1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Task Manager and Malware Bytes Disabled &W32 Files Missing

Discussion in 'Virus & Other Malware Removal' started by Screlge, May 20, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. Screlge

    Screlge Thread Starter

    Joined:
    May 13, 2003
    Messages:
    168
    I think I have some Malware. I can't start Task Manager and Malwarebytes has disappeared and won't reinstall. I have run HijackThis and a number of Windows System32 files are missing. Log attached.
    Running Avast Free Antivirus


    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 8.1, 64 bit
    Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz, Intel64 Family 6 Model 60 Stepping 3
    Processor Count: 4
    RAM: 8108 Mb
    Graphics Card: Intel(R) HD Graphics 4400, -2016 Mb
    Hard Drives: C: Total - 942195 MB, Free - 661449 MB; D: Total - 476813 MB, Free - 10614 MB;
    Motherboard: Dell Inc., 088DT1
    Antivirus: Windows Defender, Disabled
     

    Attached Files:

  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Welcome :)

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also produce another log (Addition.txt ). Please attach this to your reply.
     
  3. Screlge

    Screlge Thread Starter

    Joined:
    May 13, 2003
    Messages:
    168
    Tried to run it normally, and as Administrator, but I just got a blue screen (not BSOD) which I got out of my pressing C+A+D.

    This also happened when I tried to run Malwarebytes.exe earlier.
     
  4. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Lets try running FRST in the Recovery Environment.

    Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.
    • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

      If you are using Vista or Windows 7 enter System Recovery Options.

      To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
      To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



      To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    • On the System Recovery Options menu you will get the following options:
    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
    • Select Command Prompt

      Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  5. Screlge

    Screlge Thread Starter

    Joined:
    May 13, 2003
    Messages:
    168
    Things are going from bad to worse. I can't open any application and can't type in the Search Box on the Start Page to get in to the Recovery Environment.
     
  6. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Create a Recovery USB drive first and see if you can get to the Recovery Environment's Command Prompt.. See the instructions here.
     
  7. Screlge

    Screlge Thread Starter

    Joined:
    May 13, 2003
    Messages:
    168
    I can't create a Recovery USB Drive because when I open Windows+R I can't type in the box and I cannot use the Control Panel route because I can't open it.

    I have now managed to open Administrator Command Prompt
     
    Last edited: May 22, 2015
  8. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Can you type on a document? or at a command prompt?
     
    Last edited: May 22, 2015
  9. Screlge

    Screlge Thread Starter

    Joined:
    May 13, 2003
    Messages:
    168
    Yes and Yes
     
  10. Screlge

    Screlge Thread Starter

    Joined:
    May 13, 2003
    Messages:
    168
    Here is the FRST log:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
    Ran by Anthony at 2015-05-22 23:12:56
    Running from i:\
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-645232174-3658701054-407207084-500 - Administrator - Disabled)
    Anthony (S-1-5-21-645232174-3658701054-407207084-1001 - Administrator - Enabled) => C:\Users\Anthony
    Guest (S-1-5-21-645232174-3658701054-407207084-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-645232174-3658701054-407207084-1004 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ACDSee 18 (HKLM\...\{6D0F6DF4-553E-43CD-AA95-69AB3644A8FF}) (Version: 18.1.0.233 - ACD Systems International Inc.)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
    AKVIS Enhancer (HKLM-x32\...\{704F77A4-BA54-4DAF-96EA-C604BD32DCC2}) (Version: 11.5.1577.6946 - AKVIS)
    AKVIS Magnifier (HKLM-x32\...\{9FDD51C9-F7AA-40AF-A4FF-0500E45E4A06}) (Version: 4.0.825.7460 - AKVIS)
    AKVIS Refocus (HKLM-x32\...\{C6059B1A-E091-4B1D-8040-64DB2F932FFB}) (Version: 1.0.149.7428 - AKVIS)
    Alien Skin Blow Up 3 (HKLM\...\Alien Skin Blow Up 3) (Version: - Alien Skin)
    Alien Skin Bokeh 2 (HKLM\...\Alien Skin Bokeh 2) (Version: - Alien Skin)
    Alien Skin Exposure 5 (HKLM\...\Alien Skin Exposure 5) (Version: - Alien Skin)
    Alien Skin Exposure 7 (HKLM\...\Alien Skin Exposure 7) (Version: - Alien Skin)
    Alien Skin Eye Candy 7 (HKLM\...\Alien Skin Eye Candy 7) (Version: - Alien Skin)
    Alien Skin Snap Art 4 (HKLM\...\Alien Skin Snap Art 4) (Version: - Alien Skin)
    Amazon Kindle (HKU\S-1-5-21-645232174-3658701054-407207084-1001\...\Amazon Kindle) (Version: - Amazon)
    Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
    BBC iPlayer Downloads (HKLM-x32\...\{476A047B-BDA1-4B37-BB40-0710C7E9EB61}) (Version: 1.4.1 - BBC)
    Boilsoft Video Joiner 6.57 (HKLM-x32\...\{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1) (Version: - Boilsoft, Inc.)
    Boilsoft Video Splitter 6.34 (HKLM-x32\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version: - Boilsoft, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Brother MFL-Pro Suite DCP-J140W (HKLM-x32\...\{2FF959E3-FFE4-46C4-96DA-03F26BCFEFCC}) (Version: 1.1.5.0 - Brother Industries, Ltd.)
    BT Cloud (HKU\S-1-5-21-645232174-3658701054-407207084-1001\...\BT Cloud) (Version: 2.5.4559 - F-Secure Corporation)
    calibre (HKLM-x32\...\{17429B3C-DC4B-4ED8-BBEA-CF14BD6203C5}) (Version: 1.28.0 - Kovid Goyal)
    CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
    Coupon Printer (HKLM-x32\...\Coupon Printer2.2.0.7) (Version: 2.2.0.7 - Coupons.com Inc.)
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
    Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
    Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
    Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.3.60494 - Dell)
    Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
    Dropbox (HKU\S-1-5-21-645232174-3658701054-407207084-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
    Dynamic Auto-Painter x64 PRO version 3.2 (HKLM\...\{30994599-9734-455F-B51D-7E5E987AFA2A}_is1) (Version: 3.2 - Mediachance.com)
    EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: 1.0 - )
    Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
    File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
    Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Foxit PDF Editor (HKLM-x32\...\Foxit PDF Editor) (Version: - )
    Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Glary Utilities PRO 5.3 (HKLM-x32\...\Glary Utilities 5) (Version: 5.3.0.8 - Glarysoft Ltd)
    Google Apps Migration For Microsoft Outlook® 3.4.27.52 (HKLM-x32\...\{65960C6E-BFA2-4FE7-A1BC-8028F3072566}) (Version: 3.4.27.52 - Google, Inc.)
    Google Apps Sync™ for Microsoft Outlook® 3.7.410.1100 (HKLM-x32\...\{799A7E2B-388F-4BDE-B55B-47AF42C6440A}) (Version: 3.7.410.1100 - Google, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
    Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
    Google Earth (HKLM-x32\...\{A2264E8F-1649-11E3-8BED-B8AC6F98CCE3}) (Version: 7.1.2.2019 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
    iExplorer 3.5.1.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
    Imagenomic Noiseware 4.2 Professional Plug-in (build 4205) (HKLM\...\ImagenomicNoisewareProPlugin) (Version: - )
    Imagenomic Noiseware 5.0 Plug-in (build 5006) (HKLM\...\ImagenomicNoisewarePlugin) (Version: - )
    Imagenomic Portraiture 2.3 Plug-in (build 2308) (HKLM\...\ImagenomicPortraiturePlugin) (Version: - )
    Imagenomic Realgrain 2.0 Plug-in (build 2001) (HKLM\...\ImagenomicRealgrainPlugin) (Version: - )
    InPixio Photo Maximizer Pro (HKLM-x32\...\{33DB8C17-40C9-4629-B6D4-05A4C7E8AA86}) (Version: 1.00.24758 - Avanquest Software)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3262 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
    Kolor Autopano Giga 3.0 (HKLM\...\AutopanoGiga3.0) (Version: V3.0.8 - Kolor)
    Magic ISO Maker v5.4 (build 0239) (HKLM-x32\...\Magic ISO Maker v5.4 (build 0239)) (Version: - )
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.274 - McAfee, Inc.)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Mindjet 14 (HKLM-x32\...\{5C1060A2-462B-4883-A26A-065EEF6E35DF}) (Version: 14.0.334 - Mindjet)
    Movie Collector (HKLM-x32\...\{8EC6EBB4-D899-4C6B-BA17-C21B78988F23}_is1) (Version: - Collectorz.com)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
    NetBalancer (HKLM\...\NetBalancer_is1) (Version: - SeriousBit)
    Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.8 - Google)
    PDF Converter Pro 12.1 (HKLM-x32\...\PDF Converter Pro 12.1) (Version: - )
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    PDF-XChange 2012 (HKLM\...\{504022CD-6A58-42D5-ACC9-966F695AAD93}_is1) (Version: 5.0.266.0 - Tracker Software Products Ltd)
    Perfect Photo Suite 8 (HKLM-x32\...\{54F3375C-5F19-4DE6-957B-EDE4EFEA5F23}) (Version: 8.1.0 - onOne Software)
    photoFXlab (HKLM-x32\...\photoFXlab) (Version: 1.2.7 - Topaz Labs)
    Photomatix Pro version 5.0 (HKLM\...\PhotomatixPro5x64_is1) (Version: 5.0 - HDRsoft Ltd)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications)
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
    Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
    Riot - Radical Image Optimization Tool (HKLM-x32\...\Riot) (Version: - )
    RoboForm 7-9-9-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-9-1 - Siber Systems)
    Shadow Illuminator Pro (HKLM-x32\...\{8B1D967A-032F-44D1-A8CC-D38816D5217F}) (Version: 2.01.0008 - Intrigue Technologies, Inc.)
    SnagIt 9 (HKLM-x32\...\{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}) (Version: 9.0.0 - TechSmith Corporation)
    Tintii (HKLM-x32\...\tintii) (Version: - )
    Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.0.1 - Topaz Labs, LLC)
    Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1.0 - Topaz Labs, LLC)
    Topaz Clarity (HKLM-x32\...\Topaz Clarity) (Version: 1.0.0 - Topaz Labs, LLC)
    Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.0.2 - Topaz Labs, LLC)
    Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs, LLC)
    Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.0.1 - Topaz Labs, LLC)
    Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.2.0 - Topaz Labs, LLC)
    Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC)
    Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs, LLC)
    Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.2.0 - Topaz Labs, LLC)
    Topaz ReMask 3 (HKLM-x32\...\Topaz ReMask 3) (Version: 3.2.1 - Topaz Labs, LLC)
    Topaz ReStyle (HKLM-x32\...\Topaz ReStyle) (Version: 1.0.0 - Topaz Labs, LLC)
    Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.0.0 - Topaz Labs, LLC)
    Topaz Star Effects (HKLM-x32\...\Topaz Star Effects) (Version: 1.1.0 - Topaz Labs, LLC)
    TreeSize Professional V6.0.2 (64 bit) (HKLM\...\TreeSize Professional_is1) (Version: 6.0.2 - JAM Software)
    Ultra Video Splitter 6.3.0506 (HKLM-x32\...\Ultra Video Splitter_is1) (Version: - Aone Software)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    Virtual Painter 5 (Standalone) (HKLM-x32\...\Virtual Painter 5 (Standalone)) (Version: - )
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WD Quick View (HKLM-x32\...\{D0A3A97D-7918-4B0B-B91E-775E00C36122}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
    WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
    WD SmartWare Installer (HKLM-x32\...\{2d588de7-f4f6-4d6d-8719-32cbb9637e9e}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Winmail Reader 1.2.15 (HKLM-x32\...\Winmail Reader_is1) (Version: - Kopf)
    WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
    WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E1}) (Version: 18.0.11023 - WinZip Computing, S.L. )
    Wondershare PDF Converter Pro (Build 4.0.0) (HKLM-x32\...\{67CC8351-9D8B-4EDF-AAEE-B8CB17E5F3AC}_is1) (Version: 4.0.0 - Wondershare Software)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-645232174-3658701054-407207084-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Anthony\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-645232174-3658701054-407207084-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-645232174-3658701054-407207084-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-645232174-3658701054-407207084-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-645232174-3658701054-407207084-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-645232174-3658701054-407207084-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-645232174-3658701054-407207084-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-645232174-3658701054-407207084-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-645232174-3658701054-407207084-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-645232174-3658701054-407207084-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    30-04-2015 17:32:38 Revo Uninstaller Pro's restore point - Topaz Detail 3
    08-05-2015 07:44:38 Scheduled Checkpoint
    12-05-2015 14:31:09 Installed Evernote v. 5.8.6
    19-05-2015 11:52:54 Revo Uninstaller Pro's restore point - ACDSee 17
    19-05-2015 12:03:50 Installed ACDSee 18.

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0044CBA2-22BC-4DBF-B23C-5DC7A3562768} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-04-10] (Dell Inc.)
    Task: {09A5C649-7E47-46E6-A92D-628CD0930160} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-21] (Adobe Systems Incorporated)
    Task: {149FEA1D-259C-4DBD-A405-CB58780985FE} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {1766E441-64FB-4562-958F-200B6E09470C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-11] (Google Inc.)
    Task: {1BC2A670-7BE9-402B-A7C7-E9A965A225CE} - System32\Tasks\IHSelfDeleteTASK => CMD
    Task: {1D27A5F0-3660-4DA2-88F8-104E110B4A70} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
    Task: {84BA5F84-A4FD-4264-A83A-3182B3D6F299} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-07-02] (Glarysoft Ltd)
    Task: {90B2A06E-0DD1-4E2D-ACD7-7B48431EBAC4} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
    Task: {A46D4090-34EF-4CB3-83AD-AA307972FECE} - System32\Tasks\GoogleUpdateTaskMachineUA1cf69eca36ced32 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-11] (Google Inc.)
    Task: {AB15ED0C-AA30-4400-91F1-DB9F59612DF8} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-07-03] (Glarysoft Ltd)
    Task: {B4C7475A-266B-4B58-982C-4B399DA19B03} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-11-12] (Siber Systems)
    Task: {BBDCF498-E8A6-46F2-806C-B8BD00AB54AF} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.)
    Task: {C150769A-972E-4E1E-B390-4EB215CDFD77} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-23] (Avast Software s.r.o.)
    Task: {CB4F2C50-252D-42FD-8542-05B7179398B3} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
    Task: {CBD1A301-3D3E-4D38-ABCA-F1B159DCC0FD} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMPMGMJMNJNMOMNMPMCNIMIMGMMJCNLMMMLMJJCNGMGMGMLJCNLMJMOMMJJMKJGMIMIMMMLJNJJNJICMIMCNGMCNGMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMGMFMEKMICNJJCKFMJMIMMMJNHICMEKMICNJJCKJNBJCMLKAJBJGIPNIKKJDJDJMIJNKJCMJNNICMJNDJCMKJBJJNMJCMOMOMFMNMIMHMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
    Task: {CDA98C25-F72F-420F-A89B-72A626A73DED} - System32\Tasks\IHUninstallTrackingTASK => CMD
    Task: {D29C510D-0462-405D-9882-1DC164882579} - System32\Tasks\GoogleUpdateTaskMachineUA1cfec7046558b3f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-11] (Google Inc.)
    Task: {DF1F203A-A087-4FD6-A119-F4368C8D02E2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {EEABB861-4112-4DB1-AAF5-54CA498F29D4} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf69eca36ced32.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfec7046558b3f.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-09-29 14:48 - 2012-08-27 15:52 - 00133120 _____ () C:\Program Files\NetBalancer\PacketDotNet.dll
    2010-01-21 02:40 - 2010-01-21 02:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2010-01-09 21:17 - 2010-01-09 21:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2014-09-18 20:37 - 2014-07-03 04:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
    2015-04-23 07:11 - 2015-04-23 07:11 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-04-23 07:11 - 2015-04-23 07:11 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-05-22 17:07 - 2015-05-22 17:07 - 02931200 _____ () C:\Program Files\AVAST Software\Avast\defs\15052201\algo.dll
    2014-07-02 10:09 - 2014-07-02 10:09 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-05-22 22:16 - 2015-05-22 22:16 - 00043008 _____ () c:\users\anthony\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnrckwq.dll
    2015-03-04 22:45 - 2015-03-04 22:45 - 00750080 _____ () C:\Users\Anthony\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-03-04 22:45 - 2015-03-04 22:45 - 00047616 _____ () C:\Users\Anthony\AppData\Roaming\Dropbox\bin\libEGL.dll
    2015-03-04 22:45 - 2015-03-04 22:45 - 00865280 _____ () C:\Users\Anthony\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2015-03-04 22:45 - 2015-03-04 22:45 - 00200704 _____ () C:\Users\Anthony\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2014-03-11 08:37 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
    2015-05-21 18:25 - 2015-05-13 17:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
    2015-05-21 18:25 - 2015-05-13 17:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll
    2013-12-28 15:50 - 2013-03-05 04:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2013-03-05 20:41 - 2013-03-05 20:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2015-05-22 22:14 - 2015-05-22 22:14 - 00098816 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\win32api.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00110080 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\pywintypes27.dll
    2015-05-22 22:14 - 2015-05-22 22:14 - 00364544 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\pythoncom27.dll
    2015-05-22 22:14 - 2015-05-22 22:14 - 00045568 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\_socket.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 01161216 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\_ssl.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00320512 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\win32com.shell.shell.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00713216 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\_hashlib.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 01175040 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\wx._core_.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00805888 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\wx._gdi_.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00811008 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\wx._windows_.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 01062400 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\wx._controls_.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00735232 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\wx._misc_.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00682496 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\pysqlite2._sqlite.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00128512 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\_elementtree.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00127488 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\pyexpat.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00087552 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\_ctypes.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00119808 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\win32file.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00108544 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\win32security.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00007168 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\hashobjs_ext.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00017408 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\usb_ext.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00167936 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\win32gui.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00018432 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\win32event.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00013824 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\common.time34.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00036864 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\_psutil_windows.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00038912 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\win32inet.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00011264 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\win32crypt.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00070656 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\wx._html2.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00027136 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\_multiprocessing.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00020480 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\_yappi.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00035840 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\win32process.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00686080 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\unicodedata.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00122368 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\wx._wizard.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00024064 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\win32pipe.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00010240 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\select.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00025600 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\win32pdh.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00525640 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\windows._lib_cacheinvalidation.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00017408 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\win32profile.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00022528 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\win32ts.pyd
    2015-05-22 22:14 - 2015-05-22 22:14 - 00078336 _____ () C:\Users\Anthony\AppData\Local\Temp\_MEI56722\wx._animate.pyd
    2015-03-25 13:12 - 2015-03-25 13:12 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-04-30 13:17 - 2015-04-30 13:17 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
    2015-04-30 13:17 - 2015-04-30 13:17 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
    2014-11-24 12:39 - 2014-11-24 12:39 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
    2013-12-28 15:53 - 2013-09-04 01:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2014-09-18 20:37 - 2014-07-31 00:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
    2013-12-28 16:05 - 2012-11-26 08:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
    2014-09-18 20:37 - 2012-11-26 06:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\ProgramData\Temp:6DAA43DB
    AlternateDataStreams: C:\ProgramData\Temp:8DAF83BD
    AlternateDataStreams: C:\ProgramData\Temp:B24B19F1
    AlternateDataStreams: C:\Users\Anthony\SkyDrive:ms-properties

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-645232174-3658701054-407207084-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
    DNS Servers: 192.168.1.254

    ==================== MSCONFIG/TASK MANAGER Error getting ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "SnagIt 9.lnk"
    HKLM\...\StartupApproved\Run32: => "ControlCenter4"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{BCBBDE3C-9CDC-405F-8E39-D588C0420A18}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{3C652E40-3103-4ACF-A8DD-3C5E8F58E3A1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
    FirewallRules: [{443ACD79-444A-48EF-8697-DBAA1CC9B4C1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{F6DDC35D-9383-46EF-9003-59BFDC7020AC}] => (Allow) LPort=2869
    FirewallRules: [{1B2B3587-2BB0-48FB-8B58-6E7ED37ECBD8}] => (Allow) LPort=1900
    FirewallRules: [{8A3343A6-DB51-41BD-A1E3-07B4467D2930}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{74136899-434A-4231-864F-DFFEBA167AD2}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{329571B6-592B-4B83-8D97-76C961722195}] => (Allow) LPort=54925
    FirewallRules: [{59F6F3DC-3364-47DC-8E5F-4EF216437472}] => (Allow) C:\Users\Anthony\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{EBD9079B-8D1D-4DD9-BB58-4C429A419C4D}] => (Allow) C:\Users\Anthony\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{D8D8CF6A-BD01-4C57-A77E-1A49659D744A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{51B7C68B-C4FD-4C57-A70C-580DE18A728A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{760DF885-E46F-419C-AE0A-3A1A99DD9291}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{7EC17803-B335-4AD3-928C-6303A47C86D9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{6493B977-D49A-4F42-AB31-15828E009C15}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [TCP Query User{0C914367-E66C-439B-87AF-F13CD5D22806}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe
    FirewallRules: [UDP Query User{3BA0D8CE-A8C9-47AF-94FB-45BE80B2ADC2}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe
    FirewallRules: [TCP Query User{F5A0D6C9-80CD-4DD2-8A85-F31207E41525}C:\users\anthony\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\anthony\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{91FC936A-2252-455B-BF1C-C325F2864C74}C:\users\anthony\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\anthony\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{D343E41F-0FEA-4F73-983B-88928FCDE91D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{E43BEDD1-E3D1-45FD-B6D4-9A7C2BB3E85F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{72830465-AC48-44BF-816B-10D22CA08B65}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [TCP Query User{2F212EE6-8D4B-45CA-90B5-35C261F9C686}C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe] => (Allow) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
    FirewallRules: [UDP Query User{A02DDEEE-801C-419C-B6B0-E0254F8C791A}C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe] => (Allow) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
    FirewallRules: [{205EAFF3-9784-4BBC-806B-A2EA11C98955}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/22/2015 10:07:07 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

    Error: (05/22/2015 10:07:07 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
    Description: 0x8007045B

    Error: (05/22/2015 09:57:23 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

    Error: (05/22/2015 09:57:23 PM) (Source: Perflib) (EventID: 1023) (User: )
    Description: rdyboost4

    Error: (05/22/2015 09:57:18 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll4

    Error: (05/22/2015 07:13:54 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
    Description: TWN BrtTWN: [2015/05/22 19:13:54.015]: [00011048]: Initialize TwdsMain Class failed!

    Error: (05/22/2015 07:13:54 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
    Description: TWN BrtTWN: [2015/05/22 19:13:54.015]: [00011048]: ##### Fatal ERROR!! Create STI-device failed! #####

    Error: (05/22/2015 07:12:24 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
    Description: TWN BrtTWN: [2015/05/22 19:12:24.641]: [00011048]: Initialize TwdsMain Class failed!

    Error: (05/22/2015 07:12:24 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
    Description: TWN BrtTWN: [2015/05/22 19:12:24.641]: [00011048]: ##### Fatal ERROR!! Create STI-device failed! #####

    Error: (05/22/2015 07:10:45 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
    Description: TWN BrtTWN: [2015/05/22 19:10:45.487]: [00011048]: Initialize TwdsMain Class failed!


    System errors:
    =============
    Error: (05/22/2015 10:07:07 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: 109AvastVBoxSvcUnavailable{F319F1B8-7587-4146-AF9C-0D6D77819BF1}

    Error: (05/22/2015 10:07:07 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: 1115netmanUnavailable{BA126AD1-2166-11D1-B1D0-00805FC1270E}

    Error: (05/22/2015 10:07:07 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: 1069netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}

    Error: (05/22/2015 10:07:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Application Experience service failed to start due to the following error:
    %%1115

    Error: (05/22/2015 10:07:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Human Interface Device Service service failed to start due to the following error:
    %%1115

    Error: (05/22/2015 10:07:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Bluetooth Support Service service failed to start due to the following error:
    %%1069

    Error: (05/22/2015 10:07:07 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The bthserv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
    %%50

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (05/22/2015 10:07:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SSDP Discovery service failed to start due to the following error:
    %%1069

    Error: (05/22/2015 10:07:07 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The SSDPSRV service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
    %%50

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (05/22/2015 10:07:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Portable Device Enumerator Service service failed to start due to the following error:
    %%1115


    Microsoft Office:
    =========================
    Error: (05/22/2015 10:07:07 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

    Error: (05/22/2015 10:07:07 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
    Description: 0x8007045B

    Error: (05/22/2015 09:57:23 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

    Error: (05/22/2015 09:57:23 PM) (Source: Perflib) (EventID: 1023) (User: )
    Description: rdyboost4

    Error: (05/22/2015 09:57:18 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll4

    Error: (05/22/2015 07:13:54 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
    Description: TWNBrtTWN: [2015/05/22 19:13:54.015]: [00011048]: Initialize TwdsMain Class failed!

    Error: (05/22/2015 07:13:54 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
    Description: TWNBrtTWN: [2015/05/22 19:13:54.015]: [00011048]: ##### Fatal ERROR!! Create STI-device failed! #####

    Error: (05/22/2015 07:12:24 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
    Description: TWNBrtTWN: [2015/05/22 19:12:24.641]: [00011048]: Initialize TwdsMain Class failed!

    Error: (05/22/2015 07:12:24 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
    Description: TWNBrtTWN: [2015/05/22 19:12:24.641]: [00011048]: ##### Fatal ERROR!! Create STI-device failed! #####

    Error: (05/22/2015 07:10:45 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
    Description: TWNBrtTWN: [2015/05/22 19:10:45.487]: [00011048]: Initialize TwdsMain Class failed!


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
    Percentage of memory in use: 37%
    Total physical RAM: 8108.94 MB
    Available physical RAM: 5104.73 MB
    Total Pagefile: 15276.94 MB
    Available Pagefile: 11794.91 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.84 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:920.11 GB) (Free:647.71 GB) NTFS
    Drive d: (MOVIES) (Fixed) (Total:465.64 GB) (Free:10.37 GB) FAT32
    Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
    Drive i: () (Removable) (Total:3.74 GB) (Free:3.53 GB) FAT32
    Drive x: (WINRETOOLS) (Fixed) (Total:2 GB) (Free:1.66 GB) NTFS
    Drive y: (PBR Image) (Fixed) (Total:8.75 GB) (Free:0.7 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 5B18B90F)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 1 (Size: 465.8 GB) (Disk ID: 8D399BC0)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

    ========================================================
    Disk: 2 (Size: 3.7 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ==================== End of log ============================
     
  11. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    I need to see also the FRST.txt report produced in the same location FRST was saved, i:\.

    Please download the attached file, fixlist.txt, and save it in the same location FRST is saved, i:\. Both files, FRST and fixlist, must be saved in the same location.
    • Start FRST with Administrator privileges.
    • Press the Fix button.
    • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
      Please copy and paste its contents in your next reply.
     

    Attached Files:

  12. Screlge

    Screlge Thread Starter

    Joined:
    May 13, 2003
    Messages:
    168
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01
    Ran by Anthony (administrator) on TONYPCLONDON on 23-05-2015 17:30:38
    Running from i:\
    Loaded Profiles: Anthony (Available Profiles: Anthony)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Coupons.com Inc.) C:\Program Files (x86)\Coupon Printer\CouponPrinterService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (SeriousBit) C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
    (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Dropbox, Inc.) C:\Users\Anthony\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (ACD Systems) C:\Program Files\ACD Systems\ACDSee\18.0\acdIDInTouch2.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
    (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
    () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\livecomm.exe
    (PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [166384 2013-08-09] (Intel Corporation)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM-x32\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor)
    HKLM-x32\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
    HKLM-x32\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
    HKLM-x32\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3197296 2014-07-22] (Western Digital Technologies, Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
    HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
    HKLM-x32\...\Run: [ACSW18EN] => C:\Program Files\ACD Systems\ACDSee\18.0\acdIDInTouch2.exe [1470224 2014-12-23] (ACD Systems)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-645232174-3658701054-407207084-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-645232174-3658701054-407207084-1001\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-645232174-3658701054-407207084-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
    HKU\S-1-5-21-645232174-3658701054-407207084-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-07-02] (Glarysoft Ltd)
    HKU\S-1-5-21-645232174-3658701054-407207084-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-11-12] (Siber Systems)
    HKU\S-1-5-21-645232174-3658701054-407207084-1001\...\Run: [GoogleChromeAutoLaunch_2AA0595218EF30A2508F1E549DA19CC6] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
    HKU\S-1-5-21-645232174-3658701054-407207084-1001\...\Run: [ACDSeeCommander18] => C:\Program Files\ACD Systems\ACDSee\18.0\ACDSeeCommander18.exe
    HKU\S-1-5-21-645232174-3658701054-407207084-1001\...\MountPoints2: F - "F:\Setup.exe"
    HKU\S-1-5-21-645232174-3658701054-407207084-1001\...\MountPoints2: {2694a0b8-aede-11e3-825c-485ab623575c} - "F:\LaunchU3.exe" -a
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SnagIt 9.lnk [2015-01-08]
    ShortcutTarget: SnagIt 9.lnk -> C:\Program Files (x86)\TechSmith\SnagIt 9\SnagIt32.exe (TechSmith Corporation)
    Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BT Cloud.lnk [2015-02-19]
    ShortcutTarget: BT Cloud.lnk -> C:\Users\Anthony\AppData\Local\F-Secure\BT Cloud\Application\BT Cloud.exe (F-Secure Corporation)
    Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-03-10]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Anthony\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-03-20]
    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-01-16]
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-23] (Avast Software s.r.o.)
    ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
    BootExecute: autocheck autochk * BootDefrag.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-645232174-3658701054-407207084-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-645232174-3658701054-407207084-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-645232174-3658701054-407207084-1001 -> DefaultScope {76DCC230-EABD-4E7D-9668-99906DC134EC} URL =
    SearchScopes: HKU\S-1-5-21-645232174-3658701054-407207084-1001 -> {76DCC230-EABD-4E7D-9668-99906DC134EC} URL =
    BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll [2008-05-15] (TechSmith Corporation)
    BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-11-12] (Siber Systems Inc.)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-25] (Avast Software s.r.o.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
    BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll [2008-05-15] (TechSmith Corporation)
    BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll [2013-09-06] (Mindjet)
    BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2014-11-12] (Siber Systems Inc.)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-25] (Avast Software s.r.o.)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-11-12] (Siber Systems Inc.)
    Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2014-11-12] (Siber Systems Inc.)
    Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-05-15] (TechSmith Corporation)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\w17l3fqu.default
    FF NewTab: www.google.co.uk
    FF Homepage: hxxp://www.google.co.uk
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-21] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-21] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-09-05] (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-03-31] (Coupons, Inc.)
    FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\w17l3fqu.default\searchplugins\imdb.xml [2014-03-18]
    FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\w17l3fqu.default\searchplugins\rotten-tomatoes.xml [2014-04-09]
    FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\w17l3fqu.default\searchplugins\wikipedia-eng.xml [2014-03-18]
    FF Extension: ColorfulTabs - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\w17l3fqu.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2015-04-29]
    FF Extension: Cookies Manager+ - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\w17l3fqu.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2014-03-18]
    FF Extension: uknewspapers - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\w17l3fqu.default\Extensions\[email protected] [2014-07-12]
    FF Extension: Google Maps Saved Locations - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\w17l3fqu.default\Extensions\[email protected] [2014-10-14]
    FF Extension: Session Manager - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\w17l3fqu.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-03-18]
    FF Extension: Abduction! - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\w17l3fqu.default\Extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpi [2014-06-11]
    FF Extension: IMDB Search - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\w17l3fqu.default\Extensions\{c4080853-c699-4120-b8e0-618bff8a4474}.xpi [2014-03-18]
    FF Extension: Adblock Plus - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\w17l3fqu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-18]
    FF Extension: Tab Mix Plus - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\w17l3fqu.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-07-03]
    FF Extension: Evernote Web Clipper - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\w17l3fqu.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2015-04-21]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-02-02]
    FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
    FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-11-12]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-17]
    FF HKU\S-1-5-21-645232174-3658701054-407207084-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

    Chrome:
    =======
    CHR Profile: C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (TooManyTabs for Chrome) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2014-03-11]
    CHR Extension: (Google Docs) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-11]
    CHR Extension: (Google Drive) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-11]
    CHR Extension: (Session Manager) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2014-03-11]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-17]
    CHR Extension: (iCloud) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjhodfififgcgedifpkenofdhlaafokk [2014-03-11]
    CHR Extension: (YouTube) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-11]
    CHR Extension: (Adblock Plus) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-11]
    CHR Extension: (Adblock for Youtube™) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-03-12]
    CHR Extension: (Google Search) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-11]
    CHR Extension: (Tab Manager) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coonecdghnepgiblpccbbihiahajndda [2015-01-19]
    CHR Extension: (Search by Image (by Google)) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-03-11]
    CHR Extension: (Category Tabs for Google Keep™) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlahcjmefibiedeecoegjilekaebchhl [2014-03-11]
    CHR Extension: (ESPN Cricinfo) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlklinjgampohhihndkofhhaahoicoip [2014-03-11]
    CHR Extension: (Google News) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2014-03-11]
    CHR Extension: (All United Kingdom Newspapers) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmiphjikgdmioglkkbgdangkbfjpekfa [2014-03-11]
    CHR Extension: (Fruumo Download Manager) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekmbkhodcdnafhomcpbfgimkglaohmil [2014-03-11]
    CHR Extension: (Bookmarks Button) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg [2014-03-11]
    CHR Extension: (SiteAdvisor) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-02-06]
    CHR Extension: (iCloud Bookmarks) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-03-12]
    CHR Extension: (EditThisCookie) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2014-03-11]
    CHR Extension: (History Button) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofpnhmbgmmeaialapfddhbhfongoinh [2014-03-11]
    CHR Extension: (The Economist) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebjgjhbjedcomcajgpodjgfjgkepgpl [2014-03-11]
    CHR Extension: (Bookmark Manager) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-05]
    CHR Extension: (Next Bus London) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\golhdmegajbopkkhfbjbilfecnjaobod [2014-03-11]
    CHR Extension: (Avast Online Security) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-17]
    CHR Extension: (TweetDeck by Twitter) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2014-03-11]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-03-18]
    CHR Extension: (Speed Test Internet) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhbmnfdcklajeaeikfinieljfegamko [2014-03-11]
    CHR Extension: (Google Keep - notes and lists) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-03-11]
    CHR Extension: (TabJump - Intelligent Tab Navigator) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokofmgcicpnjchllaccgedmmmbbnbmf [2014-09-22]
    CHR Extension: (*Ultimate Football App*) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\iffcmcgdeggkebfdlencehppakgjdbob [2014-03-11]
    CHR Extension: (The Weather Channel for Chrome) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-03-11]
    CHR Extension: (WeatherBug (Legacy App)) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak [2014-03-11]
    CHR Extension: (Dropbox) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-03-11]
    CHR Extension: (IMDB™) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipolnkooheenpfdecoclcohihplijco [2014-03-11]
    CHR Extension: (Night Time In New York City) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek [2014-03-11]
    CHR Extension: (Evernote Web) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-03-11]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-12]
    CHR Extension: (Google Maps) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-03-11]
    CHR Extension: (Awesome New Tab Page) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2014-03-11]
    CHR Extension: (Quick Note) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2014-03-11]
    CHR Extension: (AppLauncher) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnbfkkkpphlcbeaeemeblclibjnofamn [2014-03-18]
    CHR Extension: (OneDrive) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2014-03-11]
    CHR Extension: (Google Wallet) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-11]
    CHR Extension: (Sky+) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookngkjbobceimcicokadhjonlejhobj [2014-03-11]
    CHR Extension: (Evernote Web Clipper) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-03-11]
    CHR Extension: (Gmail) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-11]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-22]
    CHR HKU\S-1-5-21-645232174-3658701054-407207084-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-22]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-25]
    CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-11-12]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
    R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-05] (Windows (R) Win 7 DDK provider) []
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-23] (Avast Software s.r.o.)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-04-23] (Avast Software)
    R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) []
    R2 CouponPrinterService; C:\Program Files (x86)\Coupon Printer\CouponPrinterService.exe [177136 2014-04-28] (Coupons.com Inc.)
    R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
    R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) []
    S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-04-29] (McAfee, Inc.)
    R2 NetBalancerService; C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [10240 2012-08-27] (SeriousBit) []
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
    R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
    R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []
    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-07-22] (Western Digital Technologies, Inc.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-23] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-23] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-23] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-23] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-23] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-23] (Avast Software s.r.o.)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-23] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-23] ()
    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
    R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-06-03] (Glarysoft Ltd)
    R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-05] (Qualcomm Atheros)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
    R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
    R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
    R0 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-07-11] (Glarysoft Ltd)
    S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2015-05-20] (Malwarebytes Corporation)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-02] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
    R3 Nbdrv; C:\Windows\system32\DRIVERS\nbdrv.sys [41256 2011-05-18] (SeriousBit)
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-23] (Avast Software)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
    S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-22 23:11 - 2015-05-23 17:30 - 00000000 ____D () C:\FRST
    2015-05-22 14:25 - 2015-05-22 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync
    2015-05-21 08:26 - 2015-05-21 08:27 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Anthony\Downloads\flashplayer17au_ha_install.exe
    2015-05-20 16:31 - 2015-05-20 16:31 - 02107904 _____ (Farbar) C:\Users\Anthony\Downloads\FRST64.exe
    2015-05-20 12:41 - 2015-05-20 12:41 - 00509440 _____ (Tech Support Guy System) C:\Users\Anthony\Downloads\SysInfo(2).exe
    2015-05-20 12:14 - 2015-05-20 12:48 - 00020711 _____ () C:\Users\Anthony\Downloads\hijackthis.log
    2015-05-20 12:10 - 2015-05-20 12:10 - 00388608 _____ (Trend Micro Inc.) C:\Users\Anthony\Downloads\HijackThis.exe
    2015-05-20 10:52 - 2015-05-20 10:52 - 00000000 ____D () C:\Users\Anthony\Downloads\Malwarebytes Anti-Malware Premium 2.0.2.1012
    2015-05-20 10:43 - 2015-05-20 10:43 - 00000000 ____D () C:\Users\Anthony\Downloads\Malwarebytes Anti-Malware Premium 2.0.2.1012
    2015-05-19 16:04 - 2015-05-19 16:07 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Riot
    2015-05-19 16:02 - 2015-05-19 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIOT
    2015-05-19 16:02 - 2015-05-19 16:02 - 00000000 ____D () C:\Program Files (x86)\Riot
    2015-05-19 12:07 - 2015-05-19 12:07 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\ACD Systems
    2015-05-19 12:06 - 2015-05-19 12:17 - 00000000 ____D () C:\Users\Anthony\AppData\Local\ACD Systems
    2015-05-19 12:04 - 2015-05-19 12:04 - 00013412 _____ () C:\Windows\DirectX.log
    2015-05-19 12:04 - 2015-05-19 12:04 - 00002196 _____ () C:\Users\Public\Desktop\ACDSee 18.lnk
    2015-05-19 12:04 - 2015-05-19 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
    2015-05-19 12:04 - 2015-05-19 12:04 - 00000000 ____D () C:\ProgramData\ACD Systems
    2015-05-19 12:04 - 2015-05-19 12:04 - 00000000 ____D () C:\Program Files\Common Files\ACD Systems
    2015-05-19 12:04 - 2015-05-19 12:04 - 00000000 ____D () C:\Program Files\ACD Systems
    2015-05-19 12:04 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
    2015-05-19 12:04 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
    2015-05-19 10:16 - 2011-10-16 00:10 - 00000000 ____D () C:\Users\Anthony\Downloads\Adobe Photoshop Elements 10
    2015-05-19 10:12 - 2015-05-19 10:12 - 00006689 _____ () C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 10.lnk
    2015-05-18 22:08 - 2015-05-18 22:09 - 00000000 ____D () C:\Users\Anthony\Downloads\Photography Magazines - May 15 2015 (True PDF)
    2015-05-18 21:41 - 2015-05-18 23:01 - 00000000 ____D () C:\Users\Anthony\Downloads\The Economist – 16 May - 22 May 2015
    2015-05-18 18:02 - 2015-05-18 18:05 - 00000000 ____D () C:\Users\Anthony\Downloads\The United States Travel Guides Collection
    2015-05-18 17:11 - 2015-05-18 17:11 - 00360039 _____ () C:\Users\Anthony\Downloads\Child, Lee-Personal .epub
    2015-05-14 22:33 - 2015-05-14 22:33 - 01010672 _____ (DivX, LLC) C:\Users\Anthony\Downloads\DivXInstaller.exe
    2015-05-14 22:20 - 2015-05-14 22:20 - 00000000 ____D () C:\Users\Anthony\Downloads\JAM Software TreeSize Professional v6.0.2.937 (x86-x64)
    2015-05-14 09:49 - 2015-05-14 09:51 - 00000000 ____D () C:\Users\Anthony\Downloads\Lonely Planet Colorado (Travel Guide)[MyebookShelf]
    2015-05-12 14:34 - 2015-05-12 14:34 - 00002523 _____ () C:\Users\Public\Desktop\Evernote.lnk
    2015-05-12 14:34 - 2015-05-12 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
    2015-04-30 17:18 - 2015-04-30 17:18 - 00000000 ____D () C:\Users\Anthony\Downloads\Topaz Detail 3.2.0 plugin photoshop
    2015-04-30 13:30 - 2015-04-30 13:30 - 36532008 _____ (F-Secure Corporation) C:\Users\Anthony\Downloads\BTCloudWindows(5).exe
    2015-04-30 12:51 - 2015-04-30 12:52 - 36532008 _____ (F-Secure Corporation) C:\Users\Anthony\Downloads\BTCloudWindows(4).exe
    2015-04-30 12:50 - 2015-04-30 12:50 - 36532008 _____ (F-Secure Corporation) C:\Users\Anthony\Downloads\BTCloudWindows(3).exe
    2015-04-30 12:38 - 2015-04-30 12:39 - 36532008 _____ (F-Secure Corporation) C:\Users\Anthony\Downloads\BTCloudWindows(2).exe
    2015-04-30 12:26 - 2015-04-30 12:31 - 00000000 ____D () C:\Users\Anthony\Documents\Dropbox Dump
    2015-04-23 22:53 - 2015-04-23 22:53 - 04039381 ____R () C:\Users\Anthony\Downloads\Imagenomic Portraiture 2.3.3.zip
    2015-04-23 22:48 - 2015-05-12 22:55 - 00000000 ____D () C:\Users\Anthony\Downloads\OnOne Perfect Effects 9.0.2.1335 Premium Edition Win
    2015-04-23 22:46 - 2015-04-23 22:48 - 00000000 ____D () C:\Users\Anthony\Downloads\DxO FilmPack 4.5.1.59
    2015-04-23 22:31 - 2015-04-23 22:31 - 00000000 ____D () C:\Users\Anthony\Downloads\Nik.Software.Complete.Collection.1.2.8
    2015-04-23 22:29 - 2015-04-23 22:30 - 00000000 ____D () C:\Users\Anthony\Downloads\Topaz Photoshop Plugins Bundle
    2015-04-23 22:15 - 2015-05-12 22:55 - 00000000 ____D () C:\Users\Anthony\Downloads\onOne Perfect Photo Suite 9.5.0.1640 Premium Edition
    2015-04-23 09:41 - 2015-04-23 09:41 - 00000000 __HDC () C:\ProgramData\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
    2015-04-23 08:28 - 2015-04-23 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-04-23 08:27 - 2015-04-23 08:28 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-04-23 08:27 - 2015-04-23 08:28 - 00000000 ____D () C:\Program Files\iTunes
    2015-04-23 08:27 - 2015-04-23 08:27 - 00000000 ____D () C:\Program Files\iPod
    2015-04-23 08:20 - 2015-04-23 08:21 - 152362800 _____ (Apple Inc.) C:\Users\Anthony\Downloads\iTunes6464Setup(1).exe
    2015-04-23 07:12 - 2015-04-23 07:12 - 00001940 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2015-04-23 07:11 - 2015-04-23 07:11 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
    2015-04-23 07:11 - 2015-04-23 07:11 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
    2015-04-23 07:08 - 2015-04-23 07:08 - 00000000 ____D () C:\Users\Anthony\Downloads\AVG Anti-Virus Free 2015.0.5557

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-23 17:30 - 2014-04-26 12:52 - 00000000 ____D () C:\Users\Anthony\AppData\Local\CrashDumps
    2015-05-23 17:20 - 2014-05-07 13:05 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf69eca36ced32.job
    2015-05-23 17:08 - 2014-05-10 11:18 - 01181637 _____ () C:\Windows\WindowsUpdate.log
    2015-05-23 17:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
    2015-05-22 23:44 - 2014-03-19 20:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-05-22 23:02 - 2013-12-28 15:43 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-05-22 22:32 - 2014-04-11 22:32 - 00000294 _____ () C:\Windows\Tasks\AutoKMS.job
    2015-05-22 22:25 - 2014-05-24 11:47 - 00024946 _____ () C:\Windows\setupact.log
    2015-05-22 22:23 - 2013-12-28 16:05 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
    2015-05-22 22:18 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\Recovery
    2015-05-22 22:17 - 2014-03-11 08:00 - 00000000 ___DO () C:\Users\Anthony\SkyDrive
    2015-05-22 22:17 - 2014-03-10 21:57 - 00000000 ___RD () C:\Users\Anthony\Dropbox
    2015-05-22 22:17 - 2014-03-10 21:55 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Dropbox
    2015-05-22 22:16 - 2014-03-21 15:36 - 00000000 ___RD () C:\Users\Anthony\Google Drive
    2015-05-22 22:15 - 2014-05-27 13:06 - 00000362 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
    2015-05-22 22:14 - 2014-11-05 12:30 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
    2015-05-22 22:14 - 2014-05-27 13:06 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
    2015-05-22 22:13 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-05-22 21:57 - 2013-12-28 16:03 - 00000000 ____D () C:\Program Files (x86)\McAfee
    2015-05-22 21:57 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
    2015-05-22 21:56 - 2014-05-15 10:07 - 00206728 _____ () C:\Windows\PFRO.log
    2015-05-22 21:29 - 2014-03-11 08:03 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-645232174-3658701054-407207084-1001
    2015-05-22 11:33 - 2014-03-12 12:03 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Apple
    2015-05-21 18:50 - 2014-03-11 09:48 - 00000000 ____D () C:\Users\Anthony\Documents\Outlook Files
    2015-05-21 18:43 - 2014-03-12 12:37 - 00000000 ____D () C:\Users\Anthony\AppData\Local\8A10F85D-B9D0-4414-8B5E-2E7563CBD4F0.aplzod
    2015-05-21 18:25 - 2014-03-11 08:55 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-05-20 18:00 - 2014-03-20 21:31 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\DiskDefrag
    2015-05-20 17:43 - 2014-07-02 13:39 - 00000000 ____D () C:\Users\Anthony\Documents\Movie Collector
    2015-05-20 10:39 - 2014-06-26 08:09 - 00093400 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-05-19 16:28 - 2014-03-23 12:35 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\vlc
    2015-05-19 13:18 - 2014-04-12 12:14 - 00000000 ____D () C:\Users\Anthony\Downloads\Podcasts
    2015-05-19 13:14 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
    2015-05-19 11:52 - 2014-12-03 15:40 - 00000000 ____D () C:\Users\Anthony\Downloads\APPZ
    2015-05-19 11:01 - 2014-03-11 11:50 - 00000000 ____D () C:\Users\Anthony\Documents\Calibre Library
    2015-05-19 10:20 - 2014-10-20 15:15 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cfec7046558b3f
    2015-05-19 10:20 - 2014-10-20 15:15 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfec7046558b3f.job
    2015-05-19 10:20 - 2014-03-11 08:55 - 00003668 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-05-19 10:20 - 2014-03-11 08:55 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-05-18 13:38 - 2015-02-12 14:31 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
    2015-05-15 00:26 - 2014-06-01 13:04 - 01891840 ___SH () C:\Users\Anthony\Downloads\Thumbs.db
    2015-05-14 22:26 - 2015-01-30 21:17 - 00000000 ____D () C:\Users\Anthony\Downloads\Aviation Magazines - January 22 2015 (True PDF)
    2015-05-14 22:26 - 2014-07-15 10:09 - 00000000 ____D () C:\Users\Anthony\Downloads\BOOKS
    2015-05-12 00:00 - 2014-03-10 21:57 - 00001081 _____ () C:\Users\Anthony\Desktop\Dropbox.lnk
    2015-05-12 00:00 - 2014-03-10 21:56 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-05-06 18:21 - 2014-03-21 15:27 - 00002060 _____ () C:\Users\Public\Desktop\Google Slides.lnk
    2015-05-06 18:21 - 2014-03-21 15:27 - 00002058 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
    2015-05-06 18:21 - 2014-03-21 15:27 - 00002048 _____ () C:\Users\Public\Desktop\Google Docs.lnk
    2015-05-06 18:21 - 2014-03-21 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-04-30 17:36 - 2014-03-19 20:23 - 00000000 ____D () C:\Program Files (x86)\Topaz Labs
    2015-04-30 13:31 - 2014-04-28 11:00 - 00001403 _____ () C:\Users\Anthony\Desktop\BT Cloud.lnk
    2015-04-30 12:49 - 2014-03-20 22:04 - 00000000 ____D () C:\Users\Anthony\BT Cloud Sync
    2015-04-24 09:37 - 2014-03-20 09:13 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Google
    2015-04-23 10:07 - 2013-12-28 15:49 - 00000000 ____D () C:\ProgramData\Temp
    2015-04-23 09:41 - 2015-02-12 14:31 - 00003924 _____ () C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
    2015-04-23 08:27 - 2014-09-10 15:51 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2015-04-23 08:27 - 2014-03-12 12:06 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-04-23 07:16 - 2015-03-25 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2015-04-23 07:12 - 2015-03-17 17:34 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-04-23 07:11 - 2015-03-17 17:34 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
    2015-04-23 07:11 - 2015-03-17 17:34 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
    2015-04-23 07:11 - 2015-03-17 17:34 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2015-04-23 07:11 - 2015-03-17 17:34 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
    2015-04-23 07:11 - 2015-03-17 17:34 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
    2015-04-23 07:11 - 2015-03-17 17:34 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-04-23 07:11 - 2015-03-17 17:34 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2015-04-23 07:11 - 2015-03-17 17:34 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys

    ==================== Files in the root of some directories =======

    2014-08-30 09:56 - 2014-08-30 09:56 - 0007605 _____ () C:\Users\Anthony\AppData\Local\Resmon.ResmonCfg
    2013-12-28 15:59 - 2013-12-28 15:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2013-12-28 15:53 - 2013-12-28 15:53 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
    2013-12-28 15:50 - 2013-12-28 15:50 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2013-12-28 15:50 - 2013-12-28 15:51 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
    2013-12-28 15:51 - 2013-12-28 15:53 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
    2013-12-28 15:49 - 2013-12-28 15:49 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

    Some files in TEMP:
    ====================
    C:\Users\Anthony\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnrckwq.dll
    C:\Users\Anthony\AppData\Local\Temp\gusetup6.exe
    C:\Users\Anthony\AppData\Local\Temp\gusetup9.exe
    C:\Users\Anthony\AppData\Local\Temp\iExplorer_Setup_3610.exe
    C:\Users\Anthony\AppData\Local\Temp\InPixio_Photo_Maximizer_Pro.exe
    C:\Users\Anthony\AppData\Local\Temp\mccspuninstall.exe
    C:\Users\Anthony\AppData\Local\Temp\procexp64.exe
    C:\Users\Anthony\AppData\Local\Temp\topazfusion2_setup.exe
    C:\Users\Anthony\AppData\Local\Temp\vcredist_x64.exe
    C:\Users\Anthony\AppData\Local\Temp\vcredist_x86.exe
    C:\Users\Anthony\AppData\Local\Temp\VSUSetup.exe
    C:\Users\Anthony\AppData\Local\Temp\?odec Performer.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-19 16:45

    ==================== End of log ============================


    Fix result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
    Ran by Anthony at 2015-05-23 17:39:29 Run:1
    Running from i:\
    Loaded Profiles: Anthony (Available Profiles: Anthony)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    C:\Users\Anthony\AppData\Local\Temp\_MEI56722
    EmptyTemp:
    *****************


    "C:\Users\Anthony\AppData\Local\Temp\_MEI56722" folder move:

    Could not move "C:\Users\Anthony\AppData\Local\Temp\_MEI56722" folder => Scheduled to move on reboot.

    EmptyTemp: => Removed 25.9 GB temporary data.

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-23 17:42:42)<=

    C:\Users\Anthony\AppData\Local\Temp\_MEI56722 => Is moved successfully

    ==== End of Fixlog 17:42:42 ====
     
  13. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Please download the attached file, fixlist.txt, and save it in the same location FRST is saved, i:\. Both files, FRST and fixlist, must be saved in the same location.
    • Start FRST with Administrator privileges.
    • Press the Fix button.
    • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
      Please copy and paste its contents in your next reply.

    Lets scan the computer:

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    Download AdwCleaner from here. Save the file to the desktop.


    NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

    Close all open windows and browsers.
    • XP users: Double click the AdwCleaner icon to start the program.
    • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
      You will see the following console:
    [​IMG]
    • Click the Scan button and wait for the scan to finish.
    • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
    • Click the Clean button.
    • Everything checked will be deleted.
    • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
    [​IMG]
    • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

    Launch and update Malwarebytes antimalware
    • If an update is found, you will be prompted to download and install the latest version.
    • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
    • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
    • Reboot your computer if prompted.

    The scan log is available throughout History ->Application logs. Please post it contents in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
     

    Attached Files:

  14. Screlge

    Screlge Thread Starter

    Joined:
    May 13, 2003
    Messages:
    168
    You have my FRST and Fixlist logs in my previous post.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.7.8 (05.23.2015:2)
    OS: Windows 8.1 x64
    Ran by Anthony on 24/05/2015 at 9:00:15.39
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services

    Successfully stopped: [Service] couponprinterservice
    Failed to delete: [Service] couponprinterservice



    ~~~ Tasks

    Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-645232174-3658701054-407207084-1001
    Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask
    Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\Windows\couponprinter.ocx



    ~~~ Folders

    Successfully deleted: [Folder] C:\ProgramData\pcdr
    Successfully deleted: [Folder] C:\Users\Anthony\appdata\local\packageaware
    Successfully deleted: [Folder] C:\Users\Anthony\AppData\Roaming\pcdr



    ~~~ FireFox

    Successfully deleted the following from C:\Users\Anthony\AppData\Roaming\mozilla\firefox\profiles\w17l3fqu.default\prefs.js

    user_pref(extensions.toolbar.mindspark._65Members_.BUTTON_STRUCTURE, [{\b\:221359615,\c\:\mindspark.magnify\,\p\:\L.0\},{\b\:221359616,\c\:\mindspark.enterse
    user_pref(extensions.toolbar.mindspark._65Members_.firstKnownVersion, 6.72.4.54866);
    user_pref(extensions.toolbar.mindspark._65Members_.homepage, hxxp://home.tb.ask.com/index.jhtml?ptb=449BA390-20CA-4F0D-8D00-ADE20B845DA7&n=780c9c15&p2=^Y6^xdm220^YYA^gb&si=
    user_pref(extensions.toolbar.mindspark._65Members_.initialized, true);
    user_pref(extensions.toolbar.mindspark._65Members_.installKeysSource, Cookies);
    user_pref(extensions.toolbar.mindspark._65Members_.installType, XPI);
    user_pref(extensions.toolbar.mindspark._65Members_.installation.contextKey, );
    user_pref(extensions.toolbar.mindspark._65Members_.installation.installDate, 2014092309);
    user_pref(extensions.toolbar.mindspark._65Members_.installation.partnerId, ^Y6^xdm220^YYA^gb);
    user_pref(extensions.toolbar.mindspark._65Members_.installation.partnerSubId, CMnCmvT19sACFagfwwod9o4AjA);
    user_pref(extensions.toolbar.mindspark._65Members_.installation.pixelUrl, hxxp://download.fromdoctopdf.com/install_pixels.jhtml?partner=^Y6^xdm220^YYA^gb&coId=04b0c035dcb64
    user_pref(extensions.toolbar.mindspark._65Members_.installation.success, true);
    user_pref(extensions.toolbar.mindspark._65Members_.installation.toolbarId, 449BA390-20CA-4F0D-8D00-ADE20B845DA7);
    user_pref(extensions.toolbar.mindspark._65Members_.isCompliantUninstallImplementation, true);
    user_pref(extensions.toolbar.mindspark._65Members_.lastActivePing, 1411461546236);
    user_pref(extensions.toolbar.mindspark._65Members_.lastKnownVersion, 6.72.4.54866);
    user_pref(extensions.toolbar.mindspark._65Members_.options.defaultSearch, false);
    user_pref(extensions.toolbar.mindspark._65Members_.options.homePageEnabled, false);
    user_pref(extensions.toolbar.mindspark._65Members_.options.keywordEnabled, false);
    user_pref(extensions.toolbar.mindspark._65Members_.options.tabEnabled, false);
    user_pref(extensions.toolbar.mindspark._65Members_.partnerPixelFired, true);
    user_pref(extensions.toolbar.mindspark._65Members_.successUrl, hxxp://download.fromdoctopdf.com/installComplete.jhtml);
    user_pref(extensions.toolbar.mindspark._65Members_.toolbarCollapsed, false);
    user_pref(extensions.toolbar.mindspark._65Members_.weather.location, 10001);
    user_pref(extensions.toolbar.mindspark.lastInstalled, [email protected]);
    Emptied folder: C:\Users\Anthony\AppData\Roaming\mozilla\firefox\profiles\w17l3fqu.default\minidumps [19 files]



    ~~~ Chrome

    Successfully deleted: [Folder] C:\Users\Anthony\appdata\local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
    Successfully deleted: [Folder] C:\Users\Anthony\appdata\local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak
    Successfully deleted: [Folder] C:\Users\Anthony\appdata\local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
    Successfully deleted: [Folder] C:\Users\Anthony\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 24/05/2015 at 9:02:29.15
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    # AdwCleaner v4.205 - Logfile created 24/05/2015 at 09:09:13
    # Updated 21/05/2015 by Xplode
    # Database : 2015-05-21.2 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : Anthony - TONYPCLONDON
    # Running from : C:\Users\Anthony\Downloads\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupon Printer
    Folder Deleted : C:\Program Files (x86)\Coupon Printer
    Folder Deleted : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop

    ***** [ Scheduled tasks ] *****

    Task Deleted : IHSelfDeleteTASK
    Task Deleted : IHUninstallTrackingTASK

    ***** [ Shortcuts ] *****

    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\now-download-free bundle\now-download-free bundle.lnk

    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer2.2.0.7
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Mozilla Firefox v33.1 (x86 en-US)

    [w17l3fqu.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.BUTTON_STRUCTURE", "[{\"b\":221359615,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221359616,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]

    -\\ Google Chrome v43.0.2357.65

    [C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={3E450D6E-9F04-48FE-8CC3-B76629EA7AE8}&mid=99ab7b4213f04451033449afb64472d5-46aea0962d400f5e938560a3e89e2c007f88b7de&lang=us&ds=AVG&pr=pa&d=2011-12-01 14:16:26&v=10.2.0.3&sap=dsp&q={searchTerms}
    [C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
    [C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.pu-results.info/?l=1&q={searchTerms}&pid=708&r=2013/03/19&hid=1977207096&lg=EN&cc=GB
    [C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.v9.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=ST3500418AS_9VM355S2XXXX9VM355S2&ts=3735604&type=default&q={searchTerms}
    [C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

    *************************

    AdwCleaner[R0].txt - [2967 bytes] - [24/05/2015 09:08:03]
    AdwCleaner[S0].txt - [2862 bytes] - [24/05/2015 09:09:13]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2921 bytes] ##########

    The MBAM Scan was clean.
     
  15. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    The Fixlist provided on Post 13 is different from the previous one. It should produce a new Fixlog.txt, which is the one I need to see.

    Once done, restart and let me know how is it doing.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1148552

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice