Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-08-2016
Ran by User (administrator) on USER-PC (01-09-2016 22:45:14)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor Corporation) C:\Program Files\Realtek\RtkDashClientInstaller\RtkDashClient.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Nikon Corporation) C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Nikon Transfer Monitor] => C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [485208 2008-09-30] (Nikon Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9103976 2007-01-05] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2475208721-2473668524-3493324416-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-2475208721-2473668524-3493324416-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6675672 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-2475208721-2473668524-3493324416-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2007-01-05] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-11-06]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2011-11-06]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013-09-24]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{206356D4-65A8-4178-A10D-E5F4C5F97CCC}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2475208721-2473668524-3493324416-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2475208721-2473668524-3493324416-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2475208721-2473668524-3493324416-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2475208721-2473668524-3493324416-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2475208721-2473668524-3493324416-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-09-01] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2007-01-05] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-01] (Oracle Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rjag72xr.default-1388724335988
FF NewTab: hxxp://search.searchfmn.com?uid=5634578a-7084-434d-9c52-8daa3b4fe7ba&uc=20160404&ap=appfocus29&source=2285-d1qkqlydq1ummqwl8-bb8&page=newtab&implementation_id=maps_0.2.0
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-19] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-12-18] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Extension: (WOT) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rjag72xr.default-1388724335988\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-05] [not signed]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2007-01-05]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2007-01-05]
Chrome:
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=715483&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=715483&fr=yo-yhp-ch"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=715483&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com Search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-07]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-07]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-06]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-15]
CHR Extension: (Avira Browser Safety) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-16]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-06]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-15]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2007-01-05] (AVAST Software)
S2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-02] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2007-01-05] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2007-01-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2007-01-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2007-01-05] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2007-01-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735352 2007-01-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [434144 2007-01-05] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2007-01-05] (AVAST Software)
R3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2007-01-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2007-01-05] (AVAST Software)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-01-21] (Avanquest Software) [File not signed]
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2008-01-20] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
R2 RtDashPt; C:\Windows\System32\DRIVERS\RtDashPt.sys [35432 2011-09-19] (Windows (R) Codename Longhorn DDK provider)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [609920 2011-06-24] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [970496 2011-06-24] (eMPIA Technology, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S4 avgntflt; system32\DRIVERS\avgntflt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-01 22:45 - 2016-09-01 22:47 - 00016992 _____ C:\Users\User\Downloads\FRST.txt
2016-09-01 22:45 - 2016-09-01 22:45 - 00000000 ____D C:\FRST
2016-09-01 22:44 - 2016-09-01 22:44 - 01747968 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2016-09-01 22:41 - 2016-09-01 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-09-01 22:41 - 2016-09-01 22:41 - 00000000 ____D C:\Program Files\QuickTime
2016-09-01 22:39 - 2016-09-01 22:39 - 00000000 ____D C:\Program Files\Bonjour
2016-09-01 22:38 - 2016-09-01 22:38 - 00000000 ____D C:\Program Files\Apple Software Update
2016-09-01 22:37 - 2016-09-01 22:37 - 00000000 ____D C:\Windows\LastGood
2016-09-01 22:34 - 2016-09-01 22:34 - 00000000 ____D C:\Users\User\AppData\Roaming\Sun
2016-09-01 22:34 - 2016-09-01 22:34 - 00000000 ____D C:\Users\User\.oracle_jre_usage
2016-09-01 22:34 - 2016-09-01 22:34 - 00000000 ____D C:\Program Files\Common Files\Java
2016-08-22 03:08 - 2016-07-11 01:40 - 02072064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-22 03:06 - 2016-07-11 03:00 - 01260032 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-21 12:13 - 2016-08-21 12:13 - 00022016 ____H C:\Users\User\Documents\~WRL1939.tmp
2016-08-21 10:58 - 2016-07-15 17:32 - 01815552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-21 10:58 - 2016-07-15 17:31 - 12841472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-21 10:58 - 2016-07-15 17:29 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-21 10:58 - 2016-07-15 17:27 - 09755136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-21 10:58 - 2016-07-15 17:27 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-21 10:58 - 2016-07-15 17:27 - 01129984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-21 10:58 - 2016-07-15 17:26 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-21 10:58 - 2016-07-15 17:26 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-21 10:58 - 2016-07-15 17:25 - 01804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-21 10:58 - 2016-07-15 17:25 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-21 10:58 - 2016-07-15 17:25 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-21 10:58 - 2016-07-15 17:25 - 00354304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-21 10:58 - 2016-07-15 17:25 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-08-21 10:58 - 2016-07-15 17:25 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-21 10:58 - 2016-07-15 17:25 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-21 10:58 - 2016-07-15 17:25 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-08-21 10:58 - 2016-07-15 17:25 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-08-21 10:58 - 2016-07-15 17:24 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-21 10:58 - 2016-07-15 17:24 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-21 10:58 - 2016-07-15 17:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-21 10:58 - 2016-07-15 17:24 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-21 10:58 - 2016-07-15 17:24 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-08-15 16:46 - 2016-08-15 16:46 - 00020480 ____H C:\Users\User\Documents\~WRL3573.tmp
2016-08-08 03:06 - 2016-06-25 11:37 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-08-08 03:06 - 2016-06-25 11:37 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-08-08 03:06 - 2016-06-25 11:37 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-08-08 03:06 - 2016-06-25 11:37 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-08-08 03:06 - 2016-06-25 10:40 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-01 22:43 - 2013-09-24 23:34 - 00000859 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-09-01 22:38 - 2013-09-24 23:30 - 00001830 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-09-01 22:37 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2016-09-01 22:35 - 2013-09-24 21:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-01 22:34 - 2014-11-13 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-01 22:33 - 2014-11-13 22:24 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-09-01 22:33 - 2014-11-13 22:23 - 00000000 ____D C:\Program Files\Java
2016-09-01 22:32 - 2016-05-13 05:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-09-01 22:32 - 2012-10-28 10:54 - 00000000 ____D C:\Users\User\AppData\Roaming\Avira
2016-09-01 22:32 - 2012-10-28 10:51 - 00000000 ____D C:\ProgramData\Avira
2016-08-22 03:42 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2016-08-22 03:26 - 2006-11-02 08:47 - 00247344 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-22 03:06 - 2013-08-15 03:07 - 00000000 ____D C:\Windows\system32\MRT
2016-08-22 03:02 - 2006-11-02 06:24 - 144884648 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-08-21 18:05 - 2012-03-17 17:04 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2475208721-2473668524-3493324416-1000Core.job
2016-08-08 03:31 - 2016-05-13 05:28 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-06 09:35 - 2013-05-15 13:05 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
==================== Files in the root of some directories =======
2012-11-15 16:01 - 2012-11-15 16:01 - 9842040 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2011-12-08 21:54 - 2011-12-08 21:54 - 0000268 ___RH () C:\Users\User\AppData\Roaming\Tuner
2011-11-04 20:18 - 2013-05-05 14:45 - 0000680 _____ () C:\Users\User\AppData\Local\d3d9caps.dat
2011-12-08 23:44 - 2014-03-17 16:31 - 0006144 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-06 19:23 - 2011-11-06 19:35 - 0000444 _____ () C:\ProgramData\hpzinstall.log
2011-12-08 21:54 - 2013-04-24 19:56 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2011-12-08 21:54 - 2011-12-08 21:54 - 0000268 ___RH () C:\ProgramData\Utilities
Some files in TEMP:
====================
C:\Users\User\AppData\Local\temp\avgnt.exe
C:\Users\User\AppData\Local\temp\GURB74.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2007-01-05 13:34
==================== End of FRST.txt ============================
Ran by User (administrator) on USER-PC (01-09-2016 22:45:14)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor Corporation) C:\Program Files\Realtek\RtkDashClientInstaller\RtkDashClient.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Nikon Corporation) C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Nikon Transfer Monitor] => C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [485208 2008-09-30] (Nikon Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9103976 2007-01-05] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2475208721-2473668524-3493324416-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-2475208721-2473668524-3493324416-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6675672 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-2475208721-2473668524-3493324416-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2007-01-05] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-11-06]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2011-11-06]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013-09-24]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{206356D4-65A8-4178-A10D-E5F4C5F97CCC}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2475208721-2473668524-3493324416-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2475208721-2473668524-3493324416-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2475208721-2473668524-3493324416-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2475208721-2473668524-3493324416-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2475208721-2473668524-3493324416-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-09-01] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2007-01-05] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-01] (Oracle Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rjag72xr.default-1388724335988
FF NewTab: hxxp://search.searchfmn.com?uid=5634578a-7084-434d-9c52-8daa3b4fe7ba&uc=20160404&ap=appfocus29&source=2285-d1qkqlydq1ummqwl8-bb8&page=newtab&implementation_id=maps_0.2.0
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-19] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-12-18] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Extension: (WOT) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rjag72xr.default-1388724335988\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-05] [not signed]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2007-01-05]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2007-01-05]
Chrome:
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=715483&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=715483&fr=yo-yhp-ch"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=715483&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com Search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-07]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-07]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-06]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-15]
CHR Extension: (Avira Browser Safety) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-16]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-06]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-15]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2007-01-05] (AVAST Software)
S2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-02] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2007-01-05] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2007-01-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2007-01-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2007-01-05] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2007-01-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735352 2007-01-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [434144 2007-01-05] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2007-01-05] (AVAST Software)
R3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2007-01-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2007-01-05] (AVAST Software)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-01-21] (Avanquest Software) [File not signed]
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2008-01-20] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
R2 RtDashPt; C:\Windows\System32\DRIVERS\RtDashPt.sys [35432 2011-09-19] (Windows (R) Codename Longhorn DDK provider)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [609920 2011-06-24] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [970496 2011-06-24] (eMPIA Technology, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S4 avgntflt; system32\DRIVERS\avgntflt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-01 22:45 - 2016-09-01 22:47 - 00016992 _____ C:\Users\User\Downloads\FRST.txt
2016-09-01 22:45 - 2016-09-01 22:45 - 00000000 ____D C:\FRST
2016-09-01 22:44 - 2016-09-01 22:44 - 01747968 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2016-09-01 22:41 - 2016-09-01 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-09-01 22:41 - 2016-09-01 22:41 - 00000000 ____D C:\Program Files\QuickTime
2016-09-01 22:39 - 2016-09-01 22:39 - 00000000 ____D C:\Program Files\Bonjour
2016-09-01 22:38 - 2016-09-01 22:38 - 00000000 ____D C:\Program Files\Apple Software Update
2016-09-01 22:37 - 2016-09-01 22:37 - 00000000 ____D C:\Windows\LastGood
2016-09-01 22:34 - 2016-09-01 22:34 - 00000000 ____D C:\Users\User\AppData\Roaming\Sun
2016-09-01 22:34 - 2016-09-01 22:34 - 00000000 ____D C:\Users\User\.oracle_jre_usage
2016-09-01 22:34 - 2016-09-01 22:34 - 00000000 ____D C:\Program Files\Common Files\Java
2016-08-22 03:08 - 2016-07-11 01:40 - 02072064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-22 03:06 - 2016-07-11 03:00 - 01260032 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-21 12:13 - 2016-08-21 12:13 - 00022016 ____H C:\Users\User\Documents\~WRL1939.tmp
2016-08-21 10:58 - 2016-07-15 17:32 - 01815552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-21 10:58 - 2016-07-15 17:31 - 12841472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-21 10:58 - 2016-07-15 17:29 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-21 10:58 - 2016-07-15 17:27 - 09755136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-21 10:58 - 2016-07-15 17:27 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-21 10:58 - 2016-07-15 17:27 - 01129984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-21 10:58 - 2016-07-15 17:26 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-21 10:58 - 2016-07-15 17:26 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-21 10:58 - 2016-07-15 17:25 - 01804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-21 10:58 - 2016-07-15 17:25 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-21 10:58 - 2016-07-15 17:25 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-21 10:58 - 2016-07-15 17:25 - 00354304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-21 10:58 - 2016-07-15 17:25 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-08-21 10:58 - 2016-07-15 17:25 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-21 10:58 - 2016-07-15 17:25 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-21 10:58 - 2016-07-15 17:25 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-08-21 10:58 - 2016-07-15 17:25 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-08-21 10:58 - 2016-07-15 17:24 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-21 10:58 - 2016-07-15 17:24 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-21 10:58 - 2016-07-15 17:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-21 10:58 - 2016-07-15 17:24 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-21 10:58 - 2016-07-15 17:24 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-08-15 16:46 - 2016-08-15 16:46 - 00020480 ____H C:\Users\User\Documents\~WRL3573.tmp
2016-08-08 03:06 - 2016-06-25 11:37 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-08-08 03:06 - 2016-06-25 11:37 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-08-08 03:06 - 2016-06-25 11:37 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-08-08 03:06 - 2016-06-25 11:37 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-08-08 03:06 - 2016-06-25 10:40 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-01 22:43 - 2013-09-24 23:34 - 00000859 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-09-01 22:38 - 2013-09-24 23:30 - 00001830 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-09-01 22:37 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\inf
2016-09-01 22:35 - 2013-09-24 21:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-01 22:34 - 2014-11-13 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-01 22:33 - 2014-11-13 22:24 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-09-01 22:33 - 2014-11-13 22:23 - 00000000 ____D C:\Program Files\Java
2016-09-01 22:32 - 2016-05-13 05:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-09-01 22:32 - 2012-10-28 10:54 - 00000000 ____D C:\Users\User\AppData\Roaming\Avira
2016-09-01 22:32 - 2012-10-28 10:51 - 00000000 ____D C:\ProgramData\Avira
2016-08-22 03:42 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2016-08-22 03:26 - 2006-11-02 08:47 - 00247344 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-22 03:06 - 2013-08-15 03:07 - 00000000 ____D C:\Windows\system32\MRT
2016-08-22 03:02 - 2006-11-02 06:24 - 144884648 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-08-21 18:05 - 2012-03-17 17:04 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2475208721-2473668524-3493324416-1000Core.job
2016-08-08 03:31 - 2016-05-13 05:28 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-06 09:35 - 2013-05-15 13:05 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
==================== Files in the root of some directories =======
2012-11-15 16:01 - 2012-11-15 16:01 - 9842040 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2011-12-08 21:54 - 2011-12-08 21:54 - 0000268 ___RH () C:\Users\User\AppData\Roaming\Tuner
2011-11-04 20:18 - 2013-05-05 14:45 - 0000680 _____ () C:\Users\User\AppData\Local\d3d9caps.dat
2011-12-08 23:44 - 2014-03-17 16:31 - 0006144 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-06 19:23 - 2011-11-06 19:35 - 0000444 _____ () C:\ProgramData\hpzinstall.log
2011-12-08 21:54 - 2013-04-24 19:56 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2011-12-08 21:54 - 2011-12-08 21:54 - 0000268 ___RH () C:\ProgramData\Utilities
Some files in TEMP:
====================
C:\Users\User\AppData\Local\temp\avgnt.exe
C:\Users\User\AppData\Local\temp\GURB74.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2007-01-05 13:34
==================== End of FRST.txt ============================