Solved help with cleaning....

yoruga · 2015/12/29

[Solved] help with cleaning....

Hi there
Previous customer and I would like to know if i am missing a step...... have quarantined a coupke of files..... and have updated antivirus..... just wondering if this may be affecting lagging issues on my PC and/or other devices that are being used at the same time.... no log files to display at this point....

broni · 2015/12/29

Please, complete all steps listed HERE

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

yoruga · 2015/12/29

hi broni

downloaded both versions and nothing happenned.... is it ok to stay logged on or prefer me to sign out after each reply?

broni · 2015/12/29

What do you mean by "nothing happened "?

yoruga · 2015/12/30

sorry broni system is really slow..... i understand if you do not reply due to New year eve and all.... alll good.... will pass on the log asap...

yoruga · 2015/12/30

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-12-2015
Ran by Taliah (administrator) on RAWR (30-12-2015 21:24:14)
Running from C:\Users\Taliah\Downloads\Desktop
Loaded Profiles: Taliah (Available Profiles: Taliah & DefaultAppPool)
Platform: Microsoft Windows 10 Home (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\stacsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\AEstSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(CyberLink Corp.) C:\Program Files\Hp\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Google Inc.) C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Users\Taliah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Taliah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Taliah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Taliah\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Users\Taliah\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-18] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-25] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-09] (Hewlett-Packard)
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-24] (Hewlett-Packard)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-03] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3527368 2015-07-17] (Synaptics Incorporated)
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-16] (Hewlett-Packard)
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-18] (Hewlett-Packard Company)
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\...\Run: [Google Update] => C:\Users\Taliah\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [25600 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-12-03] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-04-19]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Taliah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-12-01]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 198.142.235.14 211.29.132.12 198.142.0.51
Tcpip\..\Interfaces\{5119e7d9-5c9f-4042-95dc-23d6f751cee9}: [DhcpNameServer] 198.142.235.14 211.29.132.12 198.142.0.51

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11412&pf=V7&trgb=CR&p2=%5EBBK%5EOSJ000%5EYY%5EAU&gct=hp&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EAU&apn_dbr=cr_35.0.1916.153&apn_uid=E34C3A2C-B026-4422-A53E-98651F767F98&itbv=12.15.1.20&doi=2014-07-23&psv=&pt=tb
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000 -> DefaultScope {25107C24-F015-4F20-912E-B44B05F15704} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=825
SearchScopes: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000 -> {25107C24-F015-4F20-912E-B44B05F15704} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000 -> {579649E2-0DBC-4DA9-BF72-984991796639} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11412&pf=V7&p2=^BBK^OSJ000^YY^AU&gct=&itbv=12.15.1.20&apn_uid=E34C3A2C-B026-4422-A53E-98651F767F98&apn_ptnrs=BBK&apn_dtid=^OSJ000^YY^AU&apn_dbr=cr_35.0.1916.153&doi=2014-07-23&trgb=CR&q={searchTerms}&psv=&pt=tb
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-03] (AVAST Software)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Taliah\AppData\Roaming\Mozilla\Firefox\Profiles\nex98oqn.default
FF DefaultSearchUrl: hxxp://www.bing.com/search?FORM=IEFM1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1160702305-3582450622-2665941894-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Taliah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1160702305-3582450622-2665941894-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-1160702305-3582450622-2665941894-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-12-19] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-04-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-04-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-04-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-04-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-04-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-04-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-04-17] (Apple Inc.)
FF SearchPlugin: C:\Users\Taliah\AppData\Roaming\Mozilla\Firefox\Profiles\nex98oqn.default\searchplugins\searchcanvas.xml [2013-02-20]
FF Extension: Lavasoft Search Plugin - C:\Users\Taliah\AppData\Roaming\Mozilla\Firefox\Profiles\nex98oqn.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-12-22] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-05-21] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-24] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-28] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-04-09] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-07-04] [not signed]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012-11-28] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-20] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-03]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-03]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://ninemsn.com.au/ "
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Taliah\AppData\Local\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Users\Taliah\AppData\Local\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Taliah\AppData\Local\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft Corp. DRM Netscape Plugin) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corp.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows LiveÃ‚® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Taliah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\Taliah\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\system32\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll => No File
CHR Profile: C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-22]
CHR Extension: (YouTube) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Google Search) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Qualys BrowserCheck for Windows) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhnkognlohdkpjkjongioociddgoibk [2015-12-14]
CHR Extension: (Avast Online Security) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-12]
CHR Extension: (TS1.8) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhhmlalomhpoaelhcgmaeobmbbhfnkf [2015-10-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (Gmail) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-03]
StartMenuInternet: Google Chrome - C:\Users\Taliah\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-03] (AVAST Software)
S3 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [246520 2010-10-01] (WildTangent, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-18] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2014-04-14] (The OpenVPN Project)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-01-22] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-07] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-07] (Secunia)
R2 STacSV; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [217288 2015-07-17] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-12-03] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26096 2015-12-03] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [81168 2015-12-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [81728 2015-12-03] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-12-03] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [794952 2015-12-03] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [436360 2015-12-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [117712 2015-12-03] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209432 2015-12-03] (AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athw8.sys [2777088 2012-10-01] (Qualcomm Atheros Communications, Inc.)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-02-19] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-07] (Secunia)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [492032 2015-07-10] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [35528 2015-07-17] (Synaptics Incorporated)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-08-21] (TuneUp Software)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-30 21:23 - 2015-12-30 21:24 - 00000000 ____D C:\FRST
2015-12-30 20:59 - 2015-12-30 20:59 - 00016148 _____ C:\WINDOWS\system32\RAWR_Taliah_HistoryPrediction.bin
2015-12-10 17:51 - 2015-11-25 14:55 - 01263848 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-10 17:51 - 2015-11-25 14:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-10 17:51 - 2015-11-25 14:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-10 17:51 - 2015-11-25 14:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-10 17:51 - 2015-11-25 14:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-10 17:51 - 2015-11-25 14:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-10 17:51 - 2015-11-25 14:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-10 17:50 - 2015-12-01 16:05 - 01807200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-10 17:50 - 2015-12-01 15:14 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-10 17:50 - 2015-12-01 15:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-10 17:50 - 2015-12-01 14:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-10 17:50 - 2015-11-25 15:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-10 17:50 - 2015-11-25 15:11 - 00133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-10 17:50 - 2015-11-25 15:10 - 01535024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-10 17:50 - 2015-11-25 15:08 - 00414560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-10 17:50 - 2015-11-25 15:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-10 17:50 - 2015-11-25 14:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-10 17:50 - 2015-11-25 14:28 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-10 17:50 - 2015-11-25 14:28 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-10 17:50 - 2015-11-25 14:28 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-10 17:50 - 2015-11-25 14:28 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-10 17:50 - 2015-11-25 14:28 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-10 17:50 - 2015-11-25 14:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-10 17:50 - 2015-11-25 14:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-10 17:50 - 2015-11-25 14:17 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-10 17:50 - 2015-11-25 14:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-10 17:50 - 2015-11-25 14:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-10 17:50 - 2015-11-25 14:13 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-10 17:50 - 2015-11-25 14:12 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-10 17:50 - 2015-11-25 14:12 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-10 17:50 - 2015-11-25 14:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-10 17:50 - 2015-11-25 14:11 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-10 17:50 - 2015-11-25 14:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-10 17:50 - 2015-11-25 14:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-10 17:50 - 2015-11-25 14:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-10 17:50 - 2015-11-25 14:08 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-10 17:50 - 2015-11-25 14:07 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-10 17:50 - 2015-11-25 14:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-10 17:50 - 2015-11-25 14:06 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-10 17:50 - 2015-11-25 14:04 - 02987008 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-10 17:50 - 2015-11-25 14:04 - 01134592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-10 17:50 - 2015-11-25 14:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-10 17:50 - 2015-11-25 14:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-10 17:50 - 2015-11-25 14:04 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-10 17:50 - 2015-11-25 14:04 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-10 17:50 - 2015-11-25 14:04 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-10 17:50 - 2015-11-25 14:04 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-10 17:50 - 2015-11-25 14:01 - 01499136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-10 17:50 - 2015-11-25 14:01 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-10 17:50 - 2015-11-25 12:54 - 00775312 _____ C:\WINDOWS\system32\locale.nls
2015-12-03 07:45 - 2015-12-03 07:45 - 00001191 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2015-12-03 07:45 - 2015-12-03 07:45 - 00001191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2015-12-03 07:42 - 2015-12-03 07:41 - 00322760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-12-03 07:41 - 2015-12-03 07:41 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-12-02 21:16 - 2015-12-05 12:39 - 00000000 ____D C:\Users\DefaultAppPool
2015-12-02 21:16 - 2015-12-02 21:16 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2015-12-02 21:16 - 2015-12-02 21:16 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2015-12-02 21:16 - 2015-12-02 21:16 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2015-12-02 21:16 - 2015-12-02 21:16 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2015-12-02 21:16 - 2015-12-02 21:16 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2015-12-02 21:16 - 2015-09-17 20:08 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\TuneUp Software
2015-12-02 21:16 - 2015-09-17 20:08 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2015-12-02 21:16 - 2015-09-17 20:08 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2015-12-02 21:16 - 2015-09-17 20:08 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2015-12-02 21:16 - 2015-09-17 20:08 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2015-12-02 21:16 - 2015-09-17 20:08 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2015-12-02 20:45 - 2015-12-02 22:19 - 00000000 ____D C:\Users\Taliah\Downloads\ANGELO

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-30 21:24 - 2015-07-10 16:59 - 00000000 ____D C:\Windows
2015-12-30 21:20 - 2009-12-24 10:27 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000UA.job
2015-12-30 21:04 - 2009-12-24 00:39 - 00000376 _____ C:\ProgramData\HPWALog.txt
2015-12-30 21:00 - 2012-07-16 17:49 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-30 21:00 - 2009-09-25 18:45 - 00000320 _____ C:\ProgramData\hpqp.ini
2015-12-30 20:59 - 2015-09-17 19:56 - 00000000 ____D C:\Users\Taliah
2015-12-30 20:59 - 2013-06-21 20:54 - 00000932 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000UA.job
2015-12-30 20:59 - 2013-06-21 20:54 - 00000910 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000Core.job
2015-12-30 20:59 - 2010-08-15 12:39 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-30 20:58 - 2015-07-21 09:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-30 12:24 - 2015-07-10 18:28 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-30 12:24 - 2015-07-10 18:28 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-30 12:22 - 2015-07-10 18:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-29 17:49 - 2010-08-15 12:39 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-28 21:57 - 2015-07-21 09:17 - 00353288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-28 21:57 - 2015-07-10 18:28 - 00000000 __RSD C:\WINDOWS\Media
2015-12-28 21:56 - 2015-07-10 16:59 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-28 21:14 - 2014-04-07 15:16 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-23 19:42 - 2014-04-07 12:17 - 00436360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-12-23 19:42 - 2014-04-07 12:17 - 00081168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-12-23 19:20 - 2009-12-24 10:26 - 00000870 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000Core.job
2015-12-23 14:07 - 2012-07-28 01:23 - 00000322 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRAWR$.job
2015-12-15 04:42 - 2015-07-10 18:28 - 00000000 ____D C:\WINDOWS\rescache
2015-12-15 04:13 - 2015-09-17 19:54 - 00984150 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-15 04:13 - 2015-07-10 18:27 - 00000000 ____D C:\WINDOWS\INF
2015-12-15 04:08 - 2009-08-15 15:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-15 04:06 - 2015-07-10 18:28 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-14 15:21 - 2009-08-15 16:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-14 15:01 - 2010-06-05 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-14 14:58 - 2013-08-16 05:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-14 14:52 - 2010-10-29 20:48 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-14 14:49 - 2015-09-17 20:58 - 00000000 ____D C:\Users\Taliah\AppData\Local\Packages
2015-12-09 07:31 - 2015-07-10 18:28 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-05 12:22 - 2013-07-21 11:48 - 00000324 _____ C:\WINDOWS\Tasks\HPCeeScheduleForTaliah.job
2015-12-03 07:42 - 2014-04-28 19:30 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-12-03 07:42 - 2014-04-07 12:17 - 00209432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-12-03 07:42 - 2014-04-07 12:17 - 00117712 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-12-03 07:42 - 2014-04-07 12:17 - 00081728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-12-03 07:42 - 2014-04-07 12:17 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-12-03 07:42 - 2014-04-07 12:15 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-03 07:41 - 2015-04-18 23:59 - 00026096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2015-12-03 07:41 - 2014-04-07 12:17 - 00794952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-12-03 07:41 - 2014-04-07 12:16 - 00000000 ____D C:\Program Files\AVAST Software
2015-12-01 10:32 - 2015-10-12 03:40 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-12-01 10:32 - 2015-10-12 03:40 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-07-17 19:02 - 2015-07-17 19:02 - 6420480 _____ () C:\Program Files\GUT91DC.tmp
2015-09-17 15:52 - 2015-09-17 15:52 - 6420480 _____ () C:\Program Files\GUTAB9A.tmp
2011-02-27 19:55 - 2011-05-22 11:16 - 0001849 _____ () C:\Users\Taliah\AppData\Roaming\GhostObjGAFix.xml
2009-12-24 00:39 - 2009-12-24 00:39 - 0000000 _____ () C:\Users\Taliah\AppData\Local\AtStart.txt
2011-02-15 17:31 - 2015-01-30 21:52 - 0007680 _____ () C:\Users\Taliah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-24 00:39 - 2009-12-24 00:39 - 0000000 _____ () C:\Users\Taliah\AppData\Local\DSwitch.txt
2010-04-02 10:47 - 2013-08-06 22:33 - 0000000 _____ () C:\Users\Taliah\AppData\Local\prvlcl.dat
2009-12-24 00:39 - 2009-12-24 00:39 - 0000000 _____ () C:\Users\Taliah\AppData\Local\QSwitch.txt
2009-09-25 18:45 - 2015-12-30 21:00 - 0000320 _____ () C:\ProgramData\hpqp.ini
2010-02-16 13:53 - 2015-01-31 15:48 - 0000021 _____ () C:\ProgramData\hpqp.txt
2009-12-24 00:39 - 2015-12-30 21:04 - 0000376 _____ () C:\ProgramData\HPWALog.txt
2009-09-25 18:46 - 2009-09-25 18:46 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-15 17:22 - 2009-08-15 17:22 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-09-25 18:46 - 2009-09-25 18:46 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-15 17:16 - 2009-08-15 17:18 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-09-25 18:45 - 2009-09-25 18:45 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-09-25 18:46 - 2009-09-25 18:46 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-15 17:16 - 2009-08-15 17:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-15 17:18 - 2009-08-15 17:22 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-09-25 18:47 - 2009-09-25 18:47 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Some files in TEMP:
====================
C:\Users\Taliah\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Taliah\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Taliah\AppData\Local\Temp\{417ACF3D-D4E6-4D61-B353-BF7DF989F0B2}-47.0.2526.106_47.0.2526.80_chrome_updater_3stage.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-15 04:19

==================== End of FRST.txt ============================

yoruga · 2015/12/30

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-12-2015
Ran by Taliah (administrator) on RAWR (30-12-2015 21:24:14)
Running from C:\Users\Taliah\Downloads\Desktop
Loaded Profiles: Taliah (Available Profiles: Taliah & DefaultAppPool)
Platform: Microsoft Windows 10 Home (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\stacsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\AEstSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(CyberLink Corp.) C:\Program Files\Hp\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Google Inc.) C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Users\Taliah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Taliah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Taliah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Taliah\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Users\Taliah\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-18] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-25] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-09] (Hewlett-Packard)
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-24] (Hewlett-Packard)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-03] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3527368 2015-07-17] (Synaptics Incorporated)
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-16] (Hewlett-Packard)
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-18] (Hewlett-Packard Company)
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\...\Run: [Google Update] => C:\Users\Taliah\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [25600 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-12-03] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-04-19]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Taliah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-12-01]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 198.142.235.14 211.29.132.12 198.142.0.51
Tcpip\..\Interfaces\{5119e7d9-5c9f-4042-95dc-23d6f751cee9}: [DhcpNameServer] 198.142.235.14 211.29.132.12 198.142.0.51

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11412&pf=V7&trgb=CR&p2=%5EBBK%5EOSJ000%5EYY%5EAU&gct=hp&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EAU&apn_dbr=cr_35.0.1916.153&apn_uid=E34C3A2C-B026-4422-A53E-98651F767F98&itbv=12.15.1.20&doi=2014-07-23&psv=&pt=tb
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000 -> DefaultScope {25107C24-F015-4F20-912E-B44B05F15704} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=825
SearchScopes: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000 -> {25107C24-F015-4F20-912E-B44B05F15704} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000 -> {579649E2-0DBC-4DA9-BF72-984991796639} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11412&pf=V7&p2=^BBK^OSJ000^YY^AU&gct=&itbv=12.15.1.20&apn_uid=E34C3A2C-B026-4422-A53E-98651F767F98&apn_ptnrs=BBK&apn_dtid=^OSJ000^YY^AU&apn_dbr=cr_35.0.1916.153&doi=2014-07-23&trgb=CR&q={searchTerms}&psv=&pt=tb
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-03] (AVAST Software)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Taliah\AppData\Roaming\Mozilla\Firefox\Profiles\nex98oqn.default
FF DefaultSearchUrl: hxxp://www.bing.com/search?FORM=IEFM1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1160702305-3582450622-2665941894-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Taliah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1160702305-3582450622-2665941894-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-1160702305-3582450622-2665941894-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-12-19] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-04-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-04-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-04-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-04-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-04-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-04-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-04-17] (Apple Inc.)
FF SearchPlugin: C:\Users\Taliah\AppData\Roaming\Mozilla\Firefox\Profiles\nex98oqn.default\searchplugins\searchcanvas.xml [2013-02-20]
FF Extension: Lavasoft Search Plugin - C:\Users\Taliah\AppData\Roaming\Mozilla\Firefox\Profiles\nex98oqn.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-12-22] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-05-21] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-24] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-28] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-04-09] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-07-04] [not signed]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012-11-28] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-20] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-03]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-03]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://ninemsn.com.au/ "
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Taliah\AppData\Local\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Users\Taliah\AppData\Local\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Taliah\AppData\Local\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft Corp. DRM Netscape Plugin) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corp.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows LiveÃ‚® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Taliah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\Taliah\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\system32\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll => No File
CHR Profile: C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-22]
CHR Extension: (YouTube) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Google Search) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Qualys BrowserCheck for Windows) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhnkognlohdkpjkjongioociddgoibk [2015-12-14]
CHR Extension: (Avast Online Security) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-12]
CHR Extension: (TS1.8) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhhmlalomhpoaelhcgmaeobmbbhfnkf [2015-10-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (Gmail) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-03]
StartMenuInternet: Google Chrome - C:\Users\Taliah\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-03] (AVAST Software)
S3 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [246520 2010-10-01] (WildTangent, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-18] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2014-04-14] (The OpenVPN Project)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-01-22] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-07] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-07] (Secunia)
R2 STacSV; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [217288 2015-07-17] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-12-03] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26096 2015-12-03] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [81168 2015-12-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [81728 2015-12-03] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-12-03] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [794952 2015-12-03] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [436360 2015-12-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [117712 2015-12-03] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209432 2015-12-03] (AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athw8.sys [2777088 2012-10-01] (Qualcomm Atheros Communications, Inc.)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-02-19] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-07] (Secunia)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [492032 2015-07-10] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [35528 2015-07-17] (Synaptics Incorporated)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-08-21] (TuneUp Software)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-30 21:23 - 2015-12-30 21:24 - 00000000 ____D C:\FRST
2015-12-30 20:59 - 2015-12-30 20:59 - 00016148 _____ C:\WINDOWS\system32\RAWR_Taliah_HistoryPrediction.bin
2015-12-10 17:51 - 2015-11-25 14:55 - 01263848 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-10 17:51 - 2015-11-25 14:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-10 17:51 - 2015-11-25 14:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-10 17:51 - 2015-11-25 14:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-10 17:51 - 2015-11-25 14:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-10 17:51 - 2015-11-25 14:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-10 17:51 - 2015-11-25 14:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-10 17:50 - 2015-12-01 16:05 - 01807200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-10 17:50 - 2015-12-01 15:14 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-10 17:50 - 2015-12-01 15:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-10 17:50 - 2015-12-01 14:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-10 17:50 - 2015-11-25 15:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-10 17:50 - 2015-11-25 15:11 - 00133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-10 17:50 - 2015-11-25 15:10 - 01535024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-10 17:50 - 2015-11-25 15:08 - 00414560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-10 17:50 - 2015-11-25 15:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-10 17:50 - 2015-11-25 14:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-10 17:50 - 2015-11-25 14:28 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-10 17:50 - 2015-11-25 14:28 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-10 17:50 - 2015-11-25 14:28 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-10 17:50 - 2015-11-25 14:28 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-10 17:50 - 2015-11-25 14:28 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-10 17:50 - 2015-11-25 14:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-10 17:50 - 2015-11-25 14:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-10 17:50 - 2015-11-25 14:17 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-10 17:50 - 2015-11-25 14:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-10 17:50 - 2015-11-25 14:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-10 17:50 - 2015-11-25 14:13 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-10 17:50 - 2015-11-25 14:12 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-10 17:50 - 2015-11-25 14:12 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-10 17:50 - 2015-11-25 14:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-10 17:50 - 2015-11-25 14:11 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-10 17:50 - 2015-11-25 14:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-10 17:50 - 2015-11-25 14:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-10 17:50 - 2015-11-25 14:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-10 17:50 - 2015-11-25 14:08 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-10 17:50 - 2015-11-25 14:07 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-10 17:50 - 2015-11-25 14:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-10 17:50 - 2015-11-25 14:06 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-10 17:50 - 2015-11-25 14:04 - 02987008 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-10 17:50 - 2015-11-25 14:04 - 01134592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-10 17:50 - 2015-11-25 14:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-10 17:50 - 2015-11-25 14:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-10 17:50 - 2015-11-25 14:04 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-10 17:50 - 2015-11-25 14:04 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-10 17:50 - 2015-11-25 14:04 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-10 17:50 - 2015-11-25 14:04 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-10 17:50 - 2015-11-25 14:01 - 01499136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-10 17:50 - 2015-11-25 14:01 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-10 17:50 - 2015-11-25 12:54 - 00775312 _____ C:\WINDOWS\system32\locale.nls
2015-12-03 07:45 - 2015-12-03 07:45 - 00001191 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2015-12-03 07:45 - 2015-12-03 07:45 - 00001191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2015-12-03 07:42 - 2015-12-03 07:41 - 00322760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-12-03 07:41 - 2015-12-03 07:41 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-12-02 21:16 - 2015-12-05 12:39 - 00000000 ____D C:\Users\DefaultAppPool
2015-12-02 21:16 - 2015-12-02 21:16 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2015-12-02 21:16 - 2015-12-02 21:16 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2015-12-02 21:16 - 2015-12-02 21:16 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2015-12-02 21:16 - 2015-12-02 21:16 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2015-12-02 21:16 - 2015-12-02 21:16 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2015-12-02 21:16 - 2015-09-17 20:08 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\TuneUp Software
2015-12-02 21:16 - 2015-09-17 20:08 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2015-12-02 21:16 - 2015-09-17 20:08 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2015-12-02 21:16 - 2015-09-17 20:08 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2015-12-02 21:16 - 2015-09-17 20:08 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2015-12-02 21:16 - 2015-09-17 20:08 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2015-12-02 20:45 - 2015-12-02 22:19 - 00000000 ____D C:\Users\Taliah\Downloads\ANGELO

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-30 21:24 - 2015-07-10 16:59 - 00000000 ____D C:\Windows
2015-12-30 21:20 - 2009-12-24 10:27 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000UA.job
2015-12-30 21:04 - 2009-12-24 00:39 - 00000376 _____ C:\ProgramData\HPWALog.txt
2015-12-30 21:00 - 2012-07-16 17:49 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-30 21:00 - 2009-09-25 18:45 - 00000320 _____ C:\ProgramData\hpqp.ini
2015-12-30 20:59 - 2015-09-17 19:56 - 00000000 ____D C:\Users\Taliah
2015-12-30 20:59 - 2013-06-21 20:54 - 00000932 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000UA.job
2015-12-30 20:59 - 2013-06-21 20:54 - 00000910 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000Core.job
2015-12-30 20:59 - 2010-08-15 12:39 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-30 20:58 - 2015-07-21 09:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-30 12:24 - 2015-07-10 18:28 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-30 12:24 - 2015-07-10 18:28 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-30 12:22 - 2015-07-10 18:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-29 17:49 - 2010-08-15 12:39 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-28 21:57 - 2015-07-21 09:17 - 00353288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-28 21:57 - 2015-07-10 18:28 - 00000000 __RSD C:\WINDOWS\Media
2015-12-28 21:56 - 2015-07-10 16:59 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-28 21:14 - 2014-04-07 15:16 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-23 19:42 - 2014-04-07 12:17 - 00436360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-12-23 19:42 - 2014-04-07 12:17 - 00081168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-12-23 19:20 - 2009-12-24 10:26 - 00000870 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000Core.job
2015-12-23 14:07 - 2012-07-28 01:23 - 00000322 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRAWR$.job
2015-12-15 04:42 - 2015-07-10 18:28 - 00000000 ____D C:\WINDOWS\rescache
2015-12-15 04:13 - 2015-09-17 19:54 - 00984150 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-15 04:13 - 2015-07-10 18:27 - 00000000 ____D C:\WINDOWS\INF
2015-12-15 04:08 - 2009-08-15 15:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-15 04:06 - 2015-07-10 18:28 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-14 15:21 - 2009-08-15 16:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-14 15:01 - 2010-06-05 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-14 14:58 - 2013-08-16 05:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-14 14:52 - 2010-10-29 20:48 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-14 14:49 - 2015-09-17 20:58 - 00000000 ____D C:\Users\Taliah\AppData\Local\Packages
2015-12-09 07:31 - 2015-07-10 18:28 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-05 12:22 - 2013-07-21 11:48 - 00000324 _____ C:\WINDOWS\Tasks\HPCeeScheduleForTaliah.job
2015-12-03 07:42 - 2014-04-28 19:30 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-12-03 07:42 - 2014-04-07 12:17 - 00209432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-12-03 07:42 - 2014-04-07 12:17 - 00117712 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-12-03 07:42 - 2014-04-07 12:17 - 00081728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-12-03 07:42 - 2014-04-07 12:17 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-12-03 07:42 - 2014-04-07 12:15 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-03 07:41 - 2015-04-18 23:59 - 00026096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2015-12-03 07:41 - 2014-04-07 12:17 - 00794952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-12-03 07:41 - 2014-04-07 12:16 - 00000000 ____D C:\Program Files\AVAST Software
2015-12-01 10:32 - 2015-10-12 03:40 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-12-01 10:32 - 2015-10-12 03:40 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-07-17 19:02 - 2015-07-17 19:02 - 6420480 _____ () C:\Program Files\GUT91DC.tmp
2015-09-17 15:52 - 2015-09-17 15:52 - 6420480 _____ () C:\Program Files\GUTAB9A.tmp
2011-02-27 19:55 - 2011-05-22 11:16 - 0001849 _____ () C:\Users\Taliah\AppData\Roaming\GhostObjGAFix.xml
2009-12-24 00:39 - 2009-12-24 00:39 - 0000000 _____ () C:\Users\Taliah\AppData\Local\AtStart.txt
2011-02-15 17:31 - 2015-01-30 21:52 - 0007680 _____ () C:\Users\Taliah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-24 00:39 - 2009-12-24 00:39 - 0000000 _____ () C:\Users\Taliah\AppData\Local\DSwitch.txt
2010-04-02 10:47 - 2013-08-06 22:33 - 0000000 _____ () C:\Users\Taliah\AppData\Local\prvlcl.dat
2009-12-24 00:39 - 2009-12-24 00:39 - 0000000 _____ () C:\Users\Taliah\AppData\Local\QSwitch.txt
2009-09-25 18:45 - 2015-12-30 21:00 - 0000320 _____ () C:\ProgramData\hpqp.ini
2010-02-16 13:53 - 2015-01-31 15:48 - 0000021 _____ () C:\ProgramData\hpqp.txt
2009-12-24 00:39 - 2015-12-30 21:04 - 0000376 _____ () C:\ProgramData\HPWALog.txt
2009-09-25 18:46 - 2009-09-25 18:46 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-15 17:22 - 2009-08-15 17:22 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-09-25 18:46 - 2009-09-25 18:46 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-15 17:16 - 2009-08-15 17:18 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-09-25 18:45 - 2009-09-25 18:45 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-09-25 18:46 - 2009-09-25 18:46 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-15 17:16 - 2009-08-15 17:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-15 17:18 - 2009-08-15 17:22 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-09-25 18:47 - 2009-09-25 18:47 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Some files in TEMP:
====================
C:\Users\Taliah\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Taliah\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Taliah\AppData\Local\Temp\{417ACF3D-D4E6-4D61-B353-BF7DF989F0B2}-47.0.2526.106_47.0.2526.80_chrome_updater_3stage.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-15 04:19

==================== End of FRST.txt ============================

yoruga · 2015/12/30

Additional scan result of Farbar Recovery Scan Tool (x86) Version:29-12-2015
Ran by Taliah (2015-12-30 21:31:26)
Running from C:\Users\Taliah\Downloads\Desktop
Microsoft Windows 10 Home (X86) (2015-09-17 10:57:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1160702305-3582450622-2665941894-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1160702305-3582450622-2665941894-503 - Limited - Disabled)
Guest (S-1-5-21-1160702305-3582450622-2665941894-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1160702305-3582450622-2665941894-1002 - Limited - Enabled)
Taliah (S-1-5-21-1160702305-3582450622-2665941894-1000 - Administrator - Enabled) => C:\Users\Taliah

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Avast Pro Antivirus (HKLM\...\Avast) (Version: 11.1.2245 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Google Chrome (HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
HP Support Assistant (HKLM\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
QuickTime 7 (HKLM\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
SafeZone Stable 1.46.1990.139 (Version: 1.46.1990.139 - Avast Software) Hidden
Skype™ 7.14 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Taliah\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Taliah\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Taliah\AppData\Local\Google\Chrome\Application\47.0.2526.106\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.129\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Taliah\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {016A8C9B-1D69-4036-8A3B-8AAF9A4D6FF3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0334E04F-6800-4AEA-85BE-5D6CC38E69E9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {038F2465-F2DC-4485-9B4B-82200C29FE40} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {05B20FB9-934A-44D1-AD95-5C208E7FF81C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0D60CC62-2193-4EB3-8A50-84379E789BAA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0F220C67-CE4A-40FA-A35F-4B3AEF6E0CCD} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {122B9638-CFE7-4E36-82F9-30C69ABA3EDC} - System32\Tasks\{C63CABFC-ED6B-4A0A-B11C-096233C9AF05} => pcalua.exe -a C:\Users\Taliah\Downloads\SpyHunter-Installer.exe -d C:\Users\Taliah\Downloads
Task: {1544930C-2378-4DF2-B4BB-4D687E0081A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {22E48D3D-2F7A-4532-83ED-7F6176D54876} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {24EABE08-24F2-4734-A6E7-9E8728D2D54F} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {27DBFD86-D07D-4BCA-9158-6041DADB729F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {31405F8A-2089-4F31-BB47-88E4FE2095F1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {36B82EC7-7AEC-4851-8775-8B140AC2D203} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000UA => C:\Users\Taliah\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-21] (Facebook Inc.)
Task: {374DD704-E4BA-4C6E-A1F7-661E838B2BB0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {39F25F9D-E89C-49FB-945A-566A0157BD13} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3B977460-442D-4767-B58C-C5C85D05EB53} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000Core => C:\Users\Taliah\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-21] (Facebook Inc.)
Task: {4727D745-3176-4A73-8BCF-34EE6E1938F9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {4D1CC2A5-481D-4086-8D39-06B6E91EBBFE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4F127396-246E-4B9D-8BF4-E9F39649E29F} - System32\Tasks\avastBCLRestartS-1-5-21-1160702305-3582450622-2665941894-1000 => Chrome.exe
Task: {4F85AA5E-C2F9-475E-85FE-7CEF5A3B9278} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {5751EAED-8C16-4282-ABDA-003AB4A8EC86} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {58C3AF1D-8DB3-4557-8269-D28FAEA79BC6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {60204FA2-DE7A-4A33-B110-BFD83C477280} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {63A22AF0-FF38-437B-89CB-5D2FA4CF92FF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {64CD27C5-69CC-4F3F-ADE3-20997BBC7FF3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6637AB12-9D54-4F64-B403-99987925BDF2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000Core => C:\Users\Taliah\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6B101B15-37B8-4F6C-B0A8-1EECDDB5042C} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {6C0A2907-5A7F-4CD0-855C-84E0C22CC076} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {6D3EC6F0-7E57-48E3-B9FC-D4E0DB11892C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6DFE9F7B-8874-4FA6-BDD1-7F44A74DE843} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7980B120-DB80-40DB-8E33-429C9EC8222A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7BE062F7-1572-4357-BB43-FE2B32332CE5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {7C84E484-F2AC-46AD-B88A-3B9D73E70251} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7DF89722-24DA-45A9-8EB6-1B143B06801B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7E056306-C366-4B38-87B3-D7F34DA347FE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {82A55F70-B6B0-4750-B25D-8920B219856C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {882A40AD-7DB9-4636-A7CC-2E065B263EED} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {8B354DD2-E6FA-4C0E-B3C5-C84FE53EF4A6} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {8E5BFD59-11B4-48D9-95DF-3A9B45286BD3} - System32\Tasks\{10809A57-B3EE-4A79-B4CA-22DC426D060D} => pcalua.exe -a C:\Users\Taliah\Downloads\Adaware_Installer(2).exe -d "C:\Program Files\Lavasoft\Ad-Aware "
Task: {921940B9-DAD8-49FB-A4AD-1FFC43186405} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {93DE7302-04D9-40C0-A9FA-2B3C6A2C440D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {967DD0F2-5ACA-451D-B7FD-06457FB9501F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {96F84F17-6F87-4120-994C-299C78A68308} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {98A0E906-4EEE-485E-92CF-2920D6A84FF6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {9EF880C4-B69C-45C4-A975-AAE2CBC09E9D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9FFE1C97-B451-4DCA-954F-B438B9AFB889} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A18BC537-FE49-4B8D-B851-654FC62B09B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {A43EFA45-CBDF-476A-BCAB-D0A3425AD276} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {A51055D1-6891-4D10-A987-DAC719C77BFA} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A60EB621-78E8-49D6-A3C8-6CD908A1D2E2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A811A044-1CF1-4826-ADC1-8D9315834D6C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000UA => C:\Users\Taliah\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AFFA9408-D62E-4D64-AB50-4E65179EAD8D} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: {B085754F-EFC3-4005-B46A-5F672531A6A8} - System32\Tasks\HPCeeScheduleForTaliah => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {B29D6776-230E-4BB5-B71F-F425243A1FF2} - System32\Tasks\{321CD4F7-55B9-4043-B9AF-4CB49AFF558F} => pcalua.exe -a "C:\Users\Taliah\Downloads\Adaware_Installer (2).exe" -d C:\Users\Taliah\Downloads
Task: {B51558CF-4108-4608-ABBB-2834C8EEA982} - System32\Tasks\HPCeeScheduleForRAWR$ => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {BBC38BA3-5C95-4272-B392-06927FE9B3B1} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BF696320-E741-4EDA-97BA-A7049A6D8AA2} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {C552AC7E-965B-446F-BED3-B3825B48EFB9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C8D8B762-AB74-4DEA-B686-DD6DB478980E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CE6B438B-752C-426B-A7BD-D7A54CBC6A37} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D17C7E7A-DD06-4D3E-B4F5-5782601BE1AB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-14] (Microsoft Corporation)
Task: {D3EA7DE7-69E5-4556-A2C7-A7B64FA12C35} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-03] (AVAST Software)
Task: {D902B895-EDC3-44BC-A42A-DDB6660B134F} - System32\Tasks\SafeZone scheduled Autoupdate 1449092702 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2015-12-01] (Avast Software)
Task: {E2660FD2-E0BF-424B-B4B2-9C3C77E3F2F4} - System32\Tasks\{DA0142C9-0C0B-467C-9EE9-C1F1EBA2DC0C} => pcalua.exe -a G:\Install_Nokia_Ovi_Suite.exe -d G:\
Task: {E5A2F543-9951-45DD-A9B7-4BB67148665A} - System32\Tasks\{83CD4F5B-013E-4147-8D91-B38CDCA146CC} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.113.259/en/abandoninstall?source=lightinstaller&page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;userlevelpresent
Task: {EF953E4F-B3D5-4BEA-84B8-95246351C0DC} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F8692447-CEF7-4F92-B156-DE451D2E1D06} - System32\Tasks\{CEEB1724-29F4-4F8C-8AE6-3A5B1AED6D8D} => pcalua.exe -a C:\Users\Taliah\Downloads\wmpplugin(2).exe -d "C:\Program Files\Windows Media Player "
Task: {F98282F6-1C8E-44CE-9311-83DECACF57E8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FB6BBC94-FCAC-4C8D-B935-FCADA7B8856A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {FCA56214-ABDF-4B78-86A0-0B018B288795} - System32\Tasks\{F0B95EE7-E28B-4613-BA06-6E2328CB393F} => pcalua.exe -a "C:\Users\Taliah\Downloads\Shockwave_Installer_Slim (3).exe" -d C:\Users\Taliah\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000Core.job => C:\Users\Taliah\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000UA.job => C:\Users\Taliah\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000Core.job => C:\Users\Taliah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000UA.job => C:\Users\Taliah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForRAWR$.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForTaliah.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-10 13:57 - 2015-09-10 13:57 - 00025088 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-12-03 07:41 - 2015-12-03 07:41 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-03 07:41 - 2015-12-03 07:41 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-28 22:05 - 2015-12-28 22:05 - 02806272 _____ () C:\Program Files\AVAST Software\Avast\defs\15122706\algo.dll
2015-12-03 07:41 - 2015-12-03 07:41 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-30 21:08 - 2015-12-30 21:08 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\15123000\algo.dll
2015-09-10 13:57 - 2015-09-10 13:57 - 00301056 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2009-08-15 17:22 - 2009-01-22 04:47 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2015-10-01 18:07 - 2015-09-17 16:27 - 01766952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 18:07 - 2015-09-17 16:27 - 01766952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-10 18:24 - 2015-07-10 18:24 - 00288768 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 18:24 - 2015-07-10 18:24 - 00111104 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-12-10 17:51 - 2015-11-25 14:01 - 04317696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-10 17:50 - 2015-11-25 13:58 - 00377856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-10 17:50 - 2015-11-25 13:59 - 01183232 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 18:07 - 2015-09-17 15:26 - 01425920 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 18:25 - 2015-09-10 13:57 - 00107520 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-12-03 07:42 - 2015-12-03 07:42 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-07-16 10:51 - 2009-07-16 10:51 - 00061440 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-07-16 10:51 - 2009-07-16 10:51 - 00131072 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-07-16 10:50 - 2009-07-16 10:50 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-07-16 10:50 - 2009-07-16 10:50 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-07-16 10:50 - 2009-07-16 10:50 - 00018944 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-07-16 10:50 - 2009-07-16 10:50 - 00036864 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-07-16 10:50 - 2009-07-16 10:50 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-07-16 10:50 - 2009-07-16 10:50 - 00007680 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2009-06-18 04:40 - 2009-06-18 04:40 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2009-06-18 04:40 - 2009-06-18 04:40 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2009-06-18 04:40 - 2009-06-18 04:40 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2009-07-02 08:44 - 2009-07-02 08:44 - 00632888 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
2011-01-17 19:28 - 2005-06-28 13:59 - 00053248 _____ () C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
2015-12-18 19:40 - 2015-12-11 13:54 - 01583432 _____ () C:\Users\Taliah\AppData\Local\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-18 19:40 - 2015-12-11 13:54 - 00081224 _____ () C:\Users\Taliah\AppData\Local\Google\Chrome\Application\47.0.2526.106\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:04 - 2014-04-09 10:59 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Taliah\AppData\Local\Microsoft\Windows\Themes\img19.jpg
DNS Servers: 198.142.235.14 - 211.29.132.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
FirewallRules: [{827837D9-F071-43A8-A239-EC6B3B8F6CAD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4DA263C5-FB95-4D67-996E-77DF78C271A6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8B182900-4209-4FF6-A7F6-63939BEE96BB}] => (Allow) C:\Users\Taliah\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{9BF5036C-6E3D-486F-8AC4-FBAA0B3E56ED}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{FB878EE5-F4A8-472D-B6E7-E35B1D8EA834}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{B886B432-E7EA-4E4B-B4A5-35C9C7C62F0F}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{EC4D603E-D810-47CC-AB38-CBD472D30AFD}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{E78E2544-EB63-45B4-A919-483D05DFE676}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{69F50ECD-6DCF-468F-B6EC-973F0973B254}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{A60D9D73-1F3E-481F-A265-67412254941E}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{DC53CB26-4076-45AD-AEFD-F717E5A3EBBC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver ", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2015 05:40:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Rawr.local already in use; will try Rawr-2.local instead

Error: (12/27/2015 05:40:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 16 Rawr.local. AAAA FE80:0000:0000:0000C46:6096:C5D8:A7FB

Error: (12/27/2015 05:40:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000C46:6096:C5D8:A7FB:5353 4 Rawr.local. Addr 192.168.0.16

Error: (12/22/2015 03:01:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Rawr.local already in use; will try Rawr-2.local instead

Error: (12/22/2015 03:01:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 16 Rawr.local. AAAA FE80:0000:0000:0000C46:6096:C5D8:A7FB

Error: (12/22/2015 03:01:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000C46:6096:C5D8:A7FB:5353 4 Rawr.local. Addr 192.168.0.16

Error: (12/10/2015 01:33:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Rawr)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/10/2015 01:33:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Rawr.local already in use; will try Rawr-2.local instead

Error: (12/10/2015 01:33:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 16 Rawr.local. AAAA FE80:0000:0000:0000C46:6096:C5D8:A7FB

Error: (12/10/2015 01:33:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000C46:6096:C5D8:A7FB:5353 4 Rawr.local. Addr 192.168.0.16

System errors:
=============
Error: (12/30/2015 09:14:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/30/2015 08:58:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (12/30/2015 08:58:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:44:22 PM on ‎12/‎30/‎2015 was unexpected.

Error: (12/30/2015 12:38:18 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/29/2015 06:06:57 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/28/2015 10:14:01 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/28/2015 10:13:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/28/2015 09:59:56 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (12/28/2015 09:57:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (12/28/2015 09:56:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

CodeIntegrity:
===================================
Date: 2015-12-15 04:27:54.979
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-15 04:27:54.870
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-15 04:27:54.456
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-15 04:27:54.252
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-15 04:27:54.010
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-15 04:27:53.812
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-15 04:27:46.512
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-15 04:27:41.854
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2015-11-18 04:21:48.683
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2015-11-18 04:21:48.566
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Celeron(R) Dual-Core CPU T3000 @ 1.80GHz
Percentage of memory in use: 61%
Total physical RAM: 1978.92 MB
Available physical RAM: 757.57 MB
Total Virtual: 3962.92 MB
Available Virtual: 2497.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:220.99 GB) (Free:145.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:11.24 GB) (Free:1.88 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: CFAD9F98)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=471 MB) - (Type=27)
Partition 4: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

yoruga · 2015/12/30

sorry broni... accidentally posted the frst scan twice....

broni · 2015/12/30

No problem

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs

Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to the following:

Launch Malwarebytes Anti-Malware

A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

Click Finish.

On the Dashboard, click the 'Update Now >>' link

After the update completes, click the 'Scan Now >>' button.

Or, on the Dashboard, click the Scan Now >> button.

If an update is available, click the Update Now button.

A Threat Scan will begin.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

In most cases, a restart will be required.

Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link

After the update completes, click the 'Scan Now >>' button.

Or, on the Dashboard, click the Scan Now >> button.

If an update is available, click the Update Now button.

A Threat Scan will begin.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

In most cases, a restart will be required.

Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.

Click on the History tab > Application Logs.

Double click on the Scan Log which shows the Date and time of the scan just performed.

Click 'Export'.

Click 'Text file (*.txt)'

In the Save File dialog box which appears, click on Desktop.

In the File name: box type a name for your scan log.

A message box named 'File Saved' should appear stating "Your file has been successfully exported ".

Click Ok

Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.

Click on the History tab > Application Logs.

Double click on the Scan Log which shows the Date and time of the scan just performed.

Click 'Copy to Clipboard'

Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Scan button.

When the scan has finished click on Clean button.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

yoruga · 2015/12/30

RK report

RogueKiller V11.0.5.0 [Dec 28 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10240) 32 bits version
Started in : Normal mode
User : Taliah [Administrator]
Started from : C:\Users\Taliah\Downloads\Desktop\RogueKiller.exe
Mode : Delete -- Date : 12/31/2015 10:57:21

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\Partner -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-21-1160702305-3582450622-2665941894-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.search.ask.com/?tpid=ORJ...F98&itbv=12.15.1.20&doi=2014-07-23&psv=&pt=tb -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 198.142.235.14 211.29.132.12 198.142.0.51 ([X][-][-]) -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 198.142.235.14 211.29.132.12 198.142.0.51 ([X][-][-]) -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5119e7d9-5c9f-4042-95dc-23d6f751cee9} | DhcpNameServer : 198.142.235.14 211.29.132.12 198.142.0.51 ([X][-][-]) -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5119e7d9-5c9f-4042-95dc-23d6f751cee9} | DhcpNameServer : 198.142.235.14 211.29.132.12 198.142.0.51 ([X][-][-]) -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 4 ¤¤¤
[PUP][Folder] C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} -> Deleted
[PUP][File] C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}\0x0409.ini -> Deleted
[PUP][File] C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}\HP Support Assistant.msi -> Deleted
[PUP][Folder] C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> Removed at reboot [91]
[PUP][Folder] C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 -> ERROR [5]
[PUP][Folder] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> Removed at reboot [91]
[PUP][Folder] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86 -> ERROR [5]
[PUP][Folder] C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} -> Deleted
[PUP][File] C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi -> Deleted

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll!LdrUnloadDll : Unknown @ 0x6b03fc (jmp 0x89243dfc|jmp 0x62bcd334)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9250410AS +++++
--- User ---
[MBR] 9fa0382171597972071b7a6ff3470ef5
[BSP] 93264375a13f1e579aa1dba1782e9a68 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 226290 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 463853568 | Size: 471 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 464818176 | Size: 11512 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

yoruga · 2015/12/30

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 31-Dec-15
Scan Time: 12:32 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.30.06
Rootkit Database: v2015.12.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x86
File System: NTFS
User: Taliah

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 434337
Time Elapsed: 36 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

yoruga · 2015/12/30

malware log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 31-Dec-15
Scan Time: 12:32 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.30.06
Rootkit Database: v2015.12.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x86
File System: NTFS
User: Taliah

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 434337
Time Elapsed: 36 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

yoruga · 2015/12/30

# AdwCleaner v5.027 - Logfile created 31/12/2015 at 14:04:45
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Windows 10 Home (x86)
# Username : Taliah - RAWR
# Running from : C:\Users\Taliah\Downloads\Desktop\adwcleaner_5.027.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\Users\Taliah\AppData\Roaming\Mozilla\Firefox\Profiles\nex98oqn.default\ilividtoolbargaw

***** [ Files ] *****

[-] File Deleted : C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_isearch.avg.com_0.localstorage-journal

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKCU\Software\ilividtoolbargaw
[-] Key Deleted : HKCU\Software\AppDataLow\Software\ilividtoolbargaw
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[-] Key Deleted : HKU\.DEFAULT\Software\IBUpdaterService
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{579649E2-0DBC-4DA9-BF72-984991796639}

***** [ Web browsers ] *****

[-] [C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : slirsredirect.search.aol.com
[-] [C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : dts.search.ask.com
[-] [C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aaaaahaeginbdcckocjkhbciadcafnep
[-] [C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aaaaahlfahldnilidgnlikdckbfehhca
[-] [C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aaaaaiabcopkplhgaedhbloeejhhankf
[-] [C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dhdepfaagokllfmhfbcfmocaeigmoebo
[-] [C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2622 bytes] ##########

yoruga · 2015/12/30

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x86
Ran by Taliah (Administrator) on 31-Dec-15 at 14:21:51.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 1

Successfully deleted: HKLM\Software\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31-Dec-15 at 14:25:00.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

yoruga · 2015/12/31

okay all done ... is there any more that i need do for now..... H N Y btw.... enjoy the celebration.... from my end i'll probably communicate again on the 2nd.....

broni · 2015/12/31

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.

Make sure you checkmark Addition.txt box.

Press Scan button.

Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

yoruga · 2015/12/31

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-12-2015
Ran by Taliah (administrator) on RAWR (01-01-2016 14:35:53)
Running from C:\Users\Taliah\Downloads\Desktop
Loaded Profiles: Taliah & DefaultAppPool & (Available Profiles: Taliah & DefaultAppPool)
Platform: Microsoft Windows 10 Home (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\stacsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\AEstSrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware2\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware2\mbamservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware2\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(CyberLink Corp.) C:\Program Files\Hp\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Google Inc.) C:\Users\Taliah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Taliah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Taliah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Taliah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Taliah\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-18] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-25] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-09] (Hewlett-Packard)
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-24] (Hewlett-Packard)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-03] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3527368 2015-07-17] (Synaptics Incorporated)
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-16] (Hewlett-Packard)
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-18] (Hewlett-Packard Company)
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\...\Run: [Google Update] => C:\Users\Taliah\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [25600 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-16] (Hewlett-Packard)
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-18] (Hewlett-Packard Company)
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Taliah\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [25600 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-12-03] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-04-19]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Taliah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-12-01]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 198.142.235.14 211.29.132.12 198.142.0.51
Tcpip\..\Interfaces\{5119e7d9-5c9f-4042-95dc-23d6f751cee9}: [DhcpNameServer] 198.142.235.14 211.29.132.12 198.142.0.51

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000 -> DefaultScope {25107C24-F015-4F20-912E-B44B05F15704} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000 -> {25107C24-F015-4F20-912E-B44B05F15704} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {25107C24-F015-4F20-912E-B44B05F15704} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {25107C24-F015-4F20-912E-B44B05F15704} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-03] (AVAST Software)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Taliah\AppData\Roaming\Mozilla\Firefox\Profiles\nex98oqn.default
FF DefaultSearchUrl: hxxp://www.bing.com/search?FORM=IEFM1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1160702305-3582450622-2665941894-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Taliah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1160702305-3582450622-2665941894-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-1160702305-3582450622-2665941894-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Taliah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-12-19] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-04-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-04-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-04-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-04-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-04-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-04-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-04-17] (Apple Inc.)
FF SearchPlugin: C:\Users\Taliah\AppData\Roaming\Mozilla\Firefox\Profiles\nex98oqn.default\searchplugins\searchcanvas.xml [2013-02-20]
FF Extension: Lavasoft Search Plugin - C:\Users\Taliah\AppData\Roaming\Mozilla\Firefox\Profiles\nex98oqn.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-12-22] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-05-21] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-24] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-28] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-04-09] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-07-04] [not signed]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012-11-28] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-20] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-03]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-03]

Chrome:
=======
CHR HomePage: Default -> hxxp://ninemsn.com.au/
CHR StartupUrls: Default -> "hxxp://ninemsn.com.au/ "
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Taliah\AppData\Local\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Users\Taliah\AppData\Local\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Taliah\AppData\Local\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft Corp. DRM Netscape Plugin) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corp.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows LiveÃ‚® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Taliah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\Taliah\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\system32\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll => No File
CHR Profile: C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-22]
CHR Extension: (YouTube) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Google Search) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Qualys BrowserCheck for Windows) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhnkognlohdkpjkjongioociddgoibk [2015-12-14]
CHR Extension: (Avast Online Security) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-12]
CHR Extension: (TS1.8) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhhmlalomhpoaelhcgmaeobmbbhfnkf [2015-10-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (Gmail) - C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-03]
StartMenuInternet: Google Chrome - C:\Users\Taliah\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-03] (AVAST Software)
S3 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [246520 2010-10-01] (WildTangent, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-18] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware2\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware2\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2014-04-14] (The OpenVPN Project)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-01-22] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-07] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-07] (Secunia)
R2 STacSV; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [217288 2015-07-17] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-12-03] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26096 2015-12-03] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [81168 2015-12-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [81728 2015-12-03] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-12-03] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [794952 2015-12-03] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [436360 2015-12-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [117712 2015-12-03] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209432 2015-12-03] (AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athw8.sys [2777088 2012-10-01] (Qualcomm Atheros Communications, Inc.)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-02-19] (GFI Software)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-01-01] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-07] (Secunia)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [492032 2015-07-10] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [35528 2015-07-17] (Synaptics Incorporated)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-08-21] (TuneUp Software)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-01 14:28 - 2016-01-01 14:28 - 00016148 _____ C:\WINDOWS\system32\RAWR_Taliah_HistoryPrediction.bin
2015-12-31 13:43 - 2015-12-31 14:04 - 00000000 ____D C:\AdwCleaner
2015-12-31 13:27 - 2015-12-31 13:27 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware2
2015-12-31 12:06 - 2015-12-31 13:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2
2015-12-31 10:07 - 2015-12-31 11:00 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-31 10:07 - 2015-12-31 10:07 - 00030848 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-12-30 21:23 - 2016-01-01 14:35 - 00000000 ____D C:\FRST
2015-12-10 17:51 - 2015-11-25 14:55 - 01263848 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-10 17:51 - 2015-11-25 14:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-10 17:51 - 2015-11-25 14:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-10 17:51 - 2015-11-25 14:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-10 17:51 - 2015-11-25 14:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-10 17:51 - 2015-11-25 14:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-10 17:51 - 2015-11-25 14:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-10 17:50 - 2015-12-01 16:05 - 01807200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-10 17:50 - 2015-12-01 15:14 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-10 17:50 - 2015-12-01 15:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-10 17:50 - 2015-12-01 14:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-10 17:50 - 2015-11-25 15:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-10 17:50 - 2015-11-25 15:11 - 00133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-10 17:50 - 2015-11-25 15:10 - 01535024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-10 17:50 - 2015-11-25 15:08 - 00414560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-10 17:50 - 2015-11-25 15:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-10 17:50 - 2015-11-25 14:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-10 17:50 - 2015-11-25 14:28 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-10 17:50 - 2015-11-25 14:28 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-10 17:50 - 2015-11-25 14:28 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-10 17:50 - 2015-11-25 14:28 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-10 17:50 - 2015-11-25 14:28 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-10 17:50 - 2015-11-25 14:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-10 17:50 - 2015-11-25 14:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-10 17:50 - 2015-11-25 14:17 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-10 17:50 - 2015-11-25 14:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-10 17:50 - 2015-11-25 14:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-10 17:50 - 2015-11-25 14:13 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-10 17:50 - 2015-11-25 14:12 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-10 17:50 - 2015-11-25 14:12 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-10 17:50 - 2015-11-25 14:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-10 17:50 - 2015-11-25 14:11 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-10 17:50 - 2015-11-25 14:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-10 17:50 - 2015-11-25 14:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-10 17:50 - 2015-11-25 14:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-10 17:50 - 2015-11-25 14:08 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-10 17:50 - 2015-11-25 14:07 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-10 17:50 - 2015-11-25 14:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-10 17:50 - 2015-11-25 14:06 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-10 17:50 - 2015-11-25 14:04 - 02987008 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-10 17:50 - 2015-11-25 14:04 - 01134592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-10 17:50 - 2015-11-25 14:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-10 17:50 - 2015-11-25 14:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-10 17:50 - 2015-11-25 14:04 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-10 17:50 - 2015-11-25 14:04 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-10 17:50 - 2015-11-25 14:04 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-10 17:50 - 2015-11-25 14:04 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-10 17:50 - 2015-11-25 14:01 - 01499136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-10 17:50 - 2015-11-25 14:01 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-10 17:50 - 2015-11-25 12:54 - 00775312 _____ C:\WINDOWS\system32\locale.nls
2015-12-03 07:45 - 2015-12-03 07:45 - 00001191 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2015-12-03 07:45 - 2015-12-03 07:45 - 00001191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2015-12-03 07:42 - 2015-12-03 07:41 - 00322760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-12-03 07:41 - 2015-12-03 07:41 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-12-02 21:16 - 2015-12-05 12:39 - 00000000 ____D C:\Users\DefaultAppPool
2015-12-02 21:16 - 2015-12-02 21:16 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2015-12-02 21:16 - 2015-12-02 21:16 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2015-12-02 21:16 - 2015-12-02 21:16 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2015-12-02 21:16 - 2015-12-02 21:16 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2015-12-02 21:16 - 2015-12-02 21:16 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2015-12-02 21:16 - 2015-09-17 20:08 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\TuneUp Software
2015-12-02 21:16 - 2015-09-17 20:08 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2015-12-02 21:16 - 2015-09-17 20:08 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2015-12-02 21:16 - 2015-09-17 20:08 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2015-12-02 21:16 - 2015-09-17 20:08 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2015-12-02 21:16 - 2015-09-17 20:08 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2015-12-02 20:45 - 2015-12-02 22:19 - 00000000 ____D C:\Users\Taliah\Downloads\ANGELO

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-01 14:34 - 2015-07-10 18:28 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-01 14:29 - 2014-04-07 15:16 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-31 17:21 - 2009-12-24 10:27 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000UA.job
2015-12-31 15:00 - 2012-07-16 17:49 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-31 14:59 - 2013-06-21 20:54 - 00000932 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000UA.job
2015-12-31 14:49 - 2010-08-15 12:39 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-31 14:37 - 2009-12-24 00:39 - 00000191 _____ C:\ProgramData\HPWALog.txt
2015-12-31 14:37 - 2009-09-25 18:45 - 00000320 _____ C:\ProgramData\hpqp.ini
2015-12-31 14:36 - 2010-08-15 12:39 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-31 14:30 - 2015-07-21 09:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-31 14:29 - 2015-07-10 16:59 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-31 13:27 - 2014-04-07 15:16 - 00001140 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-31 12:10 - 2014-04-07 15:16 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-12-31 11:02 - 2015-09-17 19:56 - 00000000 ____D C:\Users\Taliah
2015-12-30 21:24 - 2015-07-10 16:59 - 00000000 ____D C:\Windows
2015-12-30 20:59 - 2013-06-21 20:54 - 00000910 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000Core.job
2015-12-30 12:24 - 2015-07-10 18:28 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-30 12:22 - 2015-07-10 18:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-28 21:57 - 2015-07-21 09:17 - 00353288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-28 21:57 - 2015-07-10 18:28 - 00000000 __RSD C:\WINDOWS\Media
2015-12-23 19:42 - 2014-04-07 12:17 - 00436360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-12-23 19:42 - 2014-04-07 12:17 - 00081168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-12-23 19:20 - 2009-12-24 10:26 - 00000870 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000Core.job
2015-12-23 14:07 - 2012-07-28 01:23 - 00000322 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRAWR$.job
2015-12-15 04:42 - 2015-07-10 18:28 - 00000000 ____D C:\WINDOWS\rescache
2015-12-15 04:13 - 2015-09-17 19:54 - 00984150 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-15 04:13 - 2015-07-10 18:27 - 00000000 ____D C:\WINDOWS\INF
2015-12-15 04:08 - 2009-08-15 15:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-15 04:06 - 2015-07-10 18:28 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-14 15:21 - 2009-08-15 16:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-14 15:01 - 2010-06-05 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-14 14:58 - 2013-08-16 05:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-14 14:52 - 2010-10-29 20:48 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-14 14:49 - 2015-09-17 20:58 - 00000000 ____D C:\Users\Taliah\AppData\Local\Packages
2015-12-09 07:31 - 2015-07-10 18:28 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-05 12:22 - 2013-07-21 11:48 - 00000324 _____ C:\WINDOWS\Tasks\HPCeeScheduleForTaliah.job
2015-12-03 07:42 - 2014-04-28 19:30 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-12-03 07:42 - 2014-04-07 12:17 - 00209432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-12-03 07:42 - 2014-04-07 12:17 - 00117712 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-12-03 07:42 - 2014-04-07 12:17 - 00081728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-12-03 07:42 - 2014-04-07 12:17 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-12-03 07:42 - 2014-04-07 12:15 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-03 07:41 - 2015-04-18 23:59 - 00026096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2015-12-03 07:41 - 2014-04-07 12:17 - 00794952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-12-03 07:41 - 2014-04-07 12:16 - 00000000 ____D C:\Program Files\AVAST Software

==================== Files in the root of some directories =======

2011-02-27 19:55 - 2011-05-22 11:16 - 0001849 _____ () C:\Users\Taliah\AppData\Roaming\GhostObjGAFix.xml
2009-12-24 00:39 - 2009-12-24 00:39 - 0000000 _____ () C:\Users\Taliah\AppData\Local\AtStart.txt
2011-02-15 17:31 - 2015-01-30 21:52 - 0007680 _____ () C:\Users\Taliah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-24 00:39 - 2009-12-24 00:39 - 0000000 _____ () C:\Users\Taliah\AppData\Local\DSwitch.txt
2010-04-02 10:47 - 2013-08-06 22:33 - 0000000 _____ () C:\Users\Taliah\AppData\Local\prvlcl.dat
2009-12-24 00:39 - 2009-12-24 00:39 - 0000000 _____ () C:\Users\Taliah\AppData\Local\QSwitch.txt
2009-09-25 18:45 - 2015-12-31 14:37 - 0000320 _____ () C:\ProgramData\hpqp.ini
2010-02-16 13:53 - 2015-01-31 15:48 - 0000021 _____ () C:\ProgramData\hpqp.txt
2009-12-24 00:39 - 2015-12-31 14:37 - 0000191 _____ () C:\ProgramData\HPWALog.txt
2009-09-25 18:46 - 2009-09-25 18:46 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-15 17:22 - 2009-08-15 17:22 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-09-25 18:46 - 2009-09-25 18:46 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-15 17:16 - 2009-08-15 17:18 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-09-25 18:45 - 2009-09-25 18:45 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-09-25 18:46 - 2009-09-25 18:46 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-15 17:16 - 2009-08-15 17:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-15 17:18 - 2009-08-15 17:22 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-09-25 18:47 - 2009-09-25 18:47 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Some files in TEMP:
====================
C:\Users\Taliah\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Taliah\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Taliah\AppData\Local\Temp\sqlite3.dll
C:\Users\Taliah\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Taliah\AppData\Local\Temp\{417ACF3D-D4E6-4D61-B353-BF7DF989F0B2}-47.0.2526.106_47.0.2526.80_chrome_updater_3stage.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-15 04:19

==================== End of FRST.txt ============================

yoruga · 2015/12/31

addition txt..... frst just above

Additional scan result of Farbar Recovery Scan Tool (x86) Version:29-12-2015
Ran by Taliah (2016-01-01 14:39:00)
Running from C:\Users\Taliah\Downloads\Desktop
Microsoft Windows 10 Home (X86) (2015-09-17 10:57:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1160702305-3582450622-2665941894-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1160702305-3582450622-2665941894-503 - Limited - Disabled)
Guest (S-1-5-21-1160702305-3582450622-2665941894-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1160702305-3582450622-2665941894-1002 - Limited - Enabled)
Taliah (S-1-5-21-1160702305-3582450622-2665941894-1000 - Administrator - Enabled) => C:\Users\Taliah

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Avast Pro Antivirus (HKLM\...\Avast) (Version: 11.1.2245 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Google Chrome (HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Chrome (HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
HP Support Assistant (HKLM\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
QuickTime 7 (HKLM\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
SafeZone Stable 1.46.1990.139 (Version: 1.46.1990.139 - Avast Software) Hidden
Skypeâ„¢ 7.14 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Taliah\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Taliah\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Taliah\AppData\Local\Google\Chrome\Application\47.0.2526.106\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.129\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Taliah\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Taliah\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Taliah\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Taliah\AppData\Local\Google\Chrome\Application\47.0.2526.106\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.129\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Taliah\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1160702305-3582450622-2665941894-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Taliah\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {016A8C9B-1D69-4036-8A3B-8AAF9A4D6FF3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0334E04F-6800-4AEA-85BE-5D6CC38E69E9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {038F2465-F2DC-4485-9B4B-82200C29FE40} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {05B20FB9-934A-44D1-AD95-5C208E7FF81C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0D60CC62-2193-4EB3-8A50-84379E789BAA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0F220C67-CE4A-40FA-A35F-4B3AEF6E0CCD} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {122B9638-CFE7-4E36-82F9-30C69ABA3EDC} - System32\Tasks\{C63CABFC-ED6B-4A0A-B11C-096233C9AF05} => pcalua.exe -a C:\Users\Taliah\Downloads\SpyHunter-Installer.exe -d C:\Users\Taliah\Downloads
Task: {1544930C-2378-4DF2-B4BB-4D687E0081A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {22E48D3D-2F7A-4532-83ED-7F6176D54876} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {24EABE08-24F2-4734-A6E7-9E8728D2D54F} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {27DBFD86-D07D-4BCA-9158-6041DADB729F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {31405F8A-2089-4F31-BB47-88E4FE2095F1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {36B82EC7-7AEC-4851-8775-8B140AC2D203} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000UA => C:\Users\Taliah\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-21] (Facebook Inc.)
Task: {374DD704-E4BA-4C6E-A1F7-661E838B2BB0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {39F25F9D-E89C-49FB-945A-566A0157BD13} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3B977460-442D-4767-B58C-C5C85D05EB53} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000Core => C:\Users\Taliah\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-21] (Facebook Inc.)
Task: {4727D745-3176-4A73-8BCF-34EE6E1938F9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {4D1CC2A5-481D-4086-8D39-06B6E91EBBFE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4F127396-246E-4B9D-8BF4-E9F39649E29F} - System32\Tasks\avastBCLRestartS-1-5-21-1160702305-3582450622-2665941894-1000 => Chrome.exe
Task: {4F85AA5E-C2F9-475E-85FE-7CEF5A3B9278} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {5751EAED-8C16-4282-ABDA-003AB4A8EC86} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {58C3AF1D-8DB3-4557-8269-D28FAEA79BC6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {60204FA2-DE7A-4A33-B110-BFD83C477280} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {63A22AF0-FF38-437B-89CB-5D2FA4CF92FF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {64CD27C5-69CC-4F3F-ADE3-20997BBC7FF3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6637AB12-9D54-4F64-B403-99987925BDF2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000Core => C:\Users\Taliah\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6B101B15-37B8-4F6C-B0A8-1EECDDB5042C} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {6C0A2907-5A7F-4CD0-855C-84E0C22CC076} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {6D3EC6F0-7E57-48E3-B9FC-D4E0DB11892C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6DFE9F7B-8874-4FA6-BDD1-7F44A74DE843} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7980B120-DB80-40DB-8E33-429C9EC8222A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7BE062F7-1572-4357-BB43-FE2B32332CE5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {7C84E484-F2AC-46AD-B88A-3B9D73E70251} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7DF89722-24DA-45A9-8EB6-1B143B06801B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7E056306-C366-4B38-87B3-D7F34DA347FE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {82A55F70-B6B0-4750-B25D-8920B219856C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {882A40AD-7DB9-4636-A7CC-2E065B263EED} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {8B354DD2-E6FA-4C0E-B3C5-C84FE53EF4A6} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {8E5BFD59-11B4-48D9-95DF-3A9B45286BD3} - System32\Tasks\{10809A57-B3EE-4A79-B4CA-22DC426D060D} => pcalua.exe -a C:\Users\Taliah\Downloads\Adaware_Installer(2).exe -d "C:\Program Files\Lavasoft\Ad-Aware "
Task: {921940B9-DAD8-49FB-A4AD-1FFC43186405} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {93DE7302-04D9-40C0-A9FA-2B3C6A2C440D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {967DD0F2-5ACA-451D-B7FD-06457FB9501F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {96F84F17-6F87-4120-994C-299C78A68308} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {98A0E906-4EEE-485E-92CF-2920D6A84FF6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {9EF880C4-B69C-45C4-A975-AAE2CBC09E9D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9FFE1C97-B451-4DCA-954F-B438B9AFB889} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A18BC537-FE49-4B8D-B851-654FC62B09B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {A43EFA45-CBDF-476A-BCAB-D0A3425AD276} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {A51055D1-6891-4D10-A987-DAC719C77BFA} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A60EB621-78E8-49D6-A3C8-6CD908A1D2E2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A811A044-1CF1-4826-ADC1-8D9315834D6C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000UA => C:\Users\Taliah\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AFFA9408-D62E-4D64-AB50-4E65179EAD8D} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: {B085754F-EFC3-4005-B46A-5F672531A6A8} - System32\Tasks\HPCeeScheduleForTaliah => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {B29D6776-230E-4BB5-B71F-F425243A1FF2} - System32\Tasks\{321CD4F7-55B9-4043-B9AF-4CB49AFF558F} => pcalua.exe -a "C:\Users\Taliah\Downloads\Adaware_Installer (2).exe" -d C:\Users\Taliah\Downloads
Task: {B51558CF-4108-4608-ABBB-2834C8EEA982} - System32\Tasks\HPCeeScheduleForRAWR$ => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {BBC38BA3-5C95-4272-B392-06927FE9B3B1} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BF696320-E741-4EDA-97BA-A7049A6D8AA2} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {C552AC7E-965B-446F-BED3-B3825B48EFB9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C8D8B762-AB74-4DEA-B686-DD6DB478980E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CE6B438B-752C-426B-A7BD-D7A54CBC6A37} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D17C7E7A-DD06-4D3E-B4F5-5782601BE1AB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-14] (Microsoft Corporation)
Task: {D3EA7DE7-69E5-4556-A2C7-A7B64FA12C35} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-03] (AVAST Software)
Task: {D902B895-EDC3-44BC-A42A-DDB6660B134F} - System32\Tasks\SafeZone scheduled Autoupdate 1449092702 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2015-12-01] (Avast Software)
Task: {E2660FD2-E0BF-424B-B4B2-9C3C77E3F2F4} - System32\Tasks\{DA0142C9-0C0B-467C-9EE9-C1F1EBA2DC0C} => pcalua.exe -a G:\Install_Nokia_Ovi_Suite.exe -d G:\
Task: {E5A2F543-9951-45DD-A9B7-4BB67148665A} - System32\Tasks\{83CD4F5B-013E-4147-8D91-B38CDCA146CC} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.113.259/en/abandoninstall?source=lightinstaller&page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;userlevelpresent
Task: {EF953E4F-B3D5-4BEA-84B8-95246351C0DC} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F8692447-CEF7-4F92-B156-DE451D2E1D06} - System32\Tasks\{CEEB1724-29F4-4F8C-8AE6-3A5B1AED6D8D} => pcalua.exe -a C:\Users\Taliah\Downloads\wmpplugin(2).exe -d "C:\Program Files\Windows Media Player "
Task: {F98282F6-1C8E-44CE-9311-83DECACF57E8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FB6BBC94-FCAC-4C8D-B935-FCADA7B8856A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {FCA56214-ABDF-4B78-86A0-0B018B288795} - System32\Tasks\{F0B95EE7-E28B-4613-BA06-6E2328CB393F} => pcalua.exe -a "C:\Users\Taliah\Downloads\Shockwave_Installer_Slim (3).exe" -d C:\Users\Taliah\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000Core.job => C:\Users\Taliah\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000UA.job => C:\Users\Taliah\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000Core.job => C:\Users\Taliah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000UA.job => C:\Users\Taliah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForRAWR$.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForTaliah.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-10 13:57 - 2015-09-10 13:57 - 00025088 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-12-03 07:41 - 2015-12-03 07:41 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-03 07:41 - 2015-12-03 07:41 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-31 11:05 - 2015-12-31 11:05 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\15123001\algo.dll
2015-12-03 07:41 - 2015-12-03 07:41 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-09-10 13:57 - 2015-09-10 13:57 - 00301056 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2009-08-15 17:22 - 2009-01-22 04:47 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2015-10-01 18:07 - 2015-09-17 16:27 - 01766952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 18:07 - 2015-09-17 16:27 - 01766952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-10 18:24 - 2015-07-10 18:24 - 00288768 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-10 17:51 - 2015-11-25 14:01 - 04317696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-10 17:50 - 2015-11-25 13:58 - 00377856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-10 17:50 - 2015-11-25 13:59 - 01183232 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 18:07 - 2015-09-17 15:26 - 01425920 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-03 07:42 - 2015-12-03 07:42 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-07-16 10:51 - 2009-07-16 10:51 - 00061440 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-07-16 10:51 - 2009-07-16 10:51 - 00131072 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-07-16 10:50 - 2009-07-16 10:50 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-07-16 10:50 - 2009-07-16 10:50 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-07-16 10:50 - 2009-07-16 10:50 - 00018944 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-07-16 10:50 - 2009-07-16 10:50 - 00036864 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-07-16 10:50 - 2009-07-16 10:50 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-07-16 10:50 - 2009-07-16 10:50 - 00007680 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2009-06-18 04:40 - 2009-06-18 04:40 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2009-06-18 04:40 - 2009-06-18 04:40 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2009-06-18 04:40 - 2009-06-18 04:40 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2009-07-02 08:44 - 2009-07-02 08:44 - 00632888 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
2015-12-18 19:40 - 2015-12-11 13:54 - 01583432 _____ () C:\Users\Taliah\AppData\Local\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-18 19:40 - 2015-12-11 13:54 - 00081224 _____ () C:\Users\Taliah\AppData\Local\Google\Chrome\Application\47.0.2526.106\libegl.dll
2015-12-26 22:53 - 2015-12-24 07:46 - 16792256 _____ () C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:04 - 2014-04-09 10:59 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Taliah\AppData\Local\Microsoft\Windows\Themes\img19.jpg
HKU\S-1-5-21-1160702305-3582450622-2665941894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Taliah\AppData\Local\Microsoft\Windows\Themes\img19.jpg
DNS Servers: 198.142.235.14 - 211.29.132.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
FirewallRules: [{827837D9-F071-43A8-A239-EC6B3B8F6CAD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4DA263C5-FB95-4D67-996E-77DF78C271A6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8B182900-4209-4FF6-A7F6-63939BEE96BB}] => (Allow) C:\Users\Taliah\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{9BF5036C-6E3D-486F-8AC4-FBAA0B3E56ED}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{FB878EE5-F4A8-472D-B6E7-E35B1D8EA834}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{B886B432-E7EA-4E4B-B4A5-35C9C7C62F0F}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{EC4D603E-D810-47CC-AB38-CBD472D30AFD}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{E78E2544-EB63-45B4-A919-483D05DFE676}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{69F50ECD-6DCF-468F-B6EC-973F0973B254}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{A60D9D73-1F3E-481F-A265-67412254941E}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{DC53CB26-4076-45AD-AEFD-F717E5A3EBBC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver ", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2015 02:28:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Rawr)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/31/2015 09:50:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Rawr.local already in use; will try Rawr-2.local instead

Error: (12/31/2015 09:50:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 16 Rawr.local. AAAA FE80:0000:0000:0000C46:6096:C5D8:A7FB

Error: (12/31/2015 09:50:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000C46:6096:C5D8:A7FB:5353 4 Rawr.local. Addr 192.168.0.16

Error: (12/27/2015 05:40:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Rawr.local already in use; will try Rawr-2.local instead

Error: (12/27/2015 05:40:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 16 Rawr.local. AAAA FE80:0000:0000:0000C46:6096:C5D8:A7FB

Error: (12/27/2015 05:40:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000C46:6096:C5D8:A7FB:5353 4 Rawr.local. Addr 192.168.0.16

Error: (12/22/2015 03:01:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Rawr.local already in use; will try Rawr-2.local instead

Error: (12/22/2015 03:01:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 16 Rawr.local. AAAA FE80:0000:0000:0000C46:6096:C5D8:A7FB

Error: (12/22/2015 03:01:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000C46:6096:C5D8:A7FB:5353 4 Rawr.local. Addr 192.168.0.16

System errors:
=============
Error: (12/31/2015 06:46:03 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/31/2015 05:35:34 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/31/2015 03:03:31 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/31/2015 02:30:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (12/31/2015 02:28:30 PM) (Source: DCOM) (EventID: 10010) (User: Rawr)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca

Error: (12/31/2015 02:28:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/31/2015 02:07:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (12/31/2015 02:06:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Message Queuing service depends on the Windows Event Log service which failed to start because of the following error:
%%3

Error: (12/31/2015 02:06:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Event Log service failed to start due to the following error:
%%3

Error: (12/31/2015 02:06:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

CodeIntegrity:
===================================
Date: 2015-12-15 04:27:54.979
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-15 04:27:54.870
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-15 04:27:54.456
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-15 04:27:54.252
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-15 04:27:54.010
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-15 04:27:53.812
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-15 04:27:46.512
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-15 04:27:41.854
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2015-11-18 04:21:48.683
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2015-11-18 04:21:48.566
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Celeron(R) Dual-Core CPU T3000 @ 1.80GHz
Percentage of memory in use: 68%
Total physical RAM: 1978.92 MB
Available physical RAM: 615.89 MB
Total Virtual: 3962.92 MB
Available Virtual: 2049.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:220.99 GB) (Free:145.29 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:11.24 GB) (Free:1.88 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: CFAD9F98)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=471 MB) - (Type=27)
Partition 4: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

broni · 2016/01/01

FRST reports:
ATTENTION: System Restore is disabled
Did you disable system restore for whatever reason?

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Log in or Sign up

Solved help with cleaning....

yoruga Well-Known Member Thread Starter

broni Moderator Malware Analyst

yoruga Well-Known Member Thread Starter

broni Moderator Malware Analyst

yoruga Well-Known Member Thread Starter

yoruga Well-Known Member Thread Starter

yoruga Well-Known Member Thread Starter

yoruga Well-Known Member Thread Starter

yoruga Well-Known Member Thread Starter

broni Moderator Malware Analyst

yoruga Well-Known Member Thread Starter

yoruga Well-Known Member Thread Starter

yoruga Well-Known Member Thread Starter

yoruga Well-Known Member Thread Starter

yoruga Well-Known Member Thread Starter

yoruga Well-Known Member Thread Starter

broni Moderator Malware Analyst

yoruga Well-Known Member Thread Starter

yoruga Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

Share This Page

Log in or Sign up

Solved help with cleaning....

yoruga Well-Known Member Thread Starter

broni Moderator Malware Analyst

yoruga Well-Known Member Thread Starter

broni Moderator Malware Analyst

yoruga Well-Known Member Thread Starter

yoruga Well-Known Member Thread Starter

yoruga Well-Known Member Thread Starter

yoruga Well-Known Member Thread Starter

yoruga Well-Known Member Thread Starter

broni Moderator Malware Analyst

yoruga Well-Known Member Thread Starter

yoruga Well-Known Member Thread Starter

yoruga Well-Known Member Thread Starter

yoruga Well-Known Member Thread Starter

yoruga Well-Known Member Thread Starter

yoruga Well-Known Member Thread Starter

broni Moderator Malware Analyst

yoruga Well-Known Member Thread Starter

yoruga Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

Share This Page

Useful Searches