Tech Support Forum banner
Status
Not open for further replies.

Chrome and some websites won't open

4K views 28 replies 2 participants last post by  tekir06 
#1 ·
Hi. My laptop is showing a connectivity error when I try to go to many, but weirdly not all, websites. I can only use Explorer; Chrome won't open at all. Help please? Thank you.

I don't have access to my Window Install disc. It's somewhere, but I don't know where.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16584 BrowserJavaVersion: 1.6.0_31
Run by Bryan at 8:42:10 on 2014-10-20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1678 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Garmin\Express Tray\ExpressTray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
dURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [GarminExpressTrayApp] "c:\program files\garmin\express tray\ExpressTray.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\$MCREB~1.LNK -
uPolicies-Explorer: RestrictRun = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: RestrictRun = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0083FEBB-952E-493B-BF0D-66433D6CFD5A} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bryan.bryan-pc\appdata\roaming\mozilla\firefox\profiles\9tqfcy1m.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=mcafee&type=B110US0D20131115&p=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\bryan.bryan-pc\appdata\roaming\mozilla\firefox\profiles\9tqfcy1m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - ExtSQL: !HIDDEN! 2009-09-02 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-4-6 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-4-6 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-5 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2009-10-27 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-8-16 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-27 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-3 50344]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-9-18 450904]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-6-27 361808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-25 24652]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-27 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-4 113664]
R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\drivers\OA004Ufd.sys [2008-6-3 144672]
R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\drivers\OA004Vid.sys [2008-7-17 269760]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-9-23 19968]
S2 0111521413804696mcinstcleanup;McAfee Application Installer Cleanup (0111521413804696);c:\users\bryan~1.bry\appdata\local\temp\011152~1.exe -cleanup -nolog --> c:\users\bryan~1.bry\appdata\local\temp\011152~1.EXE -cleanup -nolog [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2013-9-23 35776]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-1-10 37064]
.
=============== Created Last 30 ================
.
2014-10-20 00:33:11 156824 ----a-w- c:\windows\system32\mscorier.dll
2014-10-20 00:33:10 81560 ----a-w- c:\windows\system32\mscories.dll
2014-10-20 00:33:10 1131664 ----a-w- c:\windows\system32\dfshim.dll
2014-10-20 00:28:22 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-10-20 00:11:49 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-10-20 00:08:31 66560 ----a-w- c:\windows\system32\packager.dll
2014-10-15 05:56:04 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{92f8f4c4-c828-4dc5-85f0-27b1aa90451a}\offreg.dll
2014-10-14 20:14:53 8806800 ------w- c:\programdata\microsoft\windows defender\definition updates\{92f8f4c4-c828-4dc5-85f0-27b1aa90451a}\mpengine.dll
2014-10-12 14:36:17 -------- d-----w- c:\users\bryan.bryan-pc\appdata\local\Garmin
2014-10-12 14:34:24 -------- d-----w- c:\programdata\Ant
2014-10-12 14:32:33 -------- d-----w- c:\users\bryan.bryan-pc\appdata\roaming\Garmin
2014-10-12 14:31:55 -------- d-----w- c:\programdata\Garmin
2014-10-12 14:31:23 -------- d-----w- c:\program files\Garmin
2014-10-12 14:29:25 -------- d-----w- c:\programdata\Package Cache
2014-09-24 07:00:32 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2014-09-23 21:46:51 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-23 21:46:51 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-19 22:44:32 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-09-19 22:38:15 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-09-19 22:37:34 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-09-19 22:36:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-09-19 22:35:46 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-09-19 22:34:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-09-19 22:34:22 11776 ----a-w- c:\windows\system32\mshta.exe
2014-09-15 13:06:04 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-08-23 01:03:46 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-08-16 20:32:52 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-16 20:32:52 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-16 20:32:51 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-16 20:32:51 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-16 20:32:51 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-16 20:32:45 43152 ----a-w- c:\windows\avastSS.scr
2014-07-25 06:35:46 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
.
============= FINISH: 8:42:57.89 ===============
 

Attachments

See less See more
#2 ·
Hello and Welcome to TSF.

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.
  • If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
 
#3 ·
Hello, thank you for helping me. I appreciate it very much!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-10-2014
Ran by Bryan (administrator) on BRYAN-PC on 21-10-2014 15:16:40
Running from C:\Users\Bryan.Bryan-PC\Desktop
Loaded Profile: Bryan (Available profiles: Kate & Natalie & Sara & Bryan & Guest)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Windows\SMINST\BLService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-06-12] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-05-12] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-08-16] (AVAST Software)
HKLM\...\Run: [Monitor] => C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-1004199723-1386826489-637112434-1006\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1004199723-1386826489-637112434-1006\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-02-26] (Hewlett-Packard Company)
HKU\S-1-5-21-1004199723-1386826489-637112434-1006\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-03-04] (Google Inc.)
HKU\S-1-5-21-1004199723-1386826489-637112434-1006\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-09-18] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1004199723-1386826489-637112434-1006\...\Policies\Explorer: [RestrictRun] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
Startup: C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bryan.Bryan-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bryan.Bryan-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bryan.Bryan-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL - News, Sports, Weather, Entertainment, Local & Lifestyle
SearchScopes: HKLM - {28275A70-6C0C-4098-90B7-82AC87AD5581} URL = {searchTerms} - Ask.com Search
SearchScopes: HKLM - {5DB6D26C-B21C-43F9-B61F-D52F406DF942} URL = {searchTerms} - Yahoo Search Results
SearchScopes: HKCU - DefaultScope {7CB736E5-F6E5-43A1-8013-4F0D7F563FD6} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US0D20131115&p={SearchTerms}
SearchScopes: HKCU - {28275A70-6C0C-4098-90B7-82AC87AD5581} URL =
SearchScopes: HKCU - {5DB6D26C-B21C-43F9-B61F-D52F406DF942} URL =
SearchScopes: HKCU - {7CB736E5-F6E5-43A1-8013-4F0D7F563FD6} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US0D20131115&p={SearchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - No Name - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF ProfilePath: C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\4bc0aguf.default-1344826461195
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 -> C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files\Musicnotes\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bryan.Bryan-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Panda3D Game Engine Plug-In - C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\Extensions\runtime@panda3d.org [2011-03-06]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-01-24]
FF Extension: No Name - C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash [2011-01-24]
FF Extension: Yahoo! Toolbar - C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-05-18]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\4bc0aguf.default-1344826461195\Extensions\firefox-hotfix@mozilla.org.xpi [2014-09-04]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-21]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008-06-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-02]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-11-04]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-09-05]
Chrome:
=======
CHR HomePage: Default -> https://www.yahoo.com?fr=hp-avast&type=iedef
CHR StartupUrls: Default -> "https://www.yahoo.com?fr=hp-avast&type=iedef"
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=mcafee&type=B210US0D20131115&p={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Bryan.Bryan-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bryan.Bryan-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (SiteAdvisor) - C:\Users\Bryan.Bryan-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-09-28]
CHR Extension: (avast! Online Security) - C:\Users\Bryan.Bryan-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-06]
CHR Extension: (Google Wallet) - C:\Users\Bryan.Bryan-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-08-16]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 0111521413804696mcinstcleanup; C:\Users\BRYAN~1.BRY\AppData\Local\Temp\011152~1.EXE [834664 2013-07-12] (McAfee, Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-08-16] (AVAST Software)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [450904 2014-09-18] (Garmin Ltd or its subsidiaries)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-16] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-16] ()
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [35776 2013-09-23] (libusb-win32 / Wiki / Home)
R3 OA004Ufd; C:\Windows\System32\DRIVERS\OA004Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
R3 OA004Vid; C:\Windows\System32\DRIVERS\OA004Vid.sys [269760 2008-07-17] (Creative Technology Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-01-10] (Anchorfree Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 agloqpow; \??\C:\Users\BRYAN~1.BRY\AppData\Local\Temp\agloqpow.sys [X]
U3 mbr; \??\C:\Users\BRYAN~1.BRY\AppData\Local\Temp\mbr.sys [X]
==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-21 15:16 - 2014-10-21 15:17 - 00023627 _____ () C:\Users\Bryan.Bryan-PC\Desktop\FRST.txt
2014-10-21 15:16 - 2014-10-21 15:16 - 00000000 ____D () C:\FRST
2014-10-21 15:14 - 2014-10-21 15:14 - 01102336 _____ (Farbar) C:\Users\Bryan.Bryan-PC\Downloads\FRST.exe
2014-10-21 15:13 - 2014-10-21 15:13 - 01102336 _____ (Farbar) C:\Users\Bryan.Bryan-PC\Desktop\FRST.exe
2014-10-20 18:42 - 2014-10-20 18:42 - 00005063 _____ () C:\Users\Bryan.Bryan-PC\Desktop\ark.zip
2014-10-20 18:40 - 2014-10-20 18:40 - 00025910 _____ () C:\Users\Bryan.Bryan-PC\Desktop\ark.txt
2014-10-20 08:49 - 2014-10-20 08:49 - 00370943 _____ () C:\Users\Bryan.Bryan-PC\Desktop\gmer.zip
2014-10-20 08:44 - 2014-10-20 08:44 - 00006515 _____ () C:\Users\Bryan.Bryan-PC\Desktop\attach.txt
2014-10-20 08:44 - 2014-10-20 08:42 - 00016866 _____ () C:\Users\Bryan.Bryan-PC\Desktop\dds.txt
2014-10-20 08:38 - 2014-10-20 08:38 - 00688992 ____R (Swearware) C:\Users\Bryan.Bryan-PC\Desktop\dds.scr
2014-10-19 20:33 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-19 20:33 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-19 20:33 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-19 20:28 - 2014-09-27 19:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-19 20:11 - 2014-09-04 19:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-19 20:08 - 2014-09-16 12:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-19 19:17 - 2014-09-19 18:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-19 19:17 - 2014-09-19 18:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-19 19:17 - 2014-09-19 18:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-19 19:17 - 2014-09-19 18:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-19 19:17 - 2014-09-19 18:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-19 19:17 - 2014-09-19 18:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-19 19:17 - 2014-09-19 18:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-19 19:17 - 2014-09-19 18:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-19 19:17 - 2014-09-19 18:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-19 19:17 - 2014-09-19 18:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-19 19:17 - 2014-09-19 18:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-19 19:17 - 2014-09-19 18:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-19 19:17 - 2014-09-19 18:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-19 19:17 - 2014-09-19 18:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-19 19:17 - 2014-09-19 18:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-19 19:17 - 2014-09-19 18:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-19 19:17 - 2014-09-19 18:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-19 19:17 - 2014-09-19 18:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-19 19:17 - 2014-09-19 18:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-19 19:17 - 2014-09-19 18:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-19 19:17 - 2014-09-19 18:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 19:21 - 2014-10-14 19:21 - 00015872 _____ () C:\Users\Bryan.Bryan-PC\Downloads\Cut to 30 final.xls
2014-10-12 10:36 - 2014-10-12 10:36 - 00000000 ____D () C:\Users\Bryan.Bryan-PC\AppData\Local\Garmin
2014-10-12 10:34 - 2014-10-12 10:34 - 00000000 ____D () C:\ProgramData\Ant
2014-10-12 10:32 - 2014-10-12 10:32 - 00000000 ____D () C:\Users\Bryan.Bryan-PC\AppData\Roaming\Garmin
2014-10-12 10:31 - 2014-10-12 10:36 - 00000000 ____D () C:\ProgramData\Garmin
2014-10-12 10:31 - 2014-10-12 10:32 - 00000000 ____D () C:\Program Files\Garmin
2014-10-12 10:31 - 2014-10-12 10:31 - 00001725 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-10-12 10:31 - 2014-10-12 10:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-10-12 10:29 - 2014-10-12 10:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-12 10:26 - 2014-10-12 10:27 - 36034936 _____ (Garmin Ltd or its subsidiaries) C:\Users\Bryan.Bryan-PC\Downloads\GarminExpressInstaller (1).exe
2014-10-12 10:25 - 2014-10-12 10:26 - 36034936 _____ (Garmin Ltd or its subsidiaries) C:\Users\Bryan.Bryan-PC\Downloads\GarminExpressInstaller.exe
2014-10-09 20:07 - 2014-10-09 20:07 - 00118272 _____ () C:\Users\Bryan.Bryan-PC\Downloads\PRC 2015-2016.xls
2014-10-09 16:25 - 2014-10-09 16:26 - 00012138 _____ () C:\Users\Bryan.Bryan-PC\Downloads\2015-2016 Play Selection (1).xlsx
2014-10-07 17:45 - 2014-10-07 17:45 - 00035328 _____ () C:\Users\Bryan.Bryan-PC\Downloads\Cut to 30 draft-Tim.xls.crdownload
2014-10-07 11:05 - 2014-10-07 11:05 - 00021504 _____ () C:\Users\Bryan.Bryan-PC\Downloads\Cut to 30 draft.xls
2014-10-07 11:05 - 2014-10-07 11:05 - 00021504 _____ () C:\Users\Bryan.Bryan-PC\Downloads\Cut to 30 draft (1).xls
2014-10-06 11:54 - 2014-10-06 11:54 - 00055948 _____ () C:\Users\Bryan.Bryan-PC\Downloads\100614-DASHassignments.xlsx
2014-10-03 19:28 - 2014-10-03 19:28 - 00233054 _____ () C:\Users\Sara.Bryan-PC\Downloads\kimbum577 sent you a new message..htm
2014-10-03 19:28 - 2014-10-03 19:28 - 00000000 ____D () C:\Users\Sara.Bryan-PC\Downloads\kimbum577 sent you a new message._files
2014-10-01 08:47 - 2014-10-01 08:47 - 00012138 _____ () C:\Users\Bryan.Bryan-PC\Downloads\2015-2016 Play Selection.xlsx
2014-09-29 17:44 - 2014-09-29 17:44 - 00248320 _____ () C:\Users\Bryan.Bryan-PC\Downloads\PRC 2014 20140117 (1).xls
2014-09-29 17:43 - 2014-09-29 17:43 - 00248320 _____ () C:\Users\Bryan.Bryan-PC\Downloads\PRC 2014 20140117.xls
2014-09-28 15:04 - 2014-09-28 15:04 - 00036335 _____ () C:\Users\Bryan.Bryan-PC\Downloads\2013 DASH Ballot - PLAY (with avg).xlsx
2014-09-24 08:21 - 2014-09-24 08:21 - 00010667 _____ () C:\Users\Bryan.Bryan-PC\Downloads\2015_2016_Play_Selection (2).xlsx
2014-09-24 08:09 - 2014-09-24 08:09 - 00010667 _____ () C:\Users\Bryan.Bryan-PC\Downloads\2015_2016_Play_Selection (1).xlsx
2014-09-24 03:00 - 2014-09-09 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-21 14:51 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-21 14:51 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-21 14:46 - 2012-04-12 13:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-21 14:29 - 2010-01-29 21:35 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-21 12:22 - 2008-09-26 10:34 - 01927336 _____ () C:\Windows\WindowsUpdate.log
2014-10-21 07:57 - 2010-01-29 21:35 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-21 06:59 - 2014-02-28 16:35 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-21 06:52 - 2014-04-24 08:20 - 00000621 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_DF96B552-CBAA-11E3-960A-001D727B8841.job
2014-10-20 18:00 - 2013-09-23 00:50 - 00000440 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-10-20 09:41 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-20 08:50 - 2014-01-28 18:36 - 00380416 _____ () C:\Users\Bryan.Bryan-PC\Desktop\gmer.exe
2014-10-20 07:31 - 2011-12-25 21:32 - 00000000 ____D () C:\Program Files\McAfee
2014-10-20 07:30 - 2010-07-04 09:22 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-20 07:21 - 2008-09-26 11:23 - 00000284 _____ () C:\Users\Public\Documents\hpqp.ini
2014-10-20 07:20 - 2013-09-23 00:47 - 00000450 _____ () C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job
2014-10-20 07:19 - 2013-10-13 14:07 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-10-20 07:17 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-20 07:16 - 2006-11-02 08:47 - 00341368 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-20 07:14 - 2014-03-01 10:55 - 00028422 _____ () C:\Windows\PFRO.log
2014-10-19 20:33 - 2006-11-02 09:01 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-19 20:32 - 2008-06-27 14:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-19 20:26 - 2013-08-14 03:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-19 20:12 - 2006-11-02 06:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-19 19:06 - 2013-09-23 00:15 - 00001844 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-19 18:53 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-10-19 18:53 - 2006-11-02 06:22 - 55574528 _____ () C:\Windows\system32\config\software_previous
2014-10-19 18:53 - 2006-11-02 06:22 - 47448064 _____ () C:\Windows\system32\config\components_previous
2014-10-19 18:53 - 2006-11-02 06:22 - 43515904 _____ () C:\Windows\system32\config\system_previous
2014-10-19 18:53 - 2006-11-02 06:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-10-19 18:53 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-10-19 18:53 - 2006-11-02 06:22 - 00204800 _____ () C:\Windows\system32\config\sam_previous
2014-10-19 18:52 - 2011-01-09 19:02 - 00000000 ____D () C:\Users\Bryan.Bryan-PC
2014-10-19 18:52 - 2010-12-18 14:38 - 00000000 ____D () C:\Users\Sara.Bryan-PC
2014-10-19 18:52 - 2010-06-14 15:42 - 00000000 ____D () C:\Users\Guest
2014-10-19 18:52 - 2010-06-12 07:53 - 00000000 ____D () C:\Users\Sara
2014-10-19 18:52 - 2010-06-11 09:01 - 00000000 ____D () C:\Users\Natalie
2014-10-19 18:52 - 2008-10-25 21:09 - 00000000 ____D () C:\Users\Kate
2014-10-19 18:52 - 2008-10-25 19:59 - 00000000 ____D () C:\Users\Bryan
2014-10-19 18:51 - 2014-02-28 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-19 18:51 - 2012-11-17 10:09 - 00000000 ____D () C:\Users\Bryan.Bryan-PC\AppData\Local\QuickPlay
2014-10-19 18:51 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2014-10-19 18:51 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration
2014-10-15 16:04 - 2014-03-05 17:22 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-10-12 17:53 - 2014-08-30 11:31 - 00000000 ____D () C:\Users\Bryan.Bryan-PC\AppData\Local\Adobe
2014-10-12 10:33 - 2010-09-04 08:28 - 00000000 ____D () C:\Program Files\DIFX
2014-10-09 07:10 - 2011-01-09 19:03 - 00090720 _____ () C:\Users\Bryan.Bryan-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-06 07:09 - 2008-12-31 13:24 - 00000000 ____D () C:\Users\Kate\AppData\Roaming\Skype
2014-10-05 11:43 - 2008-10-25 21:09 - 00090720 _____ () C:\Users\Kate\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-02 17:55 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-10-02 15:53 - 2009-10-03 02:28 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-01 20:00 - 2010-12-18 14:39 - 00090720 _____ () C:\Users\Sara.Bryan-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-26 14:19 - 2008-10-27 12:36 - 00000000 ____D () C:\Users\Public\BryKate
2014-09-24 17:19 - 2006-11-02 06:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-23 17:46 - 2012-04-12 13:04 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-23 17:46 - 2011-06-20 13:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Bryan.Bryan-PC\AppData\Local\Temp\0111521413804696mcinst.exe

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-21 07:29
==================== End Of Log ============================
 

Attachments

#4 ·
Hello again,

  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST.exe
Code:
start
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {28275A70-6C0C-4098-90B7-82AC87AD5581} URL = {searchTerms} - Ask.com Search
SearchScopes: HKCU - {28275A70-6C0C-4098-90B7-82AC87AD5581} URL = 
SearchScopes: HKCU - {5DB6D26C-B21C-43F9-B61F-D52F406DF942} URL = 
BHO: No Name -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> No File
Toolbar: HKLM - No Name - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No File
FF ProfilePath: C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\4bc0aguf.default-1344826461195
FF SearchPlugin: C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\searchplugins\bing-zugo.xml
S2 0111521413804696mcinstcleanup; C:\Users\BRYAN~1.BRY\AppData\Local\Temp\011152~1.EXE [834664 2013-07-12] (McAfee, Inc.)
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
2014-10-21 06:52 - 2014-04-24 08:20 - 00000621 _____ ()  C:\Windows\Tasks\SparkTrust PC Cleaner  Plus_sch_DF96B552-CBAA-11E3-960A-001D727B8841.job
2014-10-20 18:00 - 2013-09-23 00:50 - 00000440 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-10-20 07:20 - 2013-09-23 00:47 - 00000450 _____ () C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job
2014-10-20 07:20 - 2013-09-23 00:47 - 00000450 _____ () C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job
C:\Users\Bryan.Bryan-PC\AppData\Local\Temp\0111521413804696mcinst.exe
Task: {2BAF44B7-E911-4DF6-97F4-C9640F4387BD} -  \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector  No Task File <==== ATTENTION
Task: {3433517E-ED6E-4FD4-BF6A-DDE43D34229D} - System32\Tasks\SparkTrust  Update Version3 => c:\program files\common  files\sparktrust\uus3\Update3.exe [2013-09-11] (SparkTrust Systems)  <==== ATTENTION
Task: {7322005E-3A56-420E-B738-1E9A1F6BCDA4} - System32\Tasks\SparkTrust  Update Version3 Startup Task => C:\Program Files\Common  Files\SparkTrust\UUS3\Update3.exe [2013-09-11] (SparkTrust Systems)  <==== ATTENTION
Task: {D27322A1-5194-40AF-B4AC-E91CAB3F375F} - System32\Tasks\SparkTrust  Registration3 => Rundll32.exe "C:\Program Files\Common  Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust PC Cleaner  Plus_sch_DF96B552-CBAA-11E3-960A-001D727B8841.job => C:\Program  Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe  <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program  Files\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job =>  C:\Program Files\Common Files\SparkTrust\UUS3\Update3.exe <====  ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3.job => c:\program  files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
EmptyTemp:
Reboot:
end
  • Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

How is the machine behaving now? What problems do you still have? You wrote in your next reply.
 
#5 ·
Hello again. I hope I've done everything correctly.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-10-2014
Ran by Bryan at 2014-10-22 15:44:21 Run:1
Running from C:\Users\Bryan.Bryan-PC\Desktop
Loaded Profile: Bryan (Available profiles: Kate & Natalie & Sara & Bryan & Guest)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {28275A70-6C0C-4098-90B7-82AC87AD5581} URL = {searchTerms} - Ask.com Search
SearchScopes: HKCU - {28275A70-6C0C-4098-90B7-82AC87AD5581} URL =
SearchScopes: HKCU - {5DB6D26C-B21C-43F9-B61F-D52F406DF942} URL =
BHO: No Name -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> No File
Toolbar: HKLM - No Name - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No File
FF ProfilePath: C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\4bc0aguf.default-1344826461195
FF SearchPlugin: C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\searchplugins\bing-zugo.xml
S2 0111521413804696mcinstcleanup; C:\Users\BRYAN~1.BRY\AppData\Local\Temp\011152~1.EXE [834664 2013-07-12] (McAfee, Inc.)
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
2014-10-21 06:52 - 2014-04-24 08:20 - 00000621 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_DF96B552-CBAA-11E3-960A-001D727B8841.job
2014-10-20 18:00 - 2013-09-23 00:50 - 00000440 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-10-20 07:20 - 2013-09-23 00:47 - 00000450 _____ () C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job
2014-10-20 07:20 - 2013-09-23 00:47 - 00000450 _____ () C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job
C:\Users\Bryan.Bryan-PC\AppData\Local\Temp\0111521413804696mcinst.exe
Task: {2BAF44B7-E911-4DF6-97F4-C9640F4387BD} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector No Task File <==== ATTENTION
Task: {3433517E-ED6E-4FD4-BF6A-DDE43D34229D} - System32\Tasks\SparkTrust Update Version3 => c:\program files\common files\sparktrust\uus3\Update3.exe [2013-09-11] (SparkTrust Systems) <==== ATTENTION
Task: {7322005E-3A56-420E-B738-1E9A1F6BCDA4} - System32\Tasks\SparkTrust Update Version3 Startup Task => C:\Program Files\Common Files\SparkTrust\UUS3\Update3.exe [2013-09-11] (SparkTrust Systems) <==== ATTENTION
Task: {D27322A1-5194-40AF-B4AC-E91CAB3F375F} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_DF96B552-CBAA-11E3-960A-001D727B8841.job => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job => C:\Program Files\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3.job => c:\program files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
EmptyTemp:
Reboot:
end
*****************
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28275A70-6C0C-4098-90B7-82AC87AD5581}" => Key deleted successfully.
"HKCR\CLSID\{28275A70-6C0C-4098-90B7-82AC87AD5581}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28275A70-6C0C-4098-90B7-82AC87AD5581}" => Key deleted successfully.
"HKCR\CLSID\{28275A70-6C0C-4098-90B7-82AC87AD5581}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5DB6D26C-B21C-43F9-B61F-D52F406DF942}" => Key deleted successfully.
"HKCR\CLSID\{5DB6D26C-B21C-43F9-B61F-D52F406DF942}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}" => Key deleted successfully.
"HKCR\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} => value deleted successfully.
"HKCR\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}" => Key not found.
=> Should not be moved.
C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\searchplugins\bing-zugo.xml => Moved successfully.
0111521413804696mcinstcleanup => Service deleted successfully.
Lavasoft Kernexplorer => Service deleted successfully.
Lbd => Service deleted successfully.
"C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_DF96B552-CBAA-11E3-960A-001D727B8841.job" => File/Directory not found.
C:\Windows\Tasks\SparkTrust Registration3.job => Moved successfully.
C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job => Moved successfully.
"C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job" => File/Directory not found.
C:\Users\Bryan.Bryan-PC\AppData\Local\Temp\0111521413804696mcinst.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BAF44B7-E911-4DF6-97F4-C9640F4387BD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BAF44B7-E911-4DF6-97F4-C9640F4387BD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector " => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3433517E-ED6E-4FD4-BF6A-DDE43D34229D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3433517E-ED6E-4FD4-BF6A-DDE43D34229D}" => Key deleted successfully.
C:\Windows\System32\Tasks\SparkTrust Update Version3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Update Version3" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7322005E-3A56-420E-B738-1E9A1F6BCDA4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7322005E-3A56-420E-B738-1E9A1F6BCDA4}" => Key deleted successfully.
C:\Windows\System32\Tasks\SparkTrust Update Version3 Startup Task not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Update Version3 Startup Task" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D27322A1-5194-40AF-B4AC-E91CAB3F375F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D27322A1-5194-40AF-B4AC-E91CAB3F375F}" => Key deleted successfully.
C:\Windows\System32\Tasks\SparkTrust Registration3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Registration3" => Key not found.
C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_DF96B552-CBAA-11E3-960A-001D727B8841.job not found.
C:\Windows\Tasks\SparkTrust Registration3.job not found.
C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job not found.
C:\Windows\Tasks\SparkTrust Update Version3.job => Moved successfully.
EmptyTemp: => Removed 2.7 GB temporary data.

The system needed a reboot.
==== End of Fixlog ====
 
#6 ·
Hello kategluck,

Please tell me, How is the machine behaving now? What problems do you still have?


Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14-day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the Update Now >> link
  • After the update completes, click the Scan Now >> button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


Pelase re-run Farbar Recovery Scan Tool. Make sure Addition.txt log is ticked.And copy and paste it to your reply.
 
#7 ·
Hello again, and thank you for your help! I've run the Malwarebytes-Anti Malware scan and clicked apply action. There were FIVE (!) Trojan Viruses. I do not see a change in my machine though. Google Chrome still will not open.

I ran the Farbar again and I'm sorry but I wasn't sure which log to paste here in my message to you and which log (if any) to attach. I'm pasting the FRST and attaching Addition since that's what we did the first time. Thank you, I'm sorry if that is not right.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-10-2014
Ran by Bryan (administrator) on BRYAN-PC on 24-10-2014 09:30:53
Running from C:\Users\Bryan.Bryan-PC\Desktop
Loaded Profile: Bryan (Available profiles: Kate & Natalie & Sara & Bryan & Guest)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Windows\SMINST\BLService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-06-12] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-05-12] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-08-16] (AVAST Software)
HKLM\...\Run: [Monitor] => C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-1004199723-1386826489-637112434-1006\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1004199723-1386826489-637112434-1006\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-02-26] (Hewlett-Packard Company)
HKU\S-1-5-21-1004199723-1386826489-637112434-1006\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-03-04] (Google Inc.)
HKU\S-1-5-21-1004199723-1386826489-637112434-1006\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-09-18] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1004199723-1386826489-637112434-1006\...\Policies\Explorer: [RestrictRun] 0
Startup: C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bryan.Bryan-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bryan.Bryan-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bryan.Bryan-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL - News, Sports, Weather, Entertainment, Local & Lifestyle
SearchScopes: HKLM - {5DB6D26C-B21C-43F9-B61F-D52F406DF942} URL = {searchTerms} - Yahoo Search Results
SearchScopes: HKCU - DefaultScope {7CB736E5-F6E5-43A1-8013-4F0D7F563FD6} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US0D20131115&p={SearchTerms}
SearchScopes: HKCU - {7CB736E5-F6E5-43A1-8013-4F0D7F563FD6} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US0D20131115&p={SearchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF ProfilePath: C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\4bc0aguf.default-1344826461195
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 -> C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files\Musicnotes\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bryan.Bryan-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Panda3D Game Engine Plug-In - C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\Extensions\runtime@panda3d.org [2011-03-06]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-01-24]
FF Extension: No Name - C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash [2011-01-24]
FF Extension: Yahoo! Toolbar - C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-05-18]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\4bc0aguf.default-1344826461195\Extensions\firefox-hotfix@mozilla.org.xpi [2014-09-04]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-21]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008-06-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-02]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-11-04]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-09-05]
Chrome:
=======
CHR HomePage: Default -> https://www.yahoo.com?fr=hp-avast&type=iedef
CHR StartupUrls: Default -> "https://www.yahoo.com?fr=hp-avast&type=iedef"
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=mcafee&type=B210US0D20131115&p={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Bryan.Bryan-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bryan.Bryan-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (avast! Online Security) - C:\Users\Bryan.Bryan-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-06]
CHR Extension: (Google Wallet) - C:\Users\Bryan.Bryan-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-08-16]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-08-16] (AVAST Software)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [450904 2014-09-18] (Garmin Ltd or its subsidiaries)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-16] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-16] ()
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [35776 2013-09-23] (libusb-win32 / Wiki / Home)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-24] (Malwarebytes Corporation)
R3 OA004Ufd; C:\Windows\System32\DRIVERS\OA004Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
R3 OA004Vid; C:\Windows\System32\DRIVERS\OA004Vid.sys [269760 2008-07-17] (Creative Technology Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-01-10] (Anchorfree Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-24 08:28 - 2014-10-24 08:28 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 08:27 - 2014-10-24 08:27 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-24 08:27 - 2014-10-24 08:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-24 08:27 - 2014-10-24 08:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-24 08:27 - 2014-10-24 08:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-24 08:27 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-24 08:27 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-24 08:27 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-24 08:24 - 2014-10-24 08:25 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Bryan.Bryan-PC\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-24 04:57 - 2014-10-24 04:57 - 00000392 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-10-22 15:43 - 2014-10-22 15:43 - 00000000 ____D () C:\Users\Bryan.Bryan-PC\Desktop\FRST-OlderVersion
2014-10-21 15:17 - 2014-10-21 15:19 - 00026906 _____ () C:\Users\Bryan.Bryan-PC\Desktop\Addition.txt
2014-10-21 15:16 - 2014-10-24 09:32 - 00022369 _____ () C:\Users\Bryan.Bryan-PC\Desktop\FRST.txt
2014-10-21 15:16 - 2014-10-24 09:31 - 00000000 ____D () C:\FRST
2014-10-21 15:14 - 2014-10-21 15:14 - 01102336 _____ (Farbar) C:\Users\Bryan.Bryan-PC\Downloads\FRST.exe
2014-10-21 15:13 - 2014-10-22 15:43 - 01103360 _____ (Farbar) C:\Users\Bryan.Bryan-PC\Desktop\FRST.exe
2014-10-20 18:42 - 2014-10-20 18:42 - 00005063 _____ () C:\Users\Bryan.Bryan-PC\Desktop\ark.zip
2014-10-20 18:40 - 2014-10-20 18:40 - 00025910 _____ () C:\Users\Bryan.Bryan-PC\Desktop\ark.txt
2014-10-20 08:49 - 2014-10-20 08:49 - 00370943 _____ () C:\Users\Bryan.Bryan-PC\Desktop\gmer.zip
2014-10-20 08:44 - 2014-10-20 08:44 - 00006515 _____ () C:\Users\Bryan.Bryan-PC\Desktop\attach.txt
2014-10-20 08:44 - 2014-10-20 08:42 - 00016866 _____ () C:\Users\Bryan.Bryan-PC\Desktop\dds.txt
2014-10-20 08:38 - 2014-10-20 08:38 - 00688992 ____R (Swearware) C:\Users\Bryan.Bryan-PC\Desktop\dds.scr
2014-10-19 20:33 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-19 20:33 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-19 20:33 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-19 20:28 - 2014-09-27 19:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-19 20:11 - 2014-09-04 19:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-19 20:08 - 2014-09-16 12:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-19 19:17 - 2014-09-19 18:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-19 19:17 - 2014-09-19 18:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-19 19:17 - 2014-09-19 18:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-19 19:17 - 2014-09-19 18:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-19 19:17 - 2014-09-19 18:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-19 19:17 - 2014-09-19 18:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-19 19:17 - 2014-09-19 18:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-19 19:17 - 2014-09-19 18:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-19 19:17 - 2014-09-19 18:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-19 19:17 - 2014-09-19 18:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-19 19:17 - 2014-09-19 18:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-19 19:17 - 2014-09-19 18:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-19 19:17 - 2014-09-19 18:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-19 19:17 - 2014-09-19 18:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-19 19:17 - 2014-09-19 18:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-19 19:17 - 2014-09-19 18:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-19 19:17 - 2014-09-19 18:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-19 19:17 - 2014-09-19 18:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-19 19:17 - 2014-09-19 18:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-19 19:17 - 2014-09-19 18:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-19 19:17 - 2014-09-19 18:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 19:21 - 2014-10-14 19:21 - 00015872 _____ () C:\Users\Bryan.Bryan-PC\Downloads\Cut to 30 final.xls
2014-10-12 10:36 - 2014-10-12 10:36 - 00000000 ____D () C:\Users\Bryan.Bryan-PC\AppData\Local\Garmin
2014-10-12 10:34 - 2014-10-12 10:34 - 00000000 ____D () C:\ProgramData\Ant
2014-10-12 10:32 - 2014-10-12 10:32 - 00000000 ____D () C:\Users\Bryan.Bryan-PC\AppData\Roaming\Garmin
2014-10-12 10:31 - 2014-10-12 10:36 - 00000000 ____D () C:\ProgramData\Garmin
2014-10-12 10:31 - 2014-10-12 10:32 - 00000000 ____D () C:\Program Files\Garmin
2014-10-12 10:31 - 2014-10-12 10:31 - 00001725 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-10-12 10:31 - 2014-10-12 10:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-10-12 10:29 - 2014-10-12 10:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-12 10:26 - 2014-10-12 10:27 - 36034936 _____ (Garmin Ltd or its subsidiaries) C:\Users\Bryan.Bryan-PC\Downloads\GarminExpressInstaller (1).exe
2014-10-12 10:25 - 2014-10-12 10:26 - 36034936 _____ (Garmin Ltd or its subsidiaries) C:\Users\Bryan.Bryan-PC\Downloads\GarminExpressInstaller.exe
2014-10-09 20:07 - 2014-10-09 20:07 - 00118272 _____ () C:\Users\Bryan.Bryan-PC\Downloads\PRC 2015-2016.xls
2014-10-09 16:25 - 2014-10-09 16:26 - 00012138 _____ () C:\Users\Bryan.Bryan-PC\Downloads\2015-2016 Play Selection (1).xlsx
2014-10-07 17:45 - 2014-10-07 17:45 - 00035328 _____ () C:\Users\Bryan.Bryan-PC\Downloads\Cut to 30 draft-Tim.xls.crdownload
2014-10-07 11:05 - 2014-10-07 11:05 - 00021504 _____ () C:\Users\Bryan.Bryan-PC\Downloads\Cut to 30 draft.xls
2014-10-07 11:05 - 2014-10-07 11:05 - 00021504 _____ () C:\Users\Bryan.Bryan-PC\Downloads\Cut to 30 draft (1).xls
2014-10-06 11:54 - 2014-10-06 11:54 - 00055948 _____ () C:\Users\Bryan.Bryan-PC\Downloads\100614-DASHassignments.xlsx
2014-10-03 19:28 - 2014-10-03 19:28 - 00233054 _____ () C:\Users\Sara.Bryan-PC\Downloads\kimbum577 sent you a new message..htm
2014-10-03 19:28 - 2014-10-03 19:28 - 00000000 ____D () C:\Users\Sara.Bryan-PC\Downloads\kimbum577 sent you a new message._files
2014-10-01 08:47 - 2014-10-01 08:47 - 00012138 _____ () C:\Users\Bryan.Bryan-PC\Downloads\2015-2016 Play Selection.xlsx
2014-09-29 17:44 - 2014-09-29 17:44 - 00248320 _____ () C:\Users\Bryan.Bryan-PC\Downloads\PRC 2014 20140117 (1).xls
2014-09-29 17:43 - 2014-09-29 17:43 - 00248320 _____ () C:\Users\Bryan.Bryan-PC\Downloads\PRC 2014 20140117.xls
2014-09-28 15:04 - 2014-09-28 15:04 - 00036335 _____ () C:\Users\Bryan.Bryan-PC\Downloads\2013 DASH Ballot - PLAY (with avg).xlsx
2014-09-24 08:21 - 2014-09-24 08:21 - 00010667 _____ () C:\Users\Bryan.Bryan-PC\Downloads\2015_2016_Play_Selection (2).xlsx
2014-09-24 08:09 - 2014-09-24 08:09 - 00010667 _____ () C:\Users\Bryan.Bryan-PC\Downloads\2015_2016_Play_Selection (1).xlsx
2014-09-24 03:00 - 2014-09-09 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-24 09:32 - 2008-09-26 10:34 - 02016931 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 09:27 - 2008-09-26 11:23 - 00000284 _____ () C:\Users\Public\Documents\hpqp.ini
2014-10-24 09:25 - 2013-10-13 14:07 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-10-24 09:24 - 2010-01-29 21:35 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 09:23 - 2014-04-24 08:20 - 00000621 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_DF96B552-CBAA-11E3-960A-001D727B8841.job
2014-10-24 09:23 - 2014-03-01 10:55 - 00029124 _____ () C:\Windows\PFRO.log
2014-10-24 09:23 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-24 09:23 - 2006-11-02 08:47 - 00341368 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-24 09:23 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 09:23 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 09:22 - 2006-11-02 09:01 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-24 09:20 - 2008-06-27 13:49 - 00000000 ____D () C:\ProgramData\WildTangent
2014-10-24 08:46 - 2012-04-12 13:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-24 08:35 - 2010-01-29 21:35 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-24 04:57 - 2011-01-09 19:03 - 00090720 _____ () C:\Users\Bryan.Bryan-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-23 15:11 - 2008-06-27 14:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-22 16:51 - 2014-03-05 17:22 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-10-21 06:59 - 2014-02-28 16:35 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-20 09:41 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-20 08:50 - 2014-01-28 18:36 - 00380416 _____ () C:\Users\Bryan.Bryan-PC\Desktop\gmer.exe
2014-10-20 07:31 - 2011-12-25 21:32 - 00000000 ____D () C:\Program Files\McAfee
2014-10-20 07:30 - 2010-07-04 09:22 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-19 20:26 - 2013-08-14 03:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-19 20:12 - 2006-11-02 06:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-19 19:06 - 2013-09-23 00:15 - 00001844 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-19 18:53 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-10-19 18:53 - 2006-11-02 06:22 - 55574528 _____ () C:\Windows\system32\config\software_previous
2014-10-19 18:53 - 2006-11-02 06:22 - 47448064 _____ () C:\Windows\system32\config\components_previous
2014-10-19 18:53 - 2006-11-02 06:22 - 43515904 _____ () C:\Windows\system32\config\system_previous
2014-10-19 18:53 - 2006-11-02 06:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-10-19 18:53 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-10-19 18:53 - 2006-11-02 06:22 - 00204800 _____ () C:\Windows\system32\config\sam_previous
2014-10-19 18:52 - 2011-01-09 19:02 - 00000000 ____D () C:\Users\Bryan.Bryan-PC
2014-10-19 18:52 - 2010-12-18 14:38 - 00000000 ____D () C:\Users\Sara.Bryan-PC
2014-10-19 18:52 - 2010-06-14 15:42 - 00000000 ____D () C:\Users\Guest
2014-10-19 18:52 - 2010-06-12 07:53 - 00000000 ____D () C:\Users\Sara
2014-10-19 18:52 - 2010-06-11 09:01 - 00000000 ____D () C:\Users\Natalie
2014-10-19 18:52 - 2008-10-25 21:09 - 00000000 ____D () C:\Users\Kate
2014-10-19 18:52 - 2008-10-25 19:59 - 00000000 ____D () C:\Users\Bryan
2014-10-19 18:51 - 2014-02-28 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-19 18:51 - 2012-11-17 10:09 - 00000000 ____D () C:\Users\Bryan.Bryan-PC\AppData\Local\QuickPlay
2014-10-19 18:51 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2014-10-19 18:51 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration
2014-10-12 17:53 - 2014-08-30 11:31 - 00000000 ____D () C:\Users\Bryan.Bryan-PC\AppData\Local\Adobe
2014-10-12 10:33 - 2010-09-04 08:28 - 00000000 ____D () C:\Program Files\DIFX
2014-10-06 07:09 - 2008-12-31 13:24 - 00000000 ____D () C:\Users\Kate\AppData\Roaming\Skype
2014-10-05 11:43 - 2008-10-25 21:09 - 00090720 _____ () C:\Users\Kate\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-02 17:55 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-10-02 15:53 - 2009-10-03 02:28 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-01 20:00 - 2010-12-18 14:39 - 00090720 _____ () C:\Users\Sara.Bryan-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-26 14:19 - 2008-10-27 12:36 - 00000000 ____D () C:\Users\Public\BryKate
2014-09-24 17:19 - 2006-11-02 06:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-24 09:33
==================== End Of Log ============================
 

Attachments

#8 ·
Hello again.

Please uninstall Chrome. You must also click 'Yes' when asked if he want to remove all data. If you don't, then Chrome leaves the existing folders on the machine which contain all the current settings and it will reload them when you reinstalls Chrome. Please read


  • You open the MBAM once again.
  • Click on the History tab > Application Logs.
  • Double-click on the scan log which shows the date and time of the scan just performed.
  • Click Copy to Clipboard
  • Paste the contents of the clipboard into your reply.
=========================================================

  • Open Notepad (Start > All Programs > Accessories > Notepad).

  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST.exe
NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
start
2014-10-24 04:57 - 2014-10-24 04:57 - 00000392 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-10-24 09:23 - 2014-04-24 08:20 - 00000621 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_DF96B552-CBAA-11E3-960A-001D727B8841.job
Task: {89031108-A0ED-4E6A-99F4-425B11E68209} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_DF96B552-CBAA-11E3-960A-001D727B8841 => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2014-07-17] (SparkTrust) <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_DF96B552-CBAA-11E3-960A-001D727B8841.job => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
Reboot:
end
  • Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Please Send the following logs in next reply:

  • Mbam Scan log.txt
  • Fixlog.txt
 
#11 ·
Hello kategluck,

Did you create the new Fixlist.txt and save it to his Desktop? If not, please do that now.


  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST.exe
NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
start
2014-10-24 04:57 - 2014-10-24 04:57 - 00000392 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-10-24 09:23 - 2014-04-24 08:20 - 00000621 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_DF96B552-CBAA-11E3-960A-001D727B8841.job
Task: {89031108-A0ED-4E6A-99F4-425B11E68209} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_DF96B552-CBAA-11E3-960A-001D727B8841 => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2014-07-17] (SparkTrust) <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_DF96B552-CBAA-11E3-960A-001D727B8841.job => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
Reboot:
end
  • Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
#12 ·
Thank you for staying with me.

Here is my Fixlog--

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-10-2014
Ran by Bryan at 2014-10-26 18:23:43 Run:2
Running from C:\Users\Bryan.Bryan-PC\Desktop
Loaded Profile: Bryan (Available profiles: Kate & Natalie & Sara & Bryan & Guest)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
2014-10-24 04:57 - 2014-10-24 04:57 - 00000392 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-10-24 09:23 - 2014-04-24 08:20 - 00000621 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_DF96B552-CBAA-11E3-960A-001D727B8841.job
Task: {89031108-A0ED-4E6A-99F4-425B11E68209} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_DF96B552-CBAA-11E3-960A-001D727B8841 => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2014-07-17] (SparkTrust) <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_DF96B552-CBAA-11E3-960A-001D727B8841.job => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
Reboot:
end
*****************
C:\Windows\Tasks\SparkTrust Registration3.job => Moved successfully.
C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_DF96B552-CBAA-11E3-960A-001D727B8841.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89031108-A0ED-4E6A-99F4-425B11E68209}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89031108-A0ED-4E6A-99F4-425B11E68209}" => Key deleted successfully.
C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_DF96B552-CBAA-11E3-960A-001D727B8841 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust PC Cleaner Plus_sch_DF96B552-CBAA-11E3-960A-001D727B8841" => Key deleted successfully.
C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_DF96B552-CBAA-11E3-960A-001D727B8841.job not found.
C:\Windows\Tasks\SparkTrust Registration3.job not found.

The system needed a reboot.
==== End of Fixlog ====
 
#13 · (Edited by Moderator)
Hello again, Thanks for the fixlist report.
  • You open the MBAM once again.
  • Click on the History tab > Application Logs.
  • Double-click on the scan log which shows the date and time of the scan just performed.
  • Click Copy to Clipboard
  • Paste the contents of the clipboard into your reply.
-----------------------------------------------------------------------
Pelase re-run Farbar Recovery Scan Tool. Make sure Addition.txt log is ticked. Copy and paste it to your reply.

-----------------------------------------------------------------------
Finally, Install Chrome. You run after installing Chrome. Please tell me How is the machine behaving now on? What problems do you still have?
 
#14 ·
Hi. I hope I've done everything correctly. Did you want me to run FRST after I installed re-stalled Chrome? I wasn't sure so I did both. The first is without Chrome and the second is with Chrome, followed by the Addition with Chrome.

There doesn't seem to be a change in my machine. Chrome still will not open.

Thank you.

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 10/24/2014 8:28:42 AM, SYSTEM, BRYAN-PC, Manual, Rootkit Database, 2014.9.18.1, 2014.10.22.1,
Update, 10/24/2014 8:28:48 AM, SYSTEM, BRYAN-PC, Manual, Malware Database, 2014.9.19.5, 2014.10.24.4,
(end)

FRST without Chrome

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2014
Ran by Bryan (administrator) on BRYAN-PC on 27-10-2014 09:34:27
Running from C:\Users\Bryan.Bryan-PC\Desktop
Loaded Profile: Bryan (Available profiles: Kate & Natalie & Sara & Bryan & Guest)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Windows\SMINST\BLService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-06-12] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-05-12] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-08-16] (AVAST Software)
HKLM\...\Run: [Monitor] => C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-1004199723-1386826489-637112434-1006\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1004199723-1386826489-637112434-1006\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-02-26] (Hewlett-Packard Company)
HKU\S-1-5-21-1004199723-1386826489-637112434-1006\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-03-04] (Google Inc.)
HKU\S-1-5-21-1004199723-1386826489-637112434-1006\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-09-18] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1004199723-1386826489-637112434-1006\...\Policies\Explorer: [RestrictRun] 0
Startup: C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bryan.Bryan-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bryan.Bryan-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bryan.Bryan-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL - News, Sports, Weather, Entertainment, Local & Lifestyle
SearchScopes: HKLM - {5DB6D26C-B21C-43F9-B61F-D52F406DF942} URL = {searchTerms} - Yahoo Search Results
SearchScopes: HKCU - DefaultScope {7CB736E5-F6E5-43A1-8013-4F0D7F563FD6} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US0D20131115&p={SearchTerms}
SearchScopes: HKCU - {7CB736E5-F6E5-43A1-8013-4F0D7F563FD6} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US0D20131115&p={SearchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF ProfilePath: C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\4bc0aguf.default-1344826461195
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 -> C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files\Musicnotes\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bryan.Bryan-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Panda3D Game Engine Plug-In - C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\Extensions\runtime@panda3d.org [2011-03-06]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-01-24]
FF Extension: No Name - C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash [2011-01-24]
FF Extension: Yahoo! Toolbar - C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-05-18]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\4bc0aguf.default-1344826461195\Extensions\firefox-hotfix@mozilla.org.xpi [2014-09-04]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-21]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008-06-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-02]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-11-04]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-09-05]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-08-16]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-08-16] (AVAST Software)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [450904 2014-09-18] (Garmin Ltd or its subsidiaries)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-16] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-16] ()
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [35776 2013-09-23] (libusb-win32 / Wiki / Home)
R3 OA004Ufd; C:\Windows\System32\DRIVERS\OA004Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
R3 OA004Vid; C:\Windows\System32\DRIVERS\OA004Vid.sys [269760 2008-07-17] (Creative Technology Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-01-10] (Anchorfree Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-24 08:28 - 2014-10-27 09:32 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 08:27 - 2014-10-24 08:27 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-24 08:27 - 2014-10-24 08:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-24 08:27 - 2014-10-24 08:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-24 08:27 - 2014-10-24 08:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-24 08:27 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-24 08:27 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-24 08:27 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-24 08:24 - 2014-10-24 08:25 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Bryan.Bryan-PC\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-22 15:43 - 2014-10-26 18:22 - 00000000 ____D () C:\Users\Bryan.Bryan-PC\Desktop\FRST-OlderVersion
2014-10-21 15:17 - 2014-10-24 09:37 - 00027635 _____ () C:\Users\Bryan.Bryan-PC\Desktop\Addition.txt
2014-10-21 15:16 - 2014-10-27 09:34 - 00021158 _____ () C:\Users\Bryan.Bryan-PC\Desktop\FRST.txt
2014-10-21 15:16 - 2014-10-27 09:34 - 00000000 ____D () C:\FRST
2014-10-21 15:14 - 2014-10-21 15:14 - 01102336 _____ (Farbar) C:\Users\Bryan.Bryan-PC\Downloads\FRST.exe
2014-10-21 15:13 - 2014-10-26 18:22 - 01104896 _____ (Farbar) C:\Users\Bryan.Bryan-PC\Desktop\FRST.exe
2014-10-20 18:42 - 2014-10-20 18:42 - 00005063 _____ () C:\Users\Bryan.Bryan-PC\Desktop\ark.zip
2014-10-20 18:40 - 2014-10-20 18:40 - 00025910 _____ () C:\Users\Bryan.Bryan-PC\Desktop\ark.txt
2014-10-20 08:49 - 2014-10-20 08:49 - 00370943 _____ () C:\Users\Bryan.Bryan-PC\Desktop\gmer.zip
2014-10-20 08:44 - 2014-10-20 08:44 - 00006515 _____ () C:\Users\Bryan.Bryan-PC\Desktop\attach.txt
2014-10-20 08:44 - 2014-10-20 08:42 - 00016866 _____ () C:\Users\Bryan.Bryan-PC\Desktop\dds.txt
2014-10-20 08:38 - 2014-10-20 08:38 - 00688992 ____R (Swearware) C:\Users\Bryan.Bryan-PC\Desktop\dds.scr
2014-10-19 20:33 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-19 20:33 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-19 20:33 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-19 20:28 - 2014-09-27 19:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-19 20:11 - 2014-09-04 19:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-19 20:08 - 2014-09-16 12:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-19 19:17 - 2014-09-19 18:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-19 19:17 - 2014-09-19 18:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-19 19:17 - 2014-09-19 18:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-19 19:17 - 2014-09-19 18:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-19 19:17 - 2014-09-19 18:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-19 19:17 - 2014-09-19 18:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-19 19:17 - 2014-09-19 18:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-19 19:17 - 2014-09-19 18:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-19 19:17 - 2014-09-19 18:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-19 19:17 - 2014-09-19 18:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-19 19:17 - 2014-09-19 18:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-19 19:17 - 2014-09-19 18:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-19 19:17 - 2014-09-19 18:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-19 19:17 - 2014-09-19 18:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-19 19:17 - 2014-09-19 18:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-19 19:17 - 2014-09-19 18:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-19 19:17 - 2014-09-19 18:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-19 19:17 - 2014-09-19 18:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-19 19:17 - 2014-09-19 18:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-19 19:17 - 2014-09-19 18:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-19 19:17 - 2014-09-19 18:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 19:21 - 2014-10-14 19:21 - 00015872 _____ () C:\Users\Bryan.Bryan-PC\Downloads\Cut to 30 final.xls
2014-10-12 10:36 - 2014-10-12 10:36 - 00000000 ____D () C:\Users\Bryan.Bryan-PC\AppData\Local\Garmin
2014-10-12 10:34 - 2014-10-12 10:34 - 00000000 ____D () C:\ProgramData\Ant
2014-10-12 10:32 - 2014-10-12 10:32 - 00000000 ____D () C:\Users\Bryan.Bryan-PC\AppData\Roaming\Garmin
2014-10-12 10:31 - 2014-10-12 10:36 - 00000000 ____D () C:\ProgramData\Garmin
2014-10-12 10:31 - 2014-10-12 10:32 - 00000000 ____D () C:\Program Files\Garmin
2014-10-12 10:31 - 2014-10-12 10:31 - 00001725 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-10-12 10:31 - 2014-10-12 10:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-10-12 10:29 - 2014-10-12 10:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-12 10:26 - 2014-10-12 10:27 - 36034936 _____ (Garmin Ltd or its subsidiaries) C:\Users\Bryan.Bryan-PC\Downloads\GarminExpressInstaller (1).exe
2014-10-12 10:25 - 2014-10-12 10:26 - 36034936 _____ (Garmin Ltd or its subsidiaries) C:\Users\Bryan.Bryan-PC\Downloads\GarminExpressInstaller.exe
2014-10-09 20:07 - 2014-10-09 20:07 - 00118272 _____ () C:\Users\Bryan.Bryan-PC\Downloads\PRC 2015-2016.xls
2014-10-09 16:25 - 2014-10-09 16:26 - 00012138 _____ () C:\Users\Bryan.Bryan-PC\Downloads\2015-2016 Play Selection (1).xlsx
2014-10-07 17:45 - 2014-10-07 17:45 - 00035328 _____ () C:\Users\Bryan.Bryan-PC\Downloads\Cut to 30 draft-Tim.xls.crdownload
2014-10-07 11:05 - 2014-10-07 11:05 - 00021504 _____ () C:\Users\Bryan.Bryan-PC\Downloads\Cut to 30 draft.xls
2014-10-07 11:05 - 2014-10-07 11:05 - 00021504 _____ () C:\Users\Bryan.Bryan-PC\Downloads\Cut to 30 draft (1).xls
2014-10-06 11:54 - 2014-10-06 11:54 - 00055948 _____ () C:\Users\Bryan.Bryan-PC\Downloads\100614-DASHassignments.xlsx
2014-10-03 19:28 - 2014-10-03 19:28 - 00233054 _____ () C:\Users\Sara.Bryan-PC\Downloads\kimbum577 sent you a new message..htm
2014-10-03 19:28 - 2014-10-03 19:28 - 00000000 ____D () C:\Users\Sara.Bryan-PC\Downloads\kimbum577 sent you a new message._files
2014-10-01 08:47 - 2014-10-01 08:47 - 00012138 _____ () C:\Users\Bryan.Bryan-PC\Downloads\2015-2016 Play Selection.xlsx
2014-09-29 17:44 - 2014-09-29 17:44 - 00248320 _____ () C:\Users\Bryan.Bryan-PC\Downloads\PRC 2014 20140117 (1).xls
2014-09-29 17:43 - 2014-09-29 17:43 - 00248320 _____ () C:\Users\Bryan.Bryan-PC\Downloads\PRC 2014 20140117.xls
2014-09-28 15:04 - 2014-09-28 15:04 - 00036335 _____ () C:\Users\Bryan.Bryan-PC\Downloads\2013 DASH Ballot - PLAY (with avg).xlsx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-27 09:35 - 2010-01-29 21:35 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 08:46 - 2012-04-12 13:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-27 08:33 - 2008-09-26 10:34 - 02091410 _____ () C:\Windows\WindowsUpdate.log
2014-10-27 08:25 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 08:25 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-26 18:43 - 2010-01-29 21:35 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-26 18:43 - 2008-09-26 11:23 - 00000284 _____ () C:\Users\Public\Documents\hpqp.ini
2014-10-26 18:26 - 2013-10-13 14:07 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-10-26 18:25 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-26 18:24 - 2006-11-02 09:01 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-25 09:02 - 2011-01-09 19:05 - 00000000 ____D () C:\Users\Bryan.Bryan-PC\AppData\Local\Google
2014-10-25 09:02 - 2008-12-31 13:11 - 00000000 ____D () C:\Program Files\Google
2014-10-24 09:23 - 2014-03-01 10:55 - 00029124 _____ () C:\Windows\PFRO.log
2014-10-24 09:23 - 2006-11-02 08:47 - 00341368 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-24 09:20 - 2008-06-27 13:49 - 00000000 ____D () C:\ProgramData\WildTangent
2014-10-24 04:57 - 2011-01-09 19:03 - 00090720 _____ () C:\Users\Bryan.Bryan-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-23 15:11 - 2008-06-27 14:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-22 16:51 - 2014-03-05 17:22 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-10-20 09:41 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-20 08:50 - 2014-01-28 18:36 - 00380416 _____ () C:\Users\Bryan.Bryan-PC\Desktop\gmer.exe
2014-10-20 07:31 - 2011-12-25 21:32 - 00000000 ____D () C:\Program Files\McAfee
2014-10-20 07:30 - 2010-07-04 09:22 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-19 20:26 - 2013-08-14 03:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-19 20:12 - 2006-11-02 06:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-19 19:06 - 2013-09-23 00:15 - 00001844 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-19 18:53 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-10-19 18:53 - 2006-11-02 06:22 - 55574528 _____ () C:\Windows\system32\config\software_previous
2014-10-19 18:53 - 2006-11-02 06:22 - 47448064 _____ () C:\Windows\system32\config\components_previous
2014-10-19 18:53 - 2006-11-02 06:22 - 43515904 _____ () C:\Windows\system32\config\system_previous
2014-10-19 18:53 - 2006-11-02 06:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-10-19 18:53 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-10-19 18:53 - 2006-11-02 06:22 - 00204800 _____ () C:\Windows\system32\config\sam_previous
2014-10-19 18:52 - 2011-01-09 19:02 - 00000000 ____D () C:\Users\Bryan.Bryan-PC
2014-10-19 18:52 - 2010-12-18 14:38 - 00000000 ____D () C:\Users\Sara.Bryan-PC
2014-10-19 18:52 - 2010-06-14 15:42 - 00000000 ____D () C:\Users\Guest
2014-10-19 18:52 - 2010-06-12 07:53 - 00000000 ____D () C:\Users\Sara
2014-10-19 18:52 - 2010-06-11 09:01 - 00000000 ____D () C:\Users\Natalie
2014-10-19 18:52 - 2008-10-25 21:09 - 00000000 ____D () C:\Users\Kate
2014-10-19 18:52 - 2008-10-25 19:59 - 00000000 ____D () C:\Users\Bryan
2014-10-19 18:51 - 2012-11-17 10:09 - 00000000 ____D () C:\Users\Bryan.Bryan-PC\AppData\Local\QuickPlay
2014-10-19 18:51 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2014-10-19 18:51 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration
2014-10-12 17:53 - 2014-08-30 11:31 - 00000000 ____D () C:\Users\Bryan.Bryan-PC\AppData\Local\Adobe
2014-10-12 10:33 - 2010-09-04 08:28 - 00000000 ____D () C:\Program Files\DIFX
2014-10-06 07:09 - 2008-12-31 13:24 - 00000000 ____D () C:\Users\Kate\AppData\Roaming\Skype
2014-10-05 11:43 - 2008-10-25 21:09 - 00090720 _____ () C:\Users\Kate\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-02 17:55 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-10-02 15:53 - 2009-10-03 02:28 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-01 20:00 - 2010-12-18 14:39 - 00090720 _____ () C:\Users\Sara.Bryan-PC\AppData\Local\GDIPFONTCACHEV1.DAT
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-27 06:45
==================== End Of Log ============================

FRST With Chrome

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2014
Ran by Bryan (administrator) on BRYAN-PC on 27-10-2014 10:05:51
Running from C:\Users\Bryan.Bryan-PC\Desktop
Loaded Profile: Bryan (Available profiles: Kate & Natalie & Sara & Bryan & Guest)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Windows\SMINST\BLService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-06-12] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-05-12] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-08-16] (AVAST Software)
HKLM\...\Run: [Monitor] => C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-1004199723-1386826489-637112434-1006\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1004199723-1386826489-637112434-1006\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-02-26] (Hewlett-Packard Company)
HKU\S-1-5-21-1004199723-1386826489-637112434-1006\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-03-04] (Google Inc.)
HKU\S-1-5-21-1004199723-1386826489-637112434-1006\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-09-18] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1004199723-1386826489-637112434-1006\...\Policies\Explorer: [RestrictRun] 0
Startup: C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bryan.Bryan-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bryan.Bryan-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bryan.Bryan-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL - News, Sports, Weather, Entertainment, Local & Lifestyle
SearchScopes: HKLM - {5DB6D26C-B21C-43F9-B61F-D52F406DF942} URL = {searchTerms} - Yahoo Search Results
SearchScopes: HKCU - DefaultScope {7CB736E5-F6E5-43A1-8013-4F0D7F563FD6} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US0D20131115&p={SearchTerms}
SearchScopes: HKCU - {7CB736E5-F6E5-43A1-8013-4F0D7F563FD6} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US0D20131115&p={SearchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF ProfilePath: C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\4bc0aguf.default-1344826461195
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 -> C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files\Musicnotes\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bryan.Bryan-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Panda3D Game Engine Plug-In - C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\Extensions\runtime@panda3d.org [2011-03-06]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-01-24]
FF Extension: No Name - C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash [2011-01-24]
FF Extension: Yahoo! Toolbar - C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-05-18]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\4bc0aguf.default-1344826461195\Extensions\firefox-hotfix@mozilla.org.xpi [2014-09-04]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-21]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008-06-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-02]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-11-04]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-09-05]
Chrome:
=======
CHR Profile: C:\Users\Bryan.Bryan-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Bryan.Bryan-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-08-16]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-08-16] (AVAST Software)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [450904 2014-09-18] (Garmin Ltd or its subsidiaries)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-16] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-16] ()
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [35776 2013-09-23] (libusb-win32 / Wiki / Home)
R3 OA004Ufd; C:\Windows\System32\DRIVERS\OA004Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
R3 OA004Vid; C:\Windows\System32\DRIVERS\OA004Vid.sys [269760 2008-07-17] (Creative Technology Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-01-10] (Anchorfree Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-27 10:01 - 2014-10-27 10:01 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-27 10:01 - 2014-10-27 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-24 08:28 - 2014-10-27 09:32 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 08:27 - 2014-10-24 08:27 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-24 08:27 - 2014-10-24 08:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-24 08:27 - 2014-10-24 08:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-24 08:27 - 2014-10-24 08:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-24 08:27 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-24 08:27 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-24 08:27 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-24 08:24 - 2014-10-24 08:25 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Bryan.Bryan-PC\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-22 15:43 - 2014-10-26 18:22 - 00000000 ____D () C:\Users\Bryan.Bryan-PC\Desktop\FRST-OlderVersion
2014-10-21 15:17 - 2014-10-27 09:37 - 00026799 _____ () C:\Users\Bryan.Bryan-PC\Desktop\Addition.txt
2014-10-21 15:16 - 2014-10-27 10:06 - 00021613 _____ () C:\Users\Bryan.Bryan-PC\Desktop\FRST.txt
2014-10-21 15:16 - 2014-10-27 10:05 - 00000000 ____D () C:\FRST
2014-10-21 15:14 - 2014-10-21 15:14 - 01102336 _____ (Farbar) C:\Users\Bryan.Bryan-PC\Downloads\FRST.exe
2014-10-21 15:13 - 2014-10-26 18:22 - 01104896 _____ (Farbar) C:\Users\Bryan.Bryan-PC\Desktop\FRST.exe
2014-10-20 18:42 - 2014-10-20 18:42 - 00005063 _____ () C:\Users\Bryan.Bryan-PC\Desktop\ark.zip
2014-10-20 18:40 - 2014-10-20 18:40 - 00025910 _____ () C:\Users\Bryan.Bryan-PC\Desktop\ark.txt
2014-10-20 08:49 - 2014-10-20 08:49 - 00370943 _____ () C:\Users\Bryan.Bryan-PC\Desktop\gmer.zip
2014-10-20 08:44 - 2014-10-20 08:44 - 00006515 _____ () C:\Users\Bryan.Bryan-PC\Desktop\attach.txt
2014-10-20 08:44 - 2014-10-20 08:42 - 00016866 _____ () C:\Users\Bryan.Bryan-PC\Desktop\dds.txt
2014-10-20 08:38 - 2014-10-20 08:38 - 00688992 ____R (Swearware) C:\Users\Bryan.Bryan-PC\Desktop\dds.scr
2014-10-19 20:33 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-19 20:33 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-19 20:33 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-19 20:28 - 2014-09-27 19:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-19 20:11 - 2014-09-04 19:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-19 20:08 - 2014-09-16 12:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-19 19:17 - 2014-09-19 18:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-19 19:17 - 2014-09-19 18:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-19 19:17 - 2014-09-19 18:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-19 19:17 - 2014-09-19 18:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-19 19:17 - 2014-09-19 18:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-19 19:17 - 2014-09-19 18:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-19 19:17 - 2014-09-19 18:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-19 19:17 - 2014-09-19 18:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-19 19:17 - 2014-09-19 18:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-19 19:17 - 2014-09-19 18:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-19 19:17 - 2014-09-19 18:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-19 19:17 - 2014-09-19 18:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-19 19:17 - 2014-09-19 18:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-19 19:17 - 2014-09-19 18:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-19 19:17 - 2014-09-19 18:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-19 19:17 - 2014-09-19 18:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-19 19:17 - 2014-09-19 18:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-19 19:17 - 2014-09-19 18:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-19 19:17 - 2014-09-19 18:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-19 19:17 - 2014-09-19 18:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-19 19:17 - 2014-09-19 18:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 19:21 - 2014-10-14 19:21 - 00015872 _____ () C:\Users\Bryan.Bryan-PC\Downloads\Cut to 30 final.xls
2014-10-12 10:36 - 2014-10-12 10:36 - 00000000 ____D () C:\Users\Bryan.Bryan-PC\AppData\Local\Garmin
2014-10-12 10:34 - 2014-10-12 10:34 - 00000000 ____D () C:\ProgramData\Ant
2014-10-12 10:32 - 2014-10-12 10:32 - 00000000 ____D () C:\Users\Bryan.Bryan-PC\AppData\Roaming\Garmin
2014-10-12 10:31 - 2014-10-12 10:36 - 00000000 ____D () C:\ProgramData\Garmin
2014-10-12 10:31 - 2014-10-12 10:32 - 00000000 ____D () C:\Program Files\Garmin
2014-10-12 10:31 - 2014-10-12 10:31 - 00001725 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-10-12 10:31 - 2014-10-12 10:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-10-12 10:29 - 2014-10-12 10:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-12 10:26 - 2014-10-12 10:27 - 36034936 _____ (Garmin Ltd or its subsidiaries) C:\Users\Bryan.Bryan-PC\Downloads\GarminExpressInstaller (1).exe
2014-10-12 10:25 - 2014-10-12 10:26 - 36034936 _____ (Garmin Ltd or its subsidiaries) C:\Users\Bryan.Bryan-PC\Downloads\GarminExpressInstaller.exe
2014-10-09 20:07 - 2014-10-09 20:07 - 00118272 _____ () C:\Users\Bryan.Bryan-PC\Downloads\PRC 2015-2016.xls
2014-10-09 16:25 - 2014-10-09 16:26 - 00012138 _____ () C:\Users\Bryan.Bryan-PC\Downloads\2015-2016 Play Selection (1).xlsx
2014-10-07 17:45 - 2014-10-07 17:45 - 00035328 _____ () C:\Users\Bryan.Bryan-PC\Downloads\Cut to 30 draft-Tim.xls.crdownload
2014-10-07 11:05 - 2014-10-07 11:05 - 00021504 _____ () C:\Users\Bryan.Bryan-PC\Downloads\Cut to 30 draft.xls
2014-10-07 11:05 - 2014-10-07 11:05 - 00021504 _____ () C:\Users\Bryan.Bryan-PC\Downloads\Cut to 30 draft (1).xls
2014-10-06 11:54 - 2014-10-06 11:54 - 00055948 _____ () C:\Users\Bryan.Bryan-PC\Downloads\100614-DASHassignments.xlsx
2014-10-03 19:28 - 2014-10-03 19:28 - 00233054 _____ () C:\Users\Sara.Bryan-PC\Downloads\kimbum577 sent you a new message..htm
2014-10-03 19:28 - 2014-10-03 19:28 - 00000000 ____D () C:\Users\Sara.Bryan-PC\Downloads\kimbum577 sent you a new message._files
2014-10-01 08:47 - 2014-10-01 08:47 - 00012138 _____ () C:\Users\Bryan.Bryan-PC\Downloads\2015-2016 Play Selection.xlsx
2014-09-29 17:44 - 2014-09-29 17:44 - 00248320 _____ () C:\Users\Bryan.Bryan-PC\Downloads\PRC 2014 20140117 (1).xls
2014-09-29 17:43 - 2014-09-29 17:43 - 00248320 _____ () C:\Users\Bryan.Bryan-PC\Downloads\PRC 2014 20140117.xls
2014-09-28 15:04 - 2014-09-28 15:04 - 00036335 _____ () C:\Users\Bryan.Bryan-PC\Downloads\2013 DASH Ballot - PLAY (with avg).xlsx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-27 10:01 - 2011-01-09 19:05 - 00000000 ____D () C:\Users\Bryan.Bryan-PC\AppData\Local\Google
2014-10-27 10:01 - 2008-12-31 13:11 - 00000000 ____D () C:\Program Files\Google
2014-10-27 09:46 - 2012-04-12 13:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-27 09:35 - 2010-01-29 21:35 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 08:33 - 2008-09-26 10:34 - 02091410 _____ () C:\Windows\WindowsUpdate.log
2014-10-27 08:25 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 08:25 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-26 18:43 - 2010-01-29 21:35 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-26 18:43 - 2008-09-26 11:23 - 00000284 _____ () C:\Users\Public\Documents\hpqp.ini
2014-10-26 18:26 - 2013-10-13 14:07 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-10-26 18:25 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-26 18:24 - 2006-11-02 09:01 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-24 09:23 - 2014-03-01 10:55 - 00029124 _____ () C:\Windows\PFRO.log
2014-10-24 09:23 - 2006-11-02 08:47 - 00341368 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-24 09:20 - 2008-06-27 13:49 - 00000000 ____D () C:\ProgramData\WildTangent
2014-10-24 04:57 - 2011-01-09 19:03 - 00090720 _____ () C:\Users\Bryan.Bryan-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-23 15:11 - 2008-06-27 14:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-22 16:51 - 2014-03-05 17:22 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-10-20 09:41 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-20 08:50 - 2014-01-28 18:36 - 00380416 _____ () C:\Users\Bryan.Bryan-PC\Desktop\gmer.exe
2014-10-20 07:31 - 2011-12-25 21:32 - 00000000 ____D () C:\Program Files\McAfee
2014-10-20 07:30 - 2010-07-04 09:22 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-19 20:26 - 2013-08-14 03:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-19 20:12 - 2006-11-02 06:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-19 19:06 - 2013-09-23 00:15 - 00001844 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-19 18:53 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-10-19 18:53 - 2006-11-02 06:22 - 55574528 _____ () C:\Windows\system32\config\software_previous
2014-10-19 18:53 - 2006-11-02 06:22 - 47448064 _____ () C:\Windows\system32\config\components_previous
2014-10-19 18:53 - 2006-11-02 06:22 - 43515904 _____ () C:\Windows\system32\config\system_previous
2014-10-19 18:53 - 2006-11-02 06:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-10-19 18:53 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-10-19 18:53 - 2006-11-02 06:22 - 00204800 _____ () C:\Windows\system32\config\sam_previous
2014-10-19 18:52 - 2011-01-09 19:02 - 00000000 ____D () C:\Users\Bryan.Bryan-PC
2014-10-19 18:52 - 2010-12-18 14:38 - 00000000 ____D () C:\Users\Sara.Bryan-PC
2014-10-19 18:52 - 2010-06-14 15:42 - 00000000 ____D () C:\Users\Guest
2014-10-19 18:52 - 2010-06-12 07:53 - 00000000 ____D () C:\Users\Sara
2014-10-19 18:52 - 2010-06-11 09:01 - 00000000 ____D () C:\Users\Natalie
2014-10-19 18:52 - 2008-10-25 21:09 - 00000000 ____D () C:\Users\Kate
2014-10-19 18:52 - 2008-10-25 19:59 - 00000000 ____D () C:\Users\Bryan
2014-10-19 18:51 - 2012-11-17 10:09 - 00000000 ____D () C:\Users\Bryan.Bryan-PC\AppData\Local\QuickPlay
2014-10-19 18:51 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2014-10-19 18:51 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration
2014-10-12 17:53 - 2014-08-30 11:31 - 00000000 ____D () C:\Users\Bryan.Bryan-PC\AppData\Local\Adobe
2014-10-12 10:33 - 2010-09-04 08:28 - 00000000 ____D () C:\Program Files\DIFX
2014-10-06 07:09 - 2008-12-31 13:24 - 00000000 ____D () C:\Users\Kate\AppData\Roaming\Skype
2014-10-05 11:43 - 2008-10-25 21:09 - 00090720 _____ () C:\Users\Kate\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-02 17:55 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-10-02 15:53 - 2009-10-03 02:28 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-01 20:00 - 2010-12-18 14:39 - 00090720 _____ () C:\Users\Sara.Bryan-PC\AppData\Local\GDIPFONTCACHEV1.DAT
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-27 06:45
==================== End Of Log ============================

Addition With Chrome

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2014
Ran by Bryan at 2014-10-27 10:07:24
Running from C:\Users\Bryan.Bryan-PC\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Elevated Installer (Version: 3.2.19.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM\...\EEPPPlugIn) (Version: - SEIKO EPSON Corporation)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (Version: 1.00.0000 - SEIKO EPSON Corporation) Hidden
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Garmin Express (HKLM\...\{447c27b7-3a63-4cb2-a49c-864050f9a50f}) (Version: 3.2.19.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.19.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1004199723-1386826489-637112434-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Bryan.Bryan-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1004199723-1386826489-637112434-1006_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1004199723-1386826489-637112434-1006_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Bryan.Bryan-PC\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1004199723-1386826489-637112434-1006_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1004199723-1386826489-637112434-1006_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1004199723-1386826489-637112434-1006_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1004199723-1386826489-637112434-1006_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1004199723-1386826489-637112434-1006_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1004199723-1386826489-637112434-1006_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1004199723-1386826489-637112434-1006_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1004199723-1386826489-637112434-1006_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1004199723-1386826489-637112434-1006_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1004199723-1386826489-637112434-1006_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1004199723-1386826489-637112434-1006_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1004199723-1386826489-637112434-1006_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1004199723-1386826489-637112434-1006_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bryan.Bryan-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1004199723-1386826489-637112434-1006_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bryan.Bryan-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1004199723-1386826489-637112434-1006_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bryan.Bryan-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1004199723-1386826489-637112434-1006_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bryan.Bryan-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
07-10-2014 15:13:18 Windows Update
10-10-2014 23:57:11 Windows Update
12-10-2014 14:28:47 Garmin Express
12-10-2014 14:29:46 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
12-10-2014 14:32:47 Device Driver Package Install: Silicon Labs Software Universal Serial Bus controllers
12-10-2014 14:33:32 Device Driver Package Install: Dynastream Innovations, Inc.
14-10-2014 16:41:55 Windows Update
15-10-2014 07:00:40 Windows Update
16-10-2014 21:16:17 Scheduled Checkpoint
18-10-2014 17:35:42 Windows Update
19-10-2014 22:41:53 Restore Operation
19-10-2014 22:58:37 avast! antivirus system restore point
19-10-2014 23:17:04 Windows Update
20-10-2014 00:08:08 Windows Update
20-10-2014 23:51:41 Scheduled Checkpoint
21-10-2014 12:18:46 Scheduled Checkpoint
22-10-2014 04:00:00 Scheduled Checkpoint
22-10-2014 20:59:17 Scheduled Checkpoint
24-10-2014 04:00:02 Scheduled Checkpoint
24-10-2014 06:28:33 Windows Update
25-10-2014 04:00:04 Scheduled Checkpoint
26-10-2014 13:27:40 Scheduled Checkpoint
27-10-2014 04:00:00 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 06:23 - 2012-09-05 12:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0A970331-AE5E-461E-8C56-48EDD7D6F7D9} - System32\Tasks\{FECEEC9E-93D7-4BD7-B794-59B5F943D3F5} => Firefox.exe Download Skype for Desktop
Task: {1498BFFF-D265-4059-ACB2-FFE74AA9CA31} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2119D350-2BBC-4395-9EFC-8D6CF3C7E060} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {302AF56C-4DBB-47E7-9042-07F674475AE5} - System32\Tasks\{2E46173B-5F80-47FD-BE77-3D450D1458AB} => Firefox.exe Download Skype for Desktop
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3EA4A971-3197-4A7F-8A2D-E97F079A1953} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-08-16] (AVAST Software)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {51B0F3C7-5CB0-4920-B2FB-58214E439A51} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {6945A045-DE76-4BDE-A58D-80DBE6875F44} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {6E5F8B9C-4517-4A5B-A742-A1ACEC1FD479} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-09-18] ()
Task: {7124A541-3A78-4D39-AB40-882FCB0E5D86} - System32\Tasks\{88028225-927A-4D10-9D9B-F0EB7AAE3DF8} => Iexplore.exe Download Skype for Desktop
Task: {778DE6FE-01D4-4F48-80AB-046A2E5AA2D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {858BD5FB-61C3-4D83-8392-B9855BE4DF1D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate
Task: {B52D8C33-5879-4739-A2DC-433A6EDDA05E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {C11C1D5C-1D97-4CDE-92A3-6304805F9BBB} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {D4C73C40-F3A5-4646-8E83-63B4BAB20360} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EFDC0884-E8FF-4A3B-933C-34F13D244334} - System32\Tasks\{8B9A5D3D-09A8-433B-B72C-A0B5F6711302} => Iexplore.exe Download Skype for Desktop
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-04-05 20:27 - 2014-08-16 16:31 - 00301152 _____ () C:\Program Files\Alwil Software\Avast5\aswProperty.dll
2014-10-27 06:27 - 2014-10-27 06:27 - 02898432 _____ () C:\Program Files\Alwil Software\Avast5\defs\14102700\algo.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-06-27 14:46 - 2008-04-26 04:15 - 00361808 _____ () C:\Windows\SMINST\BLService.exe
2008-06-27 14:46 - 2007-11-15 04:46 - 00126976 _____ () C:\Windows\SMINST\STWmiM.dll
2014-02-28 12:34 - 2014-08-16 16:32 - 19329904 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2007-07-12 15:55 - 2007-07-12 15:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-08-14 15:59 - 2007-08-14 15:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-07-12 15:55 - 2007-07-12 15:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2008-06-27 13:46 - 2008-04-11 12:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Bryan.Bryan-PC\Downloads\noname (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Bryan.Bryan-PC\Downloads\noname (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Bryan.Bryan-PC\Downloads\noname (3).eml:OECustomProperty
AlternateDataStreams: C:\Users\Bryan.Bryan-PC\Downloads\noname (4).eml:OECustomProperty
AlternateDataStreams: C:\Users\Bryan.Bryan-PC\Downloads\noname (5).eml:OECustomProperty
AlternateDataStreams: C:\Users\Bryan.Bryan-PC\Downloads\noname (6).eml:OECustomProperty
AlternateDataStreams: C:\Users\Bryan.Bryan-PC\Downloads\noname (7).eml:OECustomProperty
AlternateDataStreams: C:\Users\Bryan.Bryan-PC\Downloads\noname.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================
Administrator (S-1-5-21-1004199723-1386826489-637112434-500 - Administrator - Disabled)
Bryan (S-1-5-21-1004199723-1386826489-637112434-1006 - Administrator - Enabled) => C:\Users\Bryan.Bryan-PC
Guest (S-1-5-21-1004199723-1386826489-637112434-501 - Limited - Enabled) => C:\Users\Guest
Kate (S-1-5-21-1004199723-1386826489-637112434-1001 - Administrator - Enabled) => C:\Users\Kate
Natalie (S-1-5-21-1004199723-1386826489-637112434-1003 - Limited - Enabled) => C:\Users\Natalie
Sara (S-1-5-21-1004199723-1386826489-637112434-1004 - Limited - Enabled) => C:\Users\Sara.Bryan-PC
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (10/27/2014 10:03:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 38.0.2125.104, time stamp 0x5437298b, faulting module chrome.dll, version 38.0.2125.104, time stamp 0x543726b0, exception code 0xc0000005, fault offset 0x007df95f,
process id 0x940, application start time 0xchrome.exe0.
Error: (10/27/2014 10:03:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 38.0.2125.104, time stamp 0x5437298b, faulting module YCWebCameraSource.ax, version 2.0.0.1427, time stamp 0x47c5225b, exception code 0xc0000005, fault offset 0x00014aee,
process id 0x940, application start time 0xchrome.exe0.
Error: (10/27/2014 10:03:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 38.0.2125.104, time stamp 0x5437298b, faulting module YCWebCameraSource.ax, version 2.0.0.1427, time stamp 0x47c5225b, exception code 0xc0000005, fault offset 0x00014aee,
process id 0xd50, application start time 0xchrome.exe0.
Error: (10/27/2014 10:02:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 38.0.2125.104, time stamp 0x5437298b, faulting module YCWebCameraSource.ax, version 2.0.0.1427, time stamp 0x47c5225b, exception code 0xc0000005, fault offset 0x00014aee,
process id 0x16e4, application start time 0xchrome.exe0.
Error: (10/26/2014 06:26:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/24/2014 09:29:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 38.0.2125.104, time stamp 0x5437298b, faulting module YCWebCameraSource.ax, version 2.0.0.1427, time stamp 0x47c5225b, exception code 0xc0000005, fault offset 0x00014aee,
process id 0x9c0, application start time 0xchrome.exe0.
Error: (10/24/2014 09:28:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 38.0.2125.104, time stamp 0x5437298b, faulting module YCWebCameraSource.ax, version 2.0.0.1427, time stamp 0x47c5225b, exception code 0xc0000005, fault offset 0x00014aee,
process id 0xe78, application start time 0xchrome.exe0.
Error: (10/24/2014 09:24:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/24/2014 08:23:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 38.0.2125.104, time stamp 0x5437298b, faulting module YCWebCameraSource.ax, version 2.0.0.1427, time stamp 0x47c5225b, exception code 0xc0000005, fault offset 0x00014aee,
process id 0x5a80, application start time 0xchrome.exe0.
Error: (10/22/2014 05:21:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16584, time stamp 0x541caffd, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x08f90fd0,
process id 0x1658, application start time 0xiexplore.exe0.

System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-10-27 10:06:59.063
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-27 10:06:57.634
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-27 10:06:56.210
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-27 10:06:54.914
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-27 10:06:53.117
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-27 10:06:51.525
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-27 10:06:50.155
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-27 10:06:48.771
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-27 09:35:57.274
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-27 09:35:55.980
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Percentage of memory in use: 58%
Total physical RAM: 3002.45 MB
Available physical RAM: 1247.96 MB
Total Pagefile: 6215.12 MB
Available Pagefile: 4411.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.21 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:223.02 GB) (Free:91.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (PRESARIO_RP) (Fixed) (Total:9.86 GB) (Free:1.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 2F41570E)
Partition 1: (Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
 

Attachments

#15 ·
Hello kategluck,

Please make sure you complete the following instructions.

Launch Chrome:

•Open the Settings Menu in Chrome (upper right hand corner of the browser)

•Click the Advanced Sync Settings button

•Change the drop down from Sync Everything to Choose what to sync

•Uncheck Settings, then click OK

Next, click Start>Control Panel>Programs and features to uninstall Chrome.

When Chrome asks if you want to delete all data, you must place a check in the box. I've attached a screen shot for you.

Reboot when done, then reinstall Chrome again and let me know if you can now connect with Chrome.
 

Attachments

#16 ·
I'm sorry, Chrome will not launch. All I get is a message from Microsoft Windows that says:

"Google Chrome has stopped working

A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available."
 
#17 ·
Hello kategluck,

Please uninstall Chrome again. Then follow the instructions below.


  • Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Enter Chrome in the Search window, then click the Search Files button.
  • And send the Search.txt in your next reply.
 
#18 ·
Hello, I've uninstalled Chrome and was sure to check the box as you indicated.

Here is the Search.txt

Farbar Recovery Scan Tool (x86) Version: 26-10-2014
Ran by Bryan at 2014-10-28 09:45:55
Running from C:\Users\Bryan.Bryan-PC\Desktop
Boot Mode: Normal
================== Search: "Chrome" ===================
=== End Of Search ===
 
#19 ·
Hello again.

The report did not like what I wanted. I haven't seen the information I wanted. This is not your fault.

Try again by doing the following instructions.

  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST.exe
NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.
Code:
[COLOR=Red][COLOR=Black]FindFolder: Chrome[/COLOR][/COLOR]
  • Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
#20 ·
Hello. I'm sorry this has been difficult. Hopefully this log will show what you wanted.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-10-2014
Ran by Bryan at 2014-10-28 15:51:55 Run:3
Running from C:\Users\Bryan.Bryan-PC\Desktop
Loaded Profile: Bryan (Available profiles: Kate & Natalie & Sara & Bryan & Guest)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
FindFolder: Chrome
*****************
================== FindFolder: "Chrome" ===================
2009-09-02 03:01 - 2009-09-02 03:01 C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome
2011-01-24 12:29 - 2011-01-24 12:29 C:\Users\Sara.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\zy900xf9.default\chrome
2013-07-31 19:06 - 2013-07-31 19:06 C:\Users\Sara.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\zy900xf9.default\indexedDB\chrome
2011-11-13 10:49 - 2011-11-13 10:49 C:\Users\Sara.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\zy900xf9.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome
2013-04-07 09:30 - 2013-04-07 09:30 C:\Users\Sara.Bryan-PC\AppData\LocalLow\adawaretb\chrome
2014-04-25 11:07 - 2014-04-25 11:07 C:\Users\Sara.Bryan-PC\AppData\Local\Google\Chrome
2011-01-24 12:25 - 2011-01-24 12:25 C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\y7r37yac.default\chrome
2013-08-26 08:19 - 2013-08-26 08:19 C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\y7r37yac.default\indexedDB\chrome
2011-11-13 10:49 - 2011-11-13 10:49 C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\y7r37yac.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome
2013-04-07 12:43 - 2013-04-07 12:44 C:\Users\Natalie\AppData\LocalLow\adawaretb\chrome
2014-05-20 17:58 - 2014-05-20 17:58 C:\Users\Natalie\AppData\Local\Google\Chrome
2011-01-23 16:46 - 2011-01-23 16:46 C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\3a7fmwot.default\chrome
2011-11-13 10:49 - 2011-11-13 10:49 C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\3a7fmwot.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome
2011-06-27 14:28 - 2011-06-27 15:11 C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\3a7fmwot.default\extensions\toolbar@ask.com\chrome
2013-03-13 14:17 - 2013-03-13 14:17 C:\Users\Kate\AppData\LocalLow\adawaretb\chrome
2014-06-14 15:16 - 2014-06-14 15:16 C:\Users\Kate\AppData\Local\Google\Chrome
2011-02-05 20:38 - 2011-02-05 20:38 C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\6h3jj0fu.default\chrome
2011-11-13 10:48 - 2011-11-13 10:49 C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\6h3jj0fu.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome
2011-01-23 16:34 - 2011-01-23 16:34 C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\chrome
2012-05-18 14:55 - 2012-05-18 14:55 C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome
2011-01-24 20:01 - 2011-01-24 20:01 C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\9tqfcy1m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome
2013-08-05 17:16 - 2013-08-05 17:16 C:\Users\Bryan.Bryan-PC\AppData\Roaming\Mozilla\Firefox\Profiles\4bc0aguf.default-1344826461195\storage\persistent\chrome
2014-10-23 08:31 - 2014-10-23 08:31 C:\Users\Bryan.Bryan-PC\AppData\Local\Temp\avastBCLTMP\chrome
2014-02-21 18:18 - 2014-02-21 18:18 C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome
2012-02-24 01:31 - 2012-02-24 01:31 C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome
2008-06-27 14:41 - 2008-06-27 14:41 C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2\chrome
2014-10-27 10:01 - 2014-10-27 21:33 C:\Program Files\Google\Chrome
2014-02-28 12:33 - 2014-10-19 19:04 C:\Program Files\Alwil Software\Avast5\WebRep\Chrome
2013-04-06 09:41 - 2013-04-06 09:41 C:\Program Files\Alwil Software\Avast5\AdBlocker\Chrome
2011-11-13 10:48 - 2011-11-13 10:48 C:\Program Files\adawaretb\chrome
=== End Of FindFolder ===
==== End of Fixlog ====
 
#22 ·
Hello again, tekir06. I'm sorry I have more bad news.

There is no AppData file under C:\Users\Natalie or C:\Users\Kate so I was not able to follow your instructions.

I tried to delete C:\Program Files\Google\Chrome but it said an application was still running so that did not completely delete. I was able to delete the contents of the folders inside Chrome\Application, all but this one folder named 38.0.2125.104.
 
#23 ·
hello kategluck,

No problem. We have another alternative .


Try again by doing the following instructions.

  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST.exe
NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
C:\Users\Natalie\AppData\Local\Google\Chrome
C:\Users\Kate\AppData\Local\Google\Chrome
C:\Program Files\Google\Chrome
  • Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
#24 ·
Hello, and thank you again. That went well! Here is my fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-10-2014
Ran by Bryan at 2014-10-30 07:28:17 Run:4
Running from C:\Users\Bryan.Bryan-PC\Desktop
Loaded Profile: Bryan (Available profiles: Kate & Natalie & Sara & Bryan & Guest)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Natalie\AppData\Local\Google\Chrome
C:\Users\Kate\AppData\Local\Google\Chrome
C:\Program Files\Google\Chrome
*****************
C:\Users\Natalie\AppData\Local\Google\Chrome => Moved successfully.
C:\Users\Kate\AppData\Local\Google\Chrome => Moved successfully.
"C:\Program Files\Google\Chrome" directory move:
Could not move "C:\Program Files\Google\Chrome" directory. => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-30 07:34:36)<=
C:\Program Files\Google\Chrome => Is moved successfully.
==== End of Fixlog ====
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top