Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-05-2016 Ran by mario (administrator) on MARIO-HP (18-05-2016 09:08:08) Running from C:\Users\mario\Desktop Loaded Profiles: mario (Available Profiles: mario) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 10 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe () C:\Program Files (x86)\Ubee\UbeeStick\UbeeStick64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2011-09-14] (Realtek Semiconductor) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.) HKLM-x32\...\Run: [UbeeStick] => C:\Program Files (x86)\Ubee\UbeeStick\UbeeStick64.exe [59904 2012-05-11] () HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3960744 2015-07-28] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111312 2016-05-11] (AVAST Software) HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\Run: [uTorrent] => "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\Run: [Facebook Update] => C:\Users\mario\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-16] (Facebook Inc.) HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\Run: [ApowersoftScreenCapture] => C:\Program Files (x86)\Apowersoft\Apowersoft Screen Capture Pro\Apowersoft Screen Capture Pro.exe /autoStart HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {0a8ba2f0-c194-11e5-b104-009c028e7f11} - G:\AutoRun.exe HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {0a8ba325-c194-11e5-b104-009c028e7f11} - G:\AutoRun.exe HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {18a5d085-06eb-11e3-91e1-009c028e7f11} - G:\WinInit.exe -c HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {1ba45f49-ad53-11e5-b7ce-009c028e7f11} - G:\AutoRun.exe HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {3c17e0bd-81bd-11e2-88e3-009c028e7f11} - H:\LaunchU3.exe -a HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {47a4100a-f636-11e3-99c7-009c028e7f11} - G:\LaunchU3.exe -a HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {69606b9e-9498-11e1-8d6a-009c028e7f11} - G:\AutoRun.exe HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {6a902efd-142e-11e3-af8b-009c028e7f11} - G:\Windows/AutoRun.exe HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {808444c4-9195-11e1-9121-009c028e7f11} - G:\AutoRun.exe HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {808444d4-9195-11e1-9121-009c028e7f11} - G:\AutoRun.exe HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {b9a806fa-ad82-11e1-8fa4-009c028e7f11} - G:\AutoRun.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-25] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2013-02-27] ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\Users\mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxTV Powertools.lnk [2013-05-19] ShortcutTarget: MaxTV Powertools.lnk -> C:\Program Files (x86)\MaxTV\MaxTV4\maxtv_powertools.exe (No File) Startup: C:\Users\mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxTV Recorder Manager.lnk [2013-05-19] ShortcutTarget: MaxTV Recorder Manager.lnk -> C:\Program Files (x86)\MaxTV\MaxTV4\task_scheduler.exe (No File) Startup: C:\Users\mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxTV.lnk [2013-05-19] ShortcutTarget: MaxTV.lnk -> C:\Program Files (x86)\MaxTV\MaxTV4\maxtv.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.15.1 Tcpip\..\Interfaces\{A56E4E8F-8619-45AB-A3AE-2E7301449C14}: [DhcpNameServer] 192.168.15.1 Tcpip\..\Interfaces\{A7BBB93C-783C-486A-8621-5E255334D1BD}: [DhcpNameServer] 192.168.14.1 200.2.128.10 200.2.129.10 10.0.51.18 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKU\S-1-5-21-2158992580-1304642717-576862432-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=021713 URLSearchHook: HKLM-x32 -> Default = {FE69C007-C452-4d3e-86D2-1730DF8BC871} URLSearchHook: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> Default = {FE69C007-C452-4d3e-86D2-1730DF8BC871} URLSearchHook: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 - (No Name) - {8523acf8-02f7-4133-bb3b-79daf49b5cac} - No File SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {3ACAEEE4-CB1E-4088-B467-B0DA2897CDB5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {3ACAEEE4-CB1E-4088-B467-B0DA2897CDB5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> Backup.Old.DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {3ACAEEE4-CB1E-4088-B467-B0DA2897CDB5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll => No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-25] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-12] (Google Inc.) BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [2012-04-02] (AnchorFree Inc.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-25] (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-12] (Google Inc.) BHO-x32: Wincore Mediabar -> {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -> C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll => No File Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File Toolbar: HKLM - No Name - !{3042df7a-e900-4389-9b94-923df0daa57e} - No File Toolbar: HKLM - No Name - !{3392cfec-56f8-41ee-bdb4-4e301efd2c93} - No File Toolbar: HKLM - No Name - !{48586425-6bb7-4f51-8dc6-38c88e3ebb58} - No File Toolbar: HKLM - No Name - !{5018CFD2-804D-4C99-9F81-25EAEA2769DE} - No File Toolbar: HKLM - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File Toolbar: HKLM - No Name - !{a899079d-206f-43a6-be6a-07e0fa648ea0} - No File Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-12] (Google Inc.) Toolbar: HKLM-x32 - Wincore Mediabar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll No File Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File Toolbar: HKLM-x32 - No Name - !{3042df7a-e900-4389-9b94-923df0daa57e} - No File Toolbar: HKLM-x32 - No Name - !{3392cfec-56f8-41ee-bdb4-4e301efd2c93} - No File Toolbar: HKLM-x32 - No Name - !{48586425-6bb7-4f51-8dc6-38c88e3ebb58} - No File Toolbar: HKLM-x32 - No Name - !{5018CFD2-804D-4C99-9F81-25EAEA2769DE} - No File Toolbar: HKLM-x32 - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File Toolbar: HKLM-x32 - No Name - !{a899079d-206f-43a6-be6a-07e0fa648ea0} - No File Toolbar: HKLM-x32 - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-12] (Google Inc.) Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File FireFox: ======== FF ProfilePath: C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\0qfzb876.default FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File] FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.) FF Plugin HKU\S-1-5-21-2158992580-1304642717-576862432-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\mario\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-2158992580-1304642717-576862432-1002: SkypePlugin -> C:\Users\mario\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi.dll [2015-07-17] (Skype Technologies S.A.) FF Plugin HKU\S-1-5-21-2158992580-1304642717-576862432-1002: SkypePlugin64 -> C:\Users\mario\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi-x64.dll [2015-07-17] (Skype Technologies S.A.) FF Extension: Cartt - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\0qfzb876.default\Extensions\arf3@getcartt.com.xpi [2016-05-12] FF Extension: RandFind - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\0qfzb876.default\Extensions\info@randfind.com.xpi [2016-05-11] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found FF HKLM-x32\...\Firefox\Extensions: [65ffxtbr@FromDocToPDF_65.com] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin => not found FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-25] [not signed] FF HKU\.DEFAULT\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension => not found Chrome: ======= CHR NewTab: Default -> "chrome-extension://kdidombaedgpfiiedeimiebkmbilgmlc/new_tab.html" CHR Profile: C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-28] CHR Extension: (Google Docs) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-28] CHR Extension: (J'utilise Skype) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apddfflnhdhhkadogcpodfkofhmgbiao [2015-07-29] CHR Extension: (Google Drive) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-28] CHR Extension: (Appel Skype) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-07-29] CHR Extension: (YouTube) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-28] CHR Extension: (Recherche Google) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-28] CHR Extension: (Jeux de Boxe) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\effipaobbihlandhjjlgicebbjmfnmih [2015-07-28] CHR Extension: (Google Sheets) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-28] CHR Extension: (SwytShop) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gobbnicjoijcfndfmmfjnfgldgcnjibl [2016-05-11] CHR Extension: (Full Web Tetris) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieicmdpibfnjbmjolkmohnelljmjomoj [2015-07-28] CHR Extension: (Google Play) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-07-29] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-28] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28] CHR Extension: (imo free video calls and text) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocaebkdojpikfmhmnekiflipcicedobi [2015-07-28] CHR Extension: (Gmail) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-28] StartMenuInternet: Google Chrome - C:\Users\mario\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-25] (AVAST Software) S2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1630672 2015-07-28] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3719592 2015-07-28] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [356888 2015-07-28] (AVG Technologies CZ, s.r.o.) S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [77520 2012-04-10] () R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [329544 2012-04-02] () R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X] S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-25] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-25] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-25] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-25] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2016-05-11] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2016-05-11] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-25] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-25] (AVAST Software) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [77760 2015-07-09] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-07-28] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [245680 2015-07-28] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [256000 2010-09-27] (MBB Technologies Co., Ltd.) S3 ew_mbbusbdev; C:\Windows\System32\DRIVERS\ew_mbbusbdev.sys [115584 2010-09-26] (MBB Technologies Co., Ltd.) S3 mbbdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [121600 2010-09-27] (MBB Technologies Co., Ltd.) S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation) S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X] S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X] S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X] S3 HSPADataCardusbvoice; system32\DRIVERS\HSPADataCardusbvoice.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-18 08:34 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-05-18 08:34 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-05-18 08:34 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-05-18 08:34 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-05-18 08:33 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-05-18 08:33 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2016-05-18 08:33 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-05-18 08:33 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2016-05-18 08:16 - 2016-05-18 08:16 - 00548774 _____ C:\Users\mario\Downloads\winupdatefix_1.3.exe 2016-05-18 08:14 - 2016-05-18 08:14 - 03651136 _____ C:\Users\mario\Downloads\adwcleaner_5.117.exe 2016-05-18 08:11 - 2016-05-18 08:12 - 03580480 _____ C:\Users\mario\Downloads\adwcleaner_5-5.108.113.exe 2016-05-18 07:37 - 2016-05-18 07:38 - 02298094 _____ (Shenzhen Teeqee Technology Co.,Ltd) C:\Users\mario\Downloads\KuaiwanSetup_2015-12-21_V3.5.7.5_r1ce71f0.exe 2016-05-18 06:47 - 2016-05-18 08:15 - 00000000 ____D C:\AdwCleaner 2016-05-17 12:50 - 2016-05-17 12:50 - 00000000 ____D C:\Users\mario\AppData\LocalLow\Bankroll Studios 2016-05-17 12:49 - 2016-05-17 12:49 - 00000000 ____D C:\Users\mario\AppData\Roaming\SmartSteamEmu 2016-05-17 01:16 - 2016-05-17 01:18 - 00043579 _____ C:\Users\mario\Desktop\Addition.txt 2016-05-17 01:13 - 2016-05-18 09:08 - 00025767 _____ C:\Users\mario\Desktop\FRST.txt 2016-05-17 01:13 - 2016-05-18 09:08 - 00000000 ____D C:\FRST 2016-05-17 01:11 - 2016-05-17 01:11 - 02382336 _____ (Farbar) C:\Users\mario\Desktop\FRST64.exe 2016-05-16 18:30 - 2016-05-16 18:30 - 00003134 _____ C:\Windows\System32\Tasks\{18B7615F-DC82-41E3-BD9E-6DE35FC626D1} 2016-05-15 09:41 - 2016-05-15 09:41 - 00668744 _____ C:\Users\mario\Downloads\UnityDownloadAssistant-5.3.4f1.exe 2016-05-15 08:47 - 2016-05-15 08:47 - 00000000 ____D C:\Users\mario\AppData\Roaming\Opera Software 2016-05-15 08:47 - 2016-05-15 08:47 - 00000000 ____D C:\Users\mario\AppData\Local\Opera Software 2016-05-15 08:19 - 2016-05-18 08:45 - 00701258 _____ C:\Windows\ntbtlog.txt 2016-05-15 02:49 - 2016-05-17 17:05 - 00000000 ____D C:\ProgramData\Avg 2016-05-14 09:50 - 2016-05-14 09:50 - 00001246 _____ C:\Users\mario\Desktop\Gang Beasts.lnk 2016-05-14 04:42 - 2016-05-14 04:37 - 00327310 _____ C:\Users\mario\Desktop\Universal Androot v1.6.1.apk 2016-05-14 03:57 - 2016-05-14 03:55 - 149239901 _____ (Google Inc.) C:\Users\mario\Desktop\sdk-android_24-4_en_280710 (2).exe 2016-05-14 03:48 - 2016-05-14 03:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01011.Wdf 2016-05-14 03:46 - 2016-05-14 03:48 - 00000258 __RSH C:\ProgramData\ntuser.pol 2016-05-13 17:42 - 2016-05-14 03:46 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll 2016-05-13 17:42 - 2016-05-14 03:46 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll 2016-05-13 17:25 - 2016-05-13 17:42 - 00000000 ____D C:\Users\mario\Desktop\Impactor_0.9.14 2016-05-13 17:24 - 2016-05-09 17:57 - 11937023 _____ C:\Users\mario\Desktop\Impactor_0.9.14.zip 2016-05-12 18:06 - 2016-05-12 18:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf 2016-05-11 19:01 - 2016-05-11 18:39 - 01847147 _____ C:\Users\mario\Desktop\RootGenius-2.2.83_general_pc.apk 2016-05-11 17:59 - 2013-05-01 21:23 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll 2016-05-11 17:59 - 2013-05-01 21:23 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll 2016-05-11 17:59 - 2013-05-01 21:23 - 00203672 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys 2016-05-11 17:59 - 2013-05-01 21:23 - 00103064 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys 2016-05-11 17:52 - 2016-05-12 15:53 - 00003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1463014205 2016-05-11 17:51 - 2016-05-11 17:51 - 00001095 _____ C:\Users\Public\Desktop\Opera 37.lnk 2016-05-11 17:51 - 2016-05-11 17:51 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 37.lnk 2016-05-11 17:50 - 2016-05-17 15:04 - 00000000 ____D C:\Users\mario\AppData\Roaming\DevSet 2016-05-11 17:48 - 2016-05-17 01:47 - 00000000 ____D C:\Program Files (x86)\Opera 2016-05-11 17:47 - 2016-05-11 17:47 - 00000000 ____D C:\Program Files\SAMSUNG 2016-05-11 17:43 - 2016-05-11 17:43 - 00000000 ____D C:\ProgramData\Samsung 2016-05-11 16:06 - 2016-05-11 16:06 - 00000000 ____D C:\Program Files\Opera 2016-05-11 16:01 - 2016-05-11 16:01 - 00003836 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1463007634 2016-05-11 16:00 - 2016-05-11 16:00 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2016-05-11 15:59 - 2016-04-22 08:44 - 37687944 _____ (Opera Software) C:\Users\mario\Desktop\Opera_36.0.2130.65_Setup.exe 2016-05-11 15:54 - 2016-05-11 15:54 - 00001467 _____ C:\Users\mario\Desktop\iexplore - Shortcut.lnk 2016-05-11 15:50 - 2016-05-11 15:50 - 00000000 ____D C:\Users\mario\AppData\Roaming\Kingosoft 2016-05-11 15:50 - 2016-05-11 15:50 - 00000000 ____D C:\Users\mario\AppData\Local\Kingosoft 2016-05-11 15:33 - 2016-05-15 09:04 - 00000000 ___SD C:\KuaiwanGames 2016-05-11 14:51 - 2016-05-11 14:52 - 00006144 ___SH C:\Users\mario\AppData\Roaming\Thumbs.db 2016-05-11 14:48 - 2016-05-11 14:48 - 00000000 ____D C:\Users\mario\Documents\My Received Files 2016-05-11 14:43 - 2016-05-11 14:43 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2016-05-11 14:41 - 2016-05-11 14:41 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-05-11 14:22 - 2016-05-11 14:22 - 00000003 _____ C:\Users\mario\AppData\Roaming\pllchannel.txt 2016-05-11 14:12 - 2016-05-11 14:12 - 06748160 _____ C:\Program Files (x86)\GUT4F1A.tmp 2016-05-11 14:12 - 2016-05-11 14:12 - 00000000 ____D C:\Program Files (x86)\GUM4F19.tmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-18 09:06 - 2012-04-29 12:35 - 00000000 ____D C:\ProgramData\MFAData 2016-05-18 09:05 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-18 09:05 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-18 09:02 - 2012-06-15 14:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-18 09:01 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-18 07:53 - 2012-06-15 14:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-18 07:06 - 2013-02-16 23:01 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2158992580-1304642717-576862432-1002UA.job 2016-05-18 07:04 - 2015-08-25 08:45 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-05-18 06:52 - 2015-07-22 11:07 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2016-05-18 06:52 - 2015-07-22 11:04 - 00000000 ____D C:\Users\mario\AppData\Roaming\Lavasoft 2016-05-18 06:52 - 2015-07-22 11:04 - 00000000 ____D C:\ProgramData\Lavasoft 2016-05-18 06:52 - 2013-07-16 15:22 - 00000000 ____D C:\Users\mario\AppData\Roaming\Common 2016-05-18 02:29 - 2013-02-16 23:01 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2158992580-1304642717-576862432-1002Core.job 2016-05-17 17:05 - 2012-04-30 09:54 - 00000000 ____D C:\Program Files (x86)\AVG 2016-05-17 01:51 - 2012-04-03 15:56 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8DB48A93-9FB9-429E-AF95-EBF10AA54601} 2016-05-16 15:59 - 2013-02-27 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks 2016-05-15 17:40 - 2012-04-28 17:56 - 00110456 _____ C:\Users\mario\AppData\Local\GDIPFONTCACHEV1.DAT 2016-05-15 17:39 - 2009-07-13 21:45 - 00421872 _____ C:\Windows\system32\FNTCACHE.DAT 2016-05-15 17:14 - 2013-02-27 19:53 - 00000091 _____ C:\Windows\QBChanUtil_Trigger.ini 2016-05-15 17:11 - 2012-06-29 16:16 - 00000000 ____D C:\ProgramData\Hi-Rez Studios 2016-05-15 17:11 - 2012-06-29 16:15 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2016-05-15 17:11 - 2011-10-14 14:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-05-15 09:40 - 2012-08-31 08:38 - 00000000 ____D C:\Users\mario\AppData\Local\ElevatedDiagnostics 2016-05-15 08:31 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf 2016-05-15 06:49 - 2015-07-22 08:00 - 00000000 ____D C:\Users\mario\AppData\Local\Avg 2016-05-14 04:11 - 2009-07-13 22:13 - 00739722 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-13 14:55 - 2015-07-23 14:45 - 00000000 ____D C:\Users\mario\Desktop\bootyboo 2016-05-12 15:31 - 2009-07-13 22:08 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-05-12 15:22 - 2015-08-24 08:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-05-12 03:48 - 2012-06-15 14:18 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-12 03:48 - 2012-06-15 14:18 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-11 17:15 - 2015-07-01 11:48 - 00000000 ____D C:\Users\mario\AppData\Local\Avg2015 2016-05-11 15:50 - 2015-06-02 11:00 - 00000000 ____D C:\Users\mario\.android 2016-05-11 15:30 - 2015-08-25 08:45 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2016-05-11 15:30 - 2015-08-25 08:45 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2016-05-11 15:24 - 2015-07-30 22:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-05-11 15:20 - 2012-05-12 18:59 - 00000000 ____D C:\Users\mario\AppData\LocalLow\mediabarbs 2016-05-11 14:43 - 2015-07-01 12:38 - 00000000 ____D C:\Program Files\Common Files\AV 2016-05-11 14:36 - 2012-12-04 15:51 - 00000000 ____D C:\Users\mario\AppData\Roaming\SoftGrid Client 2016-05-11 14:34 - 2012-05-13 12:05 - 00000000 ____D C:\Users\mario\AppData\Local\Google 2016-05-11 14:04 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF 2016-05-11 13:58 - 2016-02-17 20:13 - 00000000 ____D C:\Users\mario\Desktop\New movies ==================== Files in the root of some directories ======= 2016-05-11 14:12 - 2016-05-11 14:12 - 6748160 _____ () C:\Program Files (x86)\GUT4F1A.tmp 2016-05-11 14:22 - 2016-05-11 14:22 - 0000003 _____ () C:\Users\mario\AppData\Roaming\pllchannel.txt 2016-05-11 14:51 - 2016-05-11 14:52 - 0006144 ___SH () C:\Users\mario\AppData\Roaming\Thumbs.db 2013-07-16 14:25 - 2013-07-16 14:25 - 0022394 _____ () C:\Users\mario\AppData\Roaming\UserTile.png 2012-05-12 18:50 - 2012-12-06 14:59 - 0006144 _____ () C:\Users\mario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some files in TEMP: ==================== C:\Users\mario\AppData\Local\Temp\BearShare_setup.exe C:\Users\mario\AppData\Local\Temp\dbfhide.exe C:\Users\mario\AppData\Local\Temp\dblgen11.dll C:\Users\mario\AppData\Local\Temp\dblib11.dll C:\Users\mario\AppData\Local\Temp\dbtool11.dll C:\Users\mario\AppData\Local\Temp\DefaultTabSetup2.exe C:\Users\mario\AppData\Local\Temp\DeltaTB.exe C:\Users\mario\AppData\Local\Temp\devcon.exe C:\Users\mario\AppData\Local\Temp\dvbfor3v.dll C:\Users\mario\AppData\Local\Temp\eTypeSetup.exe C:\Users\mario\AppData\Local\Temp\Extract.exe C:\Users\mario\AppData\Local\Temp\FsdRegistration.dll C:\Users\mario\AppData\Local\Temp\GDSBLMgr.dll C:\Users\mario\AppData\Local\Temp\gert0.exe C:\Users\mario\AppData\Local\Temp\GetCC.dll C:\Users\mario\AppData\Local\Temp\GUR6B40.exe C:\Users\mario\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe C:\Users\mario\AppData\Local\Temp\HiRezLauncherControls.dll C:\Users\mario\AppData\Local\Temp\htmlayout.dll C:\Users\mario\AppData\Local\Temp\incredibar_installer.exe C:\Users\mario\AppData\Local\Temp\Installhelper.dll C:\Users\mario\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll C:\Users\mario\AppData\Local\Temp\lowproc.exe C:\Users\mario\AppData\Local\Temp\mgsqlite3.dll C:\Users\mario\AppData\Local\Temp\msvcp71.dll C:\Users\mario\AppData\Local\Temp\msvcp90.dll C:\Users\mario\AppData\Local\Temp\msvcr71.dll C:\Users\mario\AppData\Local\Temp\msvcr90.dll C:\Users\mario\AppData\Local\Temp\NGM.exe C:\Users\mario\AppData\Local\Temp\NGMDll.dll C:\Users\mario\AppData\Local\Temp\NGMResource.dll C:\Users\mario\AppData\Local\Temp\NGMSetup.exe C:\Users\mario\AppData\Local\Temp\QBFirwal.dll C:\Users\mario\AppData\Local\Temp\qbinstal.dll C:\Users\mario\AppData\Local\Temp\QBNGEN.dll C:\Users\mario\AppData\Local\Temp\r91amzku.dll C:\Users\mario\AppData\Local\Temp\SCC.dll C:\Users\mario\AppData\Local\Temp\SendMsg.dll C:\Users\mario\AppData\Local\Temp\Setup.exe C:\Users\mario\AppData\Local\Temp\Shortcut_BundleSweetIMSetup.exe C:\Users\mario\AppData\Local\Temp\SIMEEIInstaller.exe C:\Users\mario\AppData\Local\Temp\SMUnInstaller.dll C:\Users\mario\AppData\Local\Temp\Softonic_chr_1-8-8-11.exe C:\Users\mario\AppData\Local\Temp\Softonic_FR_1-4-9.exe C:\Users\mario\AppData\Local\Temp\Softonic_FR_1-4-9[1].exe C:\Users\mario\AppData\Local\Temp\SRAssetsHelper.dll C:\Users\mario\AppData\Local\Temp\stlport_r50.dll C:\Users\mario\AppData\Local\Temp\StopQBServer.dll C:\Users\mario\AppData\Local\Temp\stubhelper.dll C:\Users\mario\AppData\Local\Temp\swt-win32-3349.dll C:\Users\mario\AppData\Local\Temp\tbrafp.dll C:\Users\mario\AppData\Local\Temp\tbuTor.dll C:\Users\mario\AppData\Local\Temp\tmpCF9D.tmp.exe C:\Users\mario\AppData\Local\Temp\toolbar2420761.exe C:\Users\mario\AppData\Local\Temp\toolbar2861495.exe C:\Users\mario\AppData\Local\Temp\unicows.dll C:\Users\mario\AppData\Local\Temp\uninst1.exe C:\Users\mario\AppData\Local\Temp\uninstall285076.exe C:\Users\mario\AppData\Local\Temp\uninstall309583.exe C:\Users\mario\AppData\Local\Temp\uninstall309630.exe C:\Users\mario\AppData\Local\Temp\uninstall4072203.exe C:\Users\mario\AppData\Local\Temp\UtilDBSetup.dll C:\Users\mario\AppData\Local\Temp\utt8DED.tmp.exe C:\Users\mario\AppData\Local\Temp\vbmz11.exe C:\Users\mario\AppData\Local\Temp\webcompanioninstaller.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-05-12 04:50 ==================== End of FRST.txt ============================