: 6.5.2129 - CyberLink Corp.) Hidden
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickPlay SlingPlayer 0.4.6 (HKLM\...\SlingMedia.QPSlingPlayer_is1) (Version: 0.4.6 - SlingMedia)
RealDownloader (Version: 1.3.4 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.4 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.52.02 - )
ScanSoft PaperPort 11 (HKLM\...\{B6C89654-A6A2-477C-873B-724EC1C56407}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Slingbox Flash Tour (HKLM\...\{38EAC694-0D90-445F-8C17-8B50ADFE3162}) (Version: 1.0.0 - Sling Media)
SlingPlayer (HKLM\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media)
SlingPlayer (Version: 1.04.0206 - Sling Media) Hidden
support.com Support Connection (HKLM\...\support.com Support Connection) (Version: 3.5.15.0 - SupportSoft, Inc.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Verizon Download Manager (HKLM\...\{EDA40AA1-070C-48D1-9D77-50602BCDA95E}) (Version: 16 - SupportSoft)
Verizon Internet Security Suite Multi-Device (HKLM\...\MSC) (Version: 14.0.339 - McAfee, Inc.)
Verizon Online Backup and Sharing (HKLM\...\{2A5062E1-D1C6-4DC0-8B49-EAFC91BBE949}) (Version: 4.6.3480 - Verizon)
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
Vz In Home Agent (HKLM\...\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}) (Version: 8.03.25 - Verizon)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.79.0 - Verizon)
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
X-Mouse Button Control 2.11.1 (HKLM\...\X-Mouse Button Control) (Version: 2.11.1 - Highresolution Enterprises)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-822631117-2597918515-961875465-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Lora\AppData\Local\Citrix\GoToMeeting\4628\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15FB8260-4F53-4786-BA24-47C655C02576} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {1B404111-8DB8-4C9C-BAAF-9C3C9646EE3C} - System32\Tasks\G2MUploadTask-S-1-5-21-822631117-2597918515-961875465-1000 => C:\Users\Lora\AppData\Local\Citrix\GoToMeeting\4670\g2mupload.exe [2016-03-22] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {22BB3DB0-5177-4A82-9856-EA401CFB05C8} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-03-10] (AVAST Software)
Task: {2D792951-B5CC-457E-82EA-AA9A635E9079} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-822631117-2597918515-961875465-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)
Task: {3CFAA045-434D-44F4-B04E-A5CF2A591689} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {45E04154-3609-44CD-8176-321A54B39A02} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ad907166e84f => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {608C98DE-9EDC-43A8-88F6-BCB0AA1A774F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {60AA6D9F-813B-461D-AC15-756AD392DC90} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {6843F271-E776-49DE-8B65-8F1E047F79D6} - System32\Tasks\OnlineBackupManager => C:\Program Files\Verizon\Online Backup and Sharing\SyncNShare\OnlineBackup.SyncNShare.exe [2011-02-01] ()
Task: {6A3E35C6-3039-414C-A240-BE7807121142} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-822631117-2597918515-961875465-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)
Task: {702CAB3D-2D4A-48BB-8F9E-2604EE0B954B} - System32\Tasks\G2MUpdateTask-S-1-5-21-822631117-2597918515-961875465-1000 => C:\Users\Lora\AppData\Local\Citrix\GoToMeeting\4670\g2mupdate.exe [2016-03-22] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {70E846C6-B315-42A0-912E-23121D5F0914} - System32\Tasks\ASC10_SkipUac_Lora => C:\Program Files\IObit\Advanced SystemCare\ASC.exe [2017-02-13] (IObit)
Task: {71D8BFD6-68F8-4166-898B-02A1A896667D} - System32\Tasks\Uninstaller_Install_Lora => C:\Program Files\IObit\Advanced SystemCare\ActionCenterDownloader.exe [2017-02-08] (IObit)
Task: {757257C7-4DFA-4F67-BF3C-C57047F1B41A} - System32\Tasks\GoogleUpdateTaskMachineUA1d15d57c33490d4 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {96A0AD56-C80C-48D2-B453-A1978EFA5B09} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-14] (Adobe Systems Incorporated)
Task: {96CB5387-6FB5-449B-ADA5-A9D2C74BB732} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e115a33dfd09 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {A67B918C-0BB4-4D3C-90AC-5E8AEACCA435} - System32\Tasks\ASC10_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare\Monitor.exe [2016-12-05] (IObit)
Task: {A846ED96-C55B-4CE4-BB40-F6BB2B9EFF75} - System32\Tasks\OnlineBackup.SyncNShare => C:\Program Files\Verizon\Online Backup and Sharing\SyncNShare\OnlineBackup.SyncNShare.exe [2011-02-01] ()
Task: {D2D4B7DE-8FC6-413B-B165-4A0311335363} - \RegClean Pro -> No File <==== ATTENTION
Task: {E2E58507-2E65-4038-A75E-398DFE003B4B} - System32\Tasks\IntenetServiceOffers => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-09-28] ()
Task: {FAD0FEB3-506B-4192-A258-307849F77870} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-09-28] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-822631117-2597918515-961875465-1000.job => C:\Users\Lora\AppData\Local\Citrix\GoToMeeting\4670\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-822631117-2597918515-961875465-1000.job => C:\Users\Lora\AppData\Local\Citrix\GoToMeeting\4670\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e115a33dfd09.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\OnlineBackupManager.job => C:\Program Files\Verizon\Online Backup and Sharing\SyncNShare\OnlineBackup.SyncNShare.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Lora\Desktop\Computer problem 12-19-16\Password Reset - Windows 7 Help Forums.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hghkonmfneokdaggkfgfenbmmndpgdbg

==================== Loaded Modules (Whitelisted) ==============

2017-03-10 14:20 - 2017-03-10 14:20 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-10 15:33 - 2017-03-10 15:33 - 05883392 _____ () C:\Program Files\AVAST Software\Avast\defs\17031001\algo.dll
2017-03-10 14:20 - 2017-03-10 14:20 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-03-12 16:19 - 2017-03-12 16:19 - 05883392 _____ () C:\Program Files\AVAST Software\Avast\defs\17031200\algo.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-02-01 15:03 - 2011-02-01 15:03 - 00024576 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Scheduler\OnlineBackup.SchedulerService.exe
2011-02-01 15:03 - 2011-02-01 15:03 - 00094208 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Scheduler\OnlineBackup.Common.dll
2011-02-01 15:03 - 2011-02-01 15:03 - 00024576 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Scheduler\OnlineBackup.Scheduler.dll
2011-02-01 15:03 - 2011-02-01 15:03 - 00069632 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Scheduler\OnlineBackup.ThemeManager.dll
2010-12-28 14:27 - 2010-12-28 14:27 - 00045056 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Scheduler\TaskScheduler.dll
2008-07-24 11:10 - 2007-12-19 22:28 - 00271760 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2008-07-24 11:10 - 2007-12-19 22:28 - 00251288 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2010-10-20 00:50 - 2010-10-20 00:50 - 01949696 _____ () C:\Program Files\Verizon\Online Backup and Sharing\DigiData.Vault.VaultExplorer.dll
2014-08-12 11:34 - 2014-08-12 11:34 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2008-07-01 10:20 - 2007-01-09 06:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-07-24 10:56 - 2007-09-13 11:11 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2011-02-01 15:03 - 2011-02-01 15:03 - 00233472 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe
2011-02-01 15:03 - 2011-02-01 15:03 - 00094208 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.Common.dll
2011-02-01 15:03 - 2011-02-01 15:03 - 00069632 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.ThemeManager.dll
2011-02-01 15:03 - 2011-02-01 15:03 - 00036864 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.UpdateMonitor.dll
2011-02-01 15:03 - 2011-02-01 15:03 - 00036864 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.Controls.Buttons.dll
2011-02-01 15:03 - 2011-02-01 15:03 - 00032768 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.Updater.dll
2017-03-10 14:19 - 2017-03-10 14:19 - 00134920 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2016-12-20 16:32 - 2016-12-20 16:32 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-03-10 14:19 - 2017-03-10 14:19 - 00290352 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2007-05-16 13:43 - 2007-05-16 13:43 - 00677432 ____R () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2017-03-12 15:38 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files\IObit\Advanced SystemCare\webres.dll
2017-03-12 15:38 - 2016-12-20 16:36 - 01362720 _____ () C:\Program Files\IObit\Advanced SystemCare\Scan.dll
2017-03-12 15:42 - 2016-08-18 18:43 - 00442144 _____ () C:\Program Files\IObit\Advanced SystemCare\madExcept_.bpl
2017-03-12 15:42 - 2016-08-18 18:43 - 00210720 _____ () C:\Program Files\IObit\Advanced SystemCare\madBasic_.bpl
2017-03-12 15:42 - 2016-08-18 18:43 - 00059680 _____ () C:\Program Files\IObit\Advanced SystemCare\madDisAsm_.bpl
2017-03-12 15:38 - 2016-11-01 10:11 - 00078624 _____ () C:\Program Files\IObit\Advanced SystemCare\GetProcessDLL.dll
2017-03-12 15:38 - 2016-09-26 13:59 - 00631072 _____ () C:\Program Files\IObit\Advanced SystemCare\ProductStatistics.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-822631117-2597918515-961875465-1000\...\support.com -> restricted.support.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-822631117-2597918515-961875465-1000\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HPSplash.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{26DBE8A1-3F3E-4C71-8049-DDB32952D853}] => (Allow) C:\Program Files\Cyberlink\PowerDirector\PDR.EXE
FirewallRules: [{56A633F7-86FF-42D8-A596-7FE88B3F409F}] => (Allow) C:\Program Files\HP\QuickPlay\QP.exe
FirewallRules: [{8DD6BFB7-1DFD-48AF-8837-612BF6ADBA90}] => (Allow) C:\Program Files\HP\QuickPlay\QPService.exe
FirewallRules: [TCP Query User{C2631222-3817-48B3-BEE7-252287B8EB27}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{1304AFFB-34F0-43B8-A694-6E047345ABD0}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{277EAE66-A3AB-4C6D-A5D5-277655773F9A}] => (Allow) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
FirewallRules: [{D52BD661-16B5-44B2-8B0A-7B6F7AB1B990}] => (Allow) LPort=80
FirewallRules: [{CD97664A-9F7C-4486-8A28-82EF7A86413A}] => (Allow) LPort=80
FirewallRules: [{540BC2D4-9A6F-4C01-83F2-E93C9035D04A}] => (Allow) LPort=80
FirewallRules: [{97EFB50F-C921-4B02-A72E-BBF4DD2A5695}] => (Allow) LPort=50000
FirewallRules: [{E0CCDB87-AA43-4F9A-8095-7F53A2E9C551}] => (Allow) LPort=50000
FirewallRules: [TCP Query User{5F747915-4C74-48BE-A3D7-63E0778CAB66}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{193E6EA4-EBBF-4F46-B2F6-04086975E5C9}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [{6CDDE042-5531-4B6A-A19D-A44017AD5C51}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{56EFFC38-6927-4CDD-ADB6-B14B9B27F880}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{3B26CB4E-89F3-4332-9A38-D17A88882C9B}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [{6AFA9CC5-684F-4752-94EB-2C8FA27C01DD}] => (Allow) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{5CCCF068-885E-4709-B805-FB6AF2591411}] => (Allow) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D255BEC1-7BC7-4F05-B502-7A55378FB506}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{58A3D9FC-B3B4-424C-9D9D-BF8D08017ADF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E1217A43-FDBE-4134-AB03-8D7A8BC89FAE}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3054B0A8-3974-4C6A-86AF-97D10A74BBF0}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{3283D749-5C3D-4227-8676-00D35B1B01BA}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{ED9E0080-4857-4076-8AFF-C5813F475663}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{03FF5A93-9F2D-44C9-A36F-37D58FCA08D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB7125A3-CB97-4D82-B1F6-4E5C42010098}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{6BC613DB-AECA-4AE2-8C31-AD9DD8538C90}] => (Allow) C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{427D1CFC-A6F4-4530-805D-48A970DC212F}] => (Allow) C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe] => Enabled:Earthlink

==================== Restore Points =========================

11-05-2007 14:14:56 Scheduled Checkpoint
11-05-2007 14:36:35 after Den's fix
20-12-2016 13:40:34 after adjusting date to 2016
20-12-2016 22:19:24 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2017 03:20:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/11/2017 08:17:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/10/2017 02:38:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application lsass.exe, version 6.0.6002.18541, time stamp 0x4ec3c4c9, faulting module LSASRV.dll, version 6.0.6002.19214, time stamp 0x54372fc2, exception code 0xc0000005, fault offset 0x000584bd,
process id 0x358, application start time 0x01d299cb80b27e1b.

Error: (03/10/2017 01:27:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/10/2017 12:59:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/10/2017 11:34:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/09/2017 03:35:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/09/2017 03:34:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -551.

Error: (03/09/2017 03:34:13 PM) (Source: ESENT) (EventID: 454) (User: )
Description: Catalog Database (1544) Catalog Database: Database recovery/restore failed with unexpected error -551.

Error: (03/09/2017 03:34:11 PM) (Source: ESENT) (EventID: 517) (User: )
Description: Catalog Database (1544) Catalog Database: Database recovery failed with error -551 because it encountered references to a database, 'C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.


System errors:
=============
Error: (03/12/2017 03:29:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IHA_MessageCenter service terminated unexpectedly. It has done this 1 time(s).

Error: (03/12/2017 03:21:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error:
After starting, the service hung in a start-pending state.

Error: (03/12/2017 03:21:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The QuickPlay Background Capture Service (QBCS) service hung on starting.

Error: (03/12/2017 03:20:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/11/2017 08:26:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IHA_MessageCenter service terminated unexpectedly. It has done this 1 time(s).

Error: (03/11/2017 08:19:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error:
After starting, the service hung in a start-pending state.

Error: (03/11/2017 08:19:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The QuickPlay Background Capture Service (QBCS) service hung on starting.

Error: (03/11/2017 08:18:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/11/2017 12:16:28 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.

Error: (03/10/2017 04:23:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IHA_MessageCenter service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2017-03-07 23:08:56.557
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-07 23:08:55.605
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-07 23:08:54.701
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-07 23:08:53.858
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-07 23:08:25.479
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-07 23:08:24.605
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-07 23:08:23.825
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-07 23:08:23.030
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-07 18:19:28.059
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-07 18:19:27.201
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 67%
Total physical RAM: 3061.61 MB
Available physical RAM: 996.25 MB
Total Virtual: 6323.51 MB
Available Virtual: 3925.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:221.2 GB) (Free:168.5 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.68 GB) (Free:1.99 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 6E186E18)
Partition 1: (Active) - (Size=221.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 14 March 2017 - 05:15 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,771 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:36 AM

Posted 14 March 2017 - 05:15 PM

Greetings Den. and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,771 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:36 AM

Posted 14 March 2017 - 08:07 PM

Greetings again.

I don't see any evidence of malware on the computer. Please do these things.

===================================================

Uninstall McAfee Remnants

--------------------
  • Please download McAfee Consumer Product Removal Tool and save it to your desktop
  • Double click the icon to launch the program
  • Select Run
  • Click Next
  • Select Agree then Next
  • Complete Security Validation and click Next (letters are case sensitive)
  • When prompted click Restart
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
CHR Extension: (tampa bay musical instruments - craig...) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdhcepkgajfjbbadhadlpmocapplekd [2017-03-08]
CHR Extension: (tampa bay computers - by owner - crai...) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlocbjelkgbnjnmpeffpehdafdmcdbgn [2017-03-07]
cmd: net stop cryptsvc
cmd: ren C:\Windows\system32\catroot2 catroot2old
cmd: net start cryptsvc
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • McAfee removed?
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Den.

Den.
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 15 March 2017 - 06:37 AM

Hi. Thanks for your help. The McAfee uninstall reported unsuccessful. Here is the fix log:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 12-03-2017
Ran by Lora (15-03-2017 07:01:31) Run:1
Running from C:\Users\Lora\Desktop
Loaded Profiles: Lora (Available Profiles: Lora)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CHR Extension: (tampa bay musical instruments - craig...) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdhcepkgajfjbbadhadlpmocapplekd [2017-03-08]
CHR Extension: (tampa bay computers - by owner - crai...) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlocbjelkgbnjnmpeffpehdafdmcdbgn [2017-03-07]
cmd: net stop cryptsvc
cmd: ren C:\Windows\system32\catroot2 catroot2old
cmd: net start cryptsvc
emptytemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdhcepkgajfjbbadhadlpmocapplekd => moved successfully
C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlocbjelkgbnjnmpeffpehdafdmcdbgn => moved successfully
 
========= net stop cryptsvc =========
 
The Cryptographic Services service is stopping..
The Cryptographic Services service was stopped successfully.
 
 
========= End of CMD: =========
 
 
========= ren C:\Windows\system32\catroot2 catroot2old =========
 
 
========= End of CMD: =========
 
 
========= net start cryptsvc =========
 
The Cryptographic Services service is starting.
The Cryptographic Services service was started successfully.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4154875 B
Java, Flash, Steam htmlcache => 949 B
Windows/system/drivers => 7172578 B
Edge => 0 B
Chrome => 60779199 B
Firefox => 70874603 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 7639181 B
LocalService => 132244 B
NetworkService => 1006828 B
Lora => 116513039 B
 
RecycleBin => 232986361 B
EmptyTemp: => 486.1 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 07:10:28 ====

 

 



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,771 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:36 AM

Posted 15 March 2017 - 12:03 PM

Thank you, we will leave McAfee alone since I don't think it is a significant issue.

Please update me about the computer performance in Normal Boot. In addition, please boot into Safe Mode with Networking, run a fresh FRST scan posting the results, and let me know if the computer runs better in this state.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Den.

Den.
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 15 March 2017 - 03:35 PM

Hi...

It seems to ME that the laptop runs fine in normal mode and safe mode. When we are done I will give it back to her and ask for her opinion and report back. I will return it when I see her Saturday 3-18-17. Here is the FRST scan results done in safe mode. I wasn't sure if you wanted the ADDITION results so I will attach them just in case you did.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Lora (administrator) on LORA-PC (15-03-2017 16:07:56)
Running from C:\Users\Lora\Desktop
Loaded Profiles: Lora (Available Profiles: Lora)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-03-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174616 2007-07-25] (Intel Corporation)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2007-12-19] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2007-09-19] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [OnScreenDisplay] => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554320 2007-09-04] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2007-08-17] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [VERIZONDM] => C:\Program Files\VERIZONDM\bin\sprtcmd.exe [206120 2011-12-01] (SupportSoft, Inc.)
HKLM\...\Run: [Online Backup Auto Update] => C:\Program Files\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe [233472 2011-02-01] ()
HKLM\...\Run: [Vault Explorer Cache Watcher] => C:\Program Files\Verizon\Online Backup and Sharing\vewatch.exe [28672 2010-10-20] (DigiData Corp.)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [30248 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] => "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2014-10-12] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [820208 2015-08-10] (Highresolution Enterprises)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-10] (AVAST Software)
HKU\S-1-5-21-822631117-2597918515-961875465-1000\...\Run: [Advanced SystemCare 10] => C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [3919136 2017-02-08] (IObit)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-03-10] (AVAST Software)
Startup: C:\Users\Lora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Backup.lnk [2012-01-24]
ShortcutTarget: Backup.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
Startup: C:\Users\Lora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2009-10-14]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1F818321-7941-4906-A95E-C1A735BDB919}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{50D96EAA-01A1-4EDB-94AD-362D47C82888}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-822631117-2597918515-961875465-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-822631117-2597918515-961875465-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
HKU\S-1-5-21-822631117-2597918515-961875465-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
SearchScopes: HKLM -> DefaultScope {EA7C8ACD-C678-4779-A514-E2D84671CBD8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM -> {EA7C8ACD-C678-4779-A514-E2D84671CBD8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKU\S-1-5-21-822631117-2597918515-961875465-1000 -> DefaultScope {30E805FD-1B92-4969-AB59-6E2558EB43AB} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US756D20140705&p={searchTerms}
SearchScopes: HKU\S-1-5-21-822631117-2597918515-961875465-1000 -> {30E805FD-1B92-4969-AB59-6E2558EB43AB} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US756D20140705&p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-08-12] (RealDownloader)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-10] (AVAST Software)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-13] (Oracle Corporation)
BHO: HP Print Clips -> {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} -> c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-08-31] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_66-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0066-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_66-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_66-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\Lora\AppData\Roaming\Mozilla\Firefox\Profiles\oxfprumv.default [2017-03-15]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\oxfprumv.default -> Secure Search
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\oxfprumv.default -> Secure Search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\oxfprumv.default -> Secure Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\oxfprumv.default -> Secure Search
FF Homepage: Mozilla\Firefox\Profiles\oxfprumv.default -> hxxp://www.foxnews.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\oxfprumv.default -> hxxps://search.yahoo.com/search?fr=mcafee&type=B111US756D20140705&p=
FF NetworkProxy: Mozilla\Firefox\Profiles\oxfprumv.default -> type", 0
FF Extension: (No Name) - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF SearchPlugin: C:\Users\Lora\AppData\Roaming\Mozilla\Firefox\Profiles\oxfprumv.default\searchplugins\McSiteAdvisor.xml [2015-11-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-31] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi => not found
FF HKLM\...\Firefox\Extensions: [{1B12EF76-2B5E-4DA1-B587-4762D49BFE03}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-03-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-22] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.4.19 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-10-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.4 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-08-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.4.19 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-10-12] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2014-08-12] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-822631117-2597918515-961875465-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Lora\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-06-27] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Lora\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-01-16] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=B211US756D20140705&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default [2017-03-15]
CHR Extension: (Google Docs) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-17]
CHR Extension: (Google Drive) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbkfbadbicgpkjjlboknaiiljjpfgmen [2016-12-20]
CHR Extension: (Google Search) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Avast SafePrice) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-15]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-03-10]
CHR Extension: (Google Docs Offline) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-17]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdvancedSystemCareService10; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [462624 2016-12-12] (IObit)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5545144 2017-03-10] (AVAST Software s.r.o.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-10] (AVAST Software)
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) [File not signed]
S2 FilesystemWatcher; C:\Program Files\Verizon\Online Backup and Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [24576 2010-12-28] (DigiData Corp.) [File not signed]
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) [File not signed]
S2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2015-01-27] (Verizon) [File not signed]
S2 OnlineBackupSchedulerService; C:\Program Files\Verizon\Online Backup and Sharing\Scheduler\OnlineBackup.SchedulerService.exe [24576 2011-02-01] () [File not signed]
S2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [271760 2007-12-19] ()
S2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [112016 2007-12-19] ()
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2014-08-12] ()
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S2 sprtsvc_verizondm; C:\Program Files\VERIZONDM\bin\sprtsvc.exe [206120 2011-12-01] (SupportSoft, Inc.)
S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [382240 2008-07-14] (SupportSoft, Inc.)
S2 tgsrvc_verizondm; C:\Program Files\VERIZONDM\bin\tgsrvc.exe [185640 2011-12-01] (SupportSoft, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 0110181489574113mcinstcleanup; C:\Windows\TEMP\011018~1.EXE -cleanup -nolog [X]
S3 McAWFwk; c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [X]
S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [257288 2017-03-10] (AVAST Software s.r.o.)
S0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148720 2017-03-10] (AVAST Software s.r.o.)
S0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [267016 2017-03-10] (AVAST Software s.r.o.)
S0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41176 2017-03-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-03-10] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [106392 2017-03-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [60632 2017-03-10] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-03-10] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [756200 2017-03-10] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465024 2017-03-10] (AVAST Software)
S3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184208 2017-03-10] (AVAST Software)
S0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [278776 2017-03-15] (AVAST Software)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [183352 2007-10-01] (Conexant Systems Inc.)
R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [304928 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [82800 2015-02-17] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80760 2015-01-16] (McAfee, Inc.)
U1 eabfiltr; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-15 16:07 - 2017-03-15 16:08 - 00020905 _____ C:\Users\Lora\Desktop\FRST.txt
2017-03-15 16:07 - 2017-03-15 16:07 - 00000000 ____D C:\Users\Lora\Desktop\FRST-OlderVersion
2017-03-15 16:05 - 2017-03-15 16:06 - 00074468 _____ C:\Windows\ntbtlog.txt
2017-03-15 15:44 - 2017-03-15 15:44 - 00000050 _____ C:\Users\Lora\Desktop\YouTube.url
2017-03-15 15:38 - 2017-03-15 15:42 - 00000000 ____D C:\Users\Lora\Desktop\Problem 3-7-16
2017-03-15 15:35 - 2017-03-15 15:35 - 00000000 ____D C:\Users\Lora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-03-12 15:43 - 2017-03-12 15:47 - 00000000 ____D C:\Users\Lora\AppData\LocalLow\IObit
2017-03-12 15:43 - 2017-03-12 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2017-03-12 15:28 - 2017-03-15 16:07 - 01766912 _____ (Farbar) C:\Users\Lora\Desktop\FRST.exe
2017-03-12 15:28 - 2016-03-10 13:07 - 09926112 _____ (Malwarebytes) C:\Users\Lora\Desktop\mbam.exe
2017-03-12 15:27 - 2016-12-10 12:50 - 03968464 _____ C:\Users\Lora\Desktop\adwcleaner_6.040 (1).exe
2017-03-10 16:08 - 2017-03-10 16:08 - 19827800 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2017-03-10 16:05 - 2017-03-10 16:09 - 42901248 _____ (IObit ) C:\Users\Lora\Downloads\cbsasctrial_102.exe
2017-03-10 15:44 - 2017-03-10 15:49 - 00000000 _____ C:\Windows\system32\last.dump
2017-03-10 14:21 - 2017-03-10 14:19 - 00267016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-03-10 14:21 - 2017-03-10 14:19 - 00257288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-03-10 14:21 - 2017-03-10 14:19 - 00148720 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-03-10 14:21 - 2017-03-10 14:19 - 00041176 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-03-10 14:20 - 2017-03-10 14:20 - 00328208 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-03-10 12:10 - 2017-03-10 12:10 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2017-03-09 16:19 - 2017-03-09 16:19 - 00000294 _____ C:\Users\Lora\Desktop\Lora.lnk
2017-03-09 15:36 - 2017-03-09 15:36 - 00001829 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-03-08 22:36 - 2017-03-15 16:07 - 00000000 ____D C:\FRST
2017-03-08 18:01 - 2017-03-08 18:01 - 00000000 ____D C:\Users\Lora\AppData\RoamingStartup Manager
2017-03-08 17:59 - 2017-03-12 15:47 - 00000000 ____D C:\ProgramData\ProductData
2017-03-08 17:59 - 2017-03-08 17:59 - 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-03-08 17:58 - 2017-03-08 17:58 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2017-03-08 17:58 - 2017-03-08 17:58 - 00000000 ____D C:\Program Files\Common Files\IObit
2017-03-08 17:55 - 2017-03-15 06:27 - 00000000 ____D C:\ProgramData\IObit
2017-03-08 17:55 - 2017-03-12 15:47 - 00000000 ____D C:\Users\Lora\AppData\Roaming\IObit
2017-03-08 17:55 - 2017-03-08 17:55 - 00000000 ____D C:\Program Files\IObit
2017-03-07 23:20 - 2017-03-07 23:20 - 00000000 ____D C:\Program Files\Adware Removal Tool by TSA
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-15 15:53 - 2006-11-02 09:01 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-15 15:53 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-15 15:53 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-15 15:53 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-15 15:41 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2017-03-15 15:41 - 2006-11-02 06:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-15 15:37 - 2015-05-30 19:31 - 00000652 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-822631117-2597918515-961875465-1000.job
2017-03-15 15:24 - 2015-08-27 18:13 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e115a33dfd09.job
2017-03-15 15:22 - 2016-12-20 16:33 - 00278776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-03-15 15:19 - 2015-07-17 15:02 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-03-15 15:14 - 2014-07-31 21:44 - 00000556 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-822631117-2597918515-961875465-1000.job
2017-03-15 15:11 - 2012-01-24 21:11 - 00000617 _____ C:\Windows\Tasks\OnlineBackupManager.job
2017-03-15 15:07 - 2012-08-26 23:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-15 14:09 - 2008-07-24 11:10 - 00000279 _____ C:\Users\Public\Documents\hpqp.ini
2017-03-15 14:08 - 2015-07-17 15:02 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-03-15 06:55 - 2014-05-09 10:18 - 00000000 ____D C:\Program Files\McAfee
2017-03-15 06:55 - 2014-05-09 10:18 - 00000000 ____D C:\Program Files\Common Files\Mcafee
2017-03-15 06:30 - 2014-05-09 10:20 - 00000000 __RSD C:\Users\Lora\Documents\McAfee Vaults
2017-03-15 06:25 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\catroot2old
2017-03-10 16:08 - 2012-08-26 23:50 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-10 16:08 - 2011-08-30 12:11 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-10 16:08 - 2008-07-01 09:44 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-10 15:42 - 2007-05-11 11:38 - 00000000 ____D C:\Users\Lora\Desktop\Computer problem 12-19-16
2017-03-10 14:21 - 2016-12-20 16:33 - 00465024 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-03-10 14:20 - 2016-12-20 16:33 - 00184208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2017-03-10 14:20 - 2016-12-20 16:33 - 00106392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-03-10 14:20 - 2016-12-20 16:33 - 00062152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-03-10 14:20 - 2016-12-20 16:33 - 00060632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2017-03-10 14:20 - 2016-12-20 16:33 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-03-10 14:19 - 2016-12-20 16:33 - 00756200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-03-10 13:34 - 2007-05-11 11:31 - 00000000 ____D C:\AdwCleaner
2017-03-10 12:33 - 2015-07-17 15:03 - 00001983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-10 12:33 - 2015-07-17 15:03 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-10 11:54 - 2014-05-01 09:50 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-09 18:31 - 2014-05-09 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
2017-03-09 18:31 - 2013-07-11 23:38 - 00000000 ____D C:\Program Files\Google
2017-03-09 18:31 - 2008-08-12 07:12 - 00000000 ____D C:\Users\Lora\AppData\Local\QuickPlay
2017-03-09 18:31 - 2008-08-12 07:00 - 00000000 ____D C:\Users\Lora
2017-03-09 18:31 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\spool
2017-03-09 18:31 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\Msdtc
2017-03-09 18:31 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\registration
2017-03-09 18:31 - 2006-11-02 06:22 - 52428800 _____ C:\Windows\system32\config\software_previous
2017-03-09 18:31 - 2006-11-02 06:22 - 27525120 _____ C:\Windows\system32\config\system_previous
2017-03-09 18:22 - 2006-11-02 06:22 - 45088768 _____ C:\Windows\system32\config\components_previous
2017-03-09 18:22 - 2006-11-02 06:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2017-03-08 23:55 - 2006-11-02 06:22 - 01048576 _____ C:\Windows\system32\config\default_previous
2017-03-08 23:55 - 2006-11-02 06:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2017-03-08 22:03 - 2012-01-24 18:36 - 00000000 ____D C:\Users\Lora\AppData\Local\Deployment
2017-03-08 18:48 - 2008-07-01 07:45 - 00000000 ____D C:\Windows\panther
2017-03-08 00:03 - 2014-01-05 18:44 - 00000000 ____D C:\Windows\Minidump
2017-03-07 22:57 - 2008-08-12 08:09 - 00000000 ____D C:\Temp
 
==================== Files in the root of some directories =======
 
2016-05-13 23:26 - 2016-05-13 23:26 - 6748160 _____ () C:\Program Files\GUT7030.tmp
2012-03-14 12:06 - 2015-04-07 22:38 - 0002448 _____ () C:\Users\Lora\AppData\Roaming\wklnhst.dat
2008-08-12 07:12 - 2008-08-12 07:12 - 0000000 _____ () C:\Users\Lora\AppData\Local\AtStart.txt
2008-08-12 07:50 - 2017-01-27 19:30 - 0005864 _____ () C:\Users\Lora\AppData\Local\d3d9caps.dat
2012-03-07 13:12 - 2012-04-05 12:31 - 0007168 _____ () C:\Users\Lora\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-08-12 07:12 - 2008-08-12 07:12 - 0000000 _____ () C:\Users\Lora\AppData\Local\DSwitch.txt
2008-08-12 07:12 - 2008-08-12 07:12 - 0000000 _____ () C:\Users\Lora\AppData\Local\QSwitch.txt
2008-07-01 10:11 - 2008-07-01 10:12 - 0000372 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-15 14:20
 
==================== End of FRST.txt ============================

Attached Files



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,771 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:36 AM

Posted 15 March 2017 - 04:12 PM

Thanks,

My suspicion is this is due to a limited amount of RAM on an older computer. I will show you how the resources are being taxed.

This is Memory information in Safe Mode:
 

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 16%
Total physical RAM: 3061.61 MB
Available physical RAM: 2570.9 MB
Total Virtual: 6325.49 MB
Available Virtual: 6020.44 MB


And here is what it shows in Normal Boot:
 

==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 67%
Total physical RAM: 3061.61 MB
Available physical RAM: 996.25 MB
Total Virtual: 6323.51 MB
Available Virtual: 3925.45 MB


Assuming you were not taxing the system when you ran the initial FRST scan, this doesn't leave much room to add other demands. Though Normal Boot shows there is 33% of memory available, that is 33% of a limited amount to start with. That leaves only 1GB to handle everything else. I think the computer is simply getting tapped out.

Now let's look at what is being asked of the computer the minute it is turned on:
 

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-03-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174616 2007-07-25] (Intel Corporation)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2007-12-19] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2007-09-19] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [OnScreenDisplay] => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554320 2007-09-04] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2007-08-17] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [VERIZONDM] => C:\Program Files\VERIZONDM\bin\sprtcmd.exe [206120 2011-12-01] (SupportSoft, Inc.)
HKLM\...\Run: [Online Backup Auto Update] => C:\Program Files\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe [233472 2011-02-01] ()
HKLM\...\Run: [Vault Explorer Cache Watcher] => C:\Program Files\Verizon\Online Backup and Sharing\vewatch.exe [28672 2010-10-20] (DigiData Corp.)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [30248 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] => "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [562688 2015-02-11] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2014-10-12] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [820208 2015-08-10] (Highresolution Enterprises)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-10] (AVAST Software)
HKU\S-1-5-21-822631117-2597918515-961875465-1000\...\Run: [Advanced SystemCare 10] => C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [3919136 2017-02-08] (IObit)
Startup: C:\Users\Lora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Backup.lnk [2012-01-24]
Startup: C:\Users\Lora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2009-10-14]

Forgive me if you already know this but let me try to explain. Each one of these programs are launched at boot time (Autorun) and take up resources in the background. Some of them are required so the system works properly, but some of them are launched whether or not you intend to use them. Think of it like this. You might need to go to the store today. You can handle your car one of 2 ways. You can start it and leave it idling which uses "resources" whether or not you go, or you can start it up when you are ready. Starting it up may take just a few seconds longer but it is better than wasting the gas it takes to idle it, especially when you are running near empty.

So what to do.....

Below is a program you can run that will list all the Autoruns. You can review and evaluate which ones are not necessary to run in the background and unchek them. By unchecking, that doesn't mean you can't use them, it just means the "car needs to be started" because it isn't already idling. So for instance, does ScanSoft need to be running all the time? If you uncheck it and later launch it via an icon it will then start the program. In theory that should free up resources and give the computer a little more breathing room which will hopefully help it run better.

So, if you'd like to tackle this, here are the instructions.

===================================================

Disabling Autoruns Entries

--------------------
  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder (or if necessary right click and select Extract)
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Uncheck any items you do not need to launch at startup. Note: This does not mean you can't run the program, only that it won't automatically launch at startup whether you use it or not
  • If you are unsure about an entry you can Google it or check the startup in the BleepingComputer Startup List. You can also ask me about it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Den.

Den.
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 16 March 2017 - 10:01 AM

Hi Gary...

 

I downloaded and ran the AUTORUN program. I would like help narrowing down which tabs I should concentrate on when looking for items to uncheck. Den



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,771 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:36 AM

Posted 16 March 2017 - 01:20 PM

No problem. This is my best guess, not knowing your user. Work from the Everything tab.

These are safe to disable.

HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2007-12-19] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2007-09-19] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [OnScreenDisplay] => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554320 2007-09-04] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2007-08-17] (CyberLink Corp.)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [30248 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] => "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2014-10-12] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKU\S-1-5-21-822631117-2597918515-961875465-1000\...\Run: [Advanced SystemCare 10] => C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [3919136 2017-02-08] (IObit)
Startup: C:\Users\Lora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2009-10-14]

-----

If your user no longer needs Verizon software you can disable these:

HKLM\...\Run: [VERIZONDM] => C:\Program Files\VERIZONDM\bin\sprtcmd.exe [206120 2011-12-01] (SupportSoft, Inc.)
HKLM\...\Run: [Online Backup Auto Update] => C:\Program Files\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe [233472 2011-02-01] ()
HKLM\...\Run: [Vault Explorer Cache Watcher] => C:\Program Files\Verizon\Online Backup and Sharing\vewatch.exe [28672 2010-10-20] (DigiData Corp.)

-----

If your user no longer uses automatic backup software you can disable this:

Startup: C:\Users\Lora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Backup.lnk [2012-01-24]

-----

After you disable selected items run a FRST scan in Normal Boot and let's compare the memory usage. I'm curious. :)

Edited by Oh My!, 16 March 2017 - 01:21 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Den.

Den.
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 16 March 2017 - 02:45 PM

Gary ... I disabled all of your suggestions EXCEPT the Verizon software.  Den

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Lora (administrator) on LORA-PC (16-03-2017 15:35:49)
Running from C:\Users\Lora\Desktop
Loaded Profiles: Lora (Available Profiles: Lora)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(DigiData Corp.) C:\Program Files\Verizon\Online Backup and Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
() C:\Program Files\Verizon\Online Backup and Sharing\Scheduler\OnlineBackup.SchedulerService.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\Monitor.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(SupportSoft, Inc.) C:\Program Files\VERIZONDM\bin\sprtsvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(SupportSoft, Inc.) C:\Program Files\VERIZONDM\bin\sprtcmd.exe
() C:\Program Files\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe
(DigiData Corp.) C:\Program Files\Verizon\Online Backup and Sharing\vewatch.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SupportSoft, Inc.) C:\Program Files\VERIZONDM\bin\tgsrvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvLaunch.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-03-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174616 2007-07-25] (Intel Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [VERIZONDM] => C:\Program Files\VERIZONDM\bin\sprtcmd.exe [206120 2011-12-01] (SupportSoft, Inc.)
HKLM\...\Run: [Online Backup Auto Update] => C:\Program Files\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe [233472 2011-02-01] ()
HKLM\...\Run: [Vault Explorer Cache Watcher] => C:\Program Files\Verizon\Online Backup and Sharing\vewatch.exe [28672 2010-10-20] (DigiData Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [820208 2015-08-10] (Highresolution Enterprises)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-10] (AVAST Software)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-03-10] (AVAST Software)
Startup: C:\Users\Lora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2017-03-16] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1F818321-7941-4906-A95E-C1A735BDB919}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{50D96EAA-01A1-4EDB-94AD-362D47C82888}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-822631117-2597918515-961875465-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-822631117-2597918515-961875465-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
HKU\S-1-5-21-822631117-2597918515-961875465-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
SearchScopes: HKLM -> DefaultScope {EA7C8ACD-C678-4779-A514-E2D84671CBD8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM -> {EA7C8ACD-C678-4779-A514-E2D84671CBD8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKU\S-1-5-21-822631117-2597918515-961875465-1000 -> DefaultScope {30E805FD-1B92-4969-AB59-6E2558EB43AB} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US756D20140705&p={searchTerms}
SearchScopes: HKU\S-1-5-21-822631117-2597918515-961875465-1000 -> {30E805FD-1B92-4969-AB59-6E2558EB43AB} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US756D20140705&p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-08-12] (RealDownloader)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-10] (AVAST Software)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-13] (Oracle Corporation)
BHO: HP Print Clips -> {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} -> c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-08-31] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_66-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0066-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_66-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_66-windows-i586.cab
Handler: dssrequest - No CLSID Value - 
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: sacore - No CLSID Value - 
Filter: application/x-mfe-ipt - No CLSID Value - 
 
FireFox:
========
FF ProfilePath: C:\Users\Lora\AppData\Roaming\Mozilla\Firefox\Profiles\oxfprumv.default [2017-03-16]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\oxfprumv.default -> Secure Search
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\oxfprumv.default -> Secure Search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\oxfprumv.default -> Secure Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\oxfprumv.default -> Secure Search
FF Homepage: Mozilla\Firefox\Profiles\oxfprumv.default -> hxxp://www.foxnews.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\oxfprumv.default -> hxxps://search.yahoo.com/search?fr=mcafee&type=B111US756D20140705&p=
FF NetworkProxy: Mozilla\Firefox\Profiles\oxfprumv.default -> type", 0
FF Extension: (No Name) - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF SearchPlugin: C:\Users\Lora\AppData\Roaming\Mozilla\Firefox\Profiles\oxfprumv.default\searchplugins\McSiteAdvisor.xml [2015-11-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-31] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-12] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi => not found
FF HKLM\...\Firefox\Extensions: [{1B12EF76-2B5E-4DA1-B587-4762D49BFE03}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-03-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-22] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.4.19 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-10-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.4 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-08-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.4.19 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-10-12] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2014-08-12] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-822631117-2597918515-961875465-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Lora\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-06-27] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Lora\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-01-16] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=B211US756D20140705&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default [2017-03-16]
CHR Extension: (Google Docs) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-17]
CHR Extension: (Google Drive) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbkfbadbicgpkjjlboknaiiljjpfgmen [2016-12-20]
CHR Extension: (Google Search) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Avast SafePrice) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-15]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-03-10]
CHR Extension: (Google Docs Offline) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-16]
CHR Extension: (Gmail) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-17]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService10; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [462624 2016-12-12] (IObit)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5545144 2017-03-10] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-10] (AVAST Software)
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 FilesystemWatcher; C:\Program Files\Verizon\Online Backup and Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [24576 2010-12-28] (DigiData Corp.) [File not signed]
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) [File not signed]
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2015-01-27] (Verizon) [File not signed]
R2 OnlineBackupSchedulerService; C:\Program Files\Verizon\Online Backup and Sharing\Scheduler\OnlineBackup.SchedulerService.exe [24576 2011-02-01] () [File not signed]
R2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [271760 2007-12-19] ()
S2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [112016 2007-12-19] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2014-08-12] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 sprtsvc_verizondm; C:\Program Files\VERIZONDM\bin\sprtsvc.exe [206120 2011-12-01] (SupportSoft, Inc.)
S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [382240 2008-07-14] (SupportSoft, Inc.)
R2 tgsrvc_verizondm; C:\Program Files\VERIZONDM\bin\tgsrvc.exe [185640 2011-12-01] (SupportSoft, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [257288 2017-03-10] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148720 2017-03-10] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [267016 2017-03-10] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41176 2017-03-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-03-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [106392 2017-03-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [60632 2017-03-10] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-03-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [756200 2017-03-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465024 2017-03-10] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184208 2017-03-10] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [278776 2017-03-15] (AVAST Software)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [183352 2007-10-01] (Conexant Systems Inc.)
R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [304928 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [82800 2015-02-17] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80760 2015-01-16] (McAfee, Inc.)
U1 eabfiltr; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-16 15:35 - 2017-03-16 15:36 - 00020797 _____ C:\Users\Lora\Desktop\FRST.txt
2017-03-16 12:52 - 2017-03-16 12:52 - 04031440 _____ C:\Users\Lora\Desktop\adwcleaner_6.044.exe
2017-03-16 10:22 - 2017-03-16 10:22 - 00000068 _____ C:\Users\Lora\Desktop\Startup Programs Database.url
2017-03-16 10:19 - 2017-03-16 10:19 - 00000000 ____D C:\Users\Lora\Desktop\Autoruns
2017-03-16 10:16 - 2017-03-16 10:16 - 00000118 _____ C:\Users\Lora\Desktop\Laptop slows and then becomes unresponsive. - Virus, Trojan, Spyware, and Malware Removal Logs.url
2017-03-15 15:44 - 2017-03-15 15:44 - 00000050 _____ C:\Users\Lora\Desktop\YouTube.url
2017-03-15 15:38 - 2017-03-16 15:22 - 00000000 ____D C:\Users\Lora\Desktop\Problem 3-7-16
2017-03-15 15:35 - 2017-03-15 15:35 - 00000000 ____D C:\Users\Lora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-03-12 15:43 - 2017-03-12 15:47 - 00000000 ____D C:\Users\Lora\AppData\LocalLow\IObit
2017-03-12 15:43 - 2017-03-12 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2017-03-12 15:28 - 2017-03-15 16:07 - 01766912 _____ (Farbar) C:\Users\Lora\Desktop\FRST.exe
2017-03-12 15:28 - 2016-03-10 13:07 - 09926112 _____ (Malwarebytes) C:\Users\Lora\Desktop\mbam.exe
2017-03-10 16:08 - 2017-03-10 16:08 - 19827800 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2017-03-10 16:05 - 2017-03-10 16:09 - 42901248 _____ (IObit ) C:\Users\Lora\Downloads\cbsasctrial_102.exe
2017-03-10 15:44 - 2017-03-10 15:49 - 00000000 _____ C:\Windows\system32\last.dump
2017-03-10 14:21 - 2017-03-10 14:19 - 00267016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-03-10 14:21 - 2017-03-10 14:19 - 00257288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-03-10 14:21 - 2017-03-10 14:19 - 00148720 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-03-10 14:21 - 2017-03-10 14:19 - 00041176 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-03-10 14:20 - 2017-03-10 14:20 - 00328208 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-03-10 12:10 - 2017-03-16 12:55 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2017-03-09 16:19 - 2017-03-09 16:19 - 00000294 _____ C:\Users\Lora\Desktop\Lora.lnk
2017-03-08 22:36 - 2017-03-16 15:35 - 00000000 ____D C:\FRST
2017-03-08 18:01 - 2017-03-08 18:01 - 00000000 ____D C:\Users\Lora\AppData\RoamingStartup Manager
2017-03-08 17:59 - 2017-03-16 15:06 - 00000000 ____D C:\ProgramData\ProductData
2017-03-08 17:59 - 2017-03-08 17:59 - 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-03-08 17:58 - 2017-03-08 17:58 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2017-03-08 17:58 - 2017-03-08 17:58 - 00000000 ____D C:\Program Files\Common Files\IObit
2017-03-08 17:55 - 2017-03-15 06:27 - 00000000 ____D C:\ProgramData\IObit
2017-03-08 17:55 - 2017-03-12 15:47 - 00000000 ____D C:\Users\Lora\AppData\Roaming\IObit
2017-03-08 17:55 - 2017-03-08 17:55 - 00000000 ____D C:\Program Files\IObit
2017-03-07 23:20 - 2017-03-07 23:20 - 00000000 ____D C:\Program Files\Adware Removal Tool by TSA
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-16 15:32 - 2015-07-17 15:02 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-03-16 15:32 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-16 15:32 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-16 15:32 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-16 15:30 - 2006-11-02 09:01 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-16 15:24 - 2015-08-27 18:13 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e115a33dfd09.job
2017-03-16 15:18 - 2015-07-17 15:02 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-03-16 15:14 - 2014-07-31 21:44 - 00000556 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-822631117-2597918515-961875465-1000.job
2017-03-16 15:12 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2017-03-16 15:12 - 2006-11-02 06:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-16 15:11 - 2012-01-24 21:11 - 00000617 _____ C:\Windows\Tasks\OnlineBackupManager.job
2017-03-16 15:07 - 2012-08-26 23:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-16 15:06 - 2008-07-24 11:10 - 00000279 _____ C:\Users\Public\Documents\hpqp.ini
2017-03-16 13:40 - 2014-05-09 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
2017-03-16 13:37 - 2015-05-30 19:31 - 00000652 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-822631117-2597918515-961875465-1000.job
2017-03-16 12:55 - 2007-05-11 11:31 - 00000000 ____D C:\AdwCleaner
2017-03-15 15:22 - 2016-12-20 16:33 - 00278776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-03-15 06:55 - 2014-05-09 10:18 - 00000000 ____D C:\Program Files\McAfee
2017-03-15 06:55 - 2014-05-09 10:18 - 00000000 ____D C:\Program Files\Common Files\Mcafee
2017-03-15 06:30 - 2014-05-09 10:20 - 00000000 __RSD C:\Users\Lora\Documents\McAfee Vaults
2017-03-15 06:25 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\catroot2old
2017-03-10 16:08 - 2012-08-26 23:50 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-10 16:08 - 2011-08-30 12:11 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-10 16:08 - 2008-07-01 09:44 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-10 14:21 - 2016-12-20 16:33 - 00465024 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-03-10 14:20 - 2016-12-20 16:33 - 00184208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2017-03-10 14:20 - 2016-12-20 16:33 - 00106392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-03-10 14:20 - 2016-12-20 16:33 - 00062152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-03-10 14:20 - 2016-12-20 16:33 - 00060632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2017-03-10 14:20 - 2016-12-20 16:33 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-03-10 14:19 - 2016-12-20 16:33 - 00756200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-03-10 12:33 - 2015-07-17 15:03 - 00001983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-10 11:54 - 2014-05-01 09:50 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-09 18:31 - 2013-07-11 23:38 - 00000000 ____D C:\Program Files\Google
2017-03-09 18:31 - 2008-08-12 07:12 - 00000000 ____D C:\Users\Lora\AppData\Local\QuickPlay
2017-03-09 18:31 - 2008-08-12 07:00 - 00000000 ____D C:\Users\Lora
2017-03-09 18:31 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\spool
2017-03-09 18:31 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\Msdtc
2017-03-09 18:31 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\registration
2017-03-09 18:31 - 2006-11-02 06:22 - 52428800 _____ C:\Windows\system32\config\software_previous
2017-03-09 18:31 - 2006-11-02 06:22 - 27525120 _____ C:\Windows\system32\config\system_previous
2017-03-09 18:22 - 2006-11-02 06:22 - 45088768 _____ C:\Windows\system32\config\components_previous
2017-03-09 18:22 - 2006-11-02 06:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2017-03-08 23:55 - 2006-11-02 06:22 - 01048576 _____ C:\Windows\system32\config\default_previous
2017-03-08 23:55 - 2006-11-02 06:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2017-03-08 22:03 - 2012-01-24 18:36 - 00000000 ____D C:\Users\Lora\AppData\Local\Deployment
2017-03-08 18:48 - 2008-07-01 07:45 - 00000000 ____D C:\Windows\panther
2017-03-08 00:03 - 2014-01-05 18:44 - 00000000 ____D C:\Windows\Minidump
2017-03-07 22:57 - 2008-08-12 08:09 - 00000000 ____D C:\Temp
 
==================== Files in the root of some directories =======
 
2016-05-13 23:26 - 2016-05-13 23:26 - 6748160 _____ () C:\Program Files\GUT7030.tmp
2012-03-14 12:06 - 2015-04-07 22:38 - 0002448 _____ () C:\Users\Lora\AppData\Roaming\wklnhst.dat
2008-08-12 07:12 - 2008-08-12 07:12 - 0000000 _____ () C:\Users\Lora\AppData\Local\AtStart.txt
2008-08-12 07:50 - 2017-01-27 19:30 - 0005864 _____ () C:\Users\Lora\AppData\Local\d3d9caps.dat
2012-03-07 13:12 - 2012-04-05 12:31 - 0007168 _____ () C:\Users\Lora\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-08-12 07:12 - 2008-08-12 07:12 - 0000000 _____ () C:\Users\Lora\AppData\Local\DSwitch.txt
2008-08-12 07:12 - 2008-08-12 07:12 - 0000000 _____ () C:\Users\Lora\AppData\Local\QSwitch.txt
2008-07-01 10:11 - 2008-07-01 10:12 - 0000372 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-16 15:12
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Lora (16-03-2017 15:36:31)
Running from C:\Users\Lora\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2008-07-24 14:52:40)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-822631117-2597918515-961875465-500 - Administrator - Disabled)
Guest (S-1-5-21-822631117-2597918515-961875465-501 - Limited - Disabled)
Lora (S-1-5-21-822631117-2597918515-961875465-1000 - Administrator - Enabled) => C:\Users\Lora
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.9.159 - Adobe Systems, Inc.)
Advanced SystemCare 10 (HKLM\...\Advanced SystemCare_is1) (Version: 10.2.0 - IObit)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
Citrix Online Launcher (HKLM\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.7.60 - Conexant)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1002 - CyberLink Corp.)
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.0928 - CyberLink Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 7.14.1.4670 (HKU\S-1-5-21-822631117-2597918515-961875465-1000\...\GoToMeeting) (Version: 7.14.1.4670 - CitrixOnline)
Hauppauge MCE XP/Vista Software Encoder (2.0.25149) (HKLM\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25149 - Hauppauge Computer Works, Inc.)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version:  - )
Hewlett-Packard Active Check (Version: 1.1.11.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5 - HP) Hidden
HP Active Support Library (HKLM\...\{11BB336F-0E58-4977-B866-F24FA334616B}) (Version: 2.3.0.2 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{BD0E2B92-3814-46F0-893B-4612EA010C7E}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.02.0001 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}) (Version: 5.4.0.2430 - Hewlett-Packard)
HP Help and Support (HKLM\...\{31216452-5540-4C96-B754-94890A63D5AB}) (Version: 2.0.10.0 - Hewlett-Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Quick Launch Buttons 6.30 E1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.30 E1 - Hewlett-Packard)
HP QuickPlay 3.6 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )
HP QuickTouch 1.00 C4 (HKLM\...\{7DC4A410-9986-4329-9E5D-687B2C42CA39}) (Version: 1.0.7 - Hewlett-Packard)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.0.17.0 - Hewlett-Packard)
HP Total Care Advisor (HKLM\...\{b02df929-29a7-4fd2-9a70-81a644b635f7}) (Version: 1.4.19.2433 - Hewlett-Packard)
HP Update (HKLM\...\{D063F201-FAC4-4D5C-B10B-615058ADE5A7}) (Version: 4.000.009.002 - Hewlett-Packard)
HP User Guides 0090 (HKLM\...\{B53620C0-3A83-4F50-A7AB-175DB64C1CE3}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}) (Version: 3.00 H2 - Hewlett-Packard)
HPNetworkAssistant (HKLM\...\{228C6B46-64E2-404E-898A-EF0830603EF4}) (Version: 1.1.70 - Hewlett-Packard.)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_Tattoo (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookHolidayPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookModernPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookPlayfulPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookScrapbookPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
IHA_MessageCenter (HKLM\...\{BE2DDF55-4C42-44CC-A56E-C8E4A65CB2FF}) (Version: 1.6.0 - Verizon)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2128 - CyberLink Corp.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.22.4.3 - Marvell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 43.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.3 (x86 en-US)) (Version: 43.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.46 - BVRP Software, Inc)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PaperPort Image Printer (HKLM\...\{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3327 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2129 - CyberLink Corp.)
PowerDirector (Version: 6.5.2129 - CyberLink Corp.) Hidden
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickPlay SlingPlayer 0.4.6 (HKLM\...\SlingMedia.QPSlingPlayer_is1) (Version: 0.4.6 - SlingMedia)
RealDownloader (Version: 1.3.4 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.4 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.52.02 - )
ScanSoft PaperPort 11 (HKLM\...\{B6C89654-A6A2-477C-873B-724EC1C56407}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Slingbox Flash Tour (HKLM\...\{38EAC694-0D90-445F-8C17-8B50ADFE3162}) (Version: 1.0.0 - Sling Media)
SlingPlayer (HKLM\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media)
SlingPlayer (Version: 1.04.0206 - Sling Media) Hidden
support.com Support Connection (HKLM\...\support.com Support Connection) (Version: 3.5.15.0 - SupportSoft, Inc.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Verizon Download Manager (HKLM\...\{EDA40AA1-070C-48D1-9D77-50602BCDA95E}) (Version: 16 - SupportSoft)
Verizon Online Backup and Sharing (HKLM\...\{2A5062E1-D1C6-4DC0-8B49-EAFC91BBE949}) (Version: 4.6.3480 - Verizon)
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
Vz In Home Agent (HKLM\...\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}) (Version: 8.03.25 - Verizon)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.79.0 - Verizon)
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
X-Mouse Button Control 2.11.1 (HKLM\...\X-Mouse Button Control) (Version: 2.11.1 - Highresolution Enterprises)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-822631117-2597918515-961875465-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Lora\AppData\Local\Citrix\GoToMeeting\4628\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {071076DF-19D5-454F-A498-D7244729047F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-822631117-2597918515-961875465-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)
Task: {15FB8260-4F53-4786-BA24-47C655C02576} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {1B404111-8DB8-4C9C-BAAF-9C3C9646EE3C} - System32\Tasks\G2MUploadTask-S-1-5-21-822631117-2597918515-961875465-1000 => C:\Users\Lora\AppData\Local\Citrix\GoToMeeting\4670\g2mupload.exe [2016-03-22] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {22BB3DB0-5177-4A82-9856-EA401CFB05C8} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-03-10] (AVAST Software)
Task: {3CFAA045-434D-44F4-B04E-A5CF2A591689} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {45E04154-3609-44CD-8176-321A54B39A02} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ad907166e84f => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {5E9D18EE-1253-4458-87F8-5BB149CCCF0F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-822631117-2597918515-961875465-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)
Task: {608C98DE-9EDC-43A8-88F6-BCB0AA1A774F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {60AA6D9F-813B-461D-AC15-756AD392DC90} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {6843F271-E776-49DE-8B65-8F1E047F79D6} - System32\Tasks\OnlineBackupManager => C:\Program Files\Verizon\Online Backup and Sharing\SyncNShare\OnlineBackup.SyncNShare.exe [2011-02-01] ()
Task: {702CAB3D-2D4A-48BB-8F9E-2604EE0B954B} - System32\Tasks\G2MUpdateTask-S-1-5-21-822631117-2597918515-961875465-1000 => C:\Users\Lora\AppData\Local\Citrix\GoToMeeting\4670\g2mupdate.exe [2016-03-22] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {70E846C6-B315-42A0-912E-23121D5F0914} - System32\Tasks\ASC10_SkipUac_Lora => C:\Program Files\IObit\Advanced SystemCare\ASC.exe [2017-02-13] (IObit)
Task: {71D8BFD6-68F8-4166-898B-02A1A896667D} - System32\Tasks\Uninstaller_Install_Lora => C:\Program Files\IObit\Advanced SystemCare\ActionCenterDownloader.exe [2017-02-08] (IObit)
Task: {757257C7-4DFA-4F67-BF3C-C57047F1B41A} - System32\Tasks\GoogleUpdateTaskMachineUA1d15d57c33490d4 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {96A0AD56-C80C-48D2-B453-A1978EFA5B09} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-14] (Adobe Systems Incorporated)
Task: {96CB5387-6FB5-449B-ADA5-A9D2C74BB732} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e115a33dfd09 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {A67B918C-0BB4-4D3C-90AC-5E8AEACCA435} - System32\Tasks\ASC10_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare\Monitor.exe [2016-12-05] (IObit)
Task: {A846ED96-C55B-4CE4-BB40-F6BB2B9EFF75} - System32\Tasks\OnlineBackup.SyncNShare => C:\Program Files\Verizon\Online Backup and Sharing\SyncNShare\OnlineBackup.SyncNShare.exe [2011-02-01] ()
Task: {B1BBC2DA-D770-47C7-84F1-EE0335B032B1} - System32\Tasks\IntenetServiceOffers => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-09-28] ()
Task: {D2D4B7DE-8FC6-413B-B165-4A0311335363} - \RegClean Pro -> No File <==== ATTENTION
Task: {FAD0FEB3-506B-4192-A258-307849F77870} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-09-28] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-822631117-2597918515-961875465-1000.job => C:\Users\Lora\AppData\Local\Citrix\GoToMeeting\4670\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-822631117-2597918515-961875465-1000.job => C:\Users\Lora\AppData\Local\Citrix\GoToMeeting\4670\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e115a33dfd09.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\OnlineBackupManager.job => C:\Program Files\Verizon\Online Backup and Sharing\SyncNShare\OnlineBackup.SyncNShare.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Lora\Desktop\Problem 3-7-16\Computer problem 12-19-16\Password Reset - Windows 7 Help Forums.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hghkonmfneokdaggkfgfenbmmndpgdbg
ShortcutWithArgument: C:\Users\Lora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mpdmpnfdphjagipmilcfplmmldkpgklo
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-10 14:20 - 2017-03-10 14:20 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-16 12:28 - 2017-03-16 12:28 - 05885440 _____ () C:\Program Files\AVAST Software\Avast\defs\17031601\algo.dll
2017-03-10 14:20 - 2017-03-10 14:20 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-02-01 15:03 - 2011-02-01 15:03 - 00024576 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Scheduler\OnlineBackup.SchedulerService.exe
2011-02-01 15:03 - 2011-02-01 15:03 - 00094208 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Scheduler\OnlineBackup.Common.dll
2011-02-01 15:03 - 2011-02-01 15:03 - 00024576 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Scheduler\OnlineBackup.Scheduler.dll
2011-02-01 15:03 - 2011-02-01 15:03 - 00069632 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Scheduler\OnlineBackup.ThemeManager.dll
2010-12-28 14:27 - 2010-12-28 14:27 - 00045056 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Scheduler\TaskScheduler.dll
2008-07-24 11:10 - 2007-12-19 22:28 - 00271760 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2008-07-24 11:10 - 2007-12-19 22:28 - 00251288 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2008-07-24 10:56 - 2007-09-13 11:11 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2017-03-12 15:42 - 2016-08-18 18:43 - 00442144 _____ () C:\Program Files\IObit\Advanced SystemCare\madExcept_.bpl
2017-03-12 15:42 - 2016-08-18 18:43 - 00210720 _____ () C:\Program Files\IObit\Advanced SystemCare\madBasic_.bpl
2017-03-12 15:42 - 2016-08-18 18:43 - 00059680 _____ () C:\Program Files\IObit\Advanced SystemCare\madDisAsm_.bpl
2017-03-12 15:38 - 2016-11-01 10:11 - 00078624 _____ () C:\Program Files\IObit\Advanced SystemCare\GetProcessDLL.dll
2010-10-20 00:50 - 2010-10-20 00:50 - 01949696 _____ () C:\Program Files\Verizon\Online Backup and Sharing\DigiData.Vault.VaultExplorer.dll
2014-08-12 11:34 - 2014-08-12 11:34 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2008-07-01 10:20 - 2007-01-09 06:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2011-02-01 15:03 - 2011-02-01 15:03 - 00233472 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe
2011-02-01 15:03 - 2011-02-01 15:03 - 00094208 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.Common.dll
2011-02-01 15:03 - 2011-02-01 15:03 - 00069632 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.ThemeManager.dll
2011-02-01 15:03 - 2011-02-01 15:03 - 00036864 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.UpdateMonitor.dll
2011-02-01 15:03 - 2011-02-01 15:03 - 00036864 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.Controls.Buttons.dll
2011-02-01 15:03 - 2011-02-01 15:03 - 00032768 _____ () C:\Program Files\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.Updater.dll
2017-03-10 14:19 - 2017-03-10 14:19 - 00134920 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2007-05-16 13:43 - 2007-05-16 13:43 - 00677432 ____R () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-822631117-2597918515-961875465-1000\...\support.com -> restricted.support.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
::1             localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-822631117-2597918515-961875465-1000\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HPSplash.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{26DBE8A1-3F3E-4C71-8049-DDB32952D853}] => (Allow) C:\Program Files\Cyberlink\PowerDirector\PDR.EXE
FirewallRules: [{56A633F7-86FF-42D8-A596-7FE88B3F409F}] => (Allow) C:\Program Files\HP\QuickPlay\QP.exe
FirewallRules: [{8DD6BFB7-1DFD-48AF-8837-612BF6ADBA90}] => (Allow) C:\Program Files\HP\QuickPlay\QPService.exe
FirewallRules: [TCP Query User{C2631222-3817-48B3-BEE7-252287B8EB27}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{1304AFFB-34F0-43B8-A694-6E047345ABD0}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{277EAE66-A3AB-4C6D-A5D5-277655773F9A}] => (Allow) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
FirewallRules: [{D52BD661-16B5-44B2-8B0A-7B6F7AB1B990}] => (Allow) LPort=80
FirewallRules: [{CD97664A-9F7C-4486-8A28-82EF7A86413A}] => (Allow) LPort=80
FirewallRules: [{540BC2D4-9A6F-4C01-83F2-E93C9035D04A}] => (Allow) LPort=80
FirewallRules: [{97EFB50F-C921-4B02-A72E-BBF4DD2A5695}] => (Allow) LPort=50000
FirewallRules: [{E0CCDB87-AA43-4F9A-8095-7F53A2E9C551}] => (Allow) LPort=50000
FirewallRules: [TCP Query User{5F747915-4C74-48BE-A3D7-63E0778CAB66}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{193E6EA4-EBBF-4F46-B2F6-04086975E5C9}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [{6CDDE042-5531-4B6A-A19D-A44017AD5C51}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{56EFFC38-6927-4CDD-ADB6-B14B9B27F880}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{3B26CB4E-89F3-4332-9A38-D17A88882C9B}C:\program files\real\realplayer\realplay.exe] => (Block) C:\program files\real\realplayer\realplay.exe
FirewallRules: [{6AFA9CC5-684F-4752-94EB-2C8FA27C01DD}] => (Allow) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D255BEC1-7BC7-4F05-B502-7A55378FB506}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{58A3D9FC-B3B4-424C-9D9D-BF8D08017ADF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E1217A43-FDBE-4134-AB03-8D7A8BC89FAE}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3054B0A8-3974-4C6A-86AF-97D10A74BBF0}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{3283D749-5C3D-4227-8676-00D35B1B01BA}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{ED9E0080-4857-4076-8AFF-C5813F475663}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{03FF5A93-9F2D-44C9-A36F-37D58FCA08D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB7125A3-CB97-4D82-B1F6-4E5C42010098}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{6BC613DB-AECA-4AE2-8C31-AD9DD8538C90}] => (Allow) C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{427D1CFC-A6F4-4530-805D-48A970DC212F}] => (Allow) C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe] => Enabled:Earthlink
 
==================== Restore Points =========================
 
11-05-2007 14:14:56 Scheduled Checkpoint
11-05-2007 14:36:35 after Den's fix
20-12-2016 13:40:34 after adjusting date to 2016
20-12-2016 22:19:24 Windows Update
15-03-2017 07:01:45 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/16/2017 03:33:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/16/2017 03:05:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/16/2017 10:19:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Lora\Desktop\Autoruns\Autoruns64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/16/2017 10:19:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Lora\Desktop\Autoruns\autorunsc64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/16/2017 09:05:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/15/2017 04:13:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/15/2017 04:13:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/15/2017 04:06:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/15/2017 04:06:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/15/2017 04:06:11 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.
 
 
System errors:
=============
Error: (03/16/2017 03:35:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error: 
After starting, the service hung in a start-pending state.
 
Error: (03/16/2017 03:35:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The QuickPlay Background Capture Service (QBCS) service hung on starting.
 
Error: (03/16/2017 03:34:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (03/16/2017 03:15:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IHA_MessageCenter service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/16/2017 03:07:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error: 
After starting, the service hung in a start-pending state.
 
Error: (03/16/2017 03:07:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The QuickPlay Background Capture Service (QBCS) service hung on starting.
 
Error: (03/16/2017 03:05:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (03/16/2017 01:45:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.
 
Error: (03/16/2017 09:13:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IHA_MessageCenter service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/16/2017 09:04:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Service Controller service failed to start due to the following error: 
The system cannot find the path specified.
 
 
CodeIntegrity:
===================================
  Date: 2017-03-07 23:08:56.557
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-07 23:08:55.605
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-07 23:08:54.701
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-07 23:08:53.858
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-07 23:08:25.479
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-07 23:08:24.605
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-07 23:08:23.825
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-07 23:08:23.030
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-07 18:19:28.059
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-07 18:19:27.201
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 39%
Total physical RAM: 3061.61 MB
Available physical RAM: 1867.25 MB
Total Virtual: 6323.53 MB
Available Virtual: 5121 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:221.2 GB) (Free:168.67 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.68 GB) (Free:1.99 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 6E186E18)
Partition 1: (Active) - (Size=221.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,771 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:36 AM

Posted 16 March 2017 - 03:03 PM

Excellent, looks like it made quite a difference.
 

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 39%
Total physical RAM: 3061.61 MB
Available physical RAM: 1867.25 MB
Total Virtual: 6323.53 MB
Available Virtual: 5121 MB

 

 

Although there still isn't a lot of RAM on the computer I believe this should make a considerable difference. Would you like to test/monitor it for a day or do you think we are good to go?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Den.

Den.
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 16 March 2017 - 07:25 PM

I will play around with it until I see the owner which will be this Saturday afternoon. I'll return her laptop and ask her to use it normally and report back to me at which time I will report back to you.  Thanks, Den



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,771 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:36 AM

Posted 16 March 2017 - 07:32 PM

:thumbsup2:

Would you like me to leave this topic open until Saturday? Even if we finish up and the topic is closed you can always send me a Personal Message to reopen. Completely up to you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Den.

Den.
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 16 March 2017 - 08:54 PM

Gary...

That will be fine. It's been working fine for me all day today. I'm going to call her in the middle of next week for her opinion/comments.  Thanks, Den



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,771 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:36 AM

Posted 16 March 2017 - 10:21 PM

I am assuming you mean it is OK to finish up. If not, let me know.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users