TechSpot

Internet connected but browsers won't launch

By Paprika
Jul 1, 2015
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
    Ran by Owner (administrator) on LEICHTSCHLAMPE on 01-07-2015 18:51:56
    Running from C:\Users\Owner\Desktop
    Loaded Profiles: Owner (Available Profiles: Owner & Mcx1 & Guest)
    Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    () C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
    () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
    (Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
    () C:\Windows\SysWOW64\PSIService.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    () C:\Users\Owner\AppData\Roaming\DE812343-1435536936-39DE-9380-002618223636\hnsrB284.tmp
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
    () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
    (ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
    (ATK) C:\Program Files\P4G\BatteryLife.exe
    (FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe
    () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
    (ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
    (FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Maxtor Corporation) C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
    () C:\Program Files (x86)\foobar2000\foobar2000.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    (Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.201.366.0.exe
    (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    (The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
    (The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
    (The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
    (The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
    (The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
    (The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
    (The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
    (The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
    (The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
    (The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
    (Microsoft Corporation) C:\Windows\System32\conime.exe
    (The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1289704 2012-09-12] (Microsoft Corporation)
    HKLM\...\Run: [UfSeAgnt.exe] => C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [973952 2008-12-29] (Trend Micro Inc.)
    HKLM-x32\...\Run: [mxomssmenu] => C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe [169312 2008-07-21] (Maxtor Corporation)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3727824 2015-06-16] (AVG Technologies CZ, s.r.o.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Run: [AVG-Secure-Search-Update_1014av] => C:\Users\Owner\AppData\Roaming\Avg_Update_1014av\AVG-Secure-Search-Update_1014av.exe /PROMPT /mid=dfee0c40a19047cd8057d16f5ec6dfc5-a5c0c81aa7b469c243de0992dbbe0f91d72e9f6e /CMPID=1014av
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Run: [AVG-Secure-Search-Update_1214av] => C:\Users\Owner\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=dfee0c40a19047cd8057d16f5ec6dfc5-a5c0c81aa7b469c243de0992dbbe0f91d72e9f6e /CMPID=1214av
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe [468408 2009-07-21] (Adobe Systems, Inc.)
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 0
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Policies\Explorer: [] 0
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\MountPoints2: E - E:\mri.exe
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\MountPoints2: {8b779a55-f148-11e1-bdeb-002618223636} - F:\setup.exe
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\MountPoints2: {b1ec3a20-b68a-11de-89e4-002618223636} - F:\system\viewer\FlipVideoforPC.exe
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files (x86)\ScreenSaverGift\Nyan Cat\Nyan Cat\Nyan Cat.scr [8320080 2011-05-01] (Axialis Software)
    AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll [1007616 2015-06-28] (FlashBeat)
    AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => C:\ProgramData\FlashBeat\FlashBeat32.dll [803840 2015-06-28] (FlashBeat)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009-07-12] ()
    ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
    ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-01] ()
    ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
    ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-01] ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [S-1-5-21-1906134976-3283670134-1159785014-1000] => Internet Explorer proxy is enabled
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/frostwire?o=101676&l=dis
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
    SearchScopes: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
    SearchScopes: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.a...-4114-917E-0C3BD2A25440&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
    SearchScopes: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q={searchTerms}&crm=1
    BHO: PriceSparrow BHO -> {2A965DDC-C64C-4562-862B-5EE487A7DEFC} -> C:\Program Files (x86)\pricesparrow\Internet Explorer\pricesparrow64.dll [2015-03-25] ()
    BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2010-04-28] (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
    BHO-x32: No Name -> {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} -> No File
    BHO-x32: PriceSparrow BHO -> {2A965DDC-C64C-4562-862B-5EE487A7DEFC} -> C:\Program Files (x86)\pricesparrow\Internet Explorer\pricesparrow32.dll [2015-03-25] ()
    BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-10-25] (Sun Microsystems, Inc.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-10-25] (Sun Microsystems, Inc.)
    Toolbar: HKLM-x32 - No Name - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - No File
    Toolbar: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
    Tcpip\..\Interfaces\{9650585C-0E7E-4CE8-9FDB-FC4CF81F8192}: [NameServer] 12.127.17.72
    Tcpip\..\Interfaces\{9650585C-0E7E-4CE8-9FDB-FC4CF81F8192}: [DhcpNameServer] 192.168.0.1 205.171.2.25
    Tcpip\..\Interfaces\{D87C6F0D-38AA-4968-96F3-257F1B50CEDC}: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default
    FF DefaultSearchEngine: Google
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://pusheen.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-23] ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-09-24] (Sun Microsystems, Inc.)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-09-24] (Sun Microsystems, Inc.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-04-16] (Pando Networks)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2011-07-14] (the VideoLAN Team)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll [2013-01-23] (Amazon.com, Inc.)
    FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-04-16] (Pando Networks)
    FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\user.js [2015-06-28]
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll [2009-07-07] (AOL LLC)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll [2009-07-07] (AOL LLC)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-07-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-07-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-07-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-07-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-07-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-07-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-07-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-01-13] (Nullsoft, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\searchplugins\conduit-search.xml [2014-01-27]
    FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\searchplugins\dictionary---referencecom.xml [2009-09-09]
    FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\searchplugins\winamp-search.xml [2010-05-18]
    FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\searchplugins\youtube-video-search.xml [2009-07-18]
    FF Extension: PriceSparrow - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\extension@pricesparrow.com [2015-06-28]
    FF Extension: Add to Amazon Wish List Button - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\amznUWL2@amazon.com.xpi [2012-03-24]
    FF Extension: Tumblr Savior - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\jid1-W5guVoyeUR0uBg@jetpack.xpi [2012-12-24]
    FF Extension: Reddit Enhancement Suite - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2012-04-30]
    FF Extension: Stylish - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012-06-12]
    FF Extension: Adblock Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-10-01]
    FF Extension: DownThemAll! - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-10-17]
    FF Extension: Greasemonkey - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-23]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-23]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-06-23]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-06-23]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-23]
    FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-15]
    FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-22]
    FF HKLM-x32\...\Firefox\Extensions: [fbphotozoom@installdaddy.com] - C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi
    FF Extension: No Name - C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi [2012-03-23]

    Chrome:
    =======
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-19]
    CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-07-02]
    CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-19]
    CHR Extension: (XKit) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2013-06-26]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23]
    CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
    CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-03-19]
    CHR Extension: (Tumblr Savior) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2013-06-19]
    CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-19]
    CHR HKLM-x32\...\Chrome\Extension: [fealnpfjifonchkodiffbdkfaipmpkhe] - C:\Users\Owner\AppData\Local\Temp\tbch.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
    CHR HKLM-x32\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files (x86)\fbphotozoom\fbphotozoom15.crx [2012-03-23]
    CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
    R2 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
    R2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-13] ()
    R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-16] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-16] (AVG Technologies CZ, s.r.o.)
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-12-03] (Macrovision Europe Ltd.) [File not signed]
    R2 GamesBotService; C:\Program Files (x86)\Games Bot\GamesBotSvc.exe [53352 2015-06-26] (Games Bot Inc.)
    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-02-28] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-02-28] (Hewlett-Packard Co.) [File not signed]
    R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
    R2 Maxtor Sync Service; C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe [193888 2008-07-21] (Seagate Technology LLC)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
    R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [833872 2008-12-29] (Trend Micro Inc.)
    R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
    R2 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [564488 2008-12-29] (Trend Micro Inc.)
    S2 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [900360 2008-12-29] (Trend Micro Inc.)
    R2 vicoqudu; C:\Users\Owner\AppData\Roaming\DE812343-1435536936-39DE-9380-002618223636\hnsrB284.tmp [165376 2015-06-28] () [File not signed]
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [287200 2015-05-19] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [224224 2015-05-12] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
    S3 CRFILTER; C:\Windows\System32\DRIVERS\CRFILTER.sys [7168 2008-04-06] (Generic)
    R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-02] ()
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2008-11-03] ( )
    R3 L1E; C:\Windows\System32\DRIVERS\L1E60x64.sys [57856 2009-08-05] (Atheros Communications, Inc.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
    R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1820672 2008-08-10] ()
    R3 SRS_PremiumSound_Service; C:\Windows\System32\drivers\srs_PremiumSound_amd64.sys [339880 2009-01-14] ()
    R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)
    R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [96784 2008-12-29] (Trend Micro Inc.)
    R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)
    R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [X]
    S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    U2 TMAgent; No ImagePath
    S3 VIAHdAudAddService; system32\drivers\viahduaa.sys [X]
    S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-01 18:51 - 2015-07-01 18:53 - 00032941 _____ C:\Users\Owner\Desktop\FRST.txt
    2015-07-01 18:51 - 2015-07-01 18:52 - 00000000 ____D C:\FRST
    2015-07-01 18:50 - 2015-07-01 18:47 - 02112512 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
    2015-07-01 18:50 - 2015-07-01 18:47 - 01636352 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
    2015-06-28 21:18 - 2015-07-01 18:30 - 00000342 ____H C:\Windows\Tasks\OHVCFBICKQEFMUBU.job
    2015-06-28 21:18 - 2015-07-01 18:30 - 00000330 _____ C:\Windows\Tasks\YLSRN1.job
    2015-06-28 21:18 - 2015-06-28 21:18 - 00003376 _____ C:\Windows\System32\Tasks\OHVCFBICKQEFMUBU
    2015-06-28 21:18 - 2015-06-28 21:18 - 00002852 _____ C:\Windows\System32\Tasks\YLSRN1
    2015-06-28 21:18 - 2015-06-28 21:18 - 00000000 ____D C:\ProgramData\Service1291
    2015-06-28 21:18 - 2015-06-28 21:18 - 00000000 ____D C:\ProgramData\FlashBeat
    2015-06-28 21:18 - 2015-06-28 21:18 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
    2015-06-28 20:46 - 2015-06-28 20:46 - 00001752 _____ C:\Windows\PFRO.log
    2015-06-28 17:49 - 2015-06-28 17:51 - 00000000 ____D C:\Users\Owner\AppData\Local\Games Bot
    2015-06-28 17:49 - 2015-06-28 17:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games Bot
    2015-06-28 17:49 - 2015-06-28 17:49 - 00000000 ____D C:\Program Files (x86)\Games Bot
    2015-06-28 17:28 - 2015-06-28 17:29 - 00000000 ____D C:\Program Files (x86)\Infonaut_1.10.0.14
    2015-06-28 17:19 - 2015-06-28 17:21 - 00000000 ____D C:\Users\Owner\AppData\Local\DE812343-1435511952-39DE-9380-002618223636
    2015-06-28 17:19 - 2015-06-28 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
    2015-06-28 17:18 - 2015-06-28 17:18 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
    2015-06-28 17:16 - 2015-06-28 17:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DVDVideoSoft
    2015-06-28 17:16 - 2006-09-18 14:37 - 00000761 _____ C:\Windows\system32\Drivers\etc\hp.bak
    2015-06-28 17:15 - 2015-06-30 21:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DE812343-1435536936-39DE-9380-002618223636
    2015-06-28 17:15 - 2015-06-28 20:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ASPackage
    2015-06-28 17:15 - 2015-06-28 17:15 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
    2015-06-28 17:14 - 2015-06-28 17:14 - 00003422 _____ C:\Windows\System32\Tasks\pricesparrowSWU
    2015-06-28 17:14 - 2015-06-28 17:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DesktopIconForAmazon
    2015-06-28 17:14 - 2015-06-28 17:14 - 00000000 ____D C:\Program Files (x86)\pricesparrow
    2015-06-23 20:24 - 2015-06-23 20:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-06-06 20:53 - 2015-06-30 21:19 - 00000110 _____ C:\Windows\SysWOW64\usergui.cfg
    2015-06-06 20:53 - 2015-06-06 20:53 - 00000060 _____ C:\Windows\SysWOW64\userguistate.cfg
    2015-06-06 20:53 - 2015-06-06 20:53 - 00000050 _____ C:\Windows\SysWOW64\outlook.cfg
    2015-06-06 20:45 - 2015-06-06 20:45 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg
    2015-06-06 20:45 - 2015-06-06 20:45 - 00000000 ____D C:\Users\Guest\AppData\Local\Avg

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-01 18:53 - 2006-11-02 05:46 - 00718896 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-07-01 18:45 - 2009-05-24 19:32 - 01331709 _____ C:\Windows\WindowsUpdate.log
    2015-07-01 18:39 - 2014-12-17 12:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-07-01 18:37 - 2010-08-02 23:36 - 00000000 ____D C:\Users\Owner\AppData\Roaming\foobar2000
    2015-07-01 18:35 - 2014-11-18 19:12 - 00000000 ____D C:\ProgramData\MFAData
    2015-07-01 18:31 - 2014-12-17 12:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-07-01 18:31 - 2009-05-24 20:30 - 00045056 _____ C:\Windows\system32\acovcnt.exe
    2015-07-01 18:30 - 2006-11-02 08:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-07-01 18:30 - 2006-11-02 08:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-07-01 18:29 - 2006-11-02 08:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-06-30 21:31 - 2006-11-02 08:42 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-06-30 21:19 - 2015-01-16 23:06 - 00000649 _____ C:\Windows\SysWOW64\userawacs.cfg
    2015-06-30 21:18 - 2014-11-18 20:31 - 00000835 _____ C:\Users\Public\Desktop\AVG 2015.lnk
    2015-06-30 21:18 - 2014-11-18 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2015-06-30 21:02 - 2014-11-18 20:27 - 00000000 ____D C:\ProgramData\AVG2015
    2015-06-28 21:59 - 2009-10-05 11:56 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1906134976-3283670134-1159785014-1000UA.job
    2015-06-28 21:56 - 2012-07-26 12:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-06-28 20:46 - 2012-05-04 14:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-06-28 18:59 - 2014-09-03 22:56 - 00000000 ____D C:\Program Files (x86)\Steam
    2015-06-28 18:59 - 2014-05-12 23:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Azureus
    2015-06-28 18:59 - 2012-02-22 21:47 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Media Player Classic
    2015-06-28 18:57 - 2012-08-16 19:35 - 00000000 ____D C:\Windows\Minidump
    2015-06-28 18:35 - 2012-09-17 20:22 - 00000000 ____D C:\ProgramData\Vizzed
    2015-06-28 15:02 - 2009-10-05 11:56 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1906134976-3283670134-1159785014-1000Core.job
    2015-06-26 20:10 - 2011-08-18 17:59 - 00000000 ___RD C:\Program Files (x86)\Skype
    2015-06-26 20:10 - 2010-01-01 19:42 - 00000000 ____D C:\ProgramData\Skype
    2015-06-26 20:09 - 2011-04-17 02:27 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
    2015-06-23 20:57 - 2012-07-26 12:56 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-06-23 20:57 - 2012-05-01 10:34 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-06-23 20:57 - 2012-02-06 18:59 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-06-22 13:43 - 2014-12-17 12:42 - 00001988 _____ C:\Users\Public\Desktop\Google Chrome.lnk

    ==================== Files in the root of some directories =======

    2007-06-12 09:34 - 2007-06-12 09:34 - 0035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico
    2008-05-22 08:35 - 2008-05-22 08:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg
    2008-12-23 13:36 - 2008-12-23 13:36 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll
    2009-07-12 05:58 - 2009-07-12 05:58 - 0002029 _____ () C:\Users\Owner\AppData\Roaming\install.dat
    2010-08-03 15:22 - 2010-08-03 15:22 - 0031927 _____ () C:\Users\Owner\AppData\Roaming\UserTile.png
    2009-07-29 15:30 - 2009-07-29 15:30 - 0000000 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
    2009-12-03 14:35 - 2015-04-13 16:14 - 0000680 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
    2009-10-17 14:22 - 2013-11-09 22:07 - 0000732 _____ () C:\Users\Owner\AppData\Local\d3d9caps64.dat
    2009-07-15 19:49 - 2014-12-28 23:02 - 0182784 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-09-08 15:16 - 2012-09-08 15:16 - 0175935 _____ () C:\Users\Owner\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
    2012-09-08 15:16 - 2012-09-08 15:16 - 0000002 _____ () C:\Users\Owner\AppData\Local\dd_dotnetfx35error.txt
    2012-09-08 15:16 - 2012-09-08 15:16 - 0118410 _____ () C:\Users\Owner\AppData\Local\dd_dotnetfx35install.txt
    2011-03-07 17:57 - 2011-03-07 18:00 - 0437700 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI4A20.txt
    2011-03-07 18:00 - 2011-03-07 18:02 - 0442722 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI4C8F.txt
    2012-09-17 20:03 - 2012-09-17 20:19 - 0013188 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI15B2.txt
    2011-03-07 17:57 - 2011-03-07 18:00 - 0019900 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI4A20.txt
    2011-03-07 18:00 - 2011-03-07 18:02 - 0019980 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI4C8F.txt
    2012-09-08 15:16 - 2012-09-08 15:16 - 0001678 _____ () C:\Users\Owner\AppData\Local\uxeventlog.txt
    2010-01-01 19:46 - 2010-01-01 19:46 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2009-08-12 21:13 - 2012-10-30 17:53 - 0002711 _____ () C:\ProgramData\hpzinstall.log

    Some files in TEMP:
    ====================
    C:\Users\Owner\AppData\Local\Temp\Uninstall.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-07-01 18:35

    ==================== End of log ============================
     
  2. Paprika

    Paprika TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
    Ran by Owner at 2015-07-01 18:55:26
    Running from C:\Users\Owner\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1906134976-3283670134-1159785014-500 - Administrator - Disabled)
    Guest (S-1-5-21-1906134976-3283670134-1159785014-501 - Limited - Enabled) => C:\Users\Guest
    Mcx1 (S-1-5-21-1906134976-3283670134-1159785014-1003 - Administrator - Enabled) => C:\Users\Mcx1
    Owner (S-1-5-21-1906134976-3283670134-1159785014-1000 - Administrator - Enabled) => C:\Users\Owner

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    AV: Trend Micro AntiVirus (Disabled - Up to date) {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
    AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    AS: Trend Micro AntiVirus (Disabled - Up to date) {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    3ivx MPEG-4 5.0.2 (remove only) (HKLM-x32\...\3ivx MPEG-4 5.0.2) (Version: 5.0.2 - 3ivx Technologies, Pty. Ltd.)
    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
    Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.)
    Adobe Reader X (10.1.6) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
    AIO_CDA_ProductContext (x32 Version: 82.0.233.000 - Hewlett-Packard) Hidden
    AIO_CDA_Software (x32 Version: 82.0.233.000 - Hewlett-Packard) Hidden
    AIO_CDA_ToolboxIni64 (Version: 82.0.233.000 - Hewlett-Packard) Hidden
    AIO_Scan (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
    Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)
    Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden
    AmIcoSingLun (HKLM-x32\...\InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}) (Version: 1.1.104.1 - Alcor Micro Co., Ltd.)
    AmIcoSingLun (x32 Version: 1.1.104.1 - Alcor Micro Co., Ltd.) Hidden
    AnySend (HKLM-x32\...\ASPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION!
    Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{963BFE7E-C350-4346-B43C-B02358306A45}) (Version: 3.3.0.69 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
    ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.3 - ASUS)
    ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0011 - ASUS)
    ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0010 - ASUS)
    ASUS FancyStart (HKLM-x32\...\{567C654B-7FE9-4970-8323-56E8191D1941}) (Version: 1.0.2 - ASUSTeK Computer Inc.)
    ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.18 - ASUS)
    ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.7 - ASUS)
    ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0018 - )
    ASUS Power4Gear Hybrid (HKLM\...\{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}) (Version: 1.1.10 - ASUS)
    ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0006 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0025 - ASUS)
    ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.13 - ASUS)
    Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.5 - Atheros Communications Inc.)
    ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
    ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0049 - ASUS)
    ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0002 - ASUS)
    ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0003 - ASUS)
    AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6037 - AVG Technologies)
    AVG 2015 (Version: 15.0.4365 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.6037 - AVG Technologies) Hidden
    Babyz (HKLM-x32\...\Babyz) (Version: - )
    baretorrent (HKLM-x32\...\baretorrent) (Version: 0.4.4 - )
    BufferChm (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
    C3100 (x32 Version: 82.0.233.000 - Hewlett-Packard) Hidden
    c3100_Help (x32 Version: 82.0.233.000 - Hewlett-Packard) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
    Cisco EAP-FAST Module (HKLM-x32\...\{3F4BA3A2-7BE0-48EA-B4BC-CA4D842A409A}) (Version: 2.2.9 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{934B3B19-8193-467A-B356-E73F82647D38}) (Version: 1.0.15 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{BAD1449B-DF0C-4118-B76D-68C54009576C}) (Version: 1.1.2 - Cisco Systems, Inc.)
    Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Copy (x32 Version: 82.0.188.000 - Hewlett-Packard) Hidden
    CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    Desktop Icon für Amazon (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 (de) - CHIP.de)
    Destinations (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
    DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.5 - DivX, LLC)
    DocProc (x32 Version: 8.1.0.0 - Hewlett-Packard) Hidden
    DocProcQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTION
    eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    ETDWare PS/2-x64 7.0.5.1 WHQL (HKLM\...\Elantech) (Version: - )
    Fax (x32 Version: 82.0.188.000 - Hewlett-Packard) Hidden
    Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version: - Scott Cawthon)
    Five Nights at Freddy's 2 (HKLM-x32\...\Steam App 332800) (Version: - Scott Cawthon)
    FlashBeat (HKLM-x32\...\FlashBeat) (Version: - ) <==== ATTENTION!
    foobar2000 v1.0.3 (HKLM-x32\...\foobar2000) (Version: 1.0.3 - Peter Pawlowski)
    Forum Terminal (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Forum Terminal)
    Free YouTube to MP3 Converter version 3.12.59.616 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.616 - DVDVideoSoft Ltd.)
    Games Bot (HKLM-x32\...\Games Bot) (Version: 186.0.0.578 - CLICK YES BELOW LP) <==== ATTENTION
    Geek Squad 24 Hour Computer Support (HKLM-x32\...\{F204E2B3-225D-419D-A5DE-3F97E8ADDD1B}) (Version: 2.1.322 - LogMeIn, Inc.)
    GiPo@MoveOnBoot 1.9.5 (HKLM-x32\...\{9F185C48-595B-401A-A1D6-AAB324890DC4}) (Version: 1.9.5 - Igor J. Artemov, Gibin Software House)
    GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
    Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    Hatoful Boyfriend (HKLM-x32\...\Steam App 310080) (Version: - Mediatonic)
    Hello Kitty Cutie World (HKLM-x32\...\{E3F2EC51-4473-4535-BEE4-01B8B39ACEF7}) (Version: - )
    HF pAppLoc version 1.0 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.0 - Inquisitor)
    HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
    HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
    HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
    HP Photosmart Essential (HKLM-x32\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
    HP Photosmart.All-In-One Driver Software 8.0 .A (HKLM\...\{282E5AB2-8E47-4571-B6FA-6B512555B557}) (Version: 8.0 - HP)
    HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
    HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    HPProductAssistant (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
    HPSSupply (HKLM-x32\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
    IBM ViaVoice Command and Control Runtime 5.3 (HKLM-x32\...\DeleteProdRunControl_US) (Version: - )
    Infonaut 1.10.0.14 (HKLM-x32\...\Infonaut_1.10.0.14) (Version: 1.10.0.14 - Infonaut) <==== ATTENTION
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation)
    Java(TM) 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
    Java(TM) 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
    Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    LightScribe System Software 1.14.17.1 (HKLM-x32\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
    LoJack Factory Installer (HKLM-x32\...\InstallShield_{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}) (Version: 1.00.0029 - Absolute Software Corporation)
    LoJack Factory Installer (x32 Version: 1.00.0029 - Absolute Software Corporation) Hidden
    Lone Survivor: The Director's Cut (HKLM-x32\...\Steam App 209830) (Version: - Jasper Byrne)
    MarketResearch (x32 Version: 82.0.174.000 - Hewlett-Packard) Hidden
    Maxtor Manager (HKLM-x32\...\InstallShield_{4D36E953-4456-4F8F-BC44-90BC4AA59889}) (Version: 4.02.0303 - Seagate Technology)
    Maxtor Manager (HKLM-x32\...\InstallShield_{F5F75BE6-C2D9-40C3-8807-1026D9BE9944}) (Version: 4.02.0218 - Seagate Technology)
    Maxtor Manager (x32 Version: 4.02.0303 - Seagate Technology) Hidden
    Media Player Classic - Home Cinema 1.6.0.4014 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.0.4014 - MPC-HC Team)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.1.522.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Multimedia Card Reader (HKLM-x32\...\USB Mass Storage Filter Driver) (Version: 1.01.0000.00 - )
    Multimedia Card Reader (x32 Version: 1.01.0000.00 - ) Hidden
    myPhotoMovie (remove only) (HKLM-x32\...\AVCPhotoStudio_Wrapper) (Version: 1.5.0.170 - aVinci Media, LC)
    NB Probe (HKLM-x32\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version: - )
    Net4Switch (HKLM-x32\...\{9D6D7811-43B3-463C-BC79-5D1755269989}) (Version: 1.00.0016 - ASUS)
    Oregon Trail 5th Edition (HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Oregon Trail 5th Edition) (Version: - )
    Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.5.6 - Pando Networks Inc.)
    PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
    PetzA 2.2.4 (HKLM-x32\...\PetzA_is1) (Version: - Sherlock Software)
    piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Power Drill Massacre version 0.04 (HKLM-x32\...\{98F8A8BF-B6FE-4A16-9737-9B8154BF8E8F}_is1) (Version: 0.04 - Vague Scenario)
    PriceSparrow (HKLM-x32\...\{2A965DDC-C64C-4562-862B-5EE487A7DEFC}) (Version: 1.4.42 - Adspired GmbH) <==== ATTENTION
    QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
    Scan (x32 Version: 8.1.0.0 - Hewlett-Packard) Hidden
    SolutionCenter (x32 Version: 82.0.188.000 - Hewlett-Packard) Hidden
    SRS Premium Sound (HKLM\...\{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}) (Version: 1.08.1300 - SRS Labs, Inc.)
    Status (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    System Requirements Lab for Intel (HKLM-x32\...\{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}) (Version: 4.5.11.0 - Husdawg, LLC)
    They Bleed Pixels (HKLM-x32\...\Steam App 211260) (Version: - Spooky Squid Games Inc.)
    Toolbox (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
    TrayApp (x32 Version: 82.0.188.000 - Hewlett-Packard) Hidden
    Trend Micro AntiVirus (HKLM\...\{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}) (Version: 17.0 - Trend Micro Inc.)
    Trend Micro AntiVirus (Version: 17.0 - Trend Micro Inc.) Hidden
    UnloadSupport (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
    WebReg (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
    White Day (HKLM-x32\...\White Day) (Version: - )
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4040.0 - Microsoft Corporation)
    WinFlash (HKLM-x32\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version: - )
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
    Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.6 - ASUS)
    Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version: - DOSBox Team)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    ==================== Restore Points =========================

    13-05-2015 22:10:56 Windows Update
    17-05-2015 23:48:58 Windows Update
    29-05-2015 12:55:35 Windows Update
    01-06-2015 15:21:12 Scheduled Checkpoint
    01-06-2015 16:30:20 Windows Update
    06-06-2015 20:48:03 Windows Update
    10-06-2015 00:17:28 Windows Update
    16-06-2015 22:09:45 Windows Update
    19-06-2015 22:59:54 Windows Update
    23-06-2015 20:13:11 Windows Update
    26-06-2015 20:06:54 Removed Skype(TM) 7.3
    28-06-2015 15:02:23 Windows Update
    28-06-2015 18:20:36 Removed Vizzed Retro Game Room
    01-07-2015 18:41:57 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 05:34 - 2006-09-18 14:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1D53AF73-54A8-48AC-8CEC-0CC459A29D43} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1906134976-3283670134-1159785014-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
    Task: {21A031CC-992C-4AA7-B256-EBAD30C1DAE7} - System32\Tasks\{62EB4663-E7C5-4235-8221-C4433E157052} => Chrome.exe http://ui.skype.com/ui/0/5.8.0.158/en/abandoninstall?page=tsProgressBar
    Task: {335C39E5-190E-45F7-B6E9-55304055D1F2} - System32\Tasks\Net4Switch => C:\Program Files\ASUS\Net4Switch\Net4Switch.exe [2007-11-20] (ASUS)
    Task: {472BCCF6-AB9C-43FB-80B0-B44A161EE9EA} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
    Task: {55752833-663B-4150-AB0D-9F1C5271EAF0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
    Task: {5E7F1525-AA85-4083-B802-6265A076A803} - System32\Tasks\{E4FA6C71-D5DF-4EC3-A81E-0B04EEB70370} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
    Task: {6465EEA3-6C67-402D-A952-DE3A770B3488} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1906134976-3283670134-1159785014-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {64A77064-A776-4E91-97AC-BFA5909E533F} - System32\Tasks\YLSRN1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2015-06-28] (FlashBeat) <==== ATTENTION
    Task: {7078B95A-0A68-425A-A14F-569DE3D88D1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
    Task: {958078A8-1C8C-4AF6-8787-EB8B687483DF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1906134976-3283670134-1159785014-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {97DC6B77-1C72-48E7-BCFE-3B8D7D68EBDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)
    Task: {987C2F0A-4BBF-4C79-B2DF-E728526A9EC7} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    Task: {9D52542F-ADD4-4E8F-A21A-8038AD5E3497} - System32\Tasks\{B6ACA2C9-905C-4459-874E-FBEE64C9ECEB} => pcalua.exe -a E:\setup.exe -d E:\
    Task: {A8DC2B60-F006-4C72-97C2-99571803DC5D} - System32\Tasks\pricesparrowSWU => Cscript.exe "C:\Program Files (x86)\pricesparrow\Internet Explorer\swu.vbs"
    Task: {B0031747-86A4-4A32-B0A0-AF576B565C38} - System32\Tasks\OHVCFBICKQEFMUBU => C:\ProgramData\Service1291\Service1291.exe [2015-06-28] () <==== ATTENTION
    Task: {BDF874D8-67D7-42B5-93FC-771CA8C5A364} - System32\Tasks\{C60419D1-E21C-433F-8595-AC20A271FAA1} => Chrome.exe http://ui.skype.com/ui/0/6.20.0.104/ja/eula?source=lightinstaller
    Task: {C0BAA666-B87B-4851-B12A-C1E43BF0AFB5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1906134976-3283670134-1159785014-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
    Task: {C1BC3A3C-75DD-4D50-98B5-F8398764E905} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-03-18] (ASUS)
    Task: {C7469627-43B4-4D5F-8557-828A89BF5A39} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2008-12-09] (ASUS)
    Task: {C8C70615-9D9A-48D9-A8ED-501AB4AF7D20} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Owner => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
    Task: {F2646FBA-F839-4D09-A0C9-FE208A788E6A} - System32\Tasks\ASUS P4G => C:\Program files\P4G\BatteryLife.exe [2008-11-26] (ATK)
    Task: {F4F49E04-1A8E-42D2-9037-488BAC781123} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-20] (Microsoft Corporation)
    Task: {FA55FC0F-BD36-4026-8DE7-44102176536B} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1906134976-3283670134-1159785014-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1906134976-3283670134-1159785014-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\OHVCFBICKQEFMUBU.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
    Task: C:\Windows\Tasks\YLSRN1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
     
  3. Paprika

    Paprika TS Rookie Topic Starter

    ==================== Loaded Modules (Whitelisted) ==============

    2008-08-13 20:59 - 2008-08-13 20:59 - 00100920 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
    2009-05-24 20:23 - 2007-08-08 00:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    2007-09-11 01:45 - 2007-09-11 01:45 - 00124832 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
    2008-12-29 04:18 - 2008-12-29 04:18 - 00207144 _____ () C:\Program Files\Trend Micro\Internet Security\UfPack.dll
    2009-07-19 15:07 - 2007-08-03 12:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    2015-06-28 17:16 - 2015-06-28 17:16 - 00165376 _____ () C:\Users\Owner\AppData\Roaming\DE812343-1435536936-39DE-9380-002618223636\hnsrB284.tmp
    2009-05-24 20:25 - 2007-11-30 11:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    2008-08-20 17:43 - 2008-08-20 17:43 - 00019456 _____ () C:\Program files\P4G\DevMng.dll
    2008-10-30 19:32 - 2008-10-30 19:32 - 00016384 _____ () C:\Program files\P4G\OvrClk.dll
    2009-05-24 20:23 - 2007-03-09 18:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
    2007-06-15 10:28 - 2007-06-15 10:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
    2007-06-01 16:52 - 2007-06-01 16:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
    2009-07-29 15:55 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
    2008-08-13 20:59 - 2008-08-13 20:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
    2008-09-30 23:02 - 2008-09-30 23:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
    2009-02-06 16:13 - 2009-02-06 16:13 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    2010-04-29 07:43 - 2010-04-29 07:43 - 01782272 _____ () C:\Program Files (x86)\foobar2000\foobar2000.exe
    2015-06-26 02:10 - 2015-06-26 02:10 - 00109160 _____ () C:\Program Files (x86)\Games Bot\Modules\Base.dll
    2015-06-26 02:11 - 2015-06-26 02:11 - 00041576 _____ () C:\Program Files (x86)\Games Bot\Modules\inws.dll
    2015-06-26 02:11 - 2015-06-26 02:11 - 00058984 _____ () C:\Program Files (x86)\Games Bot\Modules\ups.dll
    2009-07-19 15:07 - 2007-09-14 10:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
    2009-07-19 15:07 - 2003-11-28 02:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
    2009-07-19 15:07 - 2005-08-29 15:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
    2009-07-19 15:07 - 2003-09-09 16:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
    2009-07-19 15:07 - 2006-04-04 10:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
    2009-07-19 15:07 - 2005-04-07 19:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
    2015-06-26 02:10 - 2015-06-26 02:10 - 00039528 _____ () C:\Program Files (x86)\Games Bot\Modules\alzm.dll
    2015-06-26 02:11 - 2015-06-26 02:11 - 00118376 _____ () C:\Program Files (x86)\Games Bot\Modules\brs.dll
    2015-06-26 02:11 - 2015-06-26 02:11 - 00092776 _____ () C:\Program Files (x86)\Games Bot\Modules\cmd.dll
    2015-06-26 02:11 - 2015-06-26 02:11 - 00096872 _____ () C:\Program Files (x86)\Games Bot\Modules\sipc.dll
    2015-06-26 02:11 - 2015-06-26 02:11 - 00056424 _____ () C:\Program Files (x86)\Games Bot\Modules\wdm.dll
    2009-07-19 15:06 - 2007-07-24 14:41 - 00049152 _____ () C:\Program Files\ASUS\Net4Switch\ResItf.dll
    2009-07-19 15:06 - 2006-12-06 16:42 - 00094208 _____ () C:\Program Files\ASUS\Net4Switch\cxcmrt.dll
    2009-07-19 15:06 - 2007-09-06 14:05 - 00081920 _____ () C:\Program Files\ASUS\Net4Switch\ipswobj.dll
    2009-07-19 15:06 - 2007-08-02 09:53 - 00053248 _____ () C:\Program Files\ASUS\Net4Switch\ipswresmgr.dll
    2009-07-19 15:06 - 2006-12-06 16:55 - 00053248 _____ () C:\Program Files\ASUS\Net4Switch\ipswhlp.dll
    2009-07-19 15:06 - 2006-12-09 09:34 - 00139264 _____ () C:\Program Files\ASUS\Net4Switch\ipsw_cfgmgr.dll
    2009-07-19 15:06 - 2006-12-06 16:55 - 00086016 _____ () C:\Program Files\ASUS\Net4Switch\ipswds.dll
    2009-07-19 15:06 - 2007-05-14 11:10 - 00061440 _____ () C:\Program Files\ASUS\Net4Switch\ipswgblset.dll
    2009-07-19 15:06 - 2007-05-14 14:07 - 00009728 _____ () C:\Program Files\ASUS\Net4Switch\LogonStartup.dll
    2009-07-19 15:06 - 2007-11-19 13:54 - 00188416 ____N () C:\Program Files\ASUS\Net4Switch\ipswsysmon.dll
    2009-07-19 15:06 - 2006-12-07 09:29 - 00007168 _____ () C:\Program Files\ASUS\Net4Switch\iphelper.dll
    2009-07-19 15:06 - 2007-11-19 11:11 - 00208896 _____ () C:\Program Files\ASUS\Net4Switch\ipswcore.dll
    2009-07-19 15:06 - 2007-06-19 11:38 - 00208896 _____ () C:\Program Files\ASUS\Net4Switch\ipswui.dll
    2010-04-29 05:34 - 2010-04-29 05:34 - 00148480 _____ () C:\Program Files (x86)\foobar2000\shared.dll
    2010-04-29 05:35 - 2010-04-29 05:35 - 01340928 _____ () C:\Program Files (x86)\foobar2000\components\foo_input_std.dll
    2010-04-29 05:35 - 2010-04-29 05:35 - 00281088 _____ () C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll
    2010-04-29 05:35 - 2010-04-29 05:35 - 00295424 _____ () C:\Program Files (x86)\foobar2000\components\foo_cdda.dll
    2010-04-29 05:35 - 2010-04-29 05:35 - 00299520 _____ () C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll
    2010-04-29 05:35 - 2010-04-29 05:35 - 00363520 _____ () C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll
    2010-04-29 05:35 - 2010-04-29 05:35 - 00441856 _____ () C:\Program Files (x86)\foobar2000\components\foo_converter.dll
    2010-04-29 05:35 - 2010-04-29 05:35 - 01085440 _____ () C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
    2015-06-28 17:50 - 2015-03-26 07:39 - 08569856 _____ () C:\Users\Owner\AppData\Local\Games Bot\Explore\pdf.dll
    2015-06-28 17:51 - 2015-03-26 07:18 - 00324608 _____ () C:\Users\Owner\AppData\Local\Games Bot\Explore\ppGoogleNaClPluginChrome.dll
    2015-06-28 17:50 - 2015-03-26 07:14 - 00880128 _____ () C:\Users\Owner\AppData\Local\Games Bot\Explore\ffmpegsumo.dll
    2015-06-28 17:50 - 2014-09-22 21:07 - 14891848 _____ () C:\Users\Owner\AppData\Local\Games Bot\Explore\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\vizzed.com -> www.vizzed.com


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    DNS Servers: 12.127.17.72

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
    MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    MSCONFIG\startupreg: ETDWare => C:\Program Files\Elantech\ETDCtrl.exe
    MSCONFIG\startupreg: Facebook Update => "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    MSCONFIG\startupreg: Google Update => "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
    MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
    MSCONFIG\startupreg: MRIPEUndo => "E:\mri.exe" /undopeboot
    MSCONFIG\startupreg: PeerBlock => C:\Program Files\PeerBlock\peerblock.exe
    MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Rainlendar2 => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: Windows Defender => %ProgramFiles(x86)%\Windows Defender\MSASCui.exe -hide

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [WinCollab-Out-UDP] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-UDP] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-TCP] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-TCP] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) C:\Windows\system32\dfsr.exe
    FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) C:\Windows\system32\dfsr.exe
    FirewallRules: [WMPNSS-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
    FirewallRules: [WMPNSS-In-TCP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
    FirewallRules: [WMPNSS-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
    FirewallRules: [WMPNSS-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
    FirewallRules: [WMPNSS-WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [WMPNSS-WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [WMPNSS-WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    FirewallRules: [WMP-Out-TCP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    FirewallRules: [WMP-Out-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    FirewallRules: [WMP-In-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    FirewallRules: [{74AAFA7C-FC79-47B4-A0ED-07D6F4892EBB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{58FC896C-1C27-4B8C-B720-EDF349EF776E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{8D6C222B-B496-4DA6-99BA-5A9F5227F514}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    FirewallRules: [{C68D42CC-CF20-4DDD-AA49-BDBCF47B8498}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    FirewallRules: [{65CF6B53-6F51-43E0-9F90-B6B264C3AB5B}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    FirewallRules: [{2C8276A3-1B10-4BDE-A446-07ACA03EFE31}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [{DE5B7A4D-53C4-4C64-BEA4-AFA8149F16D2}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [{658C4C4A-1E9B-45C6-A208-03526BCE0885}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [{2D4D61FF-1E72-4EC6-A56D-C427EBA0B244}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    FirewallRules: [{5B0C71BD-D759-4F64-92D2-34107560B851}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    FirewallRules: [{302C6480-DCF1-4C20-AEA2-FACFBA350D5A}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    FirewallRules: [{5AB1B031-0411-4E2B-B43D-5313782D1DD4}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [{C980ABE6-FD79-4912-B10F-3D517A59D860}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [{D4DF55EE-EAE9-4B95-808F-6D7C3DF2E5EB}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
    FirewallRules: [{6E56F4BD-FB22-4511-8265-191690579FD5}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
    FirewallRules: [{16A58F57-6B7C-4FFE-9432-9E5F530B1200}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
    FirewallRules: [{6FEA2AFC-342D-4757-9EC2-7754D4D2BA0D}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
    FirewallRules: [{EDA25FA7-BDB5-458E-8AD4-94306572C6B1}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
    FirewallRules: [{AAEFCD38-9873-4B31-8C7F-541D1196A861}] => (Allow) C:\Windows\system32\dfsr.exe
    FirewallRules: [{0D1FD8F3-4842-468B-9391-FB1DAD6AE7AF}] => (Allow) C:\Windows\system32\dfsr.exe
    FirewallRules: [{C6B64F05-09FF-4B1E-B9AF-B0041BE8133F}] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
    FirewallRules: [{54A532C7-B093-4B45-A637-4B101A4C64E1}] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
    FirewallRules: [{2F4789BA-FE82-4943-B15B-D1AFD1DF9A60}] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
    FirewallRules: [{364C4EF5-B534-4F61-A2E8-223192C43123}] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
    FirewallRules: [TCP Query User{3D9467B3-6AA4-428D-B730-F04ABF542BF5}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
    FirewallRules: [UDP Query User{0A82A1EF-29CB-467D-96FD-7E69A53744CF}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
    FirewallRules: [{A47AD778-C0DC-49E6-BE21-CF5A961E5C46}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe
    FirewallRules: [{E4AA2A5D-2727-415C-A9B2-3454CEE6C981}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe
    FirewallRules: [{02845FFD-5AFA-4C0A-9CC7-9628742D40BE}] => (Allow) LPort=80
    FirewallRules: [{E2B4E8C0-3CF3-483C-898E-89B94CA7581A}] => (Allow) LPort=80
    FirewallRules: [{27D7A9CF-CEC1-4F29-93F2-4095563724EF}] => (Allow) LPort=80
    FirewallRules: [{812E5792-8B8A-4AD5-80DE-98309B8B62AA}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{679AE28D-C4B2-48B7-9492-C2097E831D59}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{E73F1376-254C-4913-9429-52C2C64FE192}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{454C656E-538C-4F9B-B67A-EDB9DF50A434}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{CCE08E58-0286-45F1-AD72-53390312BEC8}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{DFC72E82-B9B0-46B3-98E0-316D73CB0640}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    FirewallRules: [{C21B648E-1A1F-4503-B2A1-F1C7EE0BE696}] => (Allow) C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    FirewallRules: [{DF2BBD8D-63AA-4C10-842E-4ADE8B75C721}] => (Allow) C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    FirewallRules: [TCP Query User{0D9F54D4-09A9-433A-BC34-B8C3C1504FF6}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
    FirewallRules: [UDP Query User{9C6F6A0F-ACCD-4035-ABB8-926E4C99F05E}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
    FirewallRules: [TCP Query User{AF7767E7-BD82-4B5E-9CAC-41EBC1AD26F8}C:\users\owner\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\owner\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [UDP Query User{CBD8A0CF-46A6-41EC-B248-71E3F806E20A}C:\users\owner\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\owner\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [TCP Query User{7C7ACC74-5DA8-45D2-91A2-CBBD416E877C}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{F68869F6-6322-42F9-9758-A3847004373E}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{7D63435D-B407-4391-A903-D6605DC31C15}C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe] => (Allow) C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe
    FirewallRules: [UDP Query User{D8311914-E86A-4D1D-AB37-ED359D18A732}C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe] => (Allow) C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe
    FirewallRules: [{703641C2-52DD-4357-9DAC-0AACD68053E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sega classics\SEGAGenesisClassics.exe
    FirewallRules: [{00D78EE7-615C-41CE-B6F2-53D1A4A78597}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sega classics\SEGAGenesisClassics.exe
    FirewallRules: [TCP Query User{1CDDF8EC-4DC9-4EEF-A6D5-695968C5F4EE}C:\program files (x86)\steam\steamapps\droppedsomecaps\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\droppedsomecaps\team fortress 2\hl2.exe
    FirewallRules: [UDP Query User{DE84D4E6-57E5-4729-90AB-020808F88FAD}C:\program files (x86)\steam\steamapps\droppedsomecaps\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\droppedsomecaps\team fortress 2\hl2.exe
    FirewallRules: [{7C67C502-F2B6-4277-9E2A-69A735ECD19D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\they bleed pixels\They Bleed Pixels PC.exe
    FirewallRules: [{C33FD844-3E62-4D58-A129-9FFE61A64296}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\they bleed pixels\They Bleed Pixels PC.exe
    FirewallRules: [TCP Query User{1C85A9EF-3BFA-4E18-9BC5-9D59AFD2282E}C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe] => (Allow) C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe
    FirewallRules: [UDP Query User{486BC0A6-60F8-445C-B543-ED0F053BE540}C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe] => (Allow) C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe
    FirewallRules: [{E27DA105-3EB5-492A-9B61-4C5040044BC9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{6964605E-DBE1-4A54-B9C4-65E1E8E39CC7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [TCP Query User{FF07105C-288D-4244-8F97-F50F928FFA4A}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
    FirewallRules: [UDP Query User{89919CE1-8EBB-4E6C-9B96-82CF2EC17712}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
    FirewallRules: [{DD3969FF-5150-417A-B8FA-4A40E79C7137}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
    FirewallRules: [{BE421B27-0A7A-47B2-AF59-CF8207AC6FD6}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
    FirewallRules: [TCP Query User{3325C386-BC5F-4F38-A7F3-1C88BBBD28C6}C:\program files\baretorrent\baretorrent.exe] => (Allow) C:\program files\baretorrent\baretorrent.exe
    FirewallRules: [UDP Query User{AF2C969C-0DE6-4498-8293-960565D199AD}C:\program files\baretorrent\baretorrent.exe] => (Allow) C:\program files\baretorrent\baretorrent.exe
    FirewallRules: [{713DBC29-0954-491D-9DDB-E5B1FE9CE711}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{E2A3AB06-4A7B-4C61-A567-E09D2B3CD497}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{3F31374E-350A-4013-81AA-1AC5D848019F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
    FirewallRules: [{6E986734-DEED-491A-92FF-C611732B8A40}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
    FirewallRules: [{EA94CBC6-6FB5-4A13-ADF8-D6143626842F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{74901858-4095-4C0F-8D44-0BC301C6E3C8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{7FD1E092-B976-4151-B8B7-47CB2345D874}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's 2\FiveNightsatFreddys2.exe
    FirewallRules: [{EF9447D5-30B5-4DE0-A728-9AA5962ED6FF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's 2\FiveNightsatFreddys2.exe
    FirewallRules: [{F8317CFC-94C3-4074-A9BC-45EE2DE463D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lone Survivor\LoneSurvivor\LoneSurvivor.exe
    FirewallRules: [{F28B397E-7490-4B82-BD8D-2E801178F6D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lone Survivor\LoneSurvivor\LoneSurvivor.exe
    FirewallRules: [{B0803FE2-B6F4-4D75-83AC-E1A08EDE24FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hatoful Boyfriend\hatoful.exe
    FirewallRules: [{78B5FA62-ED5D-43EB-8482-33BAB053E488}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hatoful Boyfriend\hatoful.exe
    FirewallRules: [{CA730AFA-56C3-45C7-8042-CFEDB6A9477D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{D6D8D009-D469-4032-9AC6-22169155A618}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{D2A900EC-B1A8-4CE7-ACE8-8741D3F43BD6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{A25401E8-5129-43A0-8962-DAC1F2BE8526}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{97663D74-B4CC-40D5-89A1-1B3C81C08AE4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{B91BB90C-88DF-4DCA-A249-FBC0D3174082}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{238C0A20-963A-48E7-9AA5-A3203B7A2F46}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{4ECDBA95-55B0-457D-9787-9DA83382779D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    FirewallRules: [{0C58362A-F417-48C2-B918-6811F34C66B3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/01/2015 06:30:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/30/2015 09:27:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (06/30/2015 09:27:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (06/30/2015 09:25:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/30/2015 09:02:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/28/2015 10:29:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (06/28/2015 10:29:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (06/28/2015 08:59:42 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
    Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (06/28/2015 08:59:41 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
    Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (06/28/2015 08:47:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (06/30/2015 09:22:55 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.201.366.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.1.0522.00

    Source Path: 4.1.0522.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

    Error: (06/30/2015 09:18:37 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: AVGIDSAgent3758213661 (0xE001CA1D)

    Error: (06/30/2015 09:02:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Typewriter High Resolution1

    Error: (06/30/2015 09:02:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Illustration Macro1

    Error: (06/28/2015 02:53:57 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error: (06/28/2015 02:52:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: 30000IPBusEnum

    Error: (06/28/2015 02:52:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: 30000avgwd

    Error: (06/26/2015 07:02:38 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error: (06/25/2015 08:54:58 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error: (06/25/2015 08:53:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: 30000IPBusEnum


    Microsoft Office:
    =========================
    Error: (07/01/2015 06:30:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/30/2015 09:27:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)
    C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE

    Error: (06/30/2015 09:27:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)
    C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE

    Error: (06/30/2015 09:25:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/30/2015 09:02:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/28/2015 10:29:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)
    C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED

    Error: (06/28/2015 10:29:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)
    C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED

    Error: (06/28/2015 08:59:42 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

    Error: (06/28/2015 08:59:41 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

    Error: (06/28/2015 08:47:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    CodeIntegrity Errors:
    ===================================
    Date: 2015-07-01 18:53:21.938
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-07-01 18:53:21.136
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-07-01 18:53:19.953
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-07-01 18:53:19.104
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-07-01 18:52:42.523
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx64.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-07-01 18:52:41.302
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx64.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-07-01 18:52:40.533
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx64.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-07-01 18:52:39.577
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx64.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-07-01 18:52:38.100
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-07-01 18:52:37.119
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
    Percentage of memory in use: 89%
    Total physical RAM: 3036.29 MB
    Available physical RAM: 304.07 MB
    Total Pagefile: 6290.86 MB
    Available Pagefile: 2503.19 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: (Vista64) (Fixed) (Total:286.37 GB) (Free:53.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (USB Disk) (Removable) (Total:0.93 GB) (Free:0.17 GB) FAT

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 298.1 GB) (Disk ID: 97646C29)
    Partition 1: (Not Active) - (Size=11.7 GB) - (Type=1C)
    Partition 2: (Active) - (Size=286.4 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 960 MB) (Disk ID: C3072E18)
    Partition 1: (Active) - (Size=956 MB) - (Type=06)

    ==================== End of log ============================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] You're running three AV programs, MSE, AVG and TrendMicro.
    You must uninstall TWO of them.
    If AVG is one of them use AVG Remover: http://www.avg.com/us-en/utilities

    [​IMG] Uninstall following unwanted programs:

    AnySend
    Download Updater
    FlashBeat
    Games Bot
    Infonaut
    PriceSparrow


    [​IMG]
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  5. Paprika

    Paprika TS Rookie Topic Starter

    Thank you for your quick response.

    Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
    Ran by Owner at 2015-07-01 21:01:01 Run:1
    Running from C:\Users\Owner\Desktop
    Loaded Profiles: Owner (Available Profiles: Owner & Mcx1 & Guest)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\MountPoints2: E - E:\mri.exe
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\MountPoints2: {8b779a55-f148-11e1-bdeb-002618223636} - F:\setup.exe
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\MountPoints2: {b1ec3a20-b68a-11de-89e4-002618223636} - F:\system\viewer\FlipVideoforPC.exe
    ProxyEnable: [S-1-5-21-1906134976-3283670134-1159785014-1000] => Internet Explorer proxy is enabled
    RemoveProxy:
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO-x32: No Name -> {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} -> No File
    Toolbar: HKLM-x32 - No Name - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - No File
    Toolbar: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR HKLM-x32\...\Chrome\Extension: [fealnpfjifonchkodiffbdkfaipmpkhe] - C:\Users\Owner\AppData\Local\Temp\tbch.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [X]
    S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    U2 TMAgent; No ImagePath
    S3 VIAHdAudAddService; system32\drivers\viahduaa.sys [X]
    S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
    2007-06-12 09:34 - 2007-06-12 09:34 - 0035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico
    2008-05-22 08:35 - 2008-05-22 08:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg
    2008-12-23 13:36 - 2008-12-23 13:36 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll
    2009-07-12 05:58 - 2009-07-12 05:58 - 0002029 _____ () C:\Users\Owner\AppData\Roaming\install.dat
    2010-08-03 15:22 - 2010-08-03 15:22 - 0031927 _____ () C:\Users\Owner\AppData\Roaming\UserTile.png
    2009-07-29 15:30 - 2009-07-29 15:30 - 0000000 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
    2009-12-03 14:35 - 2015-04-13 16:14 - 0000680 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
    2009-10-17 14:22 - 2013-11-09 22:07 - 0000732 _____ () C:\Users\Owner\AppData\Local\d3d9caps64.dat
    2009-07-15 19:49 - 2014-12-28 23:02 - 0182784 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-09-08 15:16 - 2012-09-08 15:16 - 0175935 _____ () C:\Users\Owner\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
    2012-09-08 15:16 - 2012-09-08 15:16 - 0000002 _____ () C:\Users\Owner\AppData\Local\dd_dotnetfx35error.txt
    2012-09-08 15:16 - 2012-09-08 15:16 - 0118410 _____ () C:\Users\Owner\AppData\Local\dd_dotnetfx35install.txt
    2011-03-07 17:57 - 2011-03-07 18:00 - 0437700 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI4A20.txt
    2011-03-07 18:00 - 2011-03-07 18:02 - 0442722 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI4C8F.txt
    2012-09-17 20:03 - 2012-09-17 20:19 - 0013188 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI15B2.txt
    2011-03-07 17:57 - 2011-03-07 18:00 - 0019900 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI4A20.txt
    2011-03-07 18:00 - 2011-03-07 18:02 - 0019980 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI4C8F.txt
    2012-09-08 15:16 - 2012-09-08 15:16 - 0001678 _____ () C:\Users\Owner\AppData\Local\uxeventlog.txt
    2010-01-01 19:46 - 2010-01-01 19:46 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2009-08-12 21:13 - 2012-10-30 17:53 - 0002711 _____ () C:\ProgramData\hpzinstall.log
    C:\Users\Owner\AppData\Local\Temp\Uninstall.exe
    CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    Task: {64A77064-A776-4E91-97AC-BFA5909E533F} - System32\Tasks\YLSRN1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2015-06-28] (FlashBeat) <==== ATTENTION
    Task: {B0031747-86A4-4A32-B0A0-AF576B565C38} - System32\Tasks\OHVCFBICKQEFMUBU => C:\ProgramData\Service1291\Service1291.exe [2015-06-28] () <==== ATTENTION
    C:\ProgramData\Service1291
    Task: C:\Windows\Tasks\OHVCFBICKQEFMUBU.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
    Task: C:\Windows\Tasks\YLSRN1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION


    *****************

    "HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => key removed successfully
    "HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b779a55-f148-11e1-bdeb-002618223636}" => key removed successfully
    HKCR\CLSID\{8b779a55-f148-11e1-bdeb-002618223636} => key not found.
    "HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1ec3a20-b68a-11de-89e4-002618223636}" => key removed successfully
    HKCR\CLSID\{b1ec3a20-b68a-11de-89e4-002618223636} => key not found.
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully

    ========= RemoveProxy: =========

    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


    ========= End of RemoveProxy: =========

    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} => value removed successfully
    HKCR\Wow6432Node\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} => key not found.
    HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} => value removed successfully
    HKCR\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} => key not found.
    "HKCR\PROTOCOLS\Handler\skype4com" => key removed successfully
    HKCR\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => key removed successfully
    IpInIp => Service removed successfully
    NAVENG => Service removed successfully
    NAVEX15 => Service removed successfully
    NwlnkFlt => Service removed successfully
    NwlnkFwd => Service removed successfully
    TMAgent => Service removed successfully
    VIAHdAudAddService => Service removed successfully
    WinRing0_1_2_0 => Service removed successfully
    C:\Program Files (x86)\Common Files\ASPG_icon.ico => moved successfully.
    C:\Program Files (x86)\Common Files\banner.jpg => moved successfully.
    C:\Program Files (x86)\Common Files\CPInstallAction.dll => moved successfully.
    C:\Users\Owner\AppData\Roaming\install.dat => moved successfully.
    C:\Users\Owner\AppData\Roaming\UserTile.png => moved successfully.
    C:\Users\Owner\AppData\Roaming\wklnhst.dat => moved successfully.
    C:\Users\Owner\AppData\Local\d3d9caps.dat => moved successfully.
    C:\Users\Owner\AppData\Local\d3d9caps64.dat => moved successfully.
    C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully.
    C:\Users\Owner\AppData\Local\dd_depcheck_NETFX_EXP_35.txt => moved successfully.
    C:\Users\Owner\AppData\Local\dd_dotnetfx35error.txt => moved successfully.
    C:\Users\Owner\AppData\Local\dd_dotnetfx35install.txt => moved successfully.
    C:\Users\Owner\AppData\Local\dd_vcredistMSI4A20.txt => moved successfully.
    C:\Users\Owner\AppData\Local\dd_vcredistMSI4C8F.txt => moved successfully.
    C:\Users\Owner\AppData\Local\dd_vcredistUI15B2.txt => moved successfully.
    C:\Users\Owner\AppData\Local\dd_vcredistUI4A20.txt => moved successfully.
    C:\Users\Owner\AppData\Local\dd_vcredistUI4C8F.txt => moved successfully.
    C:\Users\Owner\AppData\Local\uxeventlog.txt => moved successfully.
    C:\ProgramData\ezsidmv.dat => moved successfully.
    C:\ProgramData\hpzinstall.log => moved successfully.
    "C:\Users\Owner\AppData\Local\Temp\Uninstall.exe" => File/Folder not found.
    "HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
    "HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
    "HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
    "HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
    "HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
    "HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{64A77064-A776-4E91-97AC-BFA5909E533F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64A77064-A776-4E91-97AC-BFA5909E533F}" => key removed successfully
    C:\Windows\System32\Tasks\YLSRN1 => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YLSRN1" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B0031747-86A4-4A32-B0A0-AF576B565C38}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0031747-86A4-4A32-B0A0-AF576B565C38}" => key removed successfully
    C:\Windows\System32\Tasks\OHVCFBICKQEFMUBU => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OHVCFBICKQEFMUBU" => key removed successfully
    C:\ProgramData\Service1291 => moved successfully.
    C:\Windows\Tasks\OHVCFBICKQEFMUBU.job => moved successfully.
    C:\Windows\Tasks\YLSRN1.job => moved successfully.

    ==== End of Fixlog 21:01:03 ====
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Did you complete all other steps from my previous reply?

    How are browsers now?
     
  7. Paprika

    Paprika TS Rookie Topic Starter

    I did, I've removed Microsoft Security Essentials and Trend Micro. Browsers are finally launching again, so far so good! Thank you very much for your help, I appreciate it. Is there any follow up I should proceed with?
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good news :)

    Yes, we need to do some more checking.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...