Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Uninstalled Chrome because of Malware and after reinstalling it wont connect to


  • This topic is locked This topic is locked
10 replies to this topic

#1 docjbw

docjbw

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 09 August 2015 - 06:52 PM

Hello.  I recently uninstalled Chrome because of malware (constant pop ups and redirects).  After I managed to reinstall it, it would not connect to internet.  It says "Unable to connect to the proxy server."  Firefox and Explore can connect with no problems.  I ran the AdwCleaner and JunkRemoval programs recommended on another post.  Here are the logs:
 
AdwCleaner[/size]

# AdwCleaner v4.208 - Logfile created 09/08/2015 at 16:21:06[/size]
# Updated 09/07/2015 by Xplode[/size]
# Database : 2015-08-01.1 [Server][/size]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)[/size]
# Username : James - JAMES-LAPTOP[/size]
# Running from : C:\Users\James\Downloads\AdwCleaner.exe[/size]
# Option : Cleaning[/size]

***** [ Services ] *****[/size]


***** [ Files / Folders ] *****[/size]

Folder Deleted : C:\ProgramData\AVG Secure Search[/size]
Folder Deleted : C:\ProgramData\ParetoLogic[/size]
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search[/size]
Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic[/size]
Folder Deleted : C:\Users\James\AppData\Roaming\ParetoLogic[/size]
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml[/size]

***** [ Scheduled tasks ] *****[/size]


***** [ Shortcuts ] *****[/size]


***** [ Registry ] *****[/size]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar][/size]
Key Deleted : HKLM\SOFTWARE\Classes\S[/size]
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi[/size]
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1[/size]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt][/size]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin[/size]
Key Deleted : HKLM\SOFTWARE\Classes\uus3url-pl[/size]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}[/size]
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}[/size]
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}[/size]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}[/size]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}[/size]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}[/size]
Key Deleted : HKCU\Software\ParetoLogic[/size]
Key Deleted : HKCU\Software\Avg Secure Update[/size]
Key Deleted : HKLM\SOFTWARE\ParetoLogic[/size]
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update[/size]
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] -[/size]
Data Deleted : HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings [ProxySettingsPerUser] -[/size]

***** [ Web browsers ] *****[/size]

-\\ Internet Explorer v10.0.9200.17410[/size]


-\\ Mozilla Firefox v39.0.3 (x86 en-US)[/size]


*************************[/size]

AdwCleaner[R0].txt - [32861 bytes] - [08/08/2015 09:00:45][/size]
AdwCleaner[R1].txt - [2775 bytes] - [09/08/2015 16:18:07][/size]
AdwCleaner[S0].txt - [22713 bytes] - [08/08/2015 09:01:58][/size]
AdwCleaner[S1].txt - [2650 bytes] - [09/08/2015 16:21:06][/size]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2709  bytes] ##########[/size]



Junk removal[/size]
Junkware Removal Tool (JRT) by Malwarebytes[/size]
Version: 7.5.5 (08.05.2015:1)[/size]
OS: Windows 7 Home Premium x64[/size]
Ran by James on Sun 08/09/2015 at 15:56:41.62[/size]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[/size]




~~~ Services[/size]

Successfully deleted: [Service] Update Mgr RollAround [Reboot required][/size]
Successfully deleted: [Service] vToolbarUpdater18.8.0 [Reboot required][/size]



~~~ Tasks[/size]

Failed to delete: [Task] C:\windows\system32\tasks\ParetoLogic Update Version3[/size]
Successfully deleted: [Task] C:\windows\system32\tasks\ParetoLogic Registration3[/size]
Successfully deleted: [Task] C:\windows\system32\tasks\ParetoLogic Update Version3 Startup Task[/size]
Successfully deleted: [Task] C:\windows\Tasks\ParetoLogic Registration3.job[/size]
Successfully deleted: [Task] C:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job[/size]
Successfully deleted: [Task] C:\windows\Tasks\ParetoLogic Update Version3.job[/size]



~~~ Registry Values[/size]

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page[/size]
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page[/size]
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page[/size]
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page[/size]
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page[/size]
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3808585925-2696099740-3313271317-1000\Software\Microsoft\Internet Explorer\Main\\Start Page[/size]



~~~ Registry Keys[/size]

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}[/size]
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}[/size]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}[/size]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}[/size]



~~~ Files[/size]

Successfully deleted: [File] C:\Users\James\AppData\Roaming\appdataFr25.bin[/size]
Successfully deleted: [File] C:\Users\James\AppData\Roaming\appdataFr3.bin[/size]
Successfully deleted: [File] C:\Users\James\Appdata\Local\36930a0b1df89271c8b093322dcf4f23[/size]
Successfully deleted: [File] C:\windows\SysWOW64\sho39ED.tmp[/size]
Successfully deleted: [File] C:\windows\SysWOW64\sho5A17.tmp[/size]
Successfully deleted: [File] C:\windows\SysWOW64\sho977C.tmp[/size]
Successfully deleted: [File] C:\windows\SysWOW64\shoB0C6.tmp[/size]
Successfully deleted: [File] C:\windows\SysWOW64\shoFA91.tmp[/size]



~~~ Folders[/size]

Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{00048C53-7AB9-4A77-A333-9F3A47625E53}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{05F1959F-2BB2-4537-807C-2850EFF11761}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{09342F38-CDE0-4F28-A520-F9E5EBE8A422}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{11CB477E-A181-44C2-9FEC-BFF5C769C9CB}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{1818B177-D2A8-4D19-9953-CD147BD3CB94}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{1CE6EDD0-9438-4D7A-9CD7-9750BEF2B72E}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{1E411D0B-C698-4C0E-B55D-50500F778808}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{21838D4A-EAE3-4264-92D9-9FF79696026D}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{22C95E8B-1B2A-49F9-B2EA-F9B0B751AA50}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{25159C46-A702-4832-8A13-8E66DF3DB631}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{29467C1B-F5D4-47D7-B52F-18E116FE8F43}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{2B0B9AFE-021D-4B8E-A8EA-F07DEF300B52}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{300A67F3-9CF4-4335-A96B-0DF1D7D2A8C5}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{302D0BC3-4FCA-4C1E-8B67-572C3BC5DF48}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{3037735A-D750-4A4C-8975-1357C93A0A33}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{30FDA304-2265-474C-B83C-B4F97E01ACD7}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{34485053-D56F-4D28-A662-28F1D0E69973}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{35C418D5-A2CB-4377-8B10-2C042CE69FC4}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{3B1E87CC-D125-4272-92C6-B6D321CB0B19}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{3BBA96EB-9F76-4BB8-90D9-107544F1456F}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{411DB82C-1768-46E3-AF84-66550DBBF797}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{44F15C22-93E4-4DDF-A0DB-FDB1186B7DC5}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{46165000-840F-4173-87AE-4FF7DF53FD6E}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{4899C30A-FFA4-4181-AFA7-1727BBFCA94D}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{4E317E81-9CBA-43B2-AC27-831BE1A9F67B}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{4F14B035-9BAB-429B-8B8A-DECA3F582889}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{5154B35C-F9CF-4BF1-9833-802AB4655340}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{5639EAE3-3C88-4754-AFFA-444ECE90B389}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{5707A27D-4B6E-479F-BBF3-C5A5B32C1049}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{59AE0D87-7515-4316-8CED-23946E63AD6C}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{5AB2CD05-4D21-4658-955E-E71786015142}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{5F003E65-EEA7-40C7-9250-E5D377C01FB7}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{6466CA53-4E48-4BB5-87FF-54E5B0E01981}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{679221E5-BB6D-4B43-B464-19902E4A55DF}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{6B9F1C7F-AA36-41E3-9010-2F1F50DF212B}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{6CAEA029-C792-4985-9D26-8DF0AEDB2B9A}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{70694D95-51B7-42A6-BDCB-263D2C609131}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{7156BBDA-093D-4948-B593-E0EB663F4004}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{7F95891D-65C7-4794-8ECA-D471264A5946}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{80D838BC-997B-4915-A36A-F0E2DCBEB374}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{845784C5-5752-4A93-9718-B92548396393}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{874EEB1F-E0C4-440F-AA5D-801332729AED}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{89CA11F6-545E-4615-AD24-140B146990A5}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{90A22EED-E7C2-4210-9DBE-425AA87E14CE}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{90DF4BF8-4B41-4A46-9BA6-3088B678DF47}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{A13A2875-FF80-4E1B-A4D1-837CEEC846B7}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{A3305790-3E3B-4BDD-B34B-1FEE29B26881}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{A85F2B16-4FEB-408B-9D2F-10D538DE600E}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{A8C20819-38BF-4FF5-AE7C-9ABD8D7BBE81}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{ABAA2EA6-B11D-4C88-8D12-9E8AFB749BC5}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{ADD5A7AC-CE53-4CEB-8901-EB190F199B3A}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{B4DF63B7-FF79-4DF6-9D41-33552C248294}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{C10522B8-0425-47B7-9AFC-843E306BBD44}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{C5CFD93A-083B-46BD-BFAE-F6A61F49A17F}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{C5D11DCA-87F6-40FE-A9A7-C3BFD08789A0}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{D69BD8BE-7494-4362-88E6-AE15FE90BAC2}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{D72D85B1-109F-448A-9007-F6F712FF8F61}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{DA1A1AEC-0F53-4E10-A48D-C531156ACB1C}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{DAD33B43-0910-4146-8187-12C5E3D4F64C}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{DC055922-2F95-402B-AB7F-B6E0E3A3E000}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{DFB79497-EABB-4DE2-B9E5-565DC916B5B5}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{E193B8F4-44CC-4CF5-8E90-ED8000DD917D}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{E49FCB89-C094-4351-B721-7B7322FBAAE3}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{E7610007-BC95-44E5-9C54-555A3080CDF5}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{EE7E02EA-8E86-4870-9AF5-43152A83C283}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{EF34E0BF-11FC-40AB-BE6D-C3139DC47450}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{F0BA993D-BBEC-4E03-AB86-8EA450B8CAF4}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{F1EA0A8C-8850-4CC2-B324-2F9950665ED9}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{F4782257-783F-4EC7-9F84-25E47010BD53}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{F5F1995A-F3B9-4AC5-AB31-E24EEE0CF4CF}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{F6602AA1-42ED-4095-9E02-D70F444D49D9}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{FDB220F4-8926-42FB-ACBF-675DC7C5C659}[/size]
Successfully deleted: [Empty Folder] C:\Users\James\Appdata\Local\{FEF54819-7E65-44AD-A61B-DD734E1955E0}[/size]
Successfully deleted: [Folder] C:\ProgramData\avg security toolbar[/size]
Successfully deleted: [Folder] C:\Users\James\AppData\Roaming\drivercure[/size]
Successfully deleted: [Folder] C:\Users\James\AppData\Roaming\goldengate[/size]
Successfully deleted: [Folder] C:\Users\James\AppData\Roaming\5091[/size]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[/size]
Scan was completed on Sun 08/09/2015 at 16:04:34.71[/size]
End of JRT log[/size]
 
I have searched and searched for the answer but nothing has helped.  I did the advanced settings, LAN automatic connecting box and everything else I have read about.  Any help would be greatly appreciated.  Thanks.[/size]



BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:37 PM

Posted 10 August 2015 - 04:55 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 docjbw

docjbw
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 10 August 2015 - 07:47 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-08-2015
Ran by James (2015-08-10 17:42:02)
Running from C:\Users\James\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3808585925-2696099740-3313271317-500 - Administrator - Disabled)
Guest (S-1-5-21-3808585925-2696099740-3313271317-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3808585925-2696099740-3313271317-1002 - Limited - Enabled)
James (S-1-5-21-3808585925-2696099740-3313271317-1000 - Administrator - Enabled) => C:\Users\James

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Out of date) {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {95CBD341-38DB-14AC-AF6A-08054B41A339}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6125 - AVG Technologies)
AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6125 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.5.143 - AVG Technologies)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Best Buy Connect (HKLM-x32\...\{B435FD87-CA14-45E3-9D0B-A30F1F9F3866}) (Version: 3.00.68 - Best Buy)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.29 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.29 - PC-Doctor, Inc.) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-3808585925-2696099740-3313271317-1000\...\Dropbox) (Version: 3.8.5 - Dropbox, Inc.)
DVDFab 8.1.5.9 (20/01/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DVDFab 9.0.2.8 (01/03/2013) Qt (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elevated Installer (x32 Version: 4.1.5.0 - Garmin Ltd or its subsidiaries) Hidden
Escape Whisper Valley ™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 5.50 - Philipp Winterberg)
Garmin Express (HKLM-x32\...\{42f02a91-da9c-48e1-8dc5-37f4449db969}) (Version: 4.1.5.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.5.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.5.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java™ 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus 2012 (HKLM-x32\...\InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}) (Version: 12.0.0.374 - Kaspersky Lab)
Kaspersky Anti-Virus 2012 (x32 Version: 12.0.0.374 - Kaspersky Lab) Hidden
Logitech Harmony Remote Software (x86) (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PowerTeacher Gradebook Launcher (HKU\S-1-5-21-3808585925-2696099740-3313271317-1000\...\PTg) (Version: 1.0.3 - Pearson)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Roxio Game Capture HD PRO (HKLM-x32\...\{2DD84AB2-8BF4-49FA-9D62-E3F93D4F56FB}) (Version: 1.0 - Roxio)
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
TouchCopy 11 (HKLM-x32\...\{FB0F6991-438E-486F-8D4F-E778E747A59B}) (Version: 11.26 - Wide Angle Software)
UGRS2 OCX (HKLM-x32\...\{261E53FA-DCD6-4A8C-89BF-B85AD4F43238}) (Version: 2.0.7 - UGRS2)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{A1188CD2-9C9F-11E2-B88F-F04DA23A5C58}) (Version: 12.0.563 - Sony)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebClient (HKLM-x32\...\WebClient) (Version:  - )
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Essentials Codec Pack 5.0 (HKLM-x32\...\Windows Essentials Codec Pack) (Version: 5.0 - Windows Essentials Codec Pack)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3808585925-2696099740-3313271317-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3808585925-2696099740-3313271317-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3808585925-2696099740-3313271317-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3808585925-2696099740-3313271317-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3808585925-2696099740-3313271317-1000_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.26.7\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3808585925-2696099740-3313271317-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3808585925-2696099740-3313271317-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3808585925-2696099740-3313271317-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3808585925-2696099740-3313271317-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3808585925-2696099740-3313271317-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3808585925-2696099740-3313271317-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3808585925-2696099740-3313271317-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3808585925-2696099740-3313271317-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3808585925-2696099740-3313271317-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3808585925-2696099740-3313271317-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3808585925-2696099740-3313271317-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3808585925-2696099740-3313271317-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3808585925-2696099740-3313271317-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3808585925-2696099740-3313271317-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3808585925-2696099740-3313271317-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

29-06-2015 03:00:30 Windows Update
17-07-2015 03:00:47 Windows Update
21-07-2015 13:56:24 Windows Update
07-08-2015 18:24:42 Garmin Express
07-08-2015 18:31:10 Garmin Express
07-08-2015 18:41:41 Installed AVG 2015
07-08-2015 18:42:52 Installed AVG 2015
08-08-2015 09:50:26 Revo Uninstaller Pro's restore point - Google Chrome
08-08-2015 09:51:49 Revo Uninstaller Pro's restore point - Google Chrome
08-08-2015 09:53:08 Revo Uninstaller Pro's restore point - Google Chrome
08-08-2015 09:54:33 Revo Uninstaller Pro's restore point - Google Chrome
08-08-2015 09:58:39 Revo Uninstaller Pro's restore point - Google Chrome
08-08-2015 09:59:55 Revo Uninstaller Pro's restore point - Google Chrome
08-08-2015 10:01:13 Revo Uninstaller Pro's restore point - Google Chrome
08-08-2015 10:02:29 Revo Uninstaller Pro's restore point - Google Chrome
09-08-2015 14:56:33 Removed TuneUp Utilities 2014
09-08-2015 14:58:34 Removed TuneUp Utilities 2014 (en-US)
09-08-2015 15:56:48 JRT Pre-Junkware Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2015-01-22 17:52 - 00000910 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1            d3oxij66pru1i3.cloudfront.net
127.0.0.1            d3oxij66pru1i3.cloudfront.net


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FCB2513-0AF5-4548-95E9-59AC9C5BB9C4} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {233792DA-1636-402E-88FC-54D08BA0A521} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-09] (Google Inc.)
Task: {30D40F49-F20C-4BD3-9ED2-239442C0BA9D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {32F6EF49-19B1-4BE1-8690-0C591303B535} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000UA => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {57830301-B25A-41F6-AB9C-920EB2558AA7} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-07-29] ()
Task: {67AF684B-77E1-4ACF-BEBF-E7CD7B3FB685} - System32\Tasks\DonutQuotes => C:\Program Files (x86)\donutleads\ScheduledTask.exe
Task: {7E69C836-1AC8-4D82-9345-2B226FF4D65E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-09] (Google Inc.)
Task: {8C945E9F-EB4E-48BB-A177-E05581A7969D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000Core => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {9343295B-AA83-4B47-BEA9-BEECD0E1EC84} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9CC573DE-9B10-4D4A-AEEF-DD9834E6CEE2} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000UA => C:\Users\James\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-27] (Dropbox, Inc.)
Task: {C291AA8F-8C07-4B5A-9546-9F00C0952566} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-16] (Adobe Systems Incorporated)
Task: {F2E4D048-D693-4ADC-9FAA-40CBD0ADFF9B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000Core => C:\Users\James\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-27] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000Core.job => C:\Users\James\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000UA.job => C:\Users\James\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000Core.job => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000UA.job => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-09 07:33 - 2015-08-09 07:33 - 01195920 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2011-09-15 16:46 - 2011-09-15 16:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-01 09:59 - 2015-07-01 09:59 - 08016049 _____ () C:\Program Files (x86)\Fresh Hospital\Fresh Hospital.exe
2012-01-06 22:55 - 2010-08-11 17:19 - 00781536 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2012-01-06 22:55 - 2010-07-21 09:35 - 00161088 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
2012-01-06 23:49 - 2011-04-10 11:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-09-15 16:46 - 2011-09-15 16:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-11-17 09:35 - 2010-11-17 09:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2012-01-06 22:55 - 2010-08-11 17:19 - 00056544 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2012-01-06 22:55 - 2010-08-11 17:19 - 00113888 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2012-01-06 22:55 - 2010-08-11 17:19 - 00126176 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2012-01-06 22:55 - 2010-08-11 17:19 - 01121504 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2012-01-06 22:55 - 2010-08-11 17:19 - 00077024 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2012-01-06 22:55 - 2010-08-11 17:19 - 00232672 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2012-01-06 22:55 - 2010-08-11 17:19 - 00072928 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2012-01-06 22:55 - 2010-08-11 17:19 - 00109792 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2012-01-06 22:55 - 2010-08-11 17:19 - 00119008 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2014-02-10 18:34 - 2015-07-03 09:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-22 17:02 - 2015-07-03 09:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-22 17:02 - 2015-07-03 09:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-22 17:02 - 2015-07-03 09:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-11-27 23:16 - 2015-07-23 16:24 - 02410176 _____ () C:\Program Files (x86)\Steam\video.dll
2014-11-27 23:16 - 2014-12-01 14:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-11-27 23:16 - 2014-12-01 14:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-11-27 23:16 - 2014-12-01 14:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-11-27 23:16 - 2014-12-01 14:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-11-27 23:16 - 2014-12-01 14:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2012-02-13 10:52 - 2015-07-23 16:23 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-08-08 09:09 - 2015-07-07 13:41 - 00169984 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-08-09 16:25 - 2015-08-09 16:25 - 00071168 _____ () c:\users\james\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg5y0z3.dll
2015-03-04 14:45 - 2015-07-16 17:31 - 00012800 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 14:45 - 2015-07-16 17:31 - 00779776 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-07 18:22 - 2015-07-16 17:31 - 00056320 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 14:45 - 2015-07-16 17:31 - 00012288 _____ () C:\Users\James\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2010-11-24 21:44 - 2010-11-24 21:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-04-25 00:13 - 2011-04-25 00:13 - 02118032 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtCore4.dll
2011-04-25 00:13 - 2011-04-25 00:13 - 07008656 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtGui4.dll
2011-04-25 00:13 - 2011-04-25 00:13 - 02089360 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtDeclarative4.dll
2011-04-25 00:13 - 2011-04-25 00:13 - 01270160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtScript4.dll
2011-04-25 00:13 - 2011-04-25 00:13 - 00192912 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtSql4.dll
2011-04-25 00:13 - 2011-04-25 00:13 - 00758160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtNetwork4.dll
2011-04-20 20:56 - 2011-04-20 20:56 - 00025088 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
2014-11-15 05:06 - 2014-11-15 05:06 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2012-01-06 22:18 - 2010-11-05 22:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-02-13 10:52 - 2015-07-03 09:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2011-07-07 16:13 - 2011-07-07 16:13 - 00251688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll
2011-07-07 16:14 - 2011-07-07 16:14 - 00891688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Altonv => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3808585925-2696099740-3313271317-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\James\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2ECDB3D7-D819-4940-9330-95E7AB52C37E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{0738E0C2-5822-40B1-B20D-38BC2E1C9B9D}] => (Allow) C:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{746AB98B-859D-4CE1-B70A-642B16B701F1}] => (Allow) LPort=9700
FirewallRules: [{59A110A5-92A9-4099-9993-7D5CD37A246A}] => (Allow) LPort=9701
FirewallRules: [{30956E33-979B-45A0-AA9C-94B3B53F706A}] => (Allow) LPort=9702
FirewallRules: [{9E1BE99C-4747-488B-A842-15AFF5181943}] => (Allow) LPort=9700
FirewallRules: [{D8ACB36F-668D-46DF-96A6-D8917D812611}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{E9F784FD-0984-4B79-BC13-4049B914F8F8}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{776CEE62-AEA6-4133-9F50-9F8AEA38992E}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{2599D43E-03E4-44EC-AD13-68A9CDEE0956}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{28811F07-6DAD-471A-8F33-E5255C5E18B5}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{6845AB16-3476-470B-8FE7-CDFD16EA8C5C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{42E703B5-8FCB-40EF-ADD1-70D60195D2D1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D1A6A222-265B-4C53-B522-57DF17D58668}] => (Allow) LPort=2869
FirewallRules: [{0D30B37B-822A-47F1-A8F5-91002FAFF5B4}] => (Allow) LPort=1900
FirewallRules: [{91429473-4820-486E-B952-4A11F1D846F2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9B8EFB5B-FDCE-459A-8265-69D5615AE9B6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{952D44C9-EA0C-47F0-8F4C-C8F36676D272}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FFBC7665-F919-4B5E-A08D-CD9C4510F44B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{48D6D48C-4EBE-409A-86C8-986303E285EB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D876C2D2-AE2F-4252-AC22-C40851A30AF2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C62719B3-05E2-4D55-A5EB-01F70862B069}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [{A5439F78-5E75-4BD0-BF18-E2D3901A06F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [{91676B21-B8DA-4C21-8FC5-16486DB6305B}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{7CF5F626-DF2D-4208-9944-7DD42D21772D}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{A2F4304D-AB22-42E7-9BD5-27021D000480}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{999C7548-E5C7-4439-B007-6AD66C4FC74F}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{6D00AEDA-A1BA-4C87-A0DC-A63A505C46DB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [{642921F0-51C8-46C2-A1FF-0F933C517F44}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [TCP Query User{35321C86-2DED-4200-852E-0575FCE92395}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{3451591A-A446-430F-AE45-FA07695661C4}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{BE9B95BA-E747-4C65-BCE0-837F75AD042D}] => (Allow) C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B06AAE92-45D1-470D-B142-919381618D2D}] => (Allow) C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{584CF7EA-DF80-45EA-B66D-4F287F713155}C:\users\james\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\james\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{0C91125C-0690-4C8E-9991-A6BB3A43F184}C:\users\james\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\james\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{9F30AD5C-AEEB-49E0-A23E-5FA0C34B692A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8A4C9981-4D4F-4E1A-BA53-99024B3AFCA1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{91959033-BFE3-42DC-B93C-4B85312C95EB}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{C0B30FDB-66EB-4248-99DC-8CBF024AA5CA}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe
FirewallRules: [{192968CE-E260-451F-88ED-FB1532AB4163}] => (Allow) C:\Program Files (x86)\Common Files\Nero\BDCore\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{70D76351-667A-4FC4-9B72-E22215D1E040}] => (Allow) C:\Program Files (x86)\Common Files\Nero\BDCore\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{B6E3371A-F907-4D90-9FEE-7BD026BBE853}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2BF61967-3A73-45EE-B45B-36E843F2F822}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{35273E7B-53FF-4130-8872-F108567C2F3D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F115E759-B579-479A-976C-1C5C9B5E8EDA}] => (Allow) C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{F945ABED-EFD8-40B4-A617-CE408C5F45A5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{97CA1E26-4A13-46AC-AEA4-4FDC0E8E8BB7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{1601D95C-11A9-4077-9BE5-E976C0F31902}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{C0B91A1E-79FB-49B6-B25A-6B840D2286E0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{E27C480D-A40D-4FF8-B164-CDCE62DB8292}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{679067CB-FE34-40EC-9F67-1A1407F7B8F2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{6A1ECB77-D7D8-429D-A243-62DD397D841E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{1C32769B-C8A5-4397-A676-3C506F2640D2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{06BA4A16-65F1-426D-BDD0-7E5FF73A6415}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E60F3238-86B2-4634-9517-C402FD62FB6A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{62EC1EF2-06EC-4359-91BD-5B854BF7832D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/10/2015 05:34:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 66501167

Error: (08/10/2015 05:34:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 66501167

Error: (08/10/2015 05:34:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/10/2015 05:34:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 66491573

Error: (08/10/2015 05:34:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 66491573

Error: (08/10/2015 05:34:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/09/2015 11:06:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13885

Error: (08/09/2015 11:06:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13885

Error: (08/09/2015 11:06:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/09/2015 11:06:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9142


System errors:
=============
Error: (08/09/2015 04:23:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
%%1075

Error: (08/09/2015 04:23:44 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Application Virtualization Client service depends the following service: sftfs. This service might not be installed.

Error: (08/09/2015 04:23:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/09/2015 04:23:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053

Error: (08/09/2015 04:23:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Error: (08/09/2015 04:21:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (08/09/2015 04:21:38 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/09/2015 04:21:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1069

Error: (08/09/2015 04:21:36 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/09/2015 04:21:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069


Microsoft Office:
=========================
Error: (08/10/2015 05:34:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 66501167

Error: (08/10/2015 05:34:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 66501167

Error: (08/10/2015 05:34:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/10/2015 05:34:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 66491573

Error: (08/10/2015 05:34:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 66491573

Error: (08/10/2015 05:34:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/09/2015 11:06:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13885

Error: (08/09/2015 11:06:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13885

Error: (08/09/2015 11:06:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/09/2015 11:06:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9142


==================== Memory info ===========================

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 41%
Total physical RAM: 6051.18 MB
Available physical RAM: 3566.55 MB
Total Virtual: 12100.57 MB
Available Virtual: 8832.23 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:683.89 GB) (Free:514.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: C9C7B0E4)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=683.9 GB) - (Type=07 NTFS)

==================== End of log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-08-2015
Ran by James (administrator) on JAMES-LAPTOP (10-08-2015 17:41:05)
Running from C:\Users\James\Downloads
Loaded Profiles: James (Available Profiles: James)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NTS Co., Ltd.") C:\Users\James\AppData\NTSFile\NTS.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Fresh Hospital\Fresh Hospital.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Dropbox, Inc.) C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [RadPlayer Tray] => "C:\Program Files (x86)\RadPlayer\TyV1.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [38112 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-11-05] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780520 2015-07-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe [18240 2010-07-21] (Dell)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKU\S-1-5-21-3808585925-2696099740-3313271317-1000\...\Run: [Google Update] => "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3808585925-2696099740-3313271317-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2895552 2015-07-23] (Valve Corporation)
HKU\S-1-5-21-3808585925-2696099740-3313271317-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3808585925-2696099740-3313271317-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1404248 2015-07-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3808585925-2696099740-3313271317-1000\...\Run: [Dropbox Update] => C:\Users\James\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-27] (Dropbox, Inc.)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1404248 2015-07-29] (Garmin Ltd. or its subsidiaries)
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-01-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3808585925-2696099740-3313271317-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser]  <======= ATTENTION (Policy restriction on ProxySettings)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{A2F00D94-1873-4AFD-9386-8F53A6ABA355}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{ACFF12AB-ACFD-465A-9B81-8EFEF00A322A}: [DhcpNameServer] 192.168.100.100
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\k3youxvl.default
FF DefaultSearchEngine.US: Google
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-02-13]
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012-02-13]

Chrome:
=======
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-09]
CHR Extension: (Google Drive) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-09]
CHR Extension: (YouTube) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-09]
CHR Extension: (Google Search) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-09]
CHR Extension: (Gmail) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3633576 2015-07-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-07-31] (AVG Technologies CZ, s.r.o.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-11-05] (Kaspersky Lab ZAO)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
R2 Fresh Hospital; C:\Program Files (x86)\Fresh Hospital\Fresh Hospital.exe [8016049 2015-07-01] () [File not signed] <==== ATTENTION
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [754120 2015-07-29] (Garmin Ltd. or its subsidiaries)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
R2 Northern Themes Service; C:\Users\James\AppData\NTSFile\NTS.exe [228352 2014-11-14] (NTS Co., Ltd.") [File not signed]
S3 RoxMediaDBGame1X; C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [1095824 2012-08-02] (Corel Corporation)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel® Corporation) [File not signed]
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1195920 2015-08-09] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [245680 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
S3 H5xUSB; C:\Windows\System32\Drivers\uth5x64.sys [101632 2012-08-02] (UT)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-11-05] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-07-10] (Corel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-10 17:41 - 2015-08-10 17:41 - 00021828 _____ C:\Users\James\Downloads\FRST.txt
2015-08-10 17:40 - 2015-08-10 17:41 - 00000000 ____D C:\FRST
2015-08-10 17:37 - 2015-08-10 17:38 - 02171392 _____ (Farbar) C:\Users\James\Downloads\FRST64.exe
2015-08-09 16:34 - 2015-08-09 16:34 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-09 16:34 - 2015-08-09 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-09 16:31 - 2015-08-10 17:36 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-09 16:31 - 2015-08-09 16:36 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-09 16:31 - 2015-08-09 16:31 - 00931408 _____ (Google Inc.) C:\Users\James\Downloads\ChromeSetup.exe
2015-08-09 16:31 - 2015-08-09 16:31 - 00003892 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-09 16:31 - 2015-08-09 16:31 - 00003640 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-09 16:13 - 2015-08-09 16:14 - 02248704 _____ C:\Users\James\Downloads\AdwCleaner.exe
2015-08-09 16:04 - 2015-08-09 16:04 - 00011179 _____ C:\Users\James\Desktop\JRT.txt
2015-08-09 15:55 - 2015-08-09 15:55 - 01797896 _____ (Malwarebytes Corporation) C:\Users\James\Downloads\JRT.exe
2015-08-09 15:36 - 2015-08-09 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-08-09 15:36 - 2015-08-09 15:36 - 00000000 ____D C:\Program Files\VS Revo Group
2015-08-09 15:36 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
2015-08-09 14:44 - 2015-08-09 14:44 - 00000000 ____D C:\Users\James\AppData\Local\Mozilla
2015-08-09 14:43 - 2015-08-09 14:43 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-09 14:43 - 2015-08-09 14:43 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-09 14:43 - 2015-08-09 14:43 - 00000000 ____D C:\ProgramData\Mozilla
2015-08-09 14:43 - 2015-08-09 14:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-09 07:59 - 2015-08-09 16:34 - 00000000 ____D C:\Users\James\AppData\Local\Google
2015-08-09 07:34 - 2015-08-09 14:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-09 07:34 - 2015-08-09 07:34 - 00000000 ____D C:\Users\James\AppData\Local\AVG Web TuneUp
2015-08-09 07:33 - 2015-08-09 07:34 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-08-09 07:33 - 2015-08-09 07:33 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-08-09 07:16 - 2015-08-09 07:16 - 05964208 _____ (ParetoLogic Inc.) C:\Users\James\Downloads\ParetoLogic PC Health Advisor.exe
2015-08-08 09:49 - 2015-08-08 09:49 - 00000000 ____D C:\Users\James\AppData\Local\VS Revo Group
2015-08-08 09:49 - 2015-08-08 09:49 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-08-08 09:42 - 2015-08-08 09:42 - 00000000 ____D C:\Users\James\AppData\Local\CEF
2015-08-08 09:00 - 2015-08-09 16:21 - 00000000 ____D C:\AdwCleaner
2015-08-08 08:58 - 2015-08-08 08:59 - 02248704 _____ C:\Users\James\Downloads\adwcleaner_4.208.exe
2015-08-08 08:17 - 2015-08-09 07:36 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2015-08-08 08:16 - 2015-08-08 08:16 - 07941448 _____ (Crawler Group ) C:\Users\James\Downloads\SpywareTerminatorSetup.exe
2015-08-08 08:09 - 2015-08-08 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bazooka Scanner
2015-08-08 08:08 - 2015-08-08 08:08 - 00744529 _____ C:\Users\James\Downloads\bazookasetup.exe
2015-08-08 08:07 - 2015-08-08 08:07 - 00531013 _____ C:\Users\James\Downloads\Player Setup.zip
2015-08-08 07:37 - 2015-08-08 07:37 - 00000000 ____D C:\SUPERDelete
2015-08-08 07:33 - 2015-08-08 07:34 - 22853880 _____ (SUPERAntiSpyware) C:\Users\James\Downloads\SUPERAntiSpyware.exe
2015-08-07 18:46 - 2015-08-07 18:46 - 00000000 ____D C:\Users\James\AppData\Roaming\AVG2015
2015-08-07 18:46 - 2015-08-07 18:46 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-07 18:45 - 2015-08-07 18:45 - 00000967 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-08-07 18:45 - 2015-08-07 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-08-07 18:44 - 2015-08-07 19:20 - 00000000 ____D C:\ProgramData\AVG2015
2015-08-07 18:44 - 2015-08-07 18:44 - 00000000 ___HD C:\$AVG
2015-08-07 18:42 - 2015-08-07 18:42 - 00000000 ____D C:\Program Files (x86)\AVG
2015-08-07 18:35 - 2015-08-10 17:39 - 00000000 ____D C:\ProgramData\MFAData
2015-08-07 18:35 - 2015-08-07 19:02 - 00000000 ____D C:\Users\James\AppData\Local\Avg2015
2015-08-07 18:35 - 2015-08-07 18:35 - 00000000 ____D C:\Users\James\AppData\Local\MFAData
2015-08-07 18:34 - 2015-08-07 18:35 - 05091576 _____ (AVG Technologies) C:\Users\James\Downloads\avg_free_stb_all_6125p1_177.exe
2015-08-07 18:33 - 2015-08-09 07:37 - 00000000 ____D C:\Users\James\AppData\Local\Garmin_Ltd._or_its_subsid
2015-08-07 18:29 - 2015-08-07 18:29 - 00001892 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2015-08-07 18:29 - 2015-08-07 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-08-07 18:23 - 2015-08-07 18:23 - 00000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-07 18:06 - 2015-08-07 19:32 - 00000000 ____D C:\Program Files (x86)\Sample IME for IME extension API
2015-07-28 11:02 - 2015-07-28 11:02 - 00312752 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2015-07-28 11:01 - 2015-07-28 11:01 - 00245680 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys
2015-07-24 08:49 - 2015-07-24 08:52 - 00000000 ____D C:\Program Files (x86)\High Material
2015-07-24 08:49 - 2015-07-24 08:51 - 00000000 ____D C:\Program Files (x86)\Trite Mobile
2015-07-24 08:49 - 2015-07-24 08:51 - 00000000 ____D C:\Program Files (x86)\Enthusiastic Tonight
2015-07-21 14:17 - 2015-08-07 19:32 - 00000000 ____D C:\Program Files (x86)\Viewport Resizer
2015-07-18 12:29 - 2015-07-18 12:29 - 00813875 _____ C:\Users\James\Downloads\July 19.pptx
2015-07-17 03:45 - 2015-07-17 03:45 - 00000000 ____D C:\Users\James\AppData\Local\Steam
2015-07-16 21:09 - 2015-07-02 13:31 - 19291136 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-07-16 21:09 - 2015-07-02 12:15 - 14384640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-07-16 21:09 - 2015-07-02 11:30 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-07-16 21:09 - 2015-07-02 11:17 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-07-16 21:09 - 2015-06-29 06:30 - 02865152 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-07-16 21:09 - 2015-06-29 06:27 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-07-16 21:07 - 2015-06-17 06:28 - 13771264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-07-16 21:07 - 2015-06-17 06:28 - 02056704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-07-16 21:07 - 2015-06-17 06:28 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-07-16 21:07 - 2015-06-17 06:28 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-07-16 21:07 - 2015-06-17 06:28 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-07-16 21:07 - 2015-06-17 06:28 - 00690176 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-07-16 21:07 - 2015-06-17 06:28 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-07-16 21:07 - 2015-06-17 06:28 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-07-16 21:07 - 2015-06-17 06:28 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-07-16 21:07 - 2015-06-17 06:28 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-07-16 21:07 - 2015-06-17 06:28 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-07-16 21:07 - 2015-06-17 06:28 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-07-16 21:07 - 2015-06-17 06:28 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-07-16 21:07 - 2015-06-17 06:28 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2015-07-16 21:07 - 2015-06-17 06:28 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-07-16 21:07 - 2015-06-17 06:28 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-07-16 21:07 - 2015-06-17 06:28 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-07-16 21:07 - 2015-06-17 06:28 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-07-16 21:07 - 2015-06-17 06:27 - 02237440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-07-16 21:07 - 2015-06-17 06:27 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-07-16 21:07 - 2015-06-17 06:27 - 00601600 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-07-16 21:07 - 2015-06-17 06:27 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-07-16 21:07 - 2015-06-17 06:26 - 15415296 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-07-16 21:07 - 2015-06-17 06:26 - 02656768 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-07-16 21:07 - 2015-06-17 06:26 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-07-16 21:07 - 2015-06-17 06:26 - 00856064 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-07-16 21:07 - 2015-06-17 06:26 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-07-16 21:07 - 2015-06-17 06:26 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-07-16 21:07 - 2015-06-17 06:26 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-07-16 21:07 - 2015-06-17 06:26 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-07-16 21:07 - 2015-06-17 06:26 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-07-16 21:07 - 2015-06-17 06:26 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-07-16 21:07 - 2015-06-17 06:26 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2015-07-16 21:07 - 2015-06-17 06:26 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-07-16 21:07 - 2015-06-17 06:26 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-07-16 21:07 - 2015-06-17 06:26 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-07-16 21:07 - 2015-06-17 06:26 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-07-16 21:07 - 2015-06-11 11:03 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-07-16 21:07 - 2015-06-11 10:43 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-07-16 21:07 - 2015-06-11 10:38 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2015-07-16 21:07 - 2015-06-11 10:19 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2015-07-16 21:04 - 2015-07-09 10:58 - 03154944 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-07-16 21:04 - 2015-07-09 10:58 - 02603008 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-07-16 21:04 - 2015-07-09 10:58 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-07-16 21:04 - 2015-07-09 10:58 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-07-16 21:04 - 2015-07-09 10:58 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-07-16 21:04 - 2015-07-09 10:58 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-07-16 21:04 - 2015-07-09 10:58 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-07-16 21:04 - 2015-07-09 10:58 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-07-16 21:04 - 2015-07-09 10:58 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-07-16 21:04 - 2015-07-09 10:58 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-07-16 21:04 - 2015-07-09 10:58 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-07-16 21:04 - 2015-07-09 10:43 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-07-16 21:04 - 2015-07-09 10:43 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-07-16 21:04 - 2015-07-09 10:43 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-07-16 21:04 - 2015-07-09 10:43 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-07-16 21:04 - 2015-07-09 10:42 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-07-16 21:04 - 2015-06-01 17:07 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\cewmdm.dll
2015-07-16 21:04 - 2015-06-01 16:47 - 00210432 _____ (Microsoft Corporation) C:\windows\SysWOW64\cewmdm.dll
2015-07-16 21:03 - 2015-07-04 11:07 - 02087424 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2015-07-16 21:03 - 2015-07-04 10:48 - 01414656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2015-07-16 21:03 - 2015-07-01 13:56 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-07-16 21:03 - 2015-07-01 13:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-07-16 21:03 - 2015-07-01 13:49 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-07-16 21:03 - 2015-07-01 13:49 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-07-16 21:03 - 2015-07-01 13:49 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-07-16 21:03 - 2015-07-01 13:49 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-07-16 21:03 - 2015-07-01 13:49 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-07-16 21:03 - 2015-07-01 13:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-07-16 21:03 - 2015-07-01 13:49 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-07-16 21:03 - 2015-07-01 13:49 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-07-16 21:03 - 2015-07-01 13:49 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-07-16 21:03 - 2015-07-01 13:49 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-07-16 21:03 - 2015-07-01 13:49 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-07-16 21:03 - 2015-07-01 13:48 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-07-16 21:03 - 2015-07-01 13:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-07-16 21:03 - 2015-07-01 13:47 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-07-16 21:03 - 2015-07-01 13:47 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-07-16 21:03 - 2015-07-01 13:43 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-07-16 21:03 - 2015-07-01 13:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-07-16 21:03 - 2015-07-01 13:39 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-07-16 21:03 - 2015-07-01 13:30 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-07-16 21:03 - 2015-07-01 13:30 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-07-16 21:03 - 2015-07-01 13:30 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-07-16 21:03 - 2015-07-01 13:30 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-07-16 21:03 - 2015-07-01 13:30 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-07-16 21:03 - 2015-07-01 13:30 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-07-16 21:03 - 2015-07-01 13:30 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-07-16 21:03 - 2015-07-01 13:30 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-07-16 21:03 - 2015-07-01 13:30 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-07-16 21:03 - 2015-07-01 13:29 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-07-16 21:03 - 2015-07-01 13:29 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-07-16 21:03 - 2015-07-01 13:29 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-07-16 21:03 - 2015-07-01 13:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-07-16 21:03 - 2015-07-01 13:26 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-07-16 21:03 - 2015-07-01 13:24 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-07-16 21:03 - 2015-07-01 12:27 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-07-16 21:03 - 2015-07-01 12:26 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-07-16 21:03 - 2015-07-01 12:26 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-07-16 21:03 - 2015-06-25 01:57 - 03207168 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-07-16 21:03 - 2015-06-17 10:47 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-07-16 21:03 - 2015-06-17 10:37 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-07-16 21:03 - 2015-06-15 14:50 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-07-16 21:03 - 2015-06-15 14:45 - 03242496 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-07-16 21:03 - 2015-06-15 14:45 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-07-16 21:03 - 2015-06-15 14:45 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2015-07-16 21:03 - 2015-06-15 14:45 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-07-16 21:03 - 2015-06-15 14:44 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2015-07-16 21:03 - 2015-06-15 14:43 - 02364416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-07-16 21:03 - 2015-06-15 14:43 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-07-16 21:03 - 2015-06-15 14:43 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2015-07-16 21:03 - 2015-06-15 14:42 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2015-07-16 21:03 - 2015-06-15 14:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2015-07-16 21:03 - 2015-06-15 14:37 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2015-07-16 21:03 - 2015-04-27 12:23 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-07-16 21:03 - 2015-04-27 12:23 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-07-16 21:03 - 2015-04-27 12:23 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-07-16 21:03 - 2015-04-27 12:23 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-07-16 21:03 - 2015-04-27 12:05 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-07-16 21:03 - 2015-04-27 12:04 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-07-16 21:03 - 2015-04-27 12:04 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-07-16 21:03 - 2015-04-27 12:04 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-07-16 21:02 - 2015-07-09 10:59 - 00017856 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-07-16 21:02 - 2015-07-09 10:58 - 01085440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-07-16 21:02 - 2015-07-09 10:58 - 00765440 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-07-16 21:02 - 2015-07-09 10:58 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-07-16 21:02 - 2015-07-09 10:58 - 00433664 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-07-16 21:02 - 2015-07-09 10:58 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-07-16 21:02 - 2015-07-09 10:58 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-07-16 21:02 - 2015-07-09 10:50 - 01145856 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-07-16 21:02 - 2015-07-03 11:05 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-07-16 21:02 - 2015-07-03 11:05 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-07-16 21:02 - 2015-07-03 11:05 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-07-16 21:02 - 2015-07-03 11:05 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-07-16 21:02 - 2015-07-03 10:56 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-07-16 21:02 - 2015-07-03 10:56 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-07-16 21:02 - 2015-07-03 10:56 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-07-16 21:02 - 2015-07-03 10:55 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-07-16 21:02 - 2015-07-03 09:52 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-07-16 21:02 - 2015-07-03 09:42 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-10 17:37 - 2012-12-27 09:56 - 00016752 _____ C:\windows\setupact.log
2015-08-10 17:37 - 2009-07-13 22:13 - 00783424 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-10 17:36 - 2012-01-06 22:15 - 01854397 _____ C:\windows\WindowsUpdate.log
2015-08-10 17:34 - 2015-06-27 15:47 - 00000918 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000UA.job
2015-08-10 17:34 - 2012-03-31 08:01 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-08-10 17:34 - 2012-02-13 09:09 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000UA.job
2015-08-09 23:06 - 2012-02-13 09:09 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000Core.job
2015-08-09 19:06 - 2012-02-22 21:45 - 00000000 ____D C:\Users\James\AppData\Roaming\Skype
2015-08-09 17:58 - 2015-06-27 15:47 - 00000866 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000Core.job
2015-08-09 16:39 - 2012-02-13 09:30 - 00000000 ____D C:\Users\James\AppData\Local\Nero
2015-08-09 16:34 - 2015-05-25 18:11 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-09 16:33 - 2009-07-13 21:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-09 16:33 - 2009-07-13 21:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-09 16:27 - 2012-12-29 18:32 - 00000000 ___RD C:\Users\James\Dropbox
2015-08-09 16:27 - 2012-12-29 18:27 - 00000000 ____D C:\Users\James\AppData\Roaming\Dropbox
2015-08-09 16:25 - 2012-02-13 10:26 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-09 16:24 - 2012-02-13 10:44 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-09 16:23 - 2012-02-13 10:52 - 00000000 ____D C:\Users\James\AppData\Local\SoftThinks
2015-08-09 16:22 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-09 15:41 - 2013-11-05 12:49 - 00384476 _____ C:\windows\PFRO.log
2015-08-09 15:27 - 2012-02-13 09:09 - 00000000 ____D C:\Users\James\AppData\Local\Deployment
2015-08-09 14:44 - 2012-02-13 09:09 - 00000000 ____D C:\Users\James\AppData\Roaming\Mozilla
2015-08-07 19:35 - 2015-01-19 14:14 - 00000000 ____D C:\ProgramData\dadkialaaknjbgknndeokmlpcjdnjcaj
2015-08-07 19:31 - 2015-05-25 17:48 - 00000000 ____D C:\Program Files (x86)\Lubuntu Scrollbars
2015-08-07 19:29 - 2015-05-24 14:00 - 00000000 ____D C:\Program Files (x86)\Image Downloader Plus
2015-08-07 18:45 - 2015-02-17 20:19 - 00000000 ____D C:\Users\James\AppData\Roaming\TuneUp Software
2015-08-07 18:32 - 2015-01-15 08:05 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-07 18:30 - 2015-01-15 08:05 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-08-07 18:29 - 2015-01-15 08:06 - 00000000 ____D C:\ProgramData\Garmin
2015-08-07 18:28 - 2015-01-15 08:05 - 00003554 _____ C:\windows\System32\Tasks\GarminUpdaterTask
2015-08-07 18:20 - 2012-01-06 22:55 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-07-24 08:49 - 2015-03-19 17:40 - 00000000 ____D C:\Users\James\AppData\Local\Pearson
2015-07-18 17:53 - 2015-06-27 15:47 - 00003888 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000UA
2015-07-18 17:53 - 2015-06-27 15:47 - 00003492 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000Core
2015-07-17 03:38 - 2009-07-13 21:45 - 00405704 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-17 03:35 - 2014-12-10 21:08 - 00000000 ____D C:\windows\system32\appraiser
2015-07-17 03:35 - 2014-05-08 18:50 - 00000000 ___SD C:\windows\system32\CompatTel
2015-07-17 03:35 - 2009-07-13 20:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-07-17 03:16 - 2013-10-12 13:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-17 03:10 - 2013-08-18 03:15 - 00000000 ____D C:\windows\system32\MRT
2015-07-16 20:16 - 2012-02-13 09:09 - 00003882 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000UA
2015-07-16 20:16 - 2012-02-13 09:09 - 00003486 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000Core
2015-07-16 20:14 - 2012-03-31 08:01 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-16 20:14 - 2012-03-31 08:01 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-16 20:14 - 2012-01-06 22:19 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-11-29 18:05 - 2015-07-01 09:38 - 0000243 _____ () C:\Users\James\AppData\Roaming\WB.CFG
2014-12-01 17:05 - 2014-12-16 17:05 - 0000010 _____ () C:\Users\James\AppData\Local\DSI.DAT
2012-02-13 10:28 - 2012-02-13 10:28 - 0017408 _____ () C:\Users\James\AppData\Local\WebpageIcons.db
2015-01-22 17:38 - 2015-01-22 17:38 - 0001558 _____ () C:\ProgramData\tempimage.bmp

Some files in TEMP:
====================
C:\Users\James\AppData\Local\Temp\cct.dll
C:\Users\James\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg5y0z3.dll
C:\Users\James\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\James\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\James\AppData\Local\Temp\JavaIC.dll
C:\Users\James\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\James\AppData\Local\Temp\msscct32.dll
C:\Users\James\AppData\Local\Temp\Quarantine.exe
C:\Users\James\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\James\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\James\AppData\Local\Temp\setacl.exe
C:\Users\James\AppData\Local\Temp\SkypeSetup.exe
C:\Users\James\AppData\Local\Temp\SpOrder.dll
C:\Users\James\AppData\Local\Temp\sqlite3.dll
C:\Users\James\AppData\Local\Temp\YSearchUtil.dll
C:\Users\James\AppData\Local\Temp\{832134EA-7E50-4993-B081-857BF47687AF}-29.0.1547.76_29.0.1547.66_chrome_updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-22 18:59

==================== End of log ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:37 PM

Posted 11 August 2015 - 03:24 AM

Hi there,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM\...\Run: [RadPlayer Tray] => "C:\Program Files (x86)\RadPlayer\TyV1.exe"
    C:\Program Files (x86)\RadPlayer
    HKLM-x32\...\Run: [] => [X]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
    CHR HKU\S-1-5-21-3808585925-2696099740-3313271317-1000\SOFTWARE\Policies\Google: Policy restriction 
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser]  
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Hosts: 
    R2 Fresh Hospital; C:\Program Files (x86)\Fresh Hospital\Fresh Hospital.exe [8016049 2015-07-01] () [File not signed] 
    C:\Program Files (x86)\Fresh Hospital
    Task: {67AF684B-77E1-4ACF-BEBF-E7CD7B3FB685} - System32\Tasks\DonutQuotes => C:\Program Files (x86)\donutleads\ScheduledTask.exe
    C:\Program Files (x86)\donutleads
    CreateRestorePoint:
    EmptyTemp:
    
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Step 2

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 docjbw

docjbw
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 12 August 2015 - 07:06 PM

Apparently I don't know how to get the fixlist.txt in the same location as the FRST.  I have tried to paste it in every folder of FRST and none of them work.  Every time I run the fix it says, "No fixlist found"  I am about at wit's end and ready to smash this laptop!



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:37 PM

Posted 13 August 2015 - 04:56 PM

The fixlist.txt have to be in this location:

 

"Running from C:\Users\James\Downloads" because you are running FRST from there.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:37 PM

Posted 16 August 2015 - 05:37 AM

Hi,

3 Day Inactivity

this is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 docjbw

docjbw
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 16 August 2015 - 08:13 PM

I apologize for not responding sooner, but I have been a little busy.  Here are the results you asked for.

 

First FRST scan using fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by James (2015-08-16 13:44:02) Run:1
Running from C:\Users\James\Downloads
Loaded Profiles: James (Available Profiles: James)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
HKLM\...\Run: [RadPlayer Tray] => "C:\Program Files (x86)\RadPlayer\TyV1.exe"
C:\Program Files (x86)\RadPlayer
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction
CHR HKU\S-1-5-21-3808585925-2696099740-3313271317-1000\SOFTWARE\Policies\Google: Policy restriction
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser]  
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Hosts:
R2 Fresh Hospital; C:\Program Files (x86)\Fresh Hospital\Fresh Hospital.exe [8016049 2015-07-01] () [File not signed]
C:\Program Files (x86)\Fresh Hospital
Task: {67AF684B-77E1-4ACF-BEBF-E7CD7B3FB685} - System32\Tasks\DonutQuotes => C:\Program Files (x86)\donutleads\ScheduledTask.exe
C:\Program Files (x86)\donutleads
CreateRestorePoint:
EmptyTemp:

*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RadPlayer Tray => value removed successfully
"C:\Program Files (x86)\RadPlayer" => File/Folder not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-3808585925-2696099740-3313271317-1000\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
Fresh Hospital => service removed successfully
C:\Program Files (x86)\Fresh Hospital => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67AF684B-77E1-4ACF-BEBF-E7CD7B3FB685}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67AF684B-77E1-4ACF-BEBF-E7CD7B3FB685}" => key removed successfully
C:\windows\System32\Tasks\DonutQuotes => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DonutQuotes" => key removed successfully
"C:\Program Files (x86)\donutleads" => File/Folder not found.
Restore point was successfully created.
EmptyTemp: => 18.3 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 13:48:46 ====

 

Maleware scan

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/16/2015
Scan Time: 2:05 PM
Logfile: malware.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.16.03
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: James

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 439103
Time Elapsed: 59 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.NorthernThemesService.A, C:\Users\James\AppData\NTSFile\NTS.exe, 1908, Delete-on-Reboot, [e59ec74284075dd90657480cb54c1ce4]

Modules: 1
PUP.Optional.NorthernThemesService.A, C:\Users\James\AppData\NTSFile\helper.dll, Delete-on-Reboot, [dea59f6a1a71989e3e4efd35956ed42c],

Registry Keys: 3
PUP.Optional.NorthernThemesService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Northern Themes Service, Quarantined, [e59ec74284075dd90657480cb54c1ce4],
PUP.Optional.BetterBrain.A, HKLM\SOFTWARE\WOW6432NODE\BetterBrain_1.10.0.2, Quarantined, [f1921aef4645f93d5532a193e51e2fd1],
PUP.Optional.DonutLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\donutleadsServiceCore, Quarantined, [c0c39475a2e9b1853b7634fd90736898],

Registry Values: 1
PUP.Optional.Taplika.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Taplika\\, Quarantined, [b1d250b98a014fe7c3e8c5592ad98a76]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.NorthernThemesService.A, C:\Users\James\AppData\NTSFile, Delete-on-Reboot, [dea59f6a1a71989e3e4efd35956ed42c],
PUP.Optional.MultiPlug, C:\ProgramData\dadkialaaknjbgknndeokmlpcjdnjcaj, Quarantined, [d5ae5dac5239d0667f318818ed172cd4],

Files: 10
PUP.Optional.NorthernThemesService.A, C:\Users\James\AppData\NTSFile\NTS.exe, Delete-on-Reboot, [e59ec74284075dd90657480cb54c1ce4],
PUP.Optional.WeCan.A, C:\Users\James\Downloads\7zipInstaller.exe, Quarantined, [364d0dfcb8d38fa7616ef72f21e426da],
PUP.Optional.OpenCandy, C:\Users\James\Downloads\InstallFreeRARExtractFrog.exe, Quarantined, [523132d797f4e254906c7ff85fa69a66],
PUP.Optional.NorthernThemesService.A, C:\Users\James\AppData\NTSFile\db.ini, Quarantined, [dea59f6a1a71989e3e4efd35956ed42c],
PUP.Optional.NorthernThemesService.A, C:\Users\James\AppData\NTSFile\helper.dll, Delete-on-Reboot, [dea59f6a1a71989e3e4efd35956ed42c],
PUP.Optional.NorthernThemesService.A, C:\Users\James\AppData\NTSFile\uninst.exe, Quarantined, [dea59f6a1a71989e3e4efd35956ed42c],
PUP.Optional.MultiPlug, C:\ProgramData\dadkialaaknjbgknndeokmlpcjdnjcaj\lsdb.js, Quarantined, [d5ae5dac5239d0667f318818ed172cd4],
PUP.Optional.MultiPlug, C:\ProgramData\dadkialaaknjbgknndeokmlpcjdnjcaj\background.html, Quarantined, [d5ae5dac5239d0667f318818ed172cd4],
PUP.Optional.MultiPlug, C:\ProgramData\dadkialaaknjbgknndeokmlpcjdnjcaj\content.js, Quarantined, [d5ae5dac5239d0667f318818ed172cd4],
PUP.Optional.MultiPlug, C:\ProgramData\dadkialaaknjbgknndeokmlpcjdnjcaj\manifest.json, Quarantined, [d5ae5dac5239d0667f318818ed172cd4],

Physical Sectors: 0
(No malicious items detected)


(end)

 

ESET scan

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6fe5ef7b9b7a2e4496b353b0e0c82a09
# end=init
# utc_time=2015-08-16 10:11:35
# local_time=2015-08-16 03:11:35 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25304
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6fe5ef7b9b7a2e4496b353b0e0c82a09
# end=updated
# utc_time=2015-08-16 10:15:19
# local_time=2015-08-16 03:15:19 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=6fe5ef7b9b7a2e4496b353b0e0c82a09
# engine=25304
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-08-17 12:46:20
# local_time=2015-08-16 05:46:20 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 0 125952364 0 0
# compatibility_mode_1='Kaspersky Anti-Virus'
# compatibility_mode=1284 16777213 100 98 0 135466292 0 0
# scanned=287870
# found=21
# cleaned=0
# scan_time=9060
sh=2ECCD0F6793FF5FE5042A5CCEBF203A21329BEB8 ft=1 fh=eee44ff7941f501f vn="a variant of Win32/BrowseFox.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\updater.bak.vir"
sh=645A7F6F9A319BAC35872BCB7081D29CBBF6A079 ft=1 fh=67b68949ef0c3050 vn="a variant of Win32/BrowseFox.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\updater.exe.vir"
sh=668AD2D7A52E74260ABB4BA3F1CB71B0862487EC ft=1 fh=25de095026c8178a vn="a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\jZip\Helper.dll.vir"
sh=D55129E7427A605DFBBA3874D2048C4B8FBA4148 ft=1 fh=4f9115f3702a6915 vn="a variant of Win32/Toolbar.SearchSuite.W.gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\jZip\Uninstall.exe.vir"
sh=5B41FA7F93FE466B45FD352B46D472ADBEA53372 ft=1 fh=0de247e3567ffa78 vn="a variant of Win32/BrowseFox.AI potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Roll Around\Uninstaller.exe.vir"
sh=A3F456F9ACBBC50842BFF91C4FEFC1B8CE861A49 ft=1 fh=b3aabd5bcb94cb99 vn="a variant of Win32/BrowseFox.BA potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Roll Around\Extensions\83c0e288-8fa0-43d3-acc7-c1e839d85abc.dll.vir"
sh=FBDFC5A9C45940E1EE1DB6ADFCE2B1BD5DD301F3 ft=1 fh=c71c0011210d5c57 vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\STab\BrowserAction.dll.vir"
sh=0E7C2BE45F61134F186FDE5744EF74D4E75C726E ft=1 fh=b19cb41f636dff72 vn="a variant of Win32/ELEX.DK potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\STab\HPNotify.exe.vir"
sh=824E7357DF86CD900539BE5D247C85DF2A15A801 ft=1 fh=5f9b42aa3829c6bd vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\STab\IeWatchDog.dll.vir"
sh=61EE5C4FCCD0F8C8FC17C73B6420A2085637ECFA ft=1 fh=7638caa39fe23be4 vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\STab\ProtectService.exe.vir"
sh=7F0522B8F4C4DC704A482580A292253D5D8A3A2B ft=1 fh=5982d5988e0828c7 vn="a variant of Win32/BrowseFox.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer.bak.vir"
sh=BE212D5E8DBA3C6468D436A5D65D92D080812316 ft=1 fh=79b450e79e7a260a vn="a variant of Win32/BrowseFox.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer.exe.vir"
sh=00F24F2A81D016556083E9D60918A0A98F54CDF6 ft=1 fh=03dd67ab78e93074 vn="a variant of Win32/BrowseFox.AI potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\James\AppData\Roaming\OpenCandy\6387CDBFE04C47749004632D6BC36EBA\setup0213.exe.vir"
sh=4CF9EF4D739C2F8A1F3909A2720274527EC29E1F ft=1 fh=c71c001143f2d9bd vn="a variant of Win32/ELEX.CP potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\James\AppData\Roaming\v9\UninstallManager.exe.vir"
sh=F5FDBDDA6E61D6E392090CE37FDD5748EDEF75B5 ft=1 fh=4c2408bfe0b7df9a vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=6934335239B34885403720699DA5EE97B4CE8A48 ft=1 fh=1c9eac9f7d08a7aa vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=F5FDBDDA6E61D6E392090CE37FDD5748EDEF75B5 ft=1 fh=4c2408bfe0b7df9a vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bak"
sh=6934335239B34885403720699DA5EE97B4CE8A48 ft=1 fh=1c9eac9f7d08a7aa vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bk1"
sh=F5FDBDDA6E61D6E392090CE37FDD5748EDEF75B5 ft=1 fh=4c2408bfe0b7df9a vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe"
sh=6934335239B34885403720699DA5EE97B4CE8A48 ft=1 fh=1c9eac9f7d08a7aa vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe"
sh=5DBE77C25F692E2D9A4171C5583B18E07A249205 ft=1 fh=bb30b283c1f772b3 vn="Win32/Packed.VMDetector.O potentially unwanted application" ac=I fn="C:\Users\James\Downloads\Setup_ODM.exe"
 

 

FRST scan

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015
Ran by James (administrator) on JAMES-LAPTOP (16-08-2015 17:54:19)
Running from C:\Users\James\Downloads
Loaded Profiles: James (Available Profiles: James)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NTS Co., Ltd.") C:\Users\James\AppData\NTSFile\NTS.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [38112 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-11-05] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780520 2015-07-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe [18240 2010-07-21] (Dell)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKU\S-1-5-21-3808585925-2696099740-3313271317-1000\...\Run: [Google Update] => "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3808585925-2696099740-3313271317-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2895552 2015-07-23] (Valve Corporation)
HKU\S-1-5-21-3808585925-2696099740-3313271317-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3808585925-2696099740-3313271317-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1404248 2015-07-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3808585925-2696099740-3313271317-1000\...\Run: [Dropbox Update] => C:\Users\James\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-27] (Dropbox, Inc.)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1404248 2015-07-29] (Garmin Ltd. or its subsidiaries)
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-01-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{A2F00D94-1873-4AFD-9386-8F53A6ABA355}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{ACFF12AB-ACFD-465A-9B81-8EFEF00A322A}: [DhcpNameServer] 192.168.100.100
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\k3youxvl.default
FF DefaultSearchEngine.US: Google
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-02-13]
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012-02-13]

Chrome:
=======
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-09]
CHR Extension: (Google Drive) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-09]
CHR Extension: (YouTube) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-09]
CHR Extension: (Google Search) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-09]
CHR Extension: (Gmail) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3633576 2015-07-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-07-31] (AVG Technologies CZ, s.r.o.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-11-05] (Kaspersky Lab ZAO)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [754120 2015-07-29] (Garmin Ltd. or its subsidiaries)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
S3 RoxMediaDBGame1X; C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [1095824 2012-08-02] (Corel Corporation)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel® Corporation) [File not signed]
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1195920 2015-08-09] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [245680 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
S3 H5xUSB; C:\Windows\System32\Drivers\uth5x64.sys [101632 2012-08-02] (UT)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-11-05] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
U0 pkeoikhj; C:\Windows\System32\drivers\hlmjpqdh.sys [79064 2015-08-16] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-07-10] (Corel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-16 15:18 - 2015-08-16 15:19 - 00000000 ____D C:\Users\James\Desktop\fix for maleware
2015-08-16 15:11 - 2015-08-16 15:11 - 02870984 _____ (ESET) C:\Users\James\Downloads\esetsmartinstaller_enu.exe
2015-08-16 15:11 - 2015-08-16 15:11 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-16 15:09 - 2015-08-16 15:09 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\hlmjpqdh.sys
2015-08-16 14:02 - 2015-08-16 14:03 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-16 14:02 - 2015-08-16 14:02 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-16 14:02 - 2015-08-16 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-16 14:02 - 2015-08-16 14:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-16 14:02 - 2015-08-16 14:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-16 14:02 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-08-16 14:02 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-08-16 14:02 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-08-16 13:59 - 2015-08-16 14:01 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\James\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-12 16:58 - 2015-08-16 13:43 - 00000000 ____D C:\Users\James\Downloads\FRST-OlderVersion
2015-08-12 15:50 - 2015-08-12 15:50 - 00000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-10 17:42 - 2015-08-10 17:42 - 00049136 _____ C:\Users\James\Downloads\Addition.txt
2015-08-10 17:41 - 2015-08-16 17:54 - 00021359 _____ C:\Users\James\Downloads\FRST.txt
2015-08-10 17:40 - 2015-08-16 17:54 - 00000000 ____D C:\FRST
2015-08-10 17:37 - 2015-08-16 13:43 - 02173440 _____ (Farbar) C:\Users\James\Downloads\FRST64.exe
2015-08-09 16:34 - 2015-08-15 17:34 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-09 16:34 - 2015-08-09 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-09 16:31 - 2015-08-16 17:36 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-09 16:31 - 2015-08-16 16:36 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-09 16:31 - 2015-08-09 16:31 - 00931408 _____ (Google Inc.) C:\Users\James\Downloads\ChromeSetup.exe
2015-08-09 16:31 - 2015-08-09 16:31 - 00003892 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-09 16:31 - 2015-08-09 16:31 - 00003640 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-09 16:13 - 2015-08-09 16:14 - 02248704 _____ C:\Users\James\Downloads\AdwCleaner.exe
2015-08-09 16:04 - 2015-08-09 16:04 - 00011179 _____ C:\Users\James\Desktop\JRT.txt
2015-08-09 15:55 - 2015-08-09 15:55 - 01797896 _____ (Malwarebytes Corporation) C:\Users\James\Downloads\JRT.exe
2015-08-09 15:36 - 2015-08-09 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-08-09 15:36 - 2015-08-09 15:36 - 00000000 ____D C:\Program Files\VS Revo Group
2015-08-09 15:36 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
2015-08-09 14:44 - 2015-08-12 16:40 - 00000000 ____D C:\Users\James\AppData\Local\Mozilla
2015-08-09 14:43 - 2015-08-09 14:43 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-09 14:43 - 2015-08-09 14:43 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-09 14:43 - 2015-08-09 14:43 - 00000000 ____D C:\ProgramData\Mozilla
2015-08-09 14:43 - 2015-08-09 14:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-09 07:59 - 2015-08-09 16:34 - 00000000 ____D C:\Users\James\AppData\Local\Google
2015-08-09 07:34 - 2015-08-09 14:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-09 07:34 - 2015-08-09 07:34 - 00000000 ____D C:\Users\James\AppData\Local\AVG Web TuneUp
2015-08-09 07:33 - 2015-08-09 07:34 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-08-09 07:33 - 2015-08-09 07:33 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-08-09 07:16 - 2015-08-09 07:16 - 05964208 _____ (ParetoLogic Inc.) C:\Users\James\Downloads\ParetoLogic PC Health Advisor.exe
2015-08-08 09:49 - 2015-08-08 09:49 - 00000000 ____D C:\Users\James\AppData\Local\VS Revo Group
2015-08-08 09:49 - 2015-08-08 09:49 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-08-08 09:42 - 2015-08-08 09:42 - 00000000 ____D C:\Users\James\AppData\Local\CEF
2015-08-08 09:00 - 2015-08-09 16:21 - 00000000 ____D C:\AdwCleaner
2015-08-08 08:58 - 2015-08-08 08:59 - 02248704 _____ C:\Users\James\Downloads\adwcleaner_4.208.exe
2015-08-08 08:17 - 2015-08-09 07:36 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2015-08-08 08:16 - 2015-08-08 08:16 - 07941448 _____ (Crawler Group ) C:\Users\James\Downloads\SpywareTerminatorSetup.exe
2015-08-08 08:09 - 2015-08-08 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bazooka Scanner
2015-08-08 08:08 - 2015-08-08 08:08 - 00744529 _____ C:\Users\James\Downloads\bazookasetup.exe
2015-08-08 08:07 - 2015-08-08 08:07 - 00531013 _____ C:\Users\James\Downloads\Player Setup.zip
2015-08-08 07:37 - 2015-08-08 07:37 - 00000000 ____D C:\SUPERDelete
2015-08-08 07:33 - 2015-08-08 07:34 - 22853880 _____ (SUPERAntiSpyware) C:\Users\James\Downloads\SUPERAntiSpyware.exe
2015-08-07 18:46 - 2015-08-07 18:46 - 00000000 ____D C:\Users\James\AppData\Roaming\AVG2015
2015-08-07 18:46 - 2015-08-07 18:46 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-07 18:45 - 2015-08-07 18:45 - 00000967 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-08-07 18:45 - 2015-08-07 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-08-07 18:44 - 2015-08-07 19:20 - 00000000 ____D C:\ProgramData\AVG2015
2015-08-07 18:44 - 2015-08-07 18:44 - 00000000 ___HD C:\$AVG
2015-08-07 18:42 - 2015-08-07 18:42 - 00000000 ____D C:\Program Files (x86)\AVG
2015-08-07 18:35 - 2015-08-16 13:44 - 00000000 ____D C:\ProgramData\MFAData
2015-08-07 18:35 - 2015-08-07 19:02 - 00000000 ____D C:\Users\James\AppData\Local\Avg2015
2015-08-07 18:35 - 2015-08-07 18:35 - 00000000 ____D C:\Users\James\AppData\Local\MFAData
2015-08-07 18:34 - 2015-08-07 18:35 - 05091576 _____ (AVG Technologies) C:\Users\James\Downloads\avg_free_stb_all_6125p1_177.exe
2015-08-07 18:33 - 2015-08-09 07:37 - 00000000 ____D C:\Users\James\AppData\Local\Garmin_Ltd._or_its_subsid
2015-08-07 18:29 - 2015-08-07 18:29 - 00001892 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2015-08-07 18:29 - 2015-08-07 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-08-07 18:06 - 2015-08-07 19:32 - 00000000 ____D C:\Program Files (x86)\Sample IME for IME extension API
2015-07-28 11:02 - 2015-07-28 11:02 - 00312752 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2015-07-28 11:01 - 2015-07-28 11:01 - 00245680 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys
2015-07-24 08:49 - 2015-07-24 08:52 - 00000000 ____D C:\Program Files (x86)\High Material
2015-07-24 08:49 - 2015-07-24 08:51 - 00000000 ____D C:\Program Files (x86)\Trite Mobile
2015-07-24 08:49 - 2015-07-24 08:51 - 00000000 ____D C:\Program Files (x86)\Enthusiastic Tonight
2015-07-21 14:17 - 2015-08-07 19:32 - 00000000 ____D C:\Program Files (x86)\Viewport Resizer
2015-07-18 12:29 - 2015-07-18 12:29 - 00813875 _____ C:\Users\James\Downloads\July 19.pptx
2015-07-17 03:45 - 2015-07-17 03:45 - 00000000 ____D C:\Users\James\AppData\Local\Steam

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-16 17:21 - 2012-02-13 09:09 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000UA.job
2015-08-16 17:04 - 2012-03-31 08:01 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-08-16 16:58 - 2015-06-27 15:47 - 00000918 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000UA.job
2015-08-16 15:57 - 2012-01-06 22:15 - 01889269 _____ C:\windows\WindowsUpdate.log
2015-08-16 15:09 - 2014-11-29 18:30 - 00000000 ____D C:\Users\James\AppData\NTSFile
2015-08-16 15:09 - 2009-07-13 20:20 - 00000000 ____D C:\windows\TAPI
2015-08-16 14:13 - 2009-07-13 21:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-16 14:13 - 2009-07-13 21:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-16 14:09 - 2012-02-13 09:30 - 00000000 ____D C:\Users\James\AppData\Local\Nero
2015-08-16 14:03 - 2015-04-21 19:34 - 00000000 ____D C:\Program Files (x86)\ActiveDeals
2015-08-16 14:03 - 2012-01-06 22:55 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-08-16 13:56 - 2012-12-29 18:32 - 00000000 ___RD C:\Users\James\Dropbox
2015-08-16 13:56 - 2012-12-29 18:27 - 00000000 ____D C:\Users\James\AppData\Roaming\Dropbox
2015-08-16 13:56 - 2012-02-22 21:45 - 00000000 ____D C:\Users\James\AppData\Roaming\Skype
2015-08-16 13:54 - 2012-02-13 10:44 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-16 13:54 - 2012-02-13 10:26 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-16 13:53 - 2012-02-13 10:52 - 00000000 ____D C:\Users\James\AppData\Local\SoftThinks
2015-08-16 13:51 - 2013-11-05 12:49 - 00384796 _____ C:\windows\PFRO.log
2015-08-16 13:51 - 2012-12-27 09:56 - 00016808 _____ C:\windows\setupact.log
2015-08-16 13:51 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-16 13:42 - 2009-07-13 22:13 - 00783424 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-15 17:58 - 2015-06-27 15:47 - 00000866 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000Core.job
2015-08-12 15:46 - 2012-03-31 08:01 - 00778440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 15:46 - 2012-03-31 08:01 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 15:46 - 2012-01-06 22:19 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-10 23:46 - 2012-02-13 09:09 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000Core.job
2015-08-09 16:34 - 2015-05-25 18:11 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-09 15:27 - 2012-02-13 09:09 - 00000000 ____D C:\Users\James\AppData\Local\Deployment
2015-08-09 14:44 - 2012-02-13 09:09 - 00000000 ____D C:\Users\James\AppData\Roaming\Mozilla
2015-08-07 19:31 - 2015-05-25 17:48 - 00000000 ____D C:\Program Files (x86)\Lubuntu Scrollbars
2015-08-07 19:29 - 2015-05-24 14:00 - 00000000 ____D C:\Program Files (x86)\Image Downloader Plus
2015-08-07 18:45 - 2015-02-17 20:19 - 00000000 ____D C:\Users\James\AppData\Roaming\TuneUp Software
2015-08-07 18:32 - 2015-01-15 08:05 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-07 18:30 - 2015-01-15 08:05 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-08-07 18:29 - 2015-01-15 08:06 - 00000000 ____D C:\ProgramData\Garmin
2015-08-07 18:28 - 2015-01-15 08:05 - 00003554 _____ C:\windows\System32\Tasks\GarminUpdaterTask
2015-07-24 08:49 - 2015-03-19 17:40 - 00000000 ____D C:\Users\James\AppData\Local\Pearson
2015-07-18 17:53 - 2015-06-27 15:47 - 00003888 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000UA
2015-07-18 17:53 - 2015-06-27 15:47 - 00003492 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3808585925-2696099740-3313271317-1000Core
2015-07-17 03:38 - 2009-07-13 21:45 - 00405704 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-17 03:35 - 2014-12-10 21:08 - 00000000 ____D C:\windows\system32\appraiser
2015-07-17 03:35 - 2014-05-08 18:50 - 00000000 ___SD C:\windows\system32\CompatTel
2015-07-17 03:35 - 2009-07-13 20:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-07-17 03:16 - 2013-10-12 13:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-17 03:10 - 2013-08-18 03:15 - 00000000 ____D C:\windows\system32\MRT

==================== Files in the root of some directories =======

2014-11-29 18:05 - 2015-07-01 09:38 - 0000243 _____ () C:\Users\James\AppData\Roaming\WB.CFG
2014-12-01 17:05 - 2014-12-16 17:05 - 0000010 _____ () C:\Users\James\AppData\Local\DSI.DAT
2012-02-13 10:28 - 2012-02-13 10:28 - 0017408 _____ () C:\Users\James\AppData\Local\WebpageIcons.db
2015-01-22 17:38 - 2015-01-22 17:38 - 0001558 _____ () C:\ProgramData\tempimage.bmp

Some files in TEMP:
====================
C:\Users\James\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp83eod7.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-22 18:59

==================== End of log ============================



#9 docjbw

docjbw
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 16 August 2015 - 08:16 PM

Hello again.  I just opened Chrome and it worked again after all of the programs you had me run.  Apparently you fixed it!  That is greatly appreciated.  :thumbup2:

THANK YOU!!!



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:37 PM

Posted 17 August 2015 - 08:17 AM

Hi there,
It's good to hear that your problems appear to be solved. But we are not done yet.

Step 1

frst.pngfrstsearch.png

  • Start FRST with Administrator privileges.
  • Write the following text into the Search textbox:
NTS.exe
  • Click on the Search Files button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
  • Please copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:37 PM

Posted 23 August 2015 - 04:06 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users