Solved c:\windows32\system32\searchprotocolhost.exe. vbs:malware-gen

Topnotch · 2017/02/21

Avast found threat, unable to fix/remove the threat. Running Windows Vista.

broni · 2017/02/21

Please, complete all steps listed HERE

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Topnotch · 2017/02/21

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-02-2017
Ran by Andy (administrator) on ANDYNSHELL (21-02-2017 21:00:41)
Running from C:\Users\Andy\Downloads
Loaded Profiles: Andy (Available Profiles: Andy & Administrator)
Platform: Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(ATI Technologies Inc.) C:\Windows\System32\ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(IObit) C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
( ) C:\Windows\System32\lxdmcoms.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft, Inc.) C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Lexmark 5000 Series\lxdmmon.exe
() C:\Program Files\Lexmark 5000 Series\lxdmamon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Samsung) C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [ArcSoft MediaImpression Monitor] => C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe [73728 2010-11-12] (ArcSoft, Inc.)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-05-14] (Sonic Solutions)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [1046496 2016-12-21] (DivX, LLC)
HKLM\...\Run: [EM_EXEC] => C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE [36864 1999-09-01] (Logitech Inc. )
HKLM\...\Run: [lxdmmon.exe] => C:\Program Files\Lexmark 5000 Series\lxdmmon.exe [455336 2010-02-12] ()
HKLM\...\Run: [lxdmamon] => C:\Program Files\Lexmark 5000 Series\lxdmamon.exe [25256 2010-02-12] ()
HKLM\...\Run: [Lexmark 5000 Series Fax Server] => C:\Program Files\Lexmark 5000 Series\fm3032.exe [307880 2010-02-12] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-21] (AVAST Software)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll [2008-09-24] (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\Policies\Explorer: []
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\MountPoints2: {1ed83242-f8da-11e5-bac1-00219b078f19} - K:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\MountPoints2: {6f9d4773-0e32-11e5-940d-00219b078f19} - K:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\MountPoints2: {8b7cbe74-b2b4-11e3-a57e-00219b078f19} - K:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\MountPoints2: {d6294559-d987-11e3-93f4-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [704512 2009-04-10] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-02-21] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NCProTray.lnk [2008-12-07]
ShortcutTarget: NCProTray.lnk -> C:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Samsung)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 208.68.50.70 72.19.128.99 208.68.50.71
Tcpip\..\Interfaces\{5F7FA739-399F-4191-B8EF-E15A61A0F667}: [DhcpNameServer] 208.68.50.70 72.19.128.99 208.68.50.71

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-1de21753
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-1de21753
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1de21753&q={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3003520428-431247303-3936332552-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1de21753&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3003520428-431247303-3936332552-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1de21753&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3003520428-431247303-3936332552-1005 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-21] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-21] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-21] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-3003520428-431247303-3936332552-1005 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKU\S-1-5-21-3003520428-431247303-3936332552-1005 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-27] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff => not found
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-27] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-07]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-07]
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2016-12-22] (DivX, LLC)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-21] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2008-11-05] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3003520428-431247303-3936332552-1005: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Andy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-03-05] ( )

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl"
CHR DefaultSearchURL: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
CHR DefaultSearchKeyword: Default -> www.yahoo.com
CHR DefaultSuggestURL: Default -> hxxp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default [2017-02-21]
CHR Extension: (Google Docs) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-16]
CHR Extension: (Google Drive) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]
CHR Extension: (Google Docs Offline) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Avast Online Security) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-23]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-05-17]
CHR Extension: (US Local News & Weather) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcghfdnmbjecmjcbflggpjddmnpbdip [2015-05-31]
CHR Extension: (WeatherBug) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2014-07-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5541048 2017-02-21] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-21] (AVAST Software)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [928272 2016-08-31] (Garmin Ltd. or its subsidiaries)
S3 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1737728 2012-09-19] (Lavasoft Limited ) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
S2 lxdmCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdmserv.exe [99248 2007-06-08] (Lexmark International, Inc.)
R2 lxdm_device; C:\Windows\system32\lxdmcoms.exe [598960 2007-06-07] ( )
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-05-14] (Sonic Solutions)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 XMouseButton Launcher; C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [73216 2012-06-23] (Highresolution Enterprises) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) [File not signed]
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S4 Aha154x; C:\Windows\system32\DRIVERS\aha154x.sys [12800 2001-08-17] (Microsoft Corporation) [File not signed]
S4 aic78u2; C:\Windows\system32\DRIVERS\aic78u2.sys [55168 2001-08-17] (Microsoft Corporation) [File not signed]
S4 amsint; C:\Windows\system32\DRIVERS\amsint.sys [12032 2001-08-17] (Microsoft Corporation) [File not signed]
R3 ArcCD; C:\Windows\system32\Drivers\ArcCD.sys [36224 2007-11-06] (ArcSoft Inc.) [File not signed]
S4 ArcUdfs; C:\Windows\system32\Drivers\ArcUdfs.sys [134912 2007-04-25] (ArcSoft Inc.) [File not signed]
S4 asc; C:\Windows\system32\DRIVERS\asc.sys [26496 2001-08-17] (Advanced System Products, Inc.) [File not signed]
S4 asc3350p; C:\Windows\system32\DRIVERS\asc3350p.sys [22400 2001-08-17] (Microsoft Corporation) [File not signed]
S4 asc3550; C:\Windows\system32\DRIVERS\asc3550.sys [14848 2001-08-17] (Advanced System Products, Inc.) [File not signed]
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [257288 2017-02-21] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148720 2017-02-21] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [267016 2017-02-21] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41176 2017-02-21] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-02-21] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [31064 2017-02-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [106392 2017-02-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [60632 2017-02-21] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [61128 2017-02-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [754664 2017-02-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463936 2017-02-21] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184208 2017-02-21] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [277176 2017-02-21] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
S4 cd20xrnt; C:\Windows\system32\DRIVERS\cd20xrnt.sys [7680 2001-08-17] (Microsoft Corporation) [File not signed]
R1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [9072 2008-03-12] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [9200 2008-03-12] (Sonic Solutions)
S4 Cpqarray; C:\Windows\system32\DRIVERS\cpqarray.sys [14976 2001-08-17] (Microsoft Corporation) [File not signed]
S4 dac2w2k; C:\Windows\system32\DRIVERS\dac2w2k.sys [179584 2001-08-17] (Mylex Corporation) [File not signed]
S4 dac960nt; C:\Windows\system32\DRIVERS\dac960nt.sys [14720 2001-08-17] (Microsoft Corporation) [File not signed]
S4 dpti2o; C:\Windows\system32\DRIVERS\dpti2o.sys [20192 2001-08-17] (Microsoft Corporation) [File not signed]
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S4 hpn; C:\Windows\system32\DRIVERS\hpn.sys [25952 2001-08-17] (Microsoft Corporation) [File not signed]
R1 i8042prt; C:\Windows\System32\DRIVERS\l8042prt.sys [87680 1999-09-01] (Logitech) [File not signed]
S4 ini910u; C:\Windows\system32\DRIVERS\ini910u.sys [16000 2001-08-17] (Microsoft Corporation) [File not signed]
R1 lkbdfltr; C:\Windows\System32\DRIVERS\lkbdfltr.sys [4240 1999-09-01] (Logitech) [File not signed]
S1 lmoufltr; C:\Windows\System32\DRIVERS\lmoufltr.sys [57104 1999-09-01] (Logitech) [File not signed]
S1 lsermous; C:\Windows\System32\DRIVERS\lsermous.sys [57872 1999-09-01] (Logitech) [File not signed]
S4 ql1080; C:\Windows\system32\DRIVERS\ql1080.sys [40320 2001-08-17] (QLogic Corporation) [File not signed]
S4 Ql10wnt; C:\Windows\system32\DRIVERS\ql10wnt.sys [33152 2001-08-17] (Microsoft Corporation) [File not signed]
S4 ql12160; C:\Windows\system32\DRIVERS\ql12160.sys [45312 2001-08-17] (QLogic Corporation) [File not signed]
S4 ql1240; C:\Windows\system32\DRIVERS\ql1240.sys [40448 2001-08-17] (Microsoft Corporation) [File not signed]
S4 ql1280; C:\Windows\system32\DRIVERS\ql1280.sys [49024 2001-08-17] (QLogic Corporation) [File not signed]
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [13496 2011-02-23] ()
S4 Sparrow; C:\Windows\system32\DRIVERS\sparrow.sys [19072 2001-08-17] (Adaptec, Inc.) [File not signed]
S4 symc810; C:\Windows\system32\DRIVERS\symc810.sys [16256 2001-08-17] (Symbios Logic Inc.) [File not signed]
S4 ultra; C:\Windows\system32\DRIVERS\ultra.sys [36736 2001-08-17] (Promise Technology, Inc.) [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 21:00 - 2017-02-21 21:02 - 00024902 _____ C:\Users\Andy\Downloads\FRST.txt
2017-02-21 21:00 - 2017-02-21 21:00 - 00000000 ____D C:\FRST
2017-02-21 20:57 - 2017-02-21 20:57 - 01764864 _____ (Farbar) C:\Users\Andy\Downloads\FRST.exe
2017-02-21 20:50 - 2017-02-21 20:50 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-21 20:15 - 2017-02-21 20:24 - 00037906 _____ C:\Windows\ntbtlog.txt
2017-02-21 18:12 - 2017-02-21 18:10 - 00267016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-02-21 18:12 - 2017-02-21 18:10 - 00257288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-02-21 18:12 - 2017-02-21 18:10 - 00148720 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-02-21 18:12 - 2017-02-21 18:10 - 00041176 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-02-21 18:11 - 2017-02-21 18:11 - 00328208 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-02-15 18:53 - 2017-02-15 18:53 - 00197182 _____ C:\Users\Andy\Downloads\932428_Enrollment Form Roth.pdf
2017-02-06 22:14 - 2017-02-06 22:21 - 00000000 ____D C:\Users\Andy\Desktop\Andy's Phone

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 20:52 - 2014-04-27 19:38 - 00000000 ____D C:\Users\Andy\AppData\Local\ApplicationHistory
2017-02-21 20:48 - 2014-04-27 19:35 - 00001356 _____ C:\Users\Andy\AppData\Local\d3d9caps.dat
2017-02-21 20:48 - 2014-04-27 10:12 - 00002000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-21 20:48 - 2014-04-27 10:12 - 00002000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-21 20:48 - 2011-06-13 16:43 - 00000278 _____ C:\Windows\Tasks\SmartDefrag_Startup.job
2017-02-21 20:48 - 2010-09-22 15:05 - 00000236 _____ C:\Windows\Tasks\OGALogon.job
2017-02-21 20:48 - 2006-11-02 06:00 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-21 20:24 - 2015-02-08 10:40 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-21 20:15 - 2014-04-28 20:34 - 00000000 ____D C:\ProgramData\DivX
2017-02-21 20:13 - 2004-08-11 15:20 - 00032602 _____ C:\Windows\SchedLgU.Txt
2017-02-21 19:39 - 2008-12-01 04:52 - 00000000 ____D C:\Program Files\Common Files\Java
2017-02-21 19:38 - 2014-11-01 07:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-21 19:37 - 2015-01-31 07:51 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2017-02-21 19:37 - 2008-12-01 04:52 - 00000000 ____D C:\Program Files\Java
2017-02-21 19:36 - 2015-01-01 15:07 - 00000918 _____ C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2017-02-21 18:50 - 2014-07-18 18:18 - 00000000 ____D C:\Users\Andy\AppData\Local\Adobe
2017-02-21 18:50 - 2014-04-28 20:34 - 00000000 ____D C:\Program Files\DivX
2017-02-21 18:50 - 2008-12-01 04:59 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2017-02-21 18:49 - 2014-04-28 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2017-02-21 18:49 - 2014-04-28 20:39 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2017-02-21 18:47 - 2014-04-28 20:39 - 00000000 ____D C:\Users\Andy\AppData\Roaming\DivX
2017-02-21 18:37 - 2016-06-05 08:18 - 00000000 ____D C:\Users\Andy\AppData\Local\{61F757AB-455F-3B13-28C7-1EFB0CAFE263}
2017-02-21 18:20 - 2010-02-20 10:12 - 00000000 ____D C:\temp
2017-02-21 18:12 - 2014-05-12 19:20 - 00277176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-02-21 18:11 - 2016-05-18 04:51 - 00031064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-02-21 18:11 - 2015-09-07 10:07 - 00184208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2017-02-21 18:11 - 2014-05-12 19:20 - 00754664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-02-21 18:11 - 2014-05-12 19:20 - 00463936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-02-21 18:11 - 2014-05-12 19:20 - 00106392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-02-21 18:11 - 2014-05-12 19:20 - 00061128 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-02-21 18:11 - 2014-05-12 19:20 - 00060632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2017-02-21 18:11 - 2014-05-12 19:20 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-02-15 18:26 - 2016-01-31 12:12 - 00000000 ____D C:\ProgramData\ProductData
2017-02-08 18:41 - 2009-04-26 08:36 - 00000000 ____D C:\ProgramData\Lx_cats
2017-02-06 21:38 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\inf
2017-02-06 21:38 - 2006-11-02 03:33 - 00798248 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-06 21:31 - 2017-01-09 06:31 - 00000000 ____D C:\Users\Andy\Desktop\Andy

==================== Files in the root of some directories =======

2013-03-20 20:15 - 2013-03-20 20:15 - 0038445 _____ () C:\Users\Andy\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-11-03 09:32 - 2014-04-27 11:44 - 0009367 _____ () C:\Users\Andy\AppData\Roaming\Comma Separated Values (Windows).EML
2013-02-17 09:49 - 2013-02-17 09:53 - 0038466 _____ () C:\Users\Andy\AppData\Roaming\Microsoft Excel.ADR
2008-12-15 08:23 - 2015-01-03 13:27 - 0038302 _____ () C:\Users\Andy\AppData\Roaming\Tab Separated Values (Windows).ADR
2008-12-15 08:21 - 2010-01-23 10:18 - 0012992 _____ () C:\Users\Andy\AppData\Roaming\Tab Separated Values (Windows).CAL
2008-12-15 08:22 - 2014-04-27 11:44 - 0009361 _____ () C:\Users\Andy\AppData\Roaming\Tab Separated Values (Windows).EML
2016-06-05 09:19 - 2016-06-05 09:19 - 0000044 _____ () C:\Users\Andy\AppData\Roaming\WB.CFG
2008-12-06 12:45 - 2008-12-06 12:45 - 0000000 _____ () C:\Users\Andy\AppData\Roaming\wklnhst.dat
2008-12-07 10:40 - 1996-11-17 00:00 - 0000002 _____ () C:\Users\Andy\AppData\Roaming\Microsoft\ArtGalry.cag
2014-04-27 19:35 - 2017-02-21 20:48 - 0001356 _____ () C:\Users\Andy\AppData\Local\d3d9caps.dat
2014-05-01 17:57 - 2017-01-21 21:07 - 0075264 _____ () C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-12 17:23 - 2014-05-12 17:23 - 0000052 _____ () C:\ProgramData\lxdm
2014-04-27 20:07 - 2016-02-15 19:28 - 0000605 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-02-01 14:52 - 2015-02-01 14:52 - 0381348 _____ () C:\ProgramData\SPL1897.tmp
2014-06-28 08:32 - 2014-06-28 08:32 - 1135400 _____ () C:\ProgramData\SPL22A1.tmp
2014-06-28 08:29 - 2014-06-28 08:29 - 1135400 _____ () C:\ProgramData\SPL4982.tmp
2015-01-01 09:08 - 2015-01-01 09:08 - 0417968 _____ () C:\ProgramData\SPLA20A.tmp
2015-12-31 16:56 - 2015-12-31 16:56 - 0465302 _____ () C:\ProgramData\SPLC276.tmp
2015-01-04 11:05 - 2015-01-04 11:05 - 0577874 _____ () C:\ProgramData\SPLCAB5.tmp
2015-01-04 11:06 - 2015-01-04 11:06 - 0577874 _____ () C:\ProgramData\SPLD9A.tmp
2015-02-01 14:50 - 2015-02-01 14:50 - 0381348 _____ () C:\ProgramData\SPLD9D9.tmp
2015-01-01 09:10 - 2015-01-01 09:10 - 0417968 _____ () C:\ProgramData\SPLDEBA.tmp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

Topnotch · 2017/02/21

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-02-2017
Ran by Andy (21-02-2017 21:03:13)
Running from C:\Users\Andy\Downloads
Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86) (2014-04-28 02:08:32)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3003520428-431247303-3936332552-500 - Administrator - Disabled) => C:\Users\Administrator
Andy (S-1-5-21-3003520428-431247303-3936332552-1005 - Administrator - Enabled) => C:\Users\Andy
ASPNET (S-1-5-21-3003520428-431247303-3936332552-1010 - Limited - Enabled)
Guest (S-1-5-21-3003520428-431247303-3936332552-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-3003520428-431247303-3936332552-1004 - Limited - Enabled)
SUPPORT_388945a0 (S-1-5-21-3003520428-431247303-3936332552-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Watch Live! (Disabled - Up to date) {24938260-56EE-C1E5-047B-DC2BDD234BAB}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.NET Utilities (HKLM\...\{E9915A07-2A00-4CF8-B53A-D5EEC314C1B2}) (Version: 128.0.0 - Manufacturer)
.NET Utilities (HKLM\...\{EFD9DCB8-EE9A-488E-98F3-9035AC5F5B4E}) (Version: 128.0.0 - Manufacturer)
3ivx MPEG-4 5.0.3 (remove only) (HKLM\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Ad-Aware (HKLM\...\Ad-Aware) (Version: - Lavasoft)
Ad-Aware (Version: 8.3.0 - Lavasoft) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe PhotoDeluxe Home Edition 3.0 (HKLM\...\Adobe PhotoDeluxe Home Edition 3.0) (Version: 3.0 - Adobe Systems, Inc.)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B448BC74-1CB7-7A57-3313-5E075AFB413E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 3.3.1 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression for Kodak (HKLM\...\{9B260944-746E-4966-8918-0F9636930456}) (Version: 2.0.24.1216 - ArcSoft)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.493-080512a-064246C-Dell - )
Auto Updater 1.2.0.3 (HKLM\...\AutoUpdater_is1) (Version: - )
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
Backup Assistant Plus (HKLM\...\Backup Assistant Plus) (Version: - Verizon Wireless)
BeerSmith 2 (HKLM\...\BeerSmith 2) (Version: - )
BingProvidedSearch (HKLM\...\BingProvidedSearch) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.5.0.2 - Canon Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM\...\Software Guide) (Version: 1.4.0.1 - Canon Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon PowerShot ELPH 300 HS_IXUS 220 HS Camera User Guide (HKLM\...\CameraUserGuide-PSELPH300HS_IXUS220HS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.4.0.3 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM\...\CameraWindowLauncher) (Version: 7.5.0.2 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.4.0.2 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.2.10218.1 - Cisco Consumer Products LLC)
City Navigator North America v7 (HKLM\...\{8F971101-FCBD-4293-B917-D5A14FD1DAF9}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DC-Bass Source 1.3.0 (HKLM\...\DC-Bass Source) (Version: - )
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
Dell System Detect (HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
DirectVobSub 2.40.4209 (HKLM\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DirectXInstallService (Version: 9.0.2 - Roxio) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.141 - DivX, LLC)
Easy CD Creator 5 Platinum (HKLM\...\{8851E12C-0EF9-11D4-A788-009027ABA5D0}) (Version: 5.0.0.0000 - Roxio Inc)
Elevated Installer (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Facebook Plug-In (HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\Facebook Plug-In) (Version: - Facebook, Inc.)
FastStone Image Viewer 6.1 (HKLM\...\FastStone Image Viewer) (Version: 6.1 - FastStone Soft)
Garmin BaseCamp (HKLM\...\{31A67F6C-D79D-47B9-9F0B-13C0FCF3C3A8}) (Version: 4.4.6 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2012.40 Update (HKLM\...\{A0966294-1F16-411F-98BF-AB9FDED7B9C6}) (Version: 15.40.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2013.40 Update (HKLM\...\{CB9E92AF-55F4-46A7-BC7A-16005E4BF39D}) (Version: 16.40.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America v8 (HKLM\...\{A75949C3-DC28-42CA-9C56-24C002B93D89}) (Version: 8.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator NorthAmerica NT 2013.30 Update (HKLM\...\{45C4E2EC-53D5-4190-B1A5-02B9BA732C3A}) (Version: 16.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{5b45c228-dcb1-4a0b-a9de-3b4b683ef15d}) (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapSource (HKLM\...\{58FA5D40-E35A-47ED-8AFA-68CCC758559E}) (Version: 6.15.11 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
GOM Player (HKLM\...\GOM Player) (Version: 2.3.9.5265 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Image Editor Packages (HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\Image Editor Packages) (Version: - ) <==== ATTENTION
Intel(R) PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version: - Intel)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Lexmark 5000 Series (HKLM\...\Lexmark 5000 Series) (Version: - Lexmark International, Inc.)
Logitech MouseWare 8.60 (HKLM\...\Logitech MouseWare) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MapSource (HKLM\...\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}) (Version: - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB954459) (HKLM\...\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}) (Version: 6.20.1099.0 - Microsoft Corporation)
Natural Color Pro (HKLM\...\{FC2C7405-BC58-4E11-8F51-29671BEAC06B}) (Version: 1.00.0000 - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5548 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.91 (HKLM\...\Revo Uninstaller) (Version: 1.91 - VS Revo Group)
Roxio Creator Premier (HKLM\...\{469EF13B-4AD0-48D7-AF89-6B92278293E2}) (Version: 10.1 - Roxio)
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
Smart Defrag 2 (HKLM\...\Smart Defrag 2_is1) (Version: 2.0.1 - IObit)
TurboTax 2010 (HKLM\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version: - )
UMPlayer 0.98 [P4] (HKLM\...\UMPlayer) (Version: 0.98 - Ori Rejwan)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Webshots! (HKLM\...\Webshots) (Version: - )
Winamp (HKLM\...\Winamp) (Version: 5.56 - Nullsoft, Inc)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}) (Version: 2.05.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
X-Mouse Button Control 2.5 (HKLM\...\X-Mouse Button Control) (Version: 2.5 - Highresolution Enterprises)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{82E5DF24-51E8-47CD-864A-F4BD5005AA73}\InprocServer32 -> C:\Users\Andy\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\iCloud.ocx (Apple Inc.)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{91814EC0-B5F0-11D2-80B9-00104B1F6CEA}\localserver32 -> C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{cb4c77f0-ab2a-407c-93ac-963769824b18}\localserver32 -> C:\Users\Andy\AppData\Local\Temp\{b3ede298-ae75-4a1c-ab7e-1b9229b77bbe}\IDriver.NonElevated.exe => N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {035E45ED-F98F-4248-9D59-A5E60017A77E} - System32\Tasks\DivXUpdate => C:\Program Files\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [2016-12-15] (DivX, LLC)
Task: {0BC8AFEA-4510-4CA9-9527-53CFAFA311E4} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-21] (AVAST Software)
Task: {1BD0A639-D6E7-4781-897A-3040A4AC8ACF} - System32\Tasks\AutoUpdaterTask => C:\Program Files\Auto Updater\AutoUpdater.exe [2012-09-18] ()
Task: {1DDF3E31-A44F-4282-BC3C-F5CC86B5B024} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {45AD634C-F349-4339-8936-0279353453F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {59D7E340-8DC5-44A1-9A54-B7A9F487392A} - System32\Tasks\SmartDefrag_Startup => C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-13] (IObit)
Task: {5FC51B3A-8180-4D35-9827-2C8BBCB8CC78} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-08-31] ()
Task: {749C1069-85F1-47FD-8CE1-DDFA1EBC3E0B} - System32\Tasks\OGALogon => C:\WINDOWS\system32\OGAEXEC.exe
Task: {90C21205-B8BA-42C1-A43E-DA539F2D7D22} - System32\Tasks\Microsoft\Windows\PLA\System Overview => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "System Overview" "$(Arg0)"
Task: {C469912B-5590-4D6D-9555-094CA506F31E} - System32\Tasks\SafeZone scheduled Autoupdate 1463572581 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {CF8BE0C1-25D1-4117-8478-164BA604BB54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-18] (Adobe Systems Incorporated)
Task: {D7159F95-121B-4CE4-AB4E-7D3C1A2F4FC3} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {F8564B3B-9AAE-4493-8997-CDF2EF344D88} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-09-01] (Lavasoft Limited )

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\OGALogon.job => C:\WINDOWS\system32\OGAEXEC.exe
Task: C:\Windows\Tasks\SmartDefrag_Startup.job => C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Topnotch · 2017/02/21

can result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-02-2017
Ran by Andy (administrator) on ANDYNSHELL (21-02-2017 21:00:41)
Running from C:\Users\Andy\Downloads
Loaded Profiles: Andy (Available Profiles: Andy & Administrator)
Platform: Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(ATI Technologies Inc.) C:\Windows\System32\ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(IObit) C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
( ) C:\Windows\System32\lxdmcoms.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft, Inc.) C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Lexmark 5000 Series\lxdmmon.exe
() C:\Program Files\Lexmark 5000 Series\lxdmamon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Samsung) C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [ArcSoft MediaImpression Monitor] => C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe [73728 2010-11-12] (ArcSoft, Inc.)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-05-14] (Sonic Solutions)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [1046496 2016-12-21] (DivX, LLC)
HKLM\...\Run: [EM_EXEC] => C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE [36864 1999-09-01] (Logitech Inc. )
HKLM\...\Run: [lxdmmon.exe] => C:\Program Files\Lexmark 5000 Series\lxdmmon.exe [455336 2010-02-12] ()
HKLM\...\Run: [lxdmamon] => C:\Program Files\Lexmark 5000 Series\lxdmamon.exe [25256 2010-02-12] ()
HKLM\...\Run: [Lexmark 5000 Series Fax Server] => C:\Program Files\Lexmark 5000 Series\fm3032.exe [307880 2010-02-12] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-21] (AVAST Software)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll [2008-09-24] (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\Policies\Explorer: []
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\MountPoints2: {1ed83242-f8da-11e5-bac1-00219b078f19} - K:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\MountPoints2: {6f9d4773-0e32-11e5-940d-00219b078f19} - K:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\MountPoints2: {8b7cbe74-b2b4-11e3-a57e-00219b078f19} - K:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\MountPoints2: {d6294559-d987-11e3-93f4-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [704512 2009-04-10] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-02-21] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NCProTray.lnk [2008-12-07]
ShortcutTarget: NCProTray.lnk -> C:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Samsung)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 208.68.50.70 72.19.128.99 208.68.50.71
Tcpip\..\Interfaces\{5F7FA739-399F-4191-B8EF-E15A61A0F667}: [DhcpNameServer] 208.68.50.70 72.19.128.99 208.68.50.71

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-1de21753
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3003520428-431247303-3936332552-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-1de21753
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1de21753&q={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3003520428-431247303-3936332552-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1de21753&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3003520428-431247303-3936332552-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1de21753&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3003520428-431247303-3936332552-1005 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-21] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-21] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-21] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-3003520428-431247303-3936332552-1005 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKU\S-1-5-21-3003520428-431247303-3936332552-1005 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-27] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff => not found
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-27] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-07]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-07]
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2016-12-22] (DivX, LLC)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-21] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2008-11-05] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3003520428-431247303-3936332552-1005: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Andy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-03-05] ( )

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl"
CHR DefaultSearchURL: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
CHR DefaultSearchKeyword: Default -> www.yahoo.com
CHR DefaultSuggestURL: Default -> hxxp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default [2017-02-21]
CHR Extension: (Google Docs) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-16]
CHR Extension: (Google Drive) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]
CHR Extension: (Google Docs Offline) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Avast Online Security) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-23]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-05-17]
CHR Extension: (US Local News & Weather) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcghfdnmbjecmjcbflggpjddmnpbdip [2015-05-31]
CHR Extension: (WeatherBug) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2014-07-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5541048 2017-02-21] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-21] (AVAST Software)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [928272 2016-08-31] (Garmin Ltd. or its subsidiaries)
S3 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1737728 2012-09-19] (Lavasoft Limited ) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
S2 lxdmCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdmserv.exe [99248 2007-06-08] (Lexmark International, Inc.)
R2 lxdm_device; C:\Windows\system32\lxdmcoms.exe [598960 2007-06-07] ( )
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-05-14] (Sonic Solutions)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 XMouseButton Launcher; C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [73216 2012-06-23] (Highresolution Enterprises) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) [File not signed]
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S4 Aha154x; C:\Windows\system32\DRIVERS\aha154x.sys [12800 2001-08-17] (Microsoft Corporation) [File not signed]
S4 aic78u2; C:\Windows\system32\DRIVERS\aic78u2.sys [55168 2001-08-17] (Microsoft Corporation) [File not signed]
S4 amsint; C:\Windows\system32\DRIVERS\amsint.sys [12032 2001-08-17] (Microsoft Corporation) [File not signed]
R3 ArcCD; C:\Windows\system32\Drivers\ArcCD.sys [36224 2007-11-06] (ArcSoft Inc.) [File not signed]
S4 ArcUdfs; C:\Windows\system32\Drivers\ArcUdfs.sys [134912 2007-04-25] (ArcSoft Inc.) [File not signed]
S4 asc; C:\Windows\system32\DRIVERS\asc.sys [26496 2001-08-17] (Advanced System Products, Inc.) [File not signed]
S4 asc3350p; C:\Windows\system32\DRIVERS\asc3350p.sys [22400 2001-08-17] (Microsoft Corporation) [File not signed]
S4 asc3550; C:\Windows\system32\DRIVERS\asc3550.sys [14848 2001-08-17] (Advanced System Products, Inc.) [File not signed]
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [257288 2017-02-21] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148720 2017-02-21] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [267016 2017-02-21] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41176 2017-02-21] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-02-21] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [31064 2017-02-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [106392 2017-02-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [60632 2017-02-21] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [61128 2017-02-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [754664 2017-02-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463936 2017-02-21] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184208 2017-02-21] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [277176 2017-02-21] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
S4 cd20xrnt; C:\Windows\system32\DRIVERS\cd20xrnt.sys [7680 2001-08-17] (Microsoft Corporation) [File not signed]
R1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [9072 2008-03-12] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [9200 2008-03-12] (Sonic Solutions)
S4 Cpqarray; C:\Windows\system32\DRIVERS\cpqarray.sys [14976 2001-08-17] (Microsoft Corporation) [File not signed]
S4 dac2w2k; C:\Windows\system32\DRIVERS\dac2w2k.sys [179584 2001-08-17] (Mylex Corporation) [File not signed]
S4 dac960nt; C:\Windows\system32\DRIVERS\dac960nt.sys [14720 2001-08-17] (Microsoft Corporation) [File not signed]
S4 dpti2o; C:\Windows\system32\DRIVERS\dpti2o.sys [20192 2001-08-17] (Microsoft Corporation) [File not signed]
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
S4 hpn; C:\Windows\system32\DRIVERS\hpn.sys [25952 2001-08-17] (Microsoft Corporation) [File not signed]
R1 i8042prt; C:\Windows\System32\DRIVERS\l8042prt.sys [87680 1999-09-01] (Logitech) [File not signed]
S4 ini910u; C:\Windows\system32\DRIVERS\ini910u.sys [16000 2001-08-17] (Microsoft Corporation) [File not signed]
R1 lkbdfltr; C:\Windows\System32\DRIVERS\lkbdfltr.sys [4240 1999-09-01] (Logitech) [File not signed]
S1 lmoufltr; C:\Windows\System32\DRIVERS\lmoufltr.sys [57104 1999-09-01] (Logitech) [File not signed]
S1 lsermous; C:\Windows\System32\DRIVERS\lsermous.sys [57872 1999-09-01] (Logitech) [File not signed]
S4 ql1080; C:\Windows\system32\DRIVERS\ql1080.sys [40320 2001-08-17] (QLogic Corporation) [File not signed]
S4 Ql10wnt; C:\Windows\system32\DRIVERS\ql10wnt.sys [33152 2001-08-17] (Microsoft Corporation) [File not signed]
S4 ql12160; C:\Windows\system32\DRIVERS\ql12160.sys [45312 2001-08-17] (QLogic Corporation) [File not signed]
S4 ql1240; C:\Windows\system32\DRIVERS\ql1240.sys [40448 2001-08-17] (Microsoft Corporation) [File not signed]
S4 ql1280; C:\Windows\system32\DRIVERS\ql1280.sys [49024 2001-08-17] (QLogic Corporation) [File not signed]
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [13496 2011-02-23] ()
S4 Sparrow; C:\Windows\system32\DRIVERS\sparrow.sys [19072 2001-08-17] (Adaptec, Inc.) [File not signed]
S4 symc810; C:\Windows\system32\DRIVERS\symc810.sys [16256 2001-08-17] (Symbios Logic Inc.) [File not signed]
S4 ultra; C:\Windows\system32\DRIVERS\ultra.sys [36736 2001-08-17] (Promise Technology, Inc.) [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 21:00 - 2017-02-21 21:02 - 00024902 _____ C:\Users\Andy\Downloads\FRST.txt
2017-02-21 21:00 - 2017-02-21 21:00 - 00000000 ____D C:\FRST
2017-02-21 20:57 - 2017-02-21 20:57 - 01764864 _____ (Farbar) C:\Users\Andy\Downloads\FRST.exe
2017-02-21 20:50 - 2017-02-21 20:50 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-21 20:15 - 2017-02-21 20:24 - 00037906 _____ C:\Windows\ntbtlog.txt
2017-02-21 18:12 - 2017-02-21 18:10 - 00267016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-02-21 18:12 - 2017-02-21 18:10 - 00257288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-02-21 18:12 - 2017-02-21 18:10 - 00148720 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-02-21 18:12 - 2017-02-21 18:10 - 00041176 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-02-21 18:11 - 2017-02-21 18:11 - 00328208 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-02-15 18:53 - 2017-02-15 18:53 - 00197182 _____ C:\Users\Andy\Downloads\932428_Enrollment Form Roth.pdf
2017-02-06 22:14 - 2017-02-06 22:21 - 00000000 ____D C:\Users\Andy\Desktop\Andy's Phone

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 20:52 - 2014-04-27 19:38 - 00000000 ____D C:\Users\Andy\AppData\Local\ApplicationHistory
2017-02-21 20:48 - 2014-04-27 19:35 - 00001356 _____ C:\Users\Andy\AppData\Local\d3d9caps.dat
2017-02-21 20:48 - 2014-04-27 10:12 - 00002000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-21 20:48 - 2014-04-27 10:12 - 00002000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-21 20:48 - 2011-06-13 16:43 - 00000278 _____ C:\Windows\Tasks\SmartDefrag_Startup.job
2017-02-21 20:48 - 2010-09-22 15:05 - 00000236 _____ C:\Windows\Tasks\OGALogon.job
2017-02-21 20:48 - 2006-11-02 06:00 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-21 20:24 - 2015-02-08 10:40 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-21 20:15 - 2014-04-28 20:34 - 00000000 ____D C:\ProgramData\DivX
2017-02-21 20:13 - 2004-08-11 15:20 - 00032602 _____ C:\Windows\SchedLgU.Txt
2017-02-21 19:39 - 2008-12-01 04:52 - 00000000 ____D C:\Program Files\Common Files\Java
2017-02-21 19:38 - 2014-11-01 07:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-21 19:37 - 2015-01-31 07:51 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2017-02-21 19:37 - 2008-12-01 04:52 - 00000000 ____D C:\Program Files\Java
2017-02-21 19:36 - 2015-01-01 15:07 - 00000918 _____ C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2017-02-21 18:50 - 2014-07-18 18:18 - 00000000 ____D C:\Users\Andy\AppData\Local\Adobe
2017-02-21 18:50 - 2014-04-28 20:34 - 00000000 ____D C:\Program Files\DivX
2017-02-21 18:50 - 2008-12-01 04:59 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2017-02-21 18:49 - 2014-04-28 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2017-02-21 18:49 - 2014-04-28 20:39 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2017-02-21 18:47 - 2014-04-28 20:39 - 00000000 ____D C:\Users\Andy\AppData\Roaming\DivX
2017-02-21 18:37 - 2016-06-05 08:18 - 00000000 ____D C:\Users\Andy\AppData\Local\{61F757AB-455F-3B13-28C7-1EFB0CAFE263}
2017-02-21 18:20 - 2010-02-20 10:12 - 00000000 ____D C:\temp
2017-02-21 18:12 - 2014-05-12 19:20 - 00277176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-02-21 18:11 - 2016-05-18 04:51 - 00031064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-02-21 18:11 - 2015-09-07 10:07 - 00184208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2017-02-21 18:11 - 2014-05-12 19:20 - 00754664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-02-21 18:11 - 2014-05-12 19:20 - 00463936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-02-21 18:11 - 2014-05-12 19:20 - 00106392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-02-21 18:11 - 2014-05-12 19:20 - 00061128 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-02-21 18:11 - 2014-05-12 19:20 - 00060632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2017-02-21 18:11 - 2014-05-12 19:20 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-02-15 18:26 - 2016-01-31 12:12 - 00000000 ____D C:\ProgramData\ProductData
2017-02-08 18:41 - 2009-04-26 08:36 - 00000000 ____D C:\ProgramData\Lx_cats
2017-02-06 21:38 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\inf
2017-02-06 21:38 - 2006-11-02 03:33 - 00798248 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-06 21:31 - 2017-01-09 06:31 - 00000000 ____D C:\Users\Andy\Desktop\Andy

==================== Files in the root of some directories =======

2013-03-20 20:15 - 2013-03-20 20:15 - 0038445 _____ () C:\Users\Andy\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-11-03 09:32 - 2014-04-27 11:44 - 0009367 _____ () C:\Users\Andy\AppData\Roaming\Comma Separated Values (Windows).EML
2013-02-17 09:49 - 2013-02-17 09:53 - 0038466 _____ () C:\Users\Andy\AppData\Roaming\Microsoft Excel.ADR
2008-12-15 08:23 - 2015-01-03 13:27 - 0038302 _____ () C:\Users\Andy\AppData\Roaming\Tab Separated Values (Windows).ADR
2008-12-15 08:21 - 2010-01-23 10:18 - 0012992 _____ () C:\Users\Andy\AppData\Roaming\Tab Separated Values (Windows).CAL
2008-12-15 08:22 - 2014-04-27 11:44 - 0009361 _____ () C:\Users\Andy\AppData\Roaming\Tab Separated Values (Windows).EML
2016-06-05 09:19 - 2016-06-05 09:19 - 0000044 _____ () C:\Users\Andy\AppData\Roaming\WB.CFG
2008-12-06 12:45 - 2008-12-06 12:45 - 0000000 _____ () C:\Users\Andy\AppData\Roaming\wklnhst.dat
2008-12-07 10:40 - 1996-11-17 00:00 - 0000002 _____ () C:\Users\Andy\AppData\Roaming\Microsoft\ArtGalry.cag
2014-04-27 19:35 - 2017-02-21 20:48 - 0001356 _____ () C:\Users\Andy\AppData\Local\d3d9caps.dat
2014-05-01 17:57 - 2017-01-21 21:07 - 0075264 _____ () C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-12 17:23 - 2014-05-12 17:23 - 0000052 _____ () C:\ProgramData\lxdm
2014-04-27 20:07 - 2016-02-15 19:28 - 0000605 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-02-01 14:52 - 2015-02-01 14:52 - 0381348 _____ () C:\ProgramData\SPL1897.tmp
2014-06-28 08:32 - 2014-06-28 08:32 - 1135400 _____ () C:\ProgramData\SPL22A1.tmp
2014-06-28 08:29 - 2014-06-28 08:29 - 1135400 _____ () C:\ProgramData\SPL4982.tmp
2015-01-01 09:08 - 2015-01-01 09:08 - 0417968 _____ () C:\ProgramData\SPLA20A.tmp
2015-12-31 16:56 - 2015-12-31 16:56 - 0465302 _____ () C:\ProgramData\SPLC276.tmp
2015-01-04 11:05 - 2015-01-04 11:05 - 0577874 _____ () C:\ProgramData\SPLCAB5.tmp
2015-01-04 11:06 - 2015-01-04 11:06 - 0577874 _____ () C:\ProgramData\SPLD9A.tmp
2015-02-01 14:50 - 2015-02-01 14:50 - 0381348 _____ () C:\ProgramData\SPLD9D9.tmp
2015-01-01 09:10 - 2015-01-01 09:10 - 0417968 _____ () C:\ProgramData\SPLDEBA.tmp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

Topnotch · 2017/02/21

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-02-2017
Ran by Andy (21-02-2017 21:03:13)
Running from C:\Users\Andy\Downloads
Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86) (2014-04-28 02:08:32)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3003520428-431247303-3936332552-500 - Administrator - Disabled) => C:\Users\Administrator
Andy (S-1-5-21-3003520428-431247303-3936332552-1005 - Administrator - Enabled) => C:\Users\Andy
ASPNET (S-1-5-21-3003520428-431247303-3936332552-1010 - Limited - Enabled)
Guest (S-1-5-21-3003520428-431247303-3936332552-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-3003520428-431247303-3936332552-1004 - Limited - Enabled)
SUPPORT_388945a0 (S-1-5-21-3003520428-431247303-3936332552-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Watch Live! (Disabled - Up to date) {24938260-56EE-C1E5-047B-DC2BDD234BAB}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.NET Utilities (HKLM\...\{E9915A07-2A00-4CF8-B53A-D5EEC314C1B2}) (Version: 128.0.0 - Manufacturer)
.NET Utilities (HKLM\...\{EFD9DCB8-EE9A-488E-98F3-9035AC5F5B4E}) (Version: 128.0.0 - Manufacturer)
3ivx MPEG-4 5.0.3 (remove only) (HKLM\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Ad-Aware (HKLM\...\Ad-Aware) (Version: - Lavasoft)
Ad-Aware (Version: 8.3.0 - Lavasoft) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe PhotoDeluxe Home Edition 3.0 (HKLM\...\Adobe PhotoDeluxe Home Edition 3.0) (Version: 3.0 - Adobe Systems, Inc.)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B448BC74-1CB7-7A57-3313-5E075AFB413E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 3.3.1 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression for Kodak (HKLM\...\{9B260944-746E-4966-8918-0F9636930456}) (Version: 2.0.24.1216 - ArcSoft)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.493-080512a-064246C-Dell - )
Auto Updater 1.2.0.3 (HKLM\...\AutoUpdater_is1) (Version: - )
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
Backup Assistant Plus (HKLM\...\Backup Assistant Plus) (Version: - Verizon Wireless)
BeerSmith 2 (HKLM\...\BeerSmith 2) (Version: - )
BingProvidedSearch (HKLM\...\BingProvidedSearch) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.5.0.2 - Canon Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM\...\Software Guide) (Version: 1.4.0.1 - Canon Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon PowerShot ELPH 300 HS_IXUS 220 HS Camera User Guide (HKLM\...\CameraUserGuide-PSELPH300HS_IXUS220HS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.4.0.3 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM\...\CameraWindowLauncher) (Version: 7.5.0.2 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.4.0.2 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.2.10218.1 - Cisco Consumer Products LLC)
City Navigator North America v7 (HKLM\...\{8F971101-FCBD-4293-B917-D5A14FD1DAF9}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DC-Bass Source 1.3.0 (HKLM\...\DC-Bass Source) (Version: - )
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
Dell System Detect (HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
DirectVobSub 2.40.4209 (HKLM\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DirectXInstallService (Version: 9.0.2 - Roxio) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.141 - DivX, LLC)
Easy CD Creator 5 Platinum (HKLM\...\{8851E12C-0EF9-11D4-A788-009027ABA5D0}) (Version: 5.0.0.0000 - Roxio Inc)
Elevated Installer (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Facebook Plug-In (HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\Facebook Plug-In) (Version: - Facebook, Inc.)
FastStone Image Viewer 6.1 (HKLM\...\FastStone Image Viewer) (Version: 6.1 - FastStone Soft)
Garmin BaseCamp (HKLM\...\{31A67F6C-D79D-47B9-9F0B-13C0FCF3C3A8}) (Version: 4.4.6 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2012.40 Update (HKLM\...\{A0966294-1F16-411F-98BF-AB9FDED7B9C6}) (Version: 15.40.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2013.40 Update (HKLM\...\{CB9E92AF-55F4-46A7-BC7A-16005E4BF39D}) (Version: 16.40.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America v8 (HKLM\...\{A75949C3-DC28-42CA-9C56-24C002B93D89}) (Version: 8.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator NorthAmerica NT 2013.30 Update (HKLM\...\{45C4E2EC-53D5-4190-B1A5-02B9BA732C3A}) (Version: 16.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{5b45c228-dcb1-4a0b-a9de-3b4b683ef15d}) (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapSource (HKLM\...\{58FA5D40-E35A-47ED-8AFA-68CCC758559E}) (Version: 6.15.11 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
GOM Player (HKLM\...\GOM Player) (Version: 2.3.9.5265 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Image Editor Packages (HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\Image Editor Packages) (Version: - ) <==== ATTENTION
Intel(R) PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version: - Intel)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Lexmark 5000 Series (HKLM\...\Lexmark 5000 Series) (Version: - Lexmark International, Inc.)
Logitech MouseWare 8.60 (HKLM\...\Logitech MouseWare) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MapSource (HKLM\...\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}) (Version: - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB954459) (HKLM\...\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}) (Version: 6.20.1099.0 - Microsoft Corporation)
Natural Color Pro (HKLM\...\{FC2C7405-BC58-4E11-8F51-29671BEAC06B}) (Version: 1.00.0000 - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5548 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.91 (HKLM\...\Revo Uninstaller) (Version: 1.91 - VS Revo Group)
Roxio Creator Premier (HKLM\...\{469EF13B-4AD0-48D7-AF89-6B92278293E2}) (Version: 10.1 - Roxio)
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
Smart Defrag 2 (HKLM\...\Smart Defrag 2_is1) (Version: 2.0.1 - IObit)
TurboTax 2010 (HKLM\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version: - )
UMPlayer 0.98 [P4] (HKLM\...\UMPlayer) (Version: 0.98 - Ori Rejwan)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Webshots! (HKLM\...\Webshots) (Version: - )
Winamp (HKLM\...\Winamp) (Version: 5.56 - Nullsoft, Inc)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}) (Version: 2.05.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
X-Mouse Button Control 2.5 (HKLM\...\X-Mouse Button Control) (Version: 2.5 - Highresolution Enterprises)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{82E5DF24-51E8-47CD-864A-F4BD5005AA73}\InprocServer32 -> C:\Users\Andy\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\iCloud.ocx (Apple Inc.)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{91814EC0-B5F0-11D2-80B9-00104B1F6CEA}\localserver32 -> C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{cb4c77f0-ab2a-407c-93ac-963769824b18}\localserver32 -> C:\Users\Andy\AppData\Local\Temp\{b3ede298-ae75-4a1c-ab7e-1b9229b77bbe}\IDriver.NonElevated.exe => N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {035E45ED-F98F-4248-9D59-A5E60017A77E} - System32\Tasks\DivXUpdate => C:\Program Files\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [2016-12-15] (DivX, LLC)
Task: {0BC8AFEA-4510-4CA9-9527-53CFAFA311E4} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-21] (AVAST Software)
Task: {1BD0A639-D6E7-4781-897A-3040A4AC8ACF} - System32\Tasks\AutoUpdaterTask => C:\Program Files\Auto Updater\AutoUpdater.exe [2012-09-18] ()
Task: {1DDF3E31-A44F-4282-BC3C-F5CC86B5B024} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {45AD634C-F349-4339-8936-0279353453F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {59D7E340-8DC5-44A1-9A54-B7A9F487392A} - System32\Tasks\SmartDefrag_Startup => C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-13] (IObit)
Task: {5FC51B3A-8180-4D35-9827-2C8BBCB8CC78} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-08-31] ()
Task: {749C1069-85F1-47FD-8CE1-DDFA1EBC3E0B} - System32\Tasks\OGALogon => C:\WINDOWS\system32\OGAEXEC.exe
Task: {90C21205-B8BA-42C1-A43E-DA539F2D7D22} - System32\Tasks\Microsoft\Windows\PLA\System Overview => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "System Overview" "$(Arg0)"
Task: {C469912B-5590-4D6D-9555-094CA506F31E} - System32\Tasks\SafeZone scheduled Autoupdate 1463572581 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {CF8BE0C1-25D1-4117-8478-164BA604BB54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-18] (Adobe Systems Incorporated)
Task: {D7159F95-121B-4CE4-AB4E-7D3C1A2F4FC3} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {F8564B3B-9AAE-4493-8997-CDF2EF344D88} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-09-01] (Lavasoft Limited )

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\OGALogon.job => C:\WINDOWS\system32\OGAEXEC.exe
Task: C:\Windows\Tasks\SmartDefrag_Startup.job => C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

broni · 2017/02/22

Please don't create multiple topics.

Additional scan log is incomplete.
Please post entire log.

Topnotch · 2017/02/23

Broni, thanks for your help! Sorry if we are misunderstanding of what you are asking. I do believe that these are the entire "FRST" and "Addition" scan logs. Should we run it again?

Topnotch · 2017/02/23

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-02-2017
Ran by Andy (21-02-2017 21:03:13)
Running from C:\Users\Andy\Downloads
Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86) (2014-04-28 02:08:32)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3003520428-431247303-3936332552-500 - Administrator - Disabled) => C:\Users\Administrator
Andy (S-1-5-21-3003520428-431247303-3936332552-1005 - Administrator - Enabled) => C:\Users\Andy
ASPNET (S-1-5-21-3003520428-431247303-3936332552-1010 - Limited - Enabled)
Guest (S-1-5-21-3003520428-431247303-3936332552-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-3003520428-431247303-3936332552-1004 - Limited - Enabled)
SUPPORT_388945a0 (S-1-5-21-3003520428-431247303-3936332552-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Watch Live! (Disabled - Up to date) {24938260-56EE-C1E5-047B-DC2BDD234BAB}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.NET Utilities (HKLM\...\{E9915A07-2A00-4CF8-B53A-D5EEC314C1B2}) (Version: 128.0.0 - Manufacturer)
.NET Utilities (HKLM\...\{EFD9DCB8-EE9A-488E-98F3-9035AC5F5B4E}) (Version: 128.0.0 - Manufacturer)
3ivx MPEG-4 5.0.3 (remove only) (HKLM\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Ad-Aware (HKLM\...\Ad-Aware) (Version: - Lavasoft)
Ad-Aware (Version: 8.3.0 - Lavasoft) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe PhotoDeluxe Home Edition 3.0 (HKLM\...\Adobe PhotoDeluxe Home Edition 3.0) (Version: 3.0 - Adobe Systems, Inc.)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B448BC74-1CB7-7A57-3313-5E075AFB413E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 3.3.1 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression for Kodak (HKLM\...\{9B260944-746E-4966-8918-0F9636930456}) (Version: 2.0.24.1216 - ArcSoft)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.493-080512a-064246C-Dell - )
Auto Updater 1.2.0.3 (HKLM\...\AutoUpdater_is1) (Version: - )
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
Backup Assistant Plus (HKLM\...\Backup Assistant Plus) (Version: - Verizon Wireless)
BeerSmith 2 (HKLM\...\BeerSmith 2) (Version: - )
BingProvidedSearch (HKLM\...\BingProvidedSearch) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.5.0.2 - Canon Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM\...\Software Guide) (Version: 1.4.0.1 - Canon Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon PowerShot ELPH 300 HS_IXUS 220 HS Camera User Guide (HKLM\...\CameraUserGuide-PSELPH300HS_IXUS220HS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.4.0.3 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM\...\CameraWindowLauncher) (Version: 7.5.0.2 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.4.0.2 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.2.10218.1 - Cisco Consumer Products LLC)
City Navigator North America v7 (HKLM\...\{8F971101-FCBD-4293-B917-D5A14FD1DAF9}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DC-Bass Source 1.3.0 (HKLM\...\DC-Bass Source) (Version: - )
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
Dell System Detect (HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
DirectVobSub 2.40.4209 (HKLM\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DirectXInstallService (Version: 9.0.2 - Roxio) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.141 - DivX, LLC)
Easy CD Creator 5 Platinum (HKLM\...\{8851E12C-0EF9-11D4-A788-009027ABA5D0}) (Version: 5.0.0.0000 - Roxio Inc)
Elevated Installer (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Facebook Plug-In (HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\Facebook Plug-In) (Version: - Facebook, Inc.)
FastStone Image Viewer 6.1 (HKLM\...\FastStone Image Viewer) (Version: 6.1 - FastStone Soft)
Garmin BaseCamp (HKLM\...\{31A67F6C-D79D-47B9-9F0B-13C0FCF3C3A8}) (Version: 4.4.6 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2012.40 Update (HKLM\...\{A0966294-1F16-411F-98BF-AB9FDED7B9C6}) (Version: 15.40.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2013.40 Update (HKLM\...\{CB9E92AF-55F4-46A7-BC7A-16005E4BF39D}) (Version: 16.40.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America v8 (HKLM\...\{A75949C3-DC28-42CA-9C56-24C002B93D89}) (Version: 8.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator NorthAmerica NT 2013.30 Update (HKLM\...\{45C4E2EC-53D5-4190-B1A5-02B9BA732C3A}) (Version: 16.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{5b45c228-dcb1-4a0b-a9de-3b4b683ef15d}) (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapSource (HKLM\...\{58FA5D40-E35A-47ED-8AFA-68CCC758559E}) (Version: 6.15.11 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
GOM Player (HKLM\...\GOM Player) (Version: 2.3.9.5265 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Image Editor Packages (HKU\S-1-5-21-3003520428-431247303-3936332552-1005\...\Image Editor Packages) (Version: - ) <==== ATTENTION
Intel(R) PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version: - Intel)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Lexmark 5000 Series (HKLM\...\Lexmark 5000 Series) (Version: - Lexmark International, Inc.)
Logitech MouseWare 8.60 (HKLM\...\Logitech MouseWare) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MapSource (HKLM\...\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}) (Version: - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB954459) (HKLM\...\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}) (Version: 6.20.1099.0 - Microsoft Corporation)
Natural Color Pro (HKLM\...\{FC2C7405-BC58-4E11-8F51-29671BEAC06B}) (Version: 1.00.0000 - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5548 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.91 (HKLM\...\Revo Uninstaller) (Version: 1.91 - VS Revo Group)
Roxio Creator Premier (HKLM\...\{469EF13B-4AD0-48D7-AF89-6B92278293E2}) (Version: 10.1 - Roxio)
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
Smart Defrag 2 (HKLM\...\Smart Defrag 2_is1) (Version: 2.0.1 - IObit)
TurboTax 2010 (HKLM\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version: - )
UMPlayer 0.98 [P4] (HKLM\...\UMPlayer) (Version: 0.98 - Ori Rejwan)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Webshots! (HKLM\...\Webshots) (Version: - )
Winamp (HKLM\...\Winamp) (Version: 5.56 - Nullsoft, Inc)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}) (Version: 2.05.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
X-Mouse Button Control 2.5 (HKLM\...\X-Mouse Button Control) (Version: 2.5 - Highresolution Enterprises)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{82E5DF24-51E8-47CD-864A-F4BD5005AA73}\InprocServer32 -> C:\Users\Andy\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\iCloud.ocx (Apple Inc.)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{91814EC0-B5F0-11D2-80B9-00104B1F6CEA}\localserver32 -> C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{cb4c77f0-ab2a-407c-93ac-963769824b18}\localserver32 -> C:\Users\Andy\AppData\Local\Temp\{b3ede298-ae75-4a1c-ab7e-1b9229b77bbe}\IDriver.NonElevated.exe => N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-3003520428-431247303-3936332552-1005_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {035E45ED-F98F-4248-9D59-A5E60017A77E} - System32\Tasks\DivXUpdate => C:\Program Files\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [2016-12-15] (DivX, LLC)
Task: {0BC8AFEA-4510-4CA9-9527-53CFAFA311E4} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-21] (AVAST Software)
Task: {1BD0A639-D6E7-4781-897A-3040A4AC8ACF} - System32\Tasks\AutoUpdaterTask => C:\Program Files\Auto Updater\AutoUpdater.exe [2012-09-18] ()
Task: {1DDF3E31-A44F-4282-BC3C-F5CC86B5B024} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {45AD634C-F349-4339-8936-0279353453F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {59D7E340-8DC5-44A1-9A54-B7A9F487392A} - System32\Tasks\SmartDefrag_Startup => C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-13] (IObit)
Task: {5FC51B3A-8180-4D35-9827-2C8BBCB8CC78} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-08-31] ()
Task: {749C1069-85F1-47FD-8CE1-DDFA1EBC3E0B} - System32\Tasks\OGALogon => C:\WINDOWS\system32\OGAEXEC.exe
Task: {90C21205-B8BA-42C1-A43E-DA539F2D7D22} - System32\Tasks\Microsoft\Windows\PLA\System Overview => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "System Overview" "$(Arg0)"
Task: {C469912B-5590-4D6D-9555-094CA506F31E} - System32\Tasks\SafeZone scheduled Autoupdate 1463572581 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {CF8BE0C1-25D1-4117-8478-164BA604BB54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-18] (Adobe Systems Incorporated)
Task: {D7159F95-121B-4CE4-AB4E-7D3C1A2F4FC3} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {F8564B3B-9AAE-4493-8997-CDF2EF344D88} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-09-01] (Lavasoft Limited )

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\OGALogon.job => C:\WINDOWS\system32\OGAEXEC.exe
Task: C:\Windows\Tasks\SmartDefrag_Startup.job => C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

broni · 2017/02/23

Hmmm..it's still incomplete but let's forget about it for now...

Couple of days ago Avast had some problems with VBS Malware-Gen false positive.
See here: [FIXED] [VBS: Malware Gen] False positives Vir. def: 170221-1 22.2.2017 0:08:41
Since then the issue has been fixed.
Make sure your Avast is up to date and let me know if Avast is still barking at searchprotocolhost.exe

Topnotch · 2017/02/24

Broni, you seem to be correct. The problem has gone away and it was Avast that was giving the error message. Thanks for your time and help.

broni · 2017/02/24

Great news

Log in or Sign up

Solved c:\windows32\system32\searchprotocolhost.exe. vbs:malware-gen

Topnotch Well-Known Member Thread Starter

broni Moderator Malware Analyst

Topnotch Well-Known Member Thread Starter

Topnotch Well-Known Member Thread Starter

Topnotch Well-Known Member Thread Starter

Topnotch Well-Known Member Thread Starter

broni Moderator Malware Analyst

Topnotch Well-Known Member Thread Starter

Topnotch Well-Known Member Thread Starter

broni Moderator Malware Analyst

Topnotch Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved c:\windows32\system32\searchprotocolhost.exe. vbs:malware-gen

Topnotch Well-Known Member Thread Starter

broni Moderator Malware Analyst

Topnotch Well-Known Member Thread Starter

Topnotch Well-Known Member Thread Starter

Topnotch Well-Known Member Thread Starter

Topnotch Well-Known Member Thread Starter

broni Moderator Malware Analyst

Topnotch Well-Known Member Thread Starter

Topnotch Well-Known Member Thread Starter

broni Moderator Malware Analyst

Topnotch Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches