Inactive Internet connected but browsers won't launch

Status
Not open for further replies.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Owner (administrator) on LEICHTSCHLAMPE on 01-07-2015 18:51:56
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Mcx1 & Guest)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
() C:\Windows\SysWOW64\PSIService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
() C:\Users\Owner\AppData\Roaming\DE812343-1435536936-39DE-9380-002618223636\hnsrB284.tmp
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Maxtor Corporation) C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Program Files (x86)\foobar2000\foobar2000.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.201.366.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [UfSeAgnt.exe] => C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [973952 2008-12-29] (Trend Micro Inc.)
HKLM-x32\...\Run: [mxomssmenu] => C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe [169312 2008-07-21] (Maxtor Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3727824 2015-06-16] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Run: [AVG-Secure-Search-Update_1014av] => C:\Users\Owner\AppData\Roaming\Avg_Update_1014av\AVG-Secure-Search-Update_1014av.exe /PROMPT /mid=dfee0c40a19047cd8057d16f5ec6dfc5-a5c0c81aa7b469c243de0992dbbe0f91d72e9f6e /CMPID=1014av
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Run: [AVG-Secure-Search-Update_1214av] => C:\Users\Owner\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=dfee0c40a19047cd8057d16f5ec6dfc5-a5c0c81aa7b469c243de0992dbbe0f91d72e9f6e /CMPID=1214av
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe [468408 2009-07-21] (Adobe Systems, Inc.)
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 0
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Policies\Explorer: [] 0
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\MountPoints2: E - E:\mri.exe
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\MountPoints2: {8b779a55-f148-11e1-bdeb-002618223636} - F:\setup.exe
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\MountPoints2: {b1ec3a20-b68a-11de-89e4-002618223636} - F:\system\viewer\FlipVideoforPC.exe
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files (x86)\ScreenSaverGift\Nyan Cat\Nyan Cat\Nyan Cat.scr [8320080 2011-05-01] (Axialis Software)
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll [1007616 2015-06-28] (FlashBeat)
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => C:\ProgramData\FlashBeat\FlashBeat32.dll [803840 2015-06-28] (FlashBeat)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009-07-12] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-01] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-01] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-1906134976-3283670134-1159785014-1000] => Internet Explorer proxy is enabled
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/frostwire?o=101676&l=dis
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
SearchScopes: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
SearchScopes: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.a...-4114-917E-0C3BD2A25440&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
SearchScopes: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q={searchTerms}&crm=1
BHO: PriceSparrow BHO -> {2A965DDC-C64C-4562-862B-5EE487A7DEFC} -> C:\Program Files (x86)\pricesparrow\Internet Explorer\pricesparrow64.dll [2015-03-25] ()
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2010-04-28] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: No Name -> {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} -> No File
BHO-x32: PriceSparrow BHO -> {2A965DDC-C64C-4562-862B-5EE487A7DEFC} -> C:\Program Files (x86)\pricesparrow\Internet Explorer\pricesparrow32.dll [2015-03-25] ()
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-10-25] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-10-25] (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - No Name - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - No File
Toolbar: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{9650585C-0E7E-4CE8-9FDB-FC4CF81F8192}: [NameServer] 12.127.17.72
Tcpip\..\Interfaces\{9650585C-0E7E-4CE8-9FDB-FC4CF81F8192}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{D87C6F0D-38AA-4968-96F3-257F1B50CEDC}: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://pusheen.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-23] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-04-16] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2011-07-14] (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll [2013-01-23] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-04-16] (Pando Networks)
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\user.js [2015-06-28]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll [2009-07-07] (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll [2009-07-07] (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-01-13] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\searchplugins\conduit-search.xml [2014-01-27]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\searchplugins\dictionary---referencecom.xml [2009-09-09]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\searchplugins\winamp-search.xml [2010-05-18]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\searchplugins\youtube-video-search.xml [2009-07-18]
FF Extension: PriceSparrow - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\extension@pricesparrow.com [2015-06-28]
FF Extension: Add to Amazon Wish List Button - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\amznUWL2@amazon.com.xpi [2012-03-24]
FF Extension: Tumblr Savior - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\jid1-W5guVoyeUR0uBg@jetpack.xpi [2012-12-24]
FF Extension: Reddit Enhancement Suite - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2012-04-30]
FF Extension: Stylish - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012-06-12]
FF Extension: Adblock Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-10-01]
FF Extension: DownThemAll! - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-10-17]
FF Extension: Greasemonkey - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-06-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-06-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-23]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-15]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-22]
FF HKLM-x32\...\Firefox\Extensions: [fbphotozoom@installdaddy.com] - C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi
FF Extension: No Name - C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi [2012-03-23]

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-19]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-07-02]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-19]
CHR Extension: (XKit) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2013-06-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-03-19]
CHR Extension: (Tumblr Savior) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2013-06-19]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-19]
CHR HKLM-x32\...\Chrome\Extension: [fealnpfjifonchkodiffbdkfaipmpkhe] - C:\Users\Owner\AppData\Local\Temp\tbch.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files (x86)\fbphotozoom\fbphotozoom15.crx [2012-03-23]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-13] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-16] (AVG Technologies CZ, s.r.o.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-12-03] (Macrovision Europe Ltd.) [File not signed]
R2 GamesBotService; C:\Program Files (x86)\Games Bot\GamesBotSvc.exe [53352 2015-06-26] (Games Bot Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 Maxtor Sync Service; C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe [193888 2008-07-21] (Seagate Technology LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [833872 2008-12-29] (Trend Micro Inc.)
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R2 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [564488 2008-12-29] (Trend Micro Inc.)
S2 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [900360 2008-12-29] (Trend Micro Inc.)
R2 vicoqudu; C:\Users\Owner\AppData\Roaming\DE812343-1435536936-39DE-9380-002618223636\hnsrB284.tmp [165376 2015-06-28] () [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [287200 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [224224 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
S3 CRFILTER; C:\Windows\System32\DRIVERS\CRFILTER.sys [7168 2008-04-06] (Generic)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-02] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2008-11-03] ( )
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x64.sys [57856 2009-08-05] (Atheros Communications, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1820672 2008-08-10] ()
R3 SRS_PremiumSound_Service; C:\Windows\System32\drivers\srs_PremiumSound_amd64.sys [339880 2009-01-14] ()
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [96784 2008-12-29] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U2 TMAgent; No ImagePath
S3 VIAHdAudAddService; system32\drivers\viahduaa.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 18:51 - 2015-07-01 18:53 - 00032941 _____ C:\Users\Owner\Desktop\FRST.txt
2015-07-01 18:51 - 2015-07-01 18:52 - 00000000 ____D C:\FRST
2015-07-01 18:50 - 2015-07-01 18:47 - 02112512 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-07-01 18:50 - 2015-07-01 18:47 - 01636352 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2015-06-28 21:18 - 2015-07-01 18:30 - 00000342 ____H C:\Windows\Tasks\OHVCFBICKQEFMUBU.job
2015-06-28 21:18 - 2015-07-01 18:30 - 00000330 _____ C:\Windows\Tasks\YLSRN1.job
2015-06-28 21:18 - 2015-06-28 21:18 - 00003376 _____ C:\Windows\System32\Tasks\OHVCFBICKQEFMUBU
2015-06-28 21:18 - 2015-06-28 21:18 - 00002852 _____ C:\Windows\System32\Tasks\YLSRN1
2015-06-28 21:18 - 2015-06-28 21:18 - 00000000 ____D C:\ProgramData\Service1291
2015-06-28 21:18 - 2015-06-28 21:18 - 00000000 ____D C:\ProgramData\FlashBeat
2015-06-28 21:18 - 2015-06-28 21:18 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-06-28 20:46 - 2015-06-28 20:46 - 00001752 _____ C:\Windows\PFRO.log
2015-06-28 17:49 - 2015-06-28 17:51 - 00000000 ____D C:\Users\Owner\AppData\Local\Games Bot
2015-06-28 17:49 - 2015-06-28 17:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games Bot
2015-06-28 17:49 - 2015-06-28 17:49 - 00000000 ____D C:\Program Files (x86)\Games Bot
2015-06-28 17:28 - 2015-06-28 17:29 - 00000000 ____D C:\Program Files (x86)\Infonaut_1.10.0.14
2015-06-28 17:19 - 2015-06-28 17:21 - 00000000 ____D C:\Users\Owner\AppData\Local\DE812343-1435511952-39DE-9380-002618223636
2015-06-28 17:19 - 2015-06-28 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-06-28 17:18 - 2015-06-28 17:18 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2015-06-28 17:16 - 2015-06-28 17:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DVDVideoSoft
2015-06-28 17:16 - 2006-09-18 14:37 - 00000761 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-06-28 17:15 - 2015-06-30 21:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DE812343-1435536936-39DE-9380-002618223636
2015-06-28 17:15 - 2015-06-28 20:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ASPackage
2015-06-28 17:15 - 2015-06-28 17:15 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-06-28 17:14 - 2015-06-28 17:14 - 00003422 _____ C:\Windows\System32\Tasks\pricesparrowSWU
2015-06-28 17:14 - 2015-06-28 17:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DesktopIconForAmazon
2015-06-28 17:14 - 2015-06-28 17:14 - 00000000 ____D C:\Program Files (x86)\pricesparrow
2015-06-23 20:24 - 2015-06-23 20:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-06 20:53 - 2015-06-30 21:19 - 00000110 _____ C:\Windows\SysWOW64\usergui.cfg
2015-06-06 20:53 - 2015-06-06 20:53 - 00000060 _____ C:\Windows\SysWOW64\userguistate.cfg
2015-06-06 20:53 - 2015-06-06 20:53 - 00000050 _____ C:\Windows\SysWOW64\outlook.cfg
2015-06-06 20:45 - 2015-06-06 20:45 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg
2015-06-06 20:45 - 2015-06-06 20:45 - 00000000 ____D C:\Users\Guest\AppData\Local\Avg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 18:53 - 2006-11-02 05:46 - 00718896 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-01 18:45 - 2009-05-24 19:32 - 01331709 _____ C:\Windows\WindowsUpdate.log
2015-07-01 18:39 - 2014-12-17 12:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-01 18:37 - 2010-08-02 23:36 - 00000000 ____D C:\Users\Owner\AppData\Roaming\foobar2000
2015-07-01 18:35 - 2014-11-18 19:12 - 00000000 ____D C:\ProgramData\MFAData
2015-07-01 18:31 - 2014-12-17 12:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-01 18:31 - 2009-05-24 20:30 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2015-07-01 18:30 - 2006-11-02 08:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-01 18:30 - 2006-11-02 08:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-01 18:29 - 2006-11-02 08:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-30 21:31 - 2006-11-02 08:42 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-30 21:19 - 2015-01-16 23:06 - 00000649 _____ C:\Windows\SysWOW64\userawacs.cfg
2015-06-30 21:18 - 2014-11-18 20:31 - 00000835 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-06-30 21:18 - 2014-11-18 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-06-30 21:02 - 2014-11-18 20:27 - 00000000 ____D C:\ProgramData\AVG2015
2015-06-28 21:59 - 2009-10-05 11:56 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1906134976-3283670134-1159785014-1000UA.job
2015-06-28 21:56 - 2012-07-26 12:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-28 20:46 - 2012-05-04 14:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-28 18:59 - 2014-09-03 22:56 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-28 18:59 - 2014-05-12 23:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Azureus
2015-06-28 18:59 - 2012-02-22 21:47 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Media Player Classic
2015-06-28 18:57 - 2012-08-16 19:35 - 00000000 ____D C:\Windows\Minidump
2015-06-28 18:35 - 2012-09-17 20:22 - 00000000 ____D C:\ProgramData\Vizzed
2015-06-28 15:02 - 2009-10-05 11:56 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1906134976-3283670134-1159785014-1000Core.job
2015-06-26 20:10 - 2011-08-18 17:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-26 20:10 - 2010-01-01 19:42 - 00000000 ____D C:\ProgramData\Skype
2015-06-26 20:09 - 2011-04-17 02:27 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2015-06-23 20:57 - 2012-07-26 12:56 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-23 20:57 - 2012-05-01 10:34 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-23 20:57 - 2012-02-06 18:59 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-22 13:43 - 2014-12-17 12:42 - 00001988 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2007-06-12 09:34 - 2007-06-12 09:34 - 0035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico
2008-05-22 08:35 - 2008-05-22 08:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg
2008-12-23 13:36 - 2008-12-23 13:36 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2009-07-12 05:58 - 2009-07-12 05:58 - 0002029 _____ () C:\Users\Owner\AppData\Roaming\install.dat
2010-08-03 15:22 - 2010-08-03 15:22 - 0031927 _____ () C:\Users\Owner\AppData\Roaming\UserTile.png
2009-07-29 15:30 - 2009-07-29 15:30 - 0000000 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2009-12-03 14:35 - 2015-04-13 16:14 - 0000680 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2009-10-17 14:22 - 2013-11-09 22:07 - 0000732 _____ () C:\Users\Owner\AppData\Local\d3d9caps64.dat
2009-07-15 19:49 - 2014-12-28 23:02 - 0182784 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-08 15:16 - 2012-09-08 15:16 - 0175935 _____ () C:\Users\Owner\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2012-09-08 15:16 - 2012-09-08 15:16 - 0000002 _____ () C:\Users\Owner\AppData\Local\dd_dotnetfx35error.txt
2012-09-08 15:16 - 2012-09-08 15:16 - 0118410 _____ () C:\Users\Owner\AppData\Local\dd_dotnetfx35install.txt
2011-03-07 17:57 - 2011-03-07 18:00 - 0437700 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI4A20.txt
2011-03-07 18:00 - 2011-03-07 18:02 - 0442722 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI4C8F.txt
2012-09-17 20:03 - 2012-09-17 20:19 - 0013188 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI15B2.txt
2011-03-07 17:57 - 2011-03-07 18:00 - 0019900 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI4A20.txt
2011-03-07 18:00 - 2011-03-07 18:02 - 0019980 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI4C8F.txt
2012-09-08 15:16 - 2012-09-08 15:16 - 0001678 _____ () C:\Users\Owner\AppData\Local\uxeventlog.txt
2010-01-01 19:46 - 2010-01-01 19:46 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-08-12 21:13 - 2012-10-30 17:53 - 0002711 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-01 18:35

==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Owner at 2015-07-01 18:55:26
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1906134976-3283670134-1159785014-500 - Administrator - Disabled)
Guest (S-1-5-21-1906134976-3283670134-1159785014-501 - Limited - Enabled) => C:\Users\Guest
Mcx1 (S-1-5-21-1906134976-3283670134-1159785014-1003 - Administrator - Enabled) => C:\Users\Mcx1
Owner (S-1-5-21-1906134976-3283670134-1159785014-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Trend Micro AntiVirus (Disabled - Up to date) {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Microsoft Security Essentials (Enabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
AS: Trend Micro AntiVirus (Disabled - Up to date) {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3ivx MPEG-4 5.0.2 (remove only) (HKLM-x32\...\3ivx MPEG-4 5.0.2) (Version: 5.0.2 - 3ivx Technologies, Pty. Ltd.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.)
Adobe Reader X (10.1.6) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (x32 Version: 82.0.233.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 82.0.233.000 - Hewlett-Packard) Hidden
AIO_CDA_ToolboxIni64 (Version: 82.0.233.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden
AmIcoSingLun (HKLM-x32\...\InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}) (Version: 1.1.104.1 - Alcor Micro Co., Ltd.)
AmIcoSingLun (x32 Version: 1.1.104.1 - Alcor Micro Co., Ltd.) Hidden
AnySend (HKLM-x32\...\ASPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION!
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{963BFE7E-C350-4346-B43C-B02358306A45}) (Version: 3.3.0.69 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.3 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0011 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0010 - ASUS)
ASUS FancyStart (HKLM-x32\...\{567C654B-7FE9-4970-8323-56E8191D1941}) (Version: 1.0.2 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.18 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.7 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0018 - )
ASUS Power4Gear Hybrid (HKLM\...\{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}) (Version: 1.1.10 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0006 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0025 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.13 - ASUS)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.5 - Atheros Communications Inc.)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0049 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0002 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0003 - ASUS)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6037 - AVG Technologies)
AVG 2015 (Version: 15.0.4365 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6037 - AVG Technologies) Hidden
Babyz (HKLM-x32\...\Babyz) (Version: - )
baretorrent (HKLM-x32\...\baretorrent) (Version: 0.4.4 - )
BufferChm (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
C3100 (x32 Version: 82.0.233.000 - Hewlett-Packard) Hidden
c3100_Help (x32 Version: 82.0.233.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{3F4BA3A2-7BE0-48EA-B4BC-CA4D842A409A}) (Version: 2.2.9 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{934B3B19-8193-467A-B356-E73F82647D38}) (Version: 1.0.15 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{BAD1449B-DF0C-4118-B76D-68C54009576C}) (Version: 1.1.2 - Cisco Systems, Inc.)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 82.0.188.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Desktop Icon für Amazon (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 (de) - CHIP.de)
Destinations (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.5 - DivX, LLC)
DocProc (x32 Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTION
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
ETDWare PS/2-x64 7.0.5.1 WHQL (HKLM\...\Elantech) (Version: - )
Fax (x32 Version: 82.0.188.000 - Hewlett-Packard) Hidden
Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version: - Scott Cawthon)
Five Nights at Freddy's 2 (HKLM-x32\...\Steam App 332800) (Version: - Scott Cawthon)
FlashBeat (HKLM-x32\...\FlashBeat) (Version: - ) <==== ATTENTION!
foobar2000 v1.0.3 (HKLM-x32\...\foobar2000) (Version: 1.0.3 - Peter Pawlowski)
Forum Terminal (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Forum Terminal)
Free YouTube to MP3 Converter version 3.12.59.616 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.616 - DVDVideoSoft Ltd.)
Games Bot (HKLM-x32\...\Games Bot) (Version: 186.0.0.578 - CLICK YES BELOW LP) <==== ATTENTION
Geek Squad 24 Hour Computer Support (HKLM-x32\...\{F204E2B3-225D-419D-A5DE-3F97E8ADDD1B}) (Version: 2.1.322 - LogMeIn, Inc.)
GiPo@MoveOnBoot 1.9.5 (HKLM-x32\...\{9F185C48-595B-401A-A1D6-AAB324890DC4}) (Version: 1.9.5 - Igor J. Artemov, Gibin Software House)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hatoful Boyfriend (HKLM-x32\...\Steam App 310080) (Version: - Mediatonic)
Hello Kitty Cutie World (HKLM-x32\...\{E3F2EC51-4473-4535-BEE4-01B8B39ACEF7}) (Version: - )
HF pAppLoc version 1.0 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.0 - Inquisitor)
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photosmart Essential (HKLM-x32\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart.All-In-One Driver Software 8.0 .A (HKLM\...\{282E5AB2-8E47-4571-B6FA-6B512555B557}) (Version: 8.0 - HP)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
IBM ViaVoice Command and Control Runtime 5.3 (HKLM-x32\...\DeleteProdRunControl_US) (Version: - )
Infonaut 1.10.0.14 (HKLM-x32\...\Infonaut_1.10.0.14) (Version: 1.10.0.14 - Infonaut) <==== ATTENTION
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation)
Java(TM) 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
Java(TM) 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LightScribe System Software 1.14.17.1 (HKLM-x32\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
LoJack Factory Installer (HKLM-x32\...\InstallShield_{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}) (Version: 1.00.0029 - Absolute Software Corporation)
LoJack Factory Installer (x32 Version: 1.00.0029 - Absolute Software Corporation) Hidden
Lone Survivor: The Director's Cut (HKLM-x32\...\Steam App 209830) (Version: - Jasper Byrne)
MarketResearch (x32 Version: 82.0.174.000 - Hewlett-Packard) Hidden
Maxtor Manager (HKLM-x32\...\InstallShield_{4D36E953-4456-4F8F-BC44-90BC4AA59889}) (Version: 4.02.0303 - Seagate Technology)
Maxtor Manager (HKLM-x32\...\InstallShield_{F5F75BE6-C2D9-40C3-8807-1026D9BE9944}) (Version: 4.02.0218 - Seagate Technology)
Maxtor Manager (x32 Version: 4.02.0303 - Seagate Technology) Hidden
Media Player Classic - Home Cinema 1.6.0.4014 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.0.4014 - MPC-HC Team)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.1.522.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\USB Mass Storage Filter Driver) (Version: 1.01.0000.00 - )
Multimedia Card Reader (x32 Version: 1.01.0000.00 - ) Hidden
myPhotoMovie (remove only) (HKLM-x32\...\AVCPhotoStudio_Wrapper) (Version: 1.5.0.170 - aVinci Media, LC)
NB Probe (HKLM-x32\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version: - )
Net4Switch (HKLM-x32\...\{9D6D7811-43B3-463C-BC79-5D1755269989}) (Version: 1.00.0016 - ASUS)
Oregon Trail 5th Edition (HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Oregon Trail 5th Edition) (Version: - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.5.6 - Pando Networks Inc.)
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
PetzA 2.2.4 (HKLM-x32\...\PetzA_is1) (Version: - Sherlock Software)
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power Drill Massacre version 0.04 (HKLM-x32\...\{98F8A8BF-B6FE-4A16-9737-9B8154BF8E8F}_is1) (Version: 0.04 - Vague Scenario)
PriceSparrow (HKLM-x32\...\{2A965DDC-C64C-4562-862B-5EE487A7DEFC}) (Version: 1.4.42 - Adspired GmbH) <==== ATTENTION
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Scan (x32 Version: 8.1.0.0 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 82.0.188.000 - Hewlett-Packard) Hidden
SRS Premium Sound (HKLM\...\{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}) (Version: 1.08.1300 - SRS Labs, Inc.)
Status (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
System Requirements Lab for Intel (HKLM-x32\...\{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}) (Version: 4.5.11.0 - Husdawg, LLC)
They Bleed Pixels (HKLM-x32\...\Steam App 211260) (Version: - Spooky Squid Games Inc.)
Toolbox (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 82.0.188.000 - Hewlett-Packard) Hidden
Trend Micro AntiVirus (HKLM\...\{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}) (Version: 17.0 - Trend Micro Inc.)
Trend Micro AntiVirus (Version: 17.0 - Trend Micro Inc.) Hidden
UnloadSupport (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WebReg (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
White Day (HKLM-x32\...\White Day) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4040.0 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version: - )
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.6 - ASUS)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version: - DOSBox Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

13-05-2015 22:10:56 Windows Update
17-05-2015 23:48:58 Windows Update
29-05-2015 12:55:35 Windows Update
01-06-2015 15:21:12 Scheduled Checkpoint
01-06-2015 16:30:20 Windows Update
06-06-2015 20:48:03 Windows Update
10-06-2015 00:17:28 Windows Update
16-06-2015 22:09:45 Windows Update
19-06-2015 22:59:54 Windows Update
23-06-2015 20:13:11 Windows Update
26-06-2015 20:06:54 Removed Skype(TM) 7.3
28-06-2015 15:02:23 Windows Update
28-06-2015 18:20:36 Removed Vizzed Retro Game Room
01-07-2015 18:41:57 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:34 - 2006-09-18 14:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D53AF73-54A8-48AC-8CEC-0CC459A29D43} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1906134976-3283670134-1159785014-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {21A031CC-992C-4AA7-B256-EBAD30C1DAE7} - System32\Tasks\{62EB4663-E7C5-4235-8221-C4433E157052} => Chrome.exe http://ui.skype.com/ui/0/5.8.0.158/en/abandoninstall?page=tsProgressBar
Task: {335C39E5-190E-45F7-B6E9-55304055D1F2} - System32\Tasks\Net4Switch => C:\Program Files\ASUS\Net4Switch\Net4Switch.exe [2007-11-20] (ASUS)
Task: {472BCCF6-AB9C-43FB-80B0-B44A161EE9EA} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {55752833-663B-4150-AB0D-9F1C5271EAF0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
Task: {5E7F1525-AA85-4083-B802-6265A076A803} - System32\Tasks\{E4FA6C71-D5DF-4EC3-A81E-0B04EEB70370} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {6465EEA3-6C67-402D-A952-DE3A770B3488} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1906134976-3283670134-1159785014-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {64A77064-A776-4E91-97AC-BFA5909E533F} - System32\Tasks\YLSRN1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2015-06-28] (FlashBeat) <==== ATTENTION
Task: {7078B95A-0A68-425A-A14F-569DE3D88D1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
Task: {958078A8-1C8C-4AF6-8787-EB8B687483DF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1906134976-3283670134-1159785014-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {97DC6B77-1C72-48E7-BCFE-3B8D7D68EBDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)
Task: {987C2F0A-4BBF-4C79-B2DF-E728526A9EC7} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {9D52542F-ADD4-4E8F-A21A-8038AD5E3497} - System32\Tasks\{B6ACA2C9-905C-4459-874E-FBEE64C9ECEB} => pcalua.exe -a E:\setup.exe -d E:\
Task: {A8DC2B60-F006-4C72-97C2-99571803DC5D} - System32\Tasks\pricesparrowSWU => Cscript.exe "C:\Program Files (x86)\pricesparrow\Internet Explorer\swu.vbs"
Task: {B0031747-86A4-4A32-B0A0-AF576B565C38} - System32\Tasks\OHVCFBICKQEFMUBU => C:\ProgramData\Service1291\Service1291.exe [2015-06-28] () <==== ATTENTION
Task: {BDF874D8-67D7-42B5-93FC-771CA8C5A364} - System32\Tasks\{C60419D1-E21C-433F-8595-AC20A271FAA1} => Chrome.exe http://ui.skype.com/ui/0/6.20.0.104/ja/eula?source=lightinstaller
Task: {C0BAA666-B87B-4851-B12A-C1E43BF0AFB5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1906134976-3283670134-1159785014-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {C1BC3A3C-75DD-4D50-98B5-F8398764E905} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-03-18] (ASUS)
Task: {C7469627-43B4-4D5F-8557-828A89BF5A39} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2008-12-09] (ASUS)
Task: {C8C70615-9D9A-48D9-A8ED-501AB4AF7D20} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Owner => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {F2646FBA-F839-4D09-A0C9-FE208A788E6A} - System32\Tasks\ASUS P4G => C:\Program files\P4G\BatteryLife.exe [2008-11-26] (ATK)
Task: {F4F49E04-1A8E-42D2-9037-488BAC781123} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-20] (Microsoft Corporation)
Task: {FA55FC0F-BD36-4026-8DE7-44102176536B} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1906134976-3283670134-1159785014-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1906134976-3283670134-1159785014-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\OHVCFBICKQEFMUBU.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\Windows\Tasks\YLSRN1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============

2008-08-13 20:59 - 2008-08-13 20:59 - 00100920 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
2009-05-24 20:23 - 2007-08-08 00:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2007-09-11 01:45 - 2007-09-11 01:45 - 00124832 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2008-12-29 04:18 - 2008-12-29 04:18 - 00207144 _____ () C:\Program Files\Trend Micro\Internet Security\UfPack.dll
2009-07-19 15:07 - 2007-08-03 12:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2015-06-28 17:16 - 2015-06-28 17:16 - 00165376 _____ () C:\Users\Owner\AppData\Roaming\DE812343-1435536936-39DE-9380-002618223636\hnsrB284.tmp
2009-05-24 20:25 - 2007-11-30 11:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2008-08-20 17:43 - 2008-08-20 17:43 - 00019456 _____ () C:\Program files\P4G\DevMng.dll
2008-10-30 19:32 - 2008-10-30 19:32 - 00016384 _____ () C:\Program files\P4G\OvrClk.dll
2009-05-24 20:23 - 2007-03-09 18:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2007-06-15 10:28 - 2007-06-15 10:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-01 16:52 - 2007-06-01 16:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2009-07-29 15:55 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2008-08-13 20:59 - 2008-08-13 20:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
2008-09-30 23:02 - 2008-09-30 23:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-02-06 16:13 - 2009-02-06 16:13 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-04-29 07:43 - 2010-04-29 07:43 - 01782272 _____ () C:\Program Files (x86)\foobar2000\foobar2000.exe
2015-06-26 02:10 - 2015-06-26 02:10 - 00109160 _____ () C:\Program Files (x86)\Games Bot\Modules\Base.dll
2015-06-26 02:11 - 2015-06-26 02:11 - 00041576 _____ () C:\Program Files (x86)\Games Bot\Modules\inws.dll
2015-06-26 02:11 - 2015-06-26 02:11 - 00058984 _____ () C:\Program Files (x86)\Games Bot\Modules\ups.dll
2009-07-19 15:07 - 2007-09-14 10:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
2009-07-19 15:07 - 2003-11-28 02:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
2009-07-19 15:07 - 2005-08-29 15:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
2009-07-19 15:07 - 2003-09-09 16:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
2009-07-19 15:07 - 2006-04-04 10:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
2009-07-19 15:07 - 2005-04-07 19:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
2015-06-26 02:10 - 2015-06-26 02:10 - 00039528 _____ () C:\Program Files (x86)\Games Bot\Modules\alzm.dll
2015-06-26 02:11 - 2015-06-26 02:11 - 00118376 _____ () C:\Program Files (x86)\Games Bot\Modules\brs.dll
2015-06-26 02:11 - 2015-06-26 02:11 - 00092776 _____ () C:\Program Files (x86)\Games Bot\Modules\cmd.dll
2015-06-26 02:11 - 2015-06-26 02:11 - 00096872 _____ () C:\Program Files (x86)\Games Bot\Modules\sipc.dll
2015-06-26 02:11 - 2015-06-26 02:11 - 00056424 _____ () C:\Program Files (x86)\Games Bot\Modules\wdm.dll
2009-07-19 15:06 - 2007-07-24 14:41 - 00049152 _____ () C:\Program Files\ASUS\Net4Switch\ResItf.dll
2009-07-19 15:06 - 2006-12-06 16:42 - 00094208 _____ () C:\Program Files\ASUS\Net4Switch\cxcmrt.dll
2009-07-19 15:06 - 2007-09-06 14:05 - 00081920 _____ () C:\Program Files\ASUS\Net4Switch\ipswobj.dll
2009-07-19 15:06 - 2007-08-02 09:53 - 00053248 _____ () C:\Program Files\ASUS\Net4Switch\ipswresmgr.dll
2009-07-19 15:06 - 2006-12-06 16:55 - 00053248 _____ () C:\Program Files\ASUS\Net4Switch\ipswhlp.dll
2009-07-19 15:06 - 2006-12-09 09:34 - 00139264 _____ () C:\Program Files\ASUS\Net4Switch\ipsw_cfgmgr.dll
2009-07-19 15:06 - 2006-12-06 16:55 - 00086016 _____ () C:\Program Files\ASUS\Net4Switch\ipswds.dll
2009-07-19 15:06 - 2007-05-14 11:10 - 00061440 _____ () C:\Program Files\ASUS\Net4Switch\ipswgblset.dll
2009-07-19 15:06 - 2007-05-14 14:07 - 00009728 _____ () C:\Program Files\ASUS\Net4Switch\LogonStartup.dll
2009-07-19 15:06 - 2007-11-19 13:54 - 00188416 ____N () C:\Program Files\ASUS\Net4Switch\ipswsysmon.dll
2009-07-19 15:06 - 2006-12-07 09:29 - 00007168 _____ () C:\Program Files\ASUS\Net4Switch\iphelper.dll
2009-07-19 15:06 - 2007-11-19 11:11 - 00208896 _____ () C:\Program Files\ASUS\Net4Switch\ipswcore.dll
2009-07-19 15:06 - 2007-06-19 11:38 - 00208896 _____ () C:\Program Files\ASUS\Net4Switch\ipswui.dll
2010-04-29 05:34 - 2010-04-29 05:34 - 00148480 _____ () C:\Program Files (x86)\foobar2000\shared.dll
2010-04-29 05:35 - 2010-04-29 05:35 - 01340928 _____ () C:\Program Files (x86)\foobar2000\components\foo_input_std.dll
2010-04-29 05:35 - 2010-04-29 05:35 - 00281088 _____ () C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll
2010-04-29 05:35 - 2010-04-29 05:35 - 00295424 _____ () C:\Program Files (x86)\foobar2000\components\foo_cdda.dll
2010-04-29 05:35 - 2010-04-29 05:35 - 00299520 _____ () C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll
2010-04-29 05:35 - 2010-04-29 05:35 - 00363520 _____ () C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll
2010-04-29 05:35 - 2010-04-29 05:35 - 00441856 _____ () C:\Program Files (x86)\foobar2000\components\foo_converter.dll
2010-04-29 05:35 - 2010-04-29 05:35 - 01085440 _____ () C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
2015-06-28 17:50 - 2015-03-26 07:39 - 08569856 _____ () C:\Users\Owner\AppData\Local\Games Bot\Explore\pdf.dll
2015-06-28 17:51 - 2015-03-26 07:18 - 00324608 _____ () C:\Users\Owner\AppData\Local\Games Bot\Explore\ppGoogleNaClPluginChrome.dll
2015-06-28 17:50 - 2015-03-26 07:14 - 00880128 _____ () C:\Users\Owner\AppData\Local\Games Bot\Explore\ffmpegsumo.dll
2015-06-28 17:50 - 2014-09-22 21:07 - 14891848 _____ () C:\Users\Owner\AppData\Local\Games Bot\Explore\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\vizzed.com -> www.vizzed.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 12.127.17.72

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: ETDWare => C:\Program Files\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: MRIPEUndo => "E:\mri.exe" /undopeboot
MSCONFIG\startupreg: PeerBlock => C:\Program Files\PeerBlock\peerblock.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Rainlendar2 => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles(x86)%\Windows Defender\MSASCui.exe -hide

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) C:\Windows\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) C:\Windows\system32\dfsr.exe
FirewallRules: [WMPNSS-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-In-TCP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [{74AAFA7C-FC79-47B4-A0ED-07D6F4892EBB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{58FC896C-1C27-4B8C-B720-EDF349EF776E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8D6C222B-B496-4DA6-99BA-5A9F5227F514}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [{C68D42CC-CF20-4DDD-AA49-BDBCF47B8498}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [{65CF6B53-6F51-43E0-9F90-B6B264C3AB5B}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [{2C8276A3-1B10-4BDE-A446-07ACA03EFE31}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{DE5B7A4D-53C4-4C64-BEA4-AFA8149F16D2}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{658C4C4A-1E9B-45C6-A208-03526BCE0885}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{2D4D61FF-1E72-4EC6-A56D-C427EBA0B244}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [{5B0C71BD-D759-4F64-92D2-34107560B851}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [{302C6480-DCF1-4C20-AEA2-FACFBA350D5A}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [{5AB1B031-0411-4E2B-B43D-5313782D1DD4}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{C980ABE6-FD79-4912-B10F-3D517A59D860}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{D4DF55EE-EAE9-4B95-808F-6D7C3DF2E5EB}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{6E56F4BD-FB22-4511-8265-191690579FD5}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [{16A58F57-6B7C-4FFE-9432-9E5F530B1200}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [{6FEA2AFC-342D-4757-9EC2-7754D4D2BA0D}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [{EDA25FA7-BDB5-458E-8AD4-94306572C6B1}] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [{AAEFCD38-9873-4B31-8C7F-541D1196A861}] => (Allow) C:\Windows\system32\dfsr.exe
FirewallRules: [{0D1FD8F3-4842-468B-9391-FB1DAD6AE7AF}] => (Allow) C:\Windows\system32\dfsr.exe
FirewallRules: [{C6B64F05-09FF-4B1E-B9AF-B0041BE8133F}] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
FirewallRules: [{54A532C7-B093-4B45-A637-4B101A4C64E1}] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
FirewallRules: [{2F4789BA-FE82-4943-B15B-D1AFD1DF9A60}] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
FirewallRules: [{364C4EF5-B534-4F61-A2E8-223192C43123}] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
FirewallRules: [TCP Query User{3D9467B3-6AA4-428D-B730-F04ABF542BF5}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{0A82A1EF-29CB-467D-96FD-7E69A53744CF}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [{A47AD778-C0DC-49E6-BE21-CF5A961E5C46}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{E4AA2A5D-2727-415C-A9B2-3454CEE6C981}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{02845FFD-5AFA-4C0A-9CC7-9628742D40BE}] => (Allow) LPort=80
FirewallRules: [{E2B4E8C0-3CF3-483C-898E-89B94CA7581A}] => (Allow) LPort=80
FirewallRules: [{27D7A9CF-CEC1-4F29-93F2-4095563724EF}] => (Allow) LPort=80
FirewallRules: [{812E5792-8B8A-4AD5-80DE-98309B8B62AA}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{679AE28D-C4B2-48B7-9492-C2097E831D59}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{E73F1376-254C-4913-9429-52C2C64FE192}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{454C656E-538C-4F9B-B67A-EDB9DF50A434}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{CCE08E58-0286-45F1-AD72-53390312BEC8}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{DFC72E82-B9B0-46B3-98E0-316D73CB0640}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{C21B648E-1A1F-4503-B2A1-F1C7EE0BE696}] => (Allow) C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{DF2BBD8D-63AA-4C10-842E-4ADE8B75C721}] => (Allow) C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [TCP Query User{0D9F54D4-09A9-433A-BC34-B8C3C1504FF6}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{9C6F6A0F-ACCD-4035-ABB8-926E4C99F05E}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{AF7767E7-BD82-4B5E-9CAC-41EBC1AD26F8}C:\users\owner\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\owner\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{CBD8A0CF-46A6-41EC-B248-71E3F806E20A}C:\users\owner\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\owner\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{7C7ACC74-5DA8-45D2-91A2-CBBD416E877C}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{F68869F6-6322-42F9-9758-A3847004373E}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{7D63435D-B407-4391-A903-D6605DC31C15}C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe] => (Allow) C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe
FirewallRules: [UDP Query User{D8311914-E86A-4D1D-AB37-ED359D18A732}C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe] => (Allow) C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe
FirewallRules: [{703641C2-52DD-4357-9DAC-0AACD68053E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sega classics\SEGAGenesisClassics.exe
FirewallRules: [{00D78EE7-615C-41CE-B6F2-53D1A4A78597}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sega classics\SEGAGenesisClassics.exe
FirewallRules: [TCP Query User{1CDDF8EC-4DC9-4EEF-A6D5-695968C5F4EE}C:\program files (x86)\steam\steamapps\droppedsomecaps\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\droppedsomecaps\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{DE84D4E6-57E5-4729-90AB-020808F88FAD}C:\program files (x86)\steam\steamapps\droppedsomecaps\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\droppedsomecaps\team fortress 2\hl2.exe
FirewallRules: [{7C67C502-F2B6-4277-9E2A-69A735ECD19D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\they bleed pixels\They Bleed Pixels PC.exe
FirewallRules: [{C33FD844-3E62-4D58-A129-9FFE61A64296}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\they bleed pixels\They Bleed Pixels PC.exe
FirewallRules: [TCP Query User{1C85A9EF-3BFA-4E18-9BC5-9D59AFD2282E}C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe] => (Allow) C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe
FirewallRules: [UDP Query User{486BC0A6-60F8-445C-B543-ED0F053BE540}C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe] => (Allow) C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe
FirewallRules: [{E27DA105-3EB5-492A-9B61-4C5040044BC9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6964605E-DBE1-4A54-B9C4-65E1E8E39CC7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{FF07105C-288D-4244-8F97-F50F928FFA4A}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
FirewallRules: [UDP Query User{89919CE1-8EBB-4E6C-9B96-82CF2EC17712}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
FirewallRules: [{DD3969FF-5150-417A-B8FA-4A40E79C7137}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{BE421B27-0A7A-47B2-AF59-CF8207AC6FD6}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [TCP Query User{3325C386-BC5F-4F38-A7F3-1C88BBBD28C6}C:\program files\baretorrent\baretorrent.exe] => (Allow) C:\program files\baretorrent\baretorrent.exe
FirewallRules: [UDP Query User{AF2C969C-0DE6-4498-8293-960565D199AD}C:\program files\baretorrent\baretorrent.exe] => (Allow) C:\program files\baretorrent\baretorrent.exe
FirewallRules: [{713DBC29-0954-491D-9DDB-E5B1FE9CE711}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E2A3AB06-4A7B-4C61-A567-E09D2B3CD497}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3F31374E-350A-4013-81AA-1AC5D848019F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{6E986734-DEED-491A-92FF-C611732B8A40}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{EA94CBC6-6FB5-4A13-ADF8-D6143626842F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{74901858-4095-4C0F-8D44-0BC301C6E3C8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{7FD1E092-B976-4151-B8B7-47CB2345D874}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's 2\FiveNightsatFreddys2.exe
FirewallRules: [{EF9447D5-30B5-4DE0-A728-9AA5962ED6FF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's 2\FiveNightsatFreddys2.exe
FirewallRules: [{F8317CFC-94C3-4074-A9BC-45EE2DE463D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lone Survivor\LoneSurvivor\LoneSurvivor.exe
FirewallRules: [{F28B397E-7490-4B82-BD8D-2E801178F6D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lone Survivor\LoneSurvivor\LoneSurvivor.exe
FirewallRules: [{B0803FE2-B6F4-4D75-83AC-E1A08EDE24FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hatoful Boyfriend\hatoful.exe
FirewallRules: [{78B5FA62-ED5D-43EB-8482-33BAB053E488}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hatoful Boyfriend\hatoful.exe
FirewallRules: [{CA730AFA-56C3-45C7-8042-CFEDB6A9477D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D6D8D009-D469-4032-9AC6-22169155A618}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D2A900EC-B1A8-4CE7-ACE8-8741D3F43BD6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A25401E8-5129-43A0-8962-DAC1F2BE8526}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{97663D74-B4CC-40D5-89A1-1B3C81C08AE4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{B91BB90C-88DF-4DCA-A249-FBC0D3174082}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{238C0A20-963A-48E7-9AA5-A3203B7A2F46}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{4ECDBA95-55B0-457D-9787-9DA83382779D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{0C58362A-F417-48C2-B918-6811F34C66B3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2015 06:30:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2015 09:27:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (06/30/2015 09:27:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (06/30/2015 09:25:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2015 09:02:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2015 10:29:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (06/28/2015 10:29:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (06/28/2015 08:59:42 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/28/2015 08:59:41 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/28/2015 08:47:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/30/2015 09:22:55 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.201.366.0

Update Source: %NT AUTHORITY59

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/30/2015 09:18:37 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVGIDSAgent3758213661 (0xE001CA1D)

Error: (06/30/2015 09:02:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Typewriter High Resolution1

Error: (06/30/2015 09:02:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Illustration Macro1

Error: (06/28/2015 02:53:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (06/28/2015 02:52:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000IPBusEnum

Error: (06/28/2015 02:52:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000avgwd

Error: (06/26/2015 07:02:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (06/25/2015 08:54:58 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (06/25/2015 08:53:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000IPBusEnum


Microsoft Office:
=========================
Error: (07/01/2015 06:30:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2015 09:27:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE

Error: (06/30/2015 09:27:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\ACTIVE

Error: (06/30/2015 09:25:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2015 09:02:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2015 10:29:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED

Error: (06/28/2015 10:29:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED

Error: (06/28/2015 08:59:42 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (06/28/2015 08:59:41 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (06/28/2015 08:47:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2015-07-01 18:53:21.938
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-01 18:53:21.136
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-01 18:53:19.953
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-01 18:53:19.104
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-01 18:52:42.523
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx64.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-01 18:52:41.302
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx64.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-01 18:52:40.533
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx64.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-01 18:52:39.577
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx64.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-01 18:52:38.100
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-01 18:52:37.119
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 89%
Total physical RAM: 3036.29 MB
Available physical RAM: 304.07 MB
Total Pagefile: 6290.86 MB
Available Pagefile: 2503.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Vista64) (Fixed) (Total:286.37 GB) (Free:53.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (USB Disk) (Removable) (Total:0.93 GB) (Free:0.17 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 97646C29)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=1C)
Partition 2: (Active) - (Size=286.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 960 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=956 MB) - (Type=06)

==================== End of log ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

redtarget.gif
You're running three AV programs, MSE, AVG and TrendMicro.
You must uninstall TWO of them.
If AVG is one of them use AVG Remover: http://www.avg.com/us-en/utilities

redtarget.gif
Uninstall following unwanted programs:

AnySend
Download Updater
FlashBeat
Games Bot
Infonaut
PriceSparrow


redtarget.gif

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    5.6 KB · Views: 1
Thank you for your quick response.

Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Owner at 2015-07-01 21:01:01 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Mcx1 & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\MountPoints2: E - E:\mri.exe
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\MountPoints2: {8b779a55-f148-11e1-bdeb-002618223636} - F:\setup.exe
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\MountPoints2: {b1ec3a20-b68a-11de-89e4-002618223636} - F:\system\viewer\FlipVideoforPC.exe
ProxyEnable: [S-1-5-21-1906134976-3283670134-1159785014-1000] => Internet Explorer proxy is enabled
RemoveProxy:
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: No Name -> {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} -> No File
Toolbar: HKLM-x32 - No Name - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - No File
Toolbar: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR HKLM-x32\...\Chrome\Extension: [fealnpfjifonchkodiffbdkfaipmpkhe] - C:\Users\Owner\AppData\Local\Temp\tbch.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U2 TMAgent; No ImagePath
S3 VIAHdAudAddService; system32\drivers\viahduaa.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
2007-06-12 09:34 - 2007-06-12 09:34 - 0035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico
2008-05-22 08:35 - 2008-05-22 08:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg
2008-12-23 13:36 - 2008-12-23 13:36 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2009-07-12 05:58 - 2009-07-12 05:58 - 0002029 _____ () C:\Users\Owner\AppData\Roaming\install.dat
2010-08-03 15:22 - 2010-08-03 15:22 - 0031927 _____ () C:\Users\Owner\AppData\Roaming\UserTile.png
2009-07-29 15:30 - 2009-07-29 15:30 - 0000000 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2009-12-03 14:35 - 2015-04-13 16:14 - 0000680 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2009-10-17 14:22 - 2013-11-09 22:07 - 0000732 _____ () C:\Users\Owner\AppData\Local\d3d9caps64.dat
2009-07-15 19:49 - 2014-12-28 23:02 - 0182784 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-08 15:16 - 2012-09-08 15:16 - 0175935 _____ () C:\Users\Owner\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2012-09-08 15:16 - 2012-09-08 15:16 - 0000002 _____ () C:\Users\Owner\AppData\Local\dd_dotnetfx35error.txt
2012-09-08 15:16 - 2012-09-08 15:16 - 0118410 _____ () C:\Users\Owner\AppData\Local\dd_dotnetfx35install.txt
2011-03-07 17:57 - 2011-03-07 18:00 - 0437700 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI4A20.txt
2011-03-07 18:00 - 2011-03-07 18:02 - 0442722 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI4C8F.txt
2012-09-17 20:03 - 2012-09-17 20:19 - 0013188 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI15B2.txt
2011-03-07 17:57 - 2011-03-07 18:00 - 0019900 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI4A20.txt
2011-03-07 18:00 - 2011-03-07 18:02 - 0019980 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI4C8F.txt
2012-09-08 15:16 - 2012-09-08 15:16 - 0001678 _____ () C:\Users\Owner\AppData\Local\uxeventlog.txt
2010-01-01 19:46 - 2010-01-01 19:46 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-08-12 21:13 - 2012-10-30 17:53 - 0002711 _____ () C:\ProgramData\hpzinstall.log
C:\Users\Owner\AppData\Local\Temp\Uninstall.exe
CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {64A77064-A776-4E91-97AC-BFA5909E533F} - System32\Tasks\YLSRN1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2015-06-28] (FlashBeat) <==== ATTENTION
Task: {B0031747-86A4-4A32-B0A0-AF576B565C38} - System32\Tasks\OHVCFBICKQEFMUBU => C:\ProgramData\Service1291\Service1291.exe [2015-06-28] () <==== ATTENTION
C:\ProgramData\Service1291
Task: C:\Windows\Tasks\OHVCFBICKQEFMUBU.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\Windows\Tasks\YLSRN1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION


*****************

"HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => key removed successfully
"HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b779a55-f148-11e1-bdeb-002618223636}" => key removed successfully
HKCR\CLSID\{8b779a55-f148-11e1-bdeb-002618223636} => key not found.
"HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1ec3a20-b68a-11de-89e4-002618223636}" => key removed successfully
HKCR\CLSID\{b1ec3a20-b68a-11de-89e4-002618223636} => key not found.
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}" => key removed successfully
HKCR\Wow6432Node\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} => value removed successfully
HKCR\Wow6432Node\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} => key not found.
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} => value removed successfully
HKCR\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} => key not found.
"HKCR\PROTOCOLS\Handler\skype4com" => key removed successfully
HKCR\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => key removed successfully
IpInIp => Service removed successfully
NAVENG => Service removed successfully
NAVEX15 => Service removed successfully
NwlnkFlt => Service removed successfully
NwlnkFwd => Service removed successfully
TMAgent => Service removed successfully
VIAHdAudAddService => Service removed successfully
WinRing0_1_2_0 => Service removed successfully
C:\Program Files (x86)\Common Files\ASPG_icon.ico => moved successfully.
C:\Program Files (x86)\Common Files\banner.jpg => moved successfully.
C:\Program Files (x86)\Common Files\CPInstallAction.dll => moved successfully.
C:\Users\Owner\AppData\Roaming\install.dat => moved successfully.
C:\Users\Owner\AppData\Roaming\UserTile.png => moved successfully.
C:\Users\Owner\AppData\Roaming\wklnhst.dat => moved successfully.
C:\Users\Owner\AppData\Local\d3d9caps.dat => moved successfully.
C:\Users\Owner\AppData\Local\d3d9caps64.dat => moved successfully.
C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully.
C:\Users\Owner\AppData\Local\dd_depcheck_NETFX_EXP_35.txt => moved successfully.
C:\Users\Owner\AppData\Local\dd_dotnetfx35error.txt => moved successfully.
C:\Users\Owner\AppData\Local\dd_dotnetfx35install.txt => moved successfully.
C:\Users\Owner\AppData\Local\dd_vcredistMSI4A20.txt => moved successfully.
C:\Users\Owner\AppData\Local\dd_vcredistMSI4C8F.txt => moved successfully.
C:\Users\Owner\AppData\Local\dd_vcredistUI15B2.txt => moved successfully.
C:\Users\Owner\AppData\Local\dd_vcredistUI4A20.txt => moved successfully.
C:\Users\Owner\AppData\Local\dd_vcredistUI4C8F.txt => moved successfully.
C:\Users\Owner\AppData\Local\uxeventlog.txt => moved successfully.
C:\ProgramData\ezsidmv.dat => moved successfully.
C:\ProgramData\hpzinstall.log => moved successfully.
"C:\Users\Owner\AppData\Local\Temp\Uninstall.exe" => File/Folder not found.
"HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-1906134976-3283670134-1159785014-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{64A77064-A776-4E91-97AC-BFA5909E533F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64A77064-A776-4E91-97AC-BFA5909E533F}" => key removed successfully
C:\Windows\System32\Tasks\YLSRN1 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YLSRN1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B0031747-86A4-4A32-B0A0-AF576B565C38}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0031747-86A4-4A32-B0A0-AF576B565C38}" => key removed successfully
C:\Windows\System32\Tasks\OHVCFBICKQEFMUBU => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OHVCFBICKQEFMUBU" => key removed successfully
C:\ProgramData\Service1291 => moved successfully.
C:\Windows\Tasks\OHVCFBICKQEFMUBU.job => moved successfully.
C:\Windows\Tasks\YLSRN1.job => moved successfully.

==== End of Fixlog 21:01:03 ====
 
Did you complete all other steps from my previous reply?

How are browsers now?
 
I did, I've removed Microsoft Security Essentials and Trend Micro. Browsers are finally launching again, so far so good! Thank you very much for your help, I appreciate it. Is there any follow up I should proceed with?
 
Good news :)

Yes, we need to do some more checking.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.


(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Status
Not open for further replies.
Back