Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Owner (administrator) on LEICHTSCHLAMPE on 01-07-2015 18:51:56
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Mcx1 & Guest)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
() C:\Windows\SysWOW64\PSIService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
() C:\Users\Owner\AppData\Roaming\DE812343-1435536936-39DE-9380-002618223636\hnsrB284.tmp
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Maxtor Corporation) C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Program Files (x86)\foobar2000\foobar2000.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.201.366.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [UfSeAgnt.exe] => C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [973952 2008-12-29] (Trend Micro Inc.)
HKLM-x32\...\Run: [mxomssmenu] => C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe [169312 2008-07-21] (Maxtor Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3727824 2015-06-16] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Run: [AVG-Secure-Search-Update_1014av] => C:\Users\Owner\AppData\Roaming\Avg_Update_1014av\AVG-Secure-Search-Update_1014av.exe /PROMPT /mid=dfee0c40a19047cd8057d16f5ec6dfc5-a5c0c81aa7b469c243de0992dbbe0f91d72e9f6e /CMPID=1014av
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Run: [AVG-Secure-Search-Update_1214av] => C:\Users\Owner\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=dfee0c40a19047cd8057d16f5ec6dfc5-a5c0c81aa7b469c243de0992dbbe0f91d72e9f6e /CMPID=1214av
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe [468408 2009-07-21] (Adobe Systems, Inc.)
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 0
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Policies\Explorer: [] 0
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\MountPoints2: E - E:\mri.exe
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\MountPoints2: {8b779a55-f148-11e1-bdeb-002618223636} - F:\setup.exe
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\MountPoints2: {b1ec3a20-b68a-11de-89e4-002618223636} - F:\system\viewer\FlipVideoforPC.exe
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files (x86)\ScreenSaverGift\Nyan Cat\Nyan Cat\Nyan Cat.scr [8320080 2011-05-01] (Axialis Software)
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll [1007616 2015-06-28] (FlashBeat)
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => C:\ProgramData\FlashBeat\FlashBeat32.dll [803840 2015-06-28] (FlashBeat)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009-07-12] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-01] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-01] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-1906134976-3283670134-1159785014-1000] => Internet Explorer proxy is enabled
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/frostwire?o=101676&l=dis
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
SearchScopes: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
SearchScopes: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.a...-4114-917E-0C3BD2A25440&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
SearchScopes: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q={searchTerms}&crm=1
BHO: PriceSparrow BHO -> {2A965DDC-C64C-4562-862B-5EE487A7DEFC} -> C:\Program Files (x86)\pricesparrow\Internet Explorer\pricesparrow64.dll [2015-03-25] ()
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2010-04-28] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: No Name -> {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} -> No File
BHO-x32: PriceSparrow BHO -> {2A965DDC-C64C-4562-862B-5EE487A7DEFC} -> C:\Program Files (x86)\pricesparrow\Internet Explorer\pricesparrow32.dll [2015-03-25] ()
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-10-25] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-10-25] (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - No Name - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - No File
Toolbar: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{9650585C-0E7E-4CE8-9FDB-FC4CF81F8192}: [NameServer] 12.127.17.72
Tcpip\..\Interfaces\{9650585C-0E7E-4CE8-9FDB-FC4CF81F8192}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{D87C6F0D-38AA-4968-96F3-257F1B50CEDC}: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://pusheen.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-23] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-04-16] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2011-07-14] (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll [2013-01-23] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-04-16] (Pando Networks)
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\user.js [2015-06-28]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll [2009-07-07] (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll [2009-07-07] (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-01-13] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\searchplugins\conduit-search.xml [2014-01-27]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\searchplugins\dictionary---referencecom.xml [2009-09-09]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\searchplugins\winamp-search.xml [2010-05-18]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\searchplugins\youtube-video-search.xml [2009-07-18]
FF Extension: PriceSparrow - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\extension@pricesparrow.com [2015-06-28]
FF Extension: Add to Amazon Wish List Button - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\amznUWL2@amazon.com.xpi [2012-03-24]
FF Extension: Tumblr Savior - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\jid1-W5guVoyeUR0uBg@jetpack.xpi [2012-12-24]
FF Extension: Reddit Enhancement Suite - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2012-04-30]
FF Extension: Stylish - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012-06-12]
FF Extension: Adblock Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-10-01]
FF Extension: DownThemAll! - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-10-17]
FF Extension: Greasemonkey - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-06-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-06-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-23]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-15]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-22]
FF HKLM-x32\...\Firefox\Extensions: [fbphotozoom@installdaddy.com] - C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi
FF Extension: No Name - C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi [2012-03-23]
Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-19]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-07-02]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-19]
CHR Extension: (XKit) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2013-06-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-03-19]
CHR Extension: (Tumblr Savior) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2013-06-19]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-19]
CHR HKLM-x32\...\Chrome\Extension: [fealnpfjifonchkodiffbdkfaipmpkhe] - C:\Users\Owner\AppData\Local\Temp\tbch.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files (x86)\fbphotozoom\fbphotozoom15.crx [2012-03-23]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-13] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-16] (AVG Technologies CZ, s.r.o.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-12-03] (Macrovision Europe Ltd.) [File not signed]
R2 GamesBotService; C:\Program Files (x86)\Games Bot\GamesBotSvc.exe [53352 2015-06-26] (Games Bot Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 Maxtor Sync Service; C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe [193888 2008-07-21] (Seagate Technology LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [833872 2008-12-29] (Trend Micro Inc.)
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R2 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [564488 2008-12-29] (Trend Micro Inc.)
S2 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [900360 2008-12-29] (Trend Micro Inc.)
R2 vicoqudu; C:\Users\Owner\AppData\Roaming\DE812343-1435536936-39DE-9380-002618223636\hnsrB284.tmp [165376 2015-06-28] () [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [287200 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [224224 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
S3 CRFILTER; C:\Windows\System32\DRIVERS\CRFILTER.sys [7168 2008-04-06] (Generic)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-02] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2008-11-03] ( )
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x64.sys [57856 2009-08-05] (Atheros Communications, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1820672 2008-08-10] ()
R3 SRS_PremiumSound_Service; C:\Windows\System32\drivers\srs_PremiumSound_amd64.sys [339880 2009-01-14] ()
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [96784 2008-12-29] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U2 TMAgent; No ImagePath
S3 VIAHdAudAddService; system32\drivers\viahduaa.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 18:51 - 2015-07-01 18:53 - 00032941 _____ C:\Users\Owner\Desktop\FRST.txt
2015-07-01 18:51 - 2015-07-01 18:52 - 00000000 ____D C:\FRST
2015-07-01 18:50 - 2015-07-01 18:47 - 02112512 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-07-01 18:50 - 2015-07-01 18:47 - 01636352 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2015-06-28 21:18 - 2015-07-01 18:30 - 00000342 ____H C:\Windows\Tasks\OHVCFBICKQEFMUBU.job
2015-06-28 21:18 - 2015-07-01 18:30 - 00000330 _____ C:\Windows\Tasks\YLSRN1.job
2015-06-28 21:18 - 2015-06-28 21:18 - 00003376 _____ C:\Windows\System32\Tasks\OHVCFBICKQEFMUBU
2015-06-28 21:18 - 2015-06-28 21:18 - 00002852 _____ C:\Windows\System32\Tasks\YLSRN1
2015-06-28 21:18 - 2015-06-28 21:18 - 00000000 ____D C:\ProgramData\Service1291
2015-06-28 21:18 - 2015-06-28 21:18 - 00000000 ____D C:\ProgramData\FlashBeat
2015-06-28 21:18 - 2015-06-28 21:18 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-06-28 20:46 - 2015-06-28 20:46 - 00001752 _____ C:\Windows\PFRO.log
2015-06-28 17:49 - 2015-06-28 17:51 - 00000000 ____D C:\Users\Owner\AppData\Local\Games Bot
2015-06-28 17:49 - 2015-06-28 17:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games Bot
2015-06-28 17:49 - 2015-06-28 17:49 - 00000000 ____D C:\Program Files (x86)\Games Bot
2015-06-28 17:28 - 2015-06-28 17:29 - 00000000 ____D C:\Program Files (x86)\Infonaut_1.10.0.14
2015-06-28 17:19 - 2015-06-28 17:21 - 00000000 ____D C:\Users\Owner\AppData\Local\DE812343-1435511952-39DE-9380-002618223636
2015-06-28 17:19 - 2015-06-28 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-06-28 17:18 - 2015-06-28 17:18 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2015-06-28 17:16 - 2015-06-28 17:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DVDVideoSoft
2015-06-28 17:16 - 2006-09-18 14:37 - 00000761 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-06-28 17:15 - 2015-06-30 21:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DE812343-1435536936-39DE-9380-002618223636
2015-06-28 17:15 - 2015-06-28 20:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ASPackage
2015-06-28 17:15 - 2015-06-28 17:15 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-06-28 17:14 - 2015-06-28 17:14 - 00003422 _____ C:\Windows\System32\Tasks\pricesparrowSWU
2015-06-28 17:14 - 2015-06-28 17:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DesktopIconForAmazon
2015-06-28 17:14 - 2015-06-28 17:14 - 00000000 ____D C:\Program Files (x86)\pricesparrow
2015-06-23 20:24 - 2015-06-23 20:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-06 20:53 - 2015-06-30 21:19 - 00000110 _____ C:\Windows\SysWOW64\usergui.cfg
2015-06-06 20:53 - 2015-06-06 20:53 - 00000060 _____ C:\Windows\SysWOW64\userguistate.cfg
2015-06-06 20:53 - 2015-06-06 20:53 - 00000050 _____ C:\Windows\SysWOW64\outlook.cfg
2015-06-06 20:45 - 2015-06-06 20:45 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg
2015-06-06 20:45 - 2015-06-06 20:45 - 00000000 ____D C:\Users\Guest\AppData\Local\Avg
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 18:53 - 2006-11-02 05:46 - 00718896 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-01 18:45 - 2009-05-24 19:32 - 01331709 _____ C:\Windows\WindowsUpdate.log
2015-07-01 18:39 - 2014-12-17 12:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-01 18:37 - 2010-08-02 23:36 - 00000000 ____D C:\Users\Owner\AppData\Roaming\foobar2000
2015-07-01 18:35 - 2014-11-18 19:12 - 00000000 ____D C:\ProgramData\MFAData
2015-07-01 18:31 - 2014-12-17 12:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-01 18:31 - 2009-05-24 20:30 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2015-07-01 18:30 - 2006-11-02 08:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-01 18:30 - 2006-11-02 08:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-01 18:29 - 2006-11-02 08:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-30 21:31 - 2006-11-02 08:42 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-30 21:19 - 2015-01-16 23:06 - 00000649 _____ C:\Windows\SysWOW64\userawacs.cfg
2015-06-30 21:18 - 2014-11-18 20:31 - 00000835 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-06-30 21:18 - 2014-11-18 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-06-30 21:02 - 2014-11-18 20:27 - 00000000 ____D C:\ProgramData\AVG2015
2015-06-28 21:59 - 2009-10-05 11:56 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1906134976-3283670134-1159785014-1000UA.job
2015-06-28 21:56 - 2012-07-26 12:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-28 20:46 - 2012-05-04 14:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-28 18:59 - 2014-09-03 22:56 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-28 18:59 - 2014-05-12 23:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Azureus
2015-06-28 18:59 - 2012-02-22 21:47 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Media Player Classic
2015-06-28 18:57 - 2012-08-16 19:35 - 00000000 ____D C:\Windows\Minidump
2015-06-28 18:35 - 2012-09-17 20:22 - 00000000 ____D C:\ProgramData\Vizzed
2015-06-28 15:02 - 2009-10-05 11:56 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1906134976-3283670134-1159785014-1000Core.job
2015-06-26 20:10 - 2011-08-18 17:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-26 20:10 - 2010-01-01 19:42 - 00000000 ____D C:\ProgramData\Skype
2015-06-26 20:09 - 2011-04-17 02:27 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2015-06-23 20:57 - 2012-07-26 12:56 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-23 20:57 - 2012-05-01 10:34 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-23 20:57 - 2012-02-06 18:59 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-22 13:43 - 2014-12-17 12:42 - 00001988 _____ C:\Users\Public\Desktop\Google Chrome.lnk
==================== Files in the root of some directories =======
2007-06-12 09:34 - 2007-06-12 09:34 - 0035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico
2008-05-22 08:35 - 2008-05-22 08:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg
2008-12-23 13:36 - 2008-12-23 13:36 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2009-07-12 05:58 - 2009-07-12 05:58 - 0002029 _____ () C:\Users\Owner\AppData\Roaming\install.dat
2010-08-03 15:22 - 2010-08-03 15:22 - 0031927 _____ () C:\Users\Owner\AppData\Roaming\UserTile.png
2009-07-29 15:30 - 2009-07-29 15:30 - 0000000 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2009-12-03 14:35 - 2015-04-13 16:14 - 0000680 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2009-10-17 14:22 - 2013-11-09 22:07 - 0000732 _____ () C:\Users\Owner\AppData\Local\d3d9caps64.dat
2009-07-15 19:49 - 2014-12-28 23:02 - 0182784 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-08 15:16 - 2012-09-08 15:16 - 0175935 _____ () C:\Users\Owner\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2012-09-08 15:16 - 2012-09-08 15:16 - 0000002 _____ () C:\Users\Owner\AppData\Local\dd_dotnetfx35error.txt
2012-09-08 15:16 - 2012-09-08 15:16 - 0118410 _____ () C:\Users\Owner\AppData\Local\dd_dotnetfx35install.txt
2011-03-07 17:57 - 2011-03-07 18:00 - 0437700 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI4A20.txt
2011-03-07 18:00 - 2011-03-07 18:02 - 0442722 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI4C8F.txt
2012-09-17 20:03 - 2012-09-17 20:19 - 0013188 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI15B2.txt
2011-03-07 17:57 - 2011-03-07 18:00 - 0019900 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI4A20.txt
2011-03-07 18:00 - 2011-03-07 18:02 - 0019980 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI4C8F.txt
2012-09-08 15:16 - 2012-09-08 15:16 - 0001678 _____ () C:\Users\Owner\AppData\Local\uxeventlog.txt
2010-01-01 19:46 - 2010-01-01 19:46 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-08-12 21:13 - 2012-10-30 17:53 - 0002711 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-01 18:35
==================== End of log ============================
Ran by Owner (administrator) on LEICHTSCHLAMPE on 01-07-2015 18:51:56
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Mcx1 & Guest)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
() C:\Windows\SysWOW64\PSIService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
() C:\Users\Owner\AppData\Roaming\DE812343-1435536936-39DE-9380-002618223636\hnsrB284.tmp
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Maxtor Corporation) C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Program Files (x86)\foobar2000\foobar2000.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.201.366.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(The Chromium Authors) C:\Users\Owner\AppData\Local\Games Bot\Explore\Explore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [UfSeAgnt.exe] => C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [973952 2008-12-29] (Trend Micro Inc.)
HKLM-x32\...\Run: [mxomssmenu] => C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe [169312 2008-07-21] (Maxtor Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3727824 2015-06-16] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Run: [AVG-Secure-Search-Update_1014av] => C:\Users\Owner\AppData\Roaming\Avg_Update_1014av\AVG-Secure-Search-Update_1014av.exe /PROMPT /mid=dfee0c40a19047cd8057d16f5ec6dfc5-a5c0c81aa7b469c243de0992dbbe0f91d72e9f6e /CMPID=1014av
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Run: [AVG-Secure-Search-Update_1214av] => C:\Users\Owner\AppData\Roaming\Avg_Update_1214av\AVG-Secure-Search-Update_1214av.exe /PROMPT /mid=dfee0c40a19047cd8057d16f5ec6dfc5-a5c0c81aa7b469c243de0992dbbe0f91d72e9f6e /CMPID=1214av
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe [468408 2009-07-21] (Adobe Systems, Inc.)
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 0
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\Policies\Explorer: [] 0
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\MountPoints2: E - E:\mri.exe
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\MountPoints2: {8b779a55-f148-11e1-bdeb-002618223636} - F:\setup.exe
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\...\MountPoints2: {b1ec3a20-b68a-11de-89e4-002618223636} - F:\system\viewer\FlipVideoforPC.exe
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files (x86)\ScreenSaverGift\Nyan Cat\Nyan Cat\Nyan Cat.scr [8320080 2011-05-01] (Axialis Software)
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll [1007616 2015-06-28] (FlashBeat)
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => C:\ProgramData\FlashBeat\FlashBeat32.dll [803840 2015-06-28] (FlashBeat)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009-07-12] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-01] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-01] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-1906134976-3283670134-1159785014-1000] => Internet Explorer proxy is enabled
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/frostwire?o=101676&l=dis
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1906134976-3283670134-1159785014-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
SearchScopes: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
SearchScopes: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.a...-4114-917E-0C3BD2A25440&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
SearchScopes: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q={searchTerms}&crm=1
BHO: PriceSparrow BHO -> {2A965DDC-C64C-4562-862B-5EE487A7DEFC} -> C:\Program Files (x86)\pricesparrow\Internet Explorer\pricesparrow64.dll [2015-03-25] ()
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2010-04-28] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: No Name -> {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} -> No File
BHO-x32: PriceSparrow BHO -> {2A965DDC-C64C-4562-862B-5EE487A7DEFC} -> C:\Program Files (x86)\pricesparrow\Internet Explorer\pricesparrow32.dll [2015-03-25] ()
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-10-25] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-10-25] (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - No Name - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - No File
Toolbar: HKU\S-1-5-21-1906134976-3283670134-1159785014-1000 -> No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{9650585C-0E7E-4CE8-9FDB-FC4CF81F8192}: [NameServer] 12.127.17.72
Tcpip\..\Interfaces\{9650585C-0E7E-4CE8-9FDB-FC4CF81F8192}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{D87C6F0D-38AA-4968-96F3-257F1B50CEDC}: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://pusheen.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-23] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-04-16] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2011-07-14] (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll [2013-01-23] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-1906134976-3283670134-1159785014-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-04-16] (Pando Networks)
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\user.js [2015-06-28]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll [2009-07-07] (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll [2009-07-07] (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-07-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-01-13] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\searchplugins\conduit-search.xml [2014-01-27]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\searchplugins\dictionary---referencecom.xml [2009-09-09]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\searchplugins\winamp-search.xml [2010-05-18]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\searchplugins\youtube-video-search.xml [2009-07-18]
FF Extension: PriceSparrow - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\extension@pricesparrow.com [2015-06-28]
FF Extension: Add to Amazon Wish List Button - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\amznUWL2@amazon.com.xpi [2012-03-24]
FF Extension: Tumblr Savior - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\jid1-W5guVoyeUR0uBg@jetpack.xpi [2012-12-24]
FF Extension: Reddit Enhancement Suite - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2012-04-30]
FF Extension: Stylish - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012-06-12]
FF Extension: Adblock Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-10-01]
FF Extension: DownThemAll! - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-10-17]
FF Extension: Greasemonkey - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\us5r0wf7.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-06-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-06-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-23]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-15]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-22]
FF HKLM-x32\...\Firefox\Extensions: [fbphotozoom@installdaddy.com] - C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi
FF Extension: No Name - C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi [2012-03-23]
Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-19]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-07-02]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-19]
CHR Extension: (XKit) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2013-06-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-03-19]
CHR Extension: (Tumblr Savior) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2013-06-19]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-19]
CHR HKLM-x32\...\Chrome\Extension: [fealnpfjifonchkodiffbdkfaipmpkhe] - C:\Users\Owner\AppData\Local\Temp\tbch.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files (x86)\fbphotozoom\fbphotozoom15.crx [2012-03-23]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-13] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-16] (AVG Technologies CZ, s.r.o.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-12-03] (Macrovision Europe Ltd.) [File not signed]
R2 GamesBotService; C:\Program Files (x86)\Games Bot\GamesBotSvc.exe [53352 2015-06-26] (Games Bot Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-02-28] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 Maxtor Sync Service; C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe [193888 2008-07-21] (Seagate Technology LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [833872 2008-12-29] (Trend Micro Inc.)
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R2 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [564488 2008-12-29] (Trend Micro Inc.)
S2 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [900360 2008-12-29] (Trend Micro Inc.)
R2 vicoqudu; C:\Users\Owner\AppData\Roaming\DE812343-1435536936-39DE-9380-002618223636\hnsrB284.tmp [165376 2015-06-28] () [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [287200 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [224224 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
S3 CRFILTER; C:\Windows\System32\DRIVERS\CRFILTER.sys [7168 2008-04-06] (Generic)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-02] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2008-11-03] ( )
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x64.sys [57856 2009-08-05] (Atheros Communications, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1820672 2008-08-10] ()
R3 SRS_PremiumSound_Service; C:\Windows\System32\drivers\srs_PremiumSound_amd64.sys [339880 2009-01-14] ()
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [96784 2008-12-29] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U2 TMAgent; No ImagePath
S3 VIAHdAudAddService; system32\drivers\viahduaa.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 18:51 - 2015-07-01 18:53 - 00032941 _____ C:\Users\Owner\Desktop\FRST.txt
2015-07-01 18:51 - 2015-07-01 18:52 - 00000000 ____D C:\FRST
2015-07-01 18:50 - 2015-07-01 18:47 - 02112512 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-07-01 18:50 - 2015-07-01 18:47 - 01636352 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2015-06-28 21:18 - 2015-07-01 18:30 - 00000342 ____H C:\Windows\Tasks\OHVCFBICKQEFMUBU.job
2015-06-28 21:18 - 2015-07-01 18:30 - 00000330 _____ C:\Windows\Tasks\YLSRN1.job
2015-06-28 21:18 - 2015-06-28 21:18 - 00003376 _____ C:\Windows\System32\Tasks\OHVCFBICKQEFMUBU
2015-06-28 21:18 - 2015-06-28 21:18 - 00002852 _____ C:\Windows\System32\Tasks\YLSRN1
2015-06-28 21:18 - 2015-06-28 21:18 - 00000000 ____D C:\ProgramData\Service1291
2015-06-28 21:18 - 2015-06-28 21:18 - 00000000 ____D C:\ProgramData\FlashBeat
2015-06-28 21:18 - 2015-06-28 21:18 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-06-28 20:46 - 2015-06-28 20:46 - 00001752 _____ C:\Windows\PFRO.log
2015-06-28 17:49 - 2015-06-28 17:51 - 00000000 ____D C:\Users\Owner\AppData\Local\Games Bot
2015-06-28 17:49 - 2015-06-28 17:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games Bot
2015-06-28 17:49 - 2015-06-28 17:49 - 00000000 ____D C:\Program Files (x86)\Games Bot
2015-06-28 17:28 - 2015-06-28 17:29 - 00000000 ____D C:\Program Files (x86)\Infonaut_1.10.0.14
2015-06-28 17:19 - 2015-06-28 17:21 - 00000000 ____D C:\Users\Owner\AppData\Local\DE812343-1435511952-39DE-9380-002618223636
2015-06-28 17:19 - 2015-06-28 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-06-28 17:18 - 2015-06-28 17:18 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2015-06-28 17:16 - 2015-06-28 17:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DVDVideoSoft
2015-06-28 17:16 - 2006-09-18 14:37 - 00000761 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-06-28 17:15 - 2015-06-30 21:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DE812343-1435536936-39DE-9380-002618223636
2015-06-28 17:15 - 2015-06-28 20:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ASPackage
2015-06-28 17:15 - 2015-06-28 17:15 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-06-28 17:14 - 2015-06-28 17:14 - 00003422 _____ C:\Windows\System32\Tasks\pricesparrowSWU
2015-06-28 17:14 - 2015-06-28 17:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DesktopIconForAmazon
2015-06-28 17:14 - 2015-06-28 17:14 - 00000000 ____D C:\Program Files (x86)\pricesparrow
2015-06-23 20:24 - 2015-06-23 20:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-06 20:53 - 2015-06-30 21:19 - 00000110 _____ C:\Windows\SysWOW64\usergui.cfg
2015-06-06 20:53 - 2015-06-06 20:53 - 00000060 _____ C:\Windows\SysWOW64\userguistate.cfg
2015-06-06 20:53 - 2015-06-06 20:53 - 00000050 _____ C:\Windows\SysWOW64\outlook.cfg
2015-06-06 20:45 - 2015-06-06 20:45 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg
2015-06-06 20:45 - 2015-06-06 20:45 - 00000000 ____D C:\Users\Guest\AppData\Local\Avg
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 18:53 - 2006-11-02 05:46 - 00718896 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-01 18:45 - 2009-05-24 19:32 - 01331709 _____ C:\Windows\WindowsUpdate.log
2015-07-01 18:39 - 2014-12-17 12:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-01 18:37 - 2010-08-02 23:36 - 00000000 ____D C:\Users\Owner\AppData\Roaming\foobar2000
2015-07-01 18:35 - 2014-11-18 19:12 - 00000000 ____D C:\ProgramData\MFAData
2015-07-01 18:31 - 2014-12-17 12:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-01 18:31 - 2009-05-24 20:30 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2015-07-01 18:30 - 2006-11-02 08:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-01 18:30 - 2006-11-02 08:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-01 18:29 - 2006-11-02 08:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-30 21:31 - 2006-11-02 08:42 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-30 21:19 - 2015-01-16 23:06 - 00000649 _____ C:\Windows\SysWOW64\userawacs.cfg
2015-06-30 21:18 - 2014-11-18 20:31 - 00000835 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-06-30 21:18 - 2014-11-18 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-06-30 21:02 - 2014-11-18 20:27 - 00000000 ____D C:\ProgramData\AVG2015
2015-06-28 21:59 - 2009-10-05 11:56 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1906134976-3283670134-1159785014-1000UA.job
2015-06-28 21:56 - 2012-07-26 12:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-28 20:46 - 2012-05-04 14:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-28 18:59 - 2014-09-03 22:56 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-28 18:59 - 2014-05-12 23:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Azureus
2015-06-28 18:59 - 2012-02-22 21:47 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Media Player Classic
2015-06-28 18:57 - 2012-08-16 19:35 - 00000000 ____D C:\Windows\Minidump
2015-06-28 18:35 - 2012-09-17 20:22 - 00000000 ____D C:\ProgramData\Vizzed
2015-06-28 15:02 - 2009-10-05 11:56 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1906134976-3283670134-1159785014-1000Core.job
2015-06-26 20:10 - 2011-08-18 17:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-26 20:10 - 2010-01-01 19:42 - 00000000 ____D C:\ProgramData\Skype
2015-06-26 20:09 - 2011-04-17 02:27 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2015-06-23 20:57 - 2012-07-26 12:56 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-23 20:57 - 2012-05-01 10:34 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-23 20:57 - 2012-02-06 18:59 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-22 13:43 - 2014-12-17 12:42 - 00001988 _____ C:\Users\Public\Desktop\Google Chrome.lnk
==================== Files in the root of some directories =======
2007-06-12 09:34 - 2007-06-12 09:34 - 0035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico
2008-05-22 08:35 - 2008-05-22 08:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg
2008-12-23 13:36 - 2008-12-23 13:36 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2009-07-12 05:58 - 2009-07-12 05:58 - 0002029 _____ () C:\Users\Owner\AppData\Roaming\install.dat
2010-08-03 15:22 - 2010-08-03 15:22 - 0031927 _____ () C:\Users\Owner\AppData\Roaming\UserTile.png
2009-07-29 15:30 - 2009-07-29 15:30 - 0000000 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2009-12-03 14:35 - 2015-04-13 16:14 - 0000680 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2009-10-17 14:22 - 2013-11-09 22:07 - 0000732 _____ () C:\Users\Owner\AppData\Local\d3d9caps64.dat
2009-07-15 19:49 - 2014-12-28 23:02 - 0182784 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-08 15:16 - 2012-09-08 15:16 - 0175935 _____ () C:\Users\Owner\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2012-09-08 15:16 - 2012-09-08 15:16 - 0000002 _____ () C:\Users\Owner\AppData\Local\dd_dotnetfx35error.txt
2012-09-08 15:16 - 2012-09-08 15:16 - 0118410 _____ () C:\Users\Owner\AppData\Local\dd_dotnetfx35install.txt
2011-03-07 17:57 - 2011-03-07 18:00 - 0437700 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI4A20.txt
2011-03-07 18:00 - 2011-03-07 18:02 - 0442722 _____ () C:\Users\Owner\AppData\Local\dd_vcredistMSI4C8F.txt
2012-09-17 20:03 - 2012-09-17 20:19 - 0013188 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI15B2.txt
2011-03-07 17:57 - 2011-03-07 18:00 - 0019900 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI4A20.txt
2011-03-07 18:00 - 2011-03-07 18:02 - 0019980 _____ () C:\Users\Owner\AppData\Local\dd_vcredistUI4C8F.txt
2012-09-08 15:16 - 2012-09-08 15:16 - 0001678 _____ () C:\Users\Owner\AppData\Local\uxeventlog.txt
2010-01-01 19:46 - 2010-01-01 19:46 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-08-12 21:13 - 2012-10-30 17:53 - 0002711 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-01 18:35
==================== End of log ============================