Its all good to me emerald.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-07-2015
Ran by James (administrator) on JAMES-PC on 10-07-2015 21:54:21
Running from C:\Users\James\Downloads
Loaded Profiles: James (Available Profiles: James)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\James\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
() C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
() C:\Program Files\T2GamingMouse\GamingMouse.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BackupManagerTray] => C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-11-17] (NewTech Infosystems, Inc.)
HKLM\...\Run: [AutoLockProcess] => C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\autolockprocess.exe [451912 2010-06-03] (Acer Inc.)
HKLM\...\Run: [Acer PowerSaver] => C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe [434176 2009-04-17] (Acer Incorporated)
HKLM\...\Run: [Acer SmartBoot] => C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe [376832 2009-05-12] (Acer Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8092192 2009-11-17] (Realtek Semiconductor)
HKLM\...\Run: [WavXMgr] => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147328 2010-04-19] (Wave Systems Corp.)
HKLM\...\Run: [EmbassySecurityCheck] => C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe [95616 2010-04-19] (Wave Systems Corp.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BRMFCWND.EXE /AUTORUN
HKLM\...\Run: [Installation Diagnostics] => "C:\Program Files\Brother\Brmfl06a\Brinstck.exe" /I MFC-440CN LAN
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [51712 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\Run: [Spotify Web Helper] => C:\Users\James\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2023480 2015-06-21] (Spotify Ltd)
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\Run: [Spotify] => C:\Users\James\AppData\Roaming\Spotify\Spotify.exe [7415864 2015-06-21] (Spotify Ltd)
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\...\Run: [Dropbox Update] => C:\Users\James\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [220672 2010-11-20] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\wxvault.dll => C:\Windows\System32\wxvault.dll [249856 2010-04-15] ()
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-05-28]
ShortcutTarget: Dropbox.lnk -> C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...45u235z47m4r49s
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...1I7ACAW_enUS436
SearchScopes: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...1I7ACAW_enUS436
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-02-17] (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-17] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2517414903-4262703431-2207850217-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [232448 2011-06-20] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{2A095F0A-4B3D-4C5F-BD3B-2816076F39DA}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3C6125A7-3A82-4EF4-A9B9-E9D37D20B66A}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{59672D88-A6CA-44B9-BC9C-EDE9CFC02C79}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6BD05BD6-FDAA-49AC-BAF3-5A5757893E76}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6F1322A6-6BC9-4297-B549-47EBFD794A4C}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{AB49032B-735A-45E3-9D3B-B248B5B4B578}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AC98882A-ABF7-44B4-987E-F1ECD0A37409}: [DhcpNameServer] 167.206.251.129 167.206.251.130
Tcpip\..\Interfaces\{F5EF6364-F8E9-40C0-ACDD-5C4548634571}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ty45rzpa.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Google
FF Homepage: google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-02-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Address Bar Search - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ty45rzpa.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-10-26]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-02]
Chrome:
=======
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2011-11-04]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASLSvc; C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe [417792 2009-05-12] (Acer Incorporated) [File not signed]
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803512 2009-05-15] (AuthenTec, Inc.)
R2 eLockService; C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe [30016 2010-06-03] (Acer Inc.)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-02-17] () [File not signed]
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [11552 2012-03-26] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2013-04-07] (NETGEAR)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [214952 2012-03-26] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [255744 2009-11-17] (NewTech Infosystems, Inc.)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2010-03-30] (Wave Systems Corp.) [File not signed]
R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 Spooler; %SystemRoot%\System32\spoolsv.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 eLock2BurnerLockDriver; C:\Windows\System32\DRIVERS\eLock2BurnerLockDriver.sys [22560 2008-03-11] (Acer, Inc.)
R2 eLock2FSCTLDriver; C:\Windows\System32\DRIVERS\eLock2FSCTLDriver.sys [87072 2008-03-11] (Acer, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-07-09] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2013-09-12] (CACE Technologies, Inc.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [237840 2010-04-15] (Wave Systems Corp.)
U5 BITS; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)
S2 zntport; \??\C:\Windows\system32\drivers\zntport.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-10 21:54 - 2015-07-10 21:55 - 00019136 _____ C:\Users\James\Downloads\FRST.txt
2015-07-10 21:52 - 2015-07-10 21:54 - 00000000 ____D C:\FRST
2015-07-10 21:51 - 2015-07-10 21:52 - 01636352 _____ (Farbar) C:\Users\James\Downloads\FRST.exe
2015-07-10 21:37 - 2015-07-10 21:37 - 00001024 _____ C:\.rnd
2015-07-08 18:38 - 2015-07-09 17:56 - 00002344 _____ C:\Users\James\Desktop\Rkill.txt
2015-07-08 18:38 - 2015-07-08 18:38 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\James\Downloads\rkill.exe
2015-07-08 17:35 - 2015-07-09 17:56 - 00000000 _____ C:\rules.ref
2015-07-08 17:33 - 2015-07-09 17:54 - 00025566 _____ C:\swissarmy.ref
2015-07-08 17:33 - 2015-07-08 17:33 - 00001292 _____ C:\actions.ref
2015-07-08 17:33 - 2015-07-08 17:33 - 00000092 _____ C:\domains.ref
2015-07-08 17:33 - 2015-07-08 17:33 - 00000080 _____ C:\ips.ref
2015-07-02 17:14 - 2015-07-02 17:14 - 00000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-17 18:06 - 2015-07-09 21:11 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA.job
2015-06-17 18:06 - 2015-07-09 18:11 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core.job
2015-06-17 18:06 - 2015-06-17 18:06 - 00000000 ____D C:\Users\James\AppData\Local\Dropbox
2015-06-17 18:06 - 2015-06-17 18:06 - 00000000 ____D C:\ProgramData\Dropbox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-10 21:51 - 2015-03-02 00:20 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-07-10 21:48 - 2011-11-28 12:35 - 00000000 ____D C:\Users\James\AppData\Local\Spotify
2015-07-10 21:48 - 2010-09-14 13:25 - 01679568 ____H C:\Windows\WindowsUpdate.log
2015-07-10 21:45 - 2009-07-14 00:34 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-10 21:45 - 2009-07-14 00:34 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-10 21:39 - 2014-05-28 22:46 - 00000000 ___RD C:\Users\James\Dropbox
2015-07-10 21:39 - 2014-05-28 22:43 - 00000000 ____D C:\Users\James\AppData\Roaming\Dropbox
2015-07-10 21:38 - 2011-11-28 12:35 - 00000000 ____D C:\Users\James\AppData\Roaming\Spotify
2015-07-10 21:37 - 2013-11-10 23:48 - 00029611 _____ C:\Windows\setupact.log
2015-07-10 21:37 - 2011-12-29 23:49 - 00000000 ____D C:\Program Files\Steam
2015-07-10 21:37 - 2011-06-15 15:44 - 00000000 _____ C:\Users\James\AppData\Local\WavXMapDrive.bat
2015-07-10 21:37 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-09 21:14 - 2012-08-02 08:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-09 17:56 - 2014-07-07 03:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-08 17:45 - 2015-06-02 20:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-03 12:55 - 2010-09-14 13:20 - 00058560 ____H C:\Windows\PFRO.log
2015-06-23 21:14 - 2013-04-25 00:11 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-23 21:14 - 2013-04-25 00:11 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-17 21:26 - 2014-07-07 03:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-17 21:26 - 2014-07-07 03:27 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-17 21:26 - 2012-03-09 03:49 - 00001068 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
==================== Files in the root of some directories =======
2011-06-15 15:44 - 2015-07-10 21:37 - 0000000 _____ () C:\Users\James\AppData\Local\WavXMapDrive.bat
Some files in TEMP:
====================
C:\Users\James\AppData\Local\temp\CABINET.DLL
C:\Users\James\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsrypj2.dll
C:\Users\James\AppData\Local\temp\EXPAND.EXE
C:\Users\James\AppData\Local\temp\PATCHER.EXE
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-03 12:06
==================== End of log ============================