Greetings,
I've recently had this detection in Avast and I can't seem to find a good solution to clean it up. Here's an image of the detection.
http://i.minus.com/ix0HIEw5GnpQf.png
It's not that annoying and I'm not sure what kind of havoc it's causing. My laptop is for work use and this started when I accidentally opened a word file sent to me which I thought was a resume that I was supposed to review. It was protected and it required to enable editing in order to open. Nothing happened. Then Avast started detecting this after a while.
Besides this, I'd just like a regular checkup since I'm already here. Thanks in advance!
FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Julz (administrator) on JULZ-PC (16-09-2015 21:53:09)
Running from C:\Users\Julz\Downloads
Loaded Profiles: Julz (Available Profiles: Julz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\WINDOWS\SysWOW64\NLSSRV32.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\WINDOWS\System32\GWX\GWX.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Users\Julz\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\Julz\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Dominik Reichl) C:\Program Files (x86)\KP\KeePass.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894640 2012-03-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5729648 2012-02-08] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1628288 2011-09-09] (Conexant Systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-02] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-21] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-09-14] (AVAST Software)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4086147149-4148274582-3694653352-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399736 2015-05-20] (BitTorrent, Inc.)
HKU\S-1-5-21-4086147149-4148274582-3694653352-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-4086147149-4148274582-3694653352-1000\...\Run: [MiPhoneManager] => C:\Users\Julz\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe [146224 2015-07-03] ()
HKU\S-1-5-21-4086147149-4148274582-3694653352-1000\...\Run: [Dropbox Update] => C:\Users\Julz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-4086147149-4148274582-3694653352-1000\...\Run: [AnchorFree] => C:\Users\Julz\AppData\Roaming\egeurcdh\rtuwbiiw.exe [101991 2015-05-26] ()
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Julz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Julz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Julz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Julz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Julz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Julz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Julz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Julz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-14] (AVAST Software)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
Startup: C:\Users\Julz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Julz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1F4F9ABA-C2FA-4120-9BE9-E991DE5D140F}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-4086147149-4148274582-3694653352-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-4086147149-4148274582-3694653352-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> DefaultScope {98FF177F-5087-4DF0-B621-166ADA1DC248} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {98FF177F-5087-4DF0-B621-166ADA1DC248} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {98FF177F-5087-4DF0-B621-166ADA1DC248} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {98FF177F-5087-4DF0-B621-166ADA1DC248} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4086147149-4148274582-3694653352-1000 -> DefaultScope {98FF177F-5087-4DF0-B621-166ADA1DC248} URL =
SearchScopes: HKU\S-1-5-21-4086147149-4148274582-3694653352-1000 -> {98FF177F-5087-4DF0-B621-166ADA1DC248} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2014-07-10] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-28] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2014-07-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Julz\AppData\Roaming\Mozilla\Firefox\Profiles\h55zbsbt.default
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-10-25] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4086147149-4148274582-3694653352-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Julz\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-11] (Citrix Online)
FF Extension: Firebug - C:\Users\Julz\AppData\Roaming\Mozilla\Firefox\Profiles\h55zbsbt.default\Extensions\
[email protected] [2015-09-02]
FF HKU\S-1-5-21-4086147149-4148274582-3694653352-1000\...\Firefox\Extensions: [
[email protected]] - C:\Users\Julz\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Julz\AppData\Roaming\IDM\idmmzcc5 [2015-05-20]
FF HKU\S-1-5-21-4086147149-4148274582-3694653352-1000\...\SeaMonkey\Extensions: [
[email protected]] - C:\Users\Julz\AppData\Roaming\IDM\idmmzcc5
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-20]
CHR Extension: (Google Docs) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-20]
CHR Extension: (Google Drive) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-20]
CHR Extension: (James White) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm [2015-09-06]
CHR Extension: (YouTube) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-20]
CHR Extension: (uBlock Origin) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-05-20]
CHR Extension: (Google Search) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-20]
CHR Extension: (Video Downloader professional) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-06-07]
CHR Extension: (Google Sheets) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-20]
CHR Extension: (Google Docs Offline) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (SEO & Website Analysis) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2015-07-29]
CHR Extension: (IDM Integration Module) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-05-23]
CHR Extension: (Image Properties Context Menu) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon [2015-05-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-20]
CHR Extension: (Audio EQ) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfafdlnjaliaghpjdajmlcnnblkgcefh [2015-09-14]
CHR Extension: (Capture Webpage Screenshot Entirely. FireShot) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2015-06-30]
CHR Extension: (Pocket) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-05-20]
CHR Extension: (MultiLogin) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccllfnllopfpcbjdgjdlfmomnfgnnbk [2015-05-20]
CHR Extension: (Video Speed Controller) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2015-05-20]
CHR Extension: (Save to Pocket) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-05-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-20]
CHR Extension: (Gmail) - C:\Users\Julz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-20]
CHR HKU\S-1-5-21-4086147149-4148274582-3694653352-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-23]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-14] (AVAST Software)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-12] (Conexant Systems, Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-27] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-27] (Dell Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1277680 2015-03-31] (Disc Soft Ltd)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [1169616 2015-06-04] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [96600 2015-06-04] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [589520 2015-06-04] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-07] (Realsil Microelectronics Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-11-19] ()
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-10-25] (Nitro PDF Software)
S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-11-19] (Intel® Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-14] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-09-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-09-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-09-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-14] (AVAST Software)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-27] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-02-27] (Dell Computer Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-20] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2015-05-19] (AnchorFree Inc.)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw01.sys [11532704 2015-03-13] (Intel Corporation)
R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2012-09-04] (Realtek Semiconductor Corp.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2015-05-19] (Anchorfree Inc.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-10-31] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-10-31] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-10-31] (Acronis International GmbH)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-16 21:53 - 2015-09-16 21:53 - 00026345 _____ C:\Users\Julz\Downloads\FRST.txt
2015-09-16 21:52 - 2015-09-16 21:53 - 00000000 ____D C:\FRST
2015-09-16 21:48 - 2015-09-16 21:49 - 02191360 _____ (Farbar) C:\Users\Julz\Downloads\FRST64.exe
2015-09-16 09:34 - 2015-09-16 09:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-16 00:36 - 2015-09-16 01:01 - 08332078 _____ C:\Users\Julz\Downloads\Teh_Desk_NoComponents.skp
2015-09-15 17:18 - 2015-09-15 17:18 - 00000000 ____D C:\Users\Julz\AppData\Roaming\SketchUp
2015-09-15 15:30 - 2015-09-15 15:30 - 00002120 _____ C:\Users\Public\Desktop\Style Builder 2015.lnk
2015-09-15 15:30 - 2015-09-15 15:30 - 00002034 _____ C:\Users\Public\Desktop\LayOut 2015.lnk
2015-09-15 15:30 - 2015-09-15 15:30 - 00001949 _____ C:\Users\Public\Desktop\SketchUp 2015.lnk
2015-09-15 15:30 - 2015-09-15 15:30 - 00000000 ____D C:\ProgramData\SketchUp
2015-09-15 15:30 - 2015-09-15 15:30 - 00000000 ____D C:\ProgramData\Reprise
2015-09-15 15:30 - 2015-09-15 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2015
2015-09-15 15:30 - 2015-09-15 15:30 - 00000000 ____D C:\Program Files\SketchUp
2015-09-15 15:15 - 2015-09-15 15:15 - 00101991 _____ C:\Users\Julz\AppData\Local\Temp12333.exe.exe
2015-09-14 21:38 - 2015-09-14 21:46 - 114480888 _____ (Trimble Navigation Limited) C:\Users\Julz\Downloads\SketchUpMake-en-x64.exe
2015-09-14 19:40 - 2015-09-14 19:40 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-09-14 19:40 - 2015-09-14 19:40 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-14 16:29 - 2015-09-14 17:14 - 00008118 _____ C:\Users\Julz\Desktop\guarantees.html
2015-09-10 09:13 - 2015-09-10 09:13 - 00009763 _____ C:\Users\Julz\Downloads\Subscribers List Details.csv
2015-09-09 09:43 - 2015-09-09 09:43 - 00000000 __SHD C:\found.000
2015-09-08 15:21 - 2015-09-09 10:09 - 00000000 ____D C:\Users\Julz\Desktop\Issues
2015-09-04 09:24 - 2015-09-04 09:24 - 00000000 ____D C:\Users\Julz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-03 16:51 - 2015-09-03 16:51 - 00011542 _____ C:\Users\Julz\Desktop\barkhouseorig.html
2015-09-02 16:22 - 2015-09-02 16:22 - 00000378 _____ C:\Users\Julz\Desktop\CB products.txt
2015-09-01 13:54 - 2015-09-03 16:25 - 00011807 _____ C:\Users\Julz\Desktop\barkhousevideo.html
2015-08-28 15:19 - 2015-09-03 14:51 - 00007861 _____ C:\Users\Julz\Desktop\bark-collar-page.html
2015-08-24 09:06 - 2015-08-24 09:06 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-24 09:06 - 2015-08-24 09:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-20 11:00 - 2015-08-20 11:00 - 00105566 _____ C:\Users\Julz\Desktop\button2.psd
2015-08-19 17:21 - 2015-08-19 17:21 - 00073490 _____ C:\Users\Julz\Desktop\more-products-button.psd
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-16 21:52 - 2013-10-31 04:13 - 00000000 ____D C:\Users\Julz\AppData\Roaming\uTorrent
2015-09-16 21:37 - 2015-05-21 11:17 - 00000000 ____D C:\Users\Julz\AppData\Roaming\eM Client
2015-09-16 21:37 - 2015-05-21 08:47 - 00000000 ____D C:\Users\Julz\AppData\Local\TimeDoctorLite
2015-09-16 21:33 - 2015-06-17 10:22 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4086147149-4148274582-3694653352-1000UA.job
2015-09-16 21:33 - 2015-05-20 18:20 - 00000000 ____D C:\Users\Julz\Documents\Simple Sticky Notes
2015-09-16 21:22 - 2015-05-20 16:52 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-16 21:10 - 2015-06-17 10:22 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4086147149-4148274582-3694653352-1000Core.job
2015-09-16 21:08 - 2009-07-14 12:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-16 21:08 - 2009-07-14 12:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-16 21:07 - 2015-05-20 18:35 - 00000000 ___RD C:\Users\Julz\Google Drive
2015-09-16 17:16 - 2015-05-20 17:56 - 00000000 ____D C:\Users\Julz\AppData\Roaming\Skype
2015-09-16 13:14 - 2013-10-31 02:35 - 01933294 _____ C:\Windows\WindowsUpdate.log
2015-09-16 11:04 - 2015-06-23 19:31 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-09-16 10:23 - 2009-07-14 13:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-16 10:20 - 2015-05-20 14:22 - 00019632 _____ C:\Windows\setupact.log
2015-09-16 09:26 - 2015-05-20 18:38 - 00000000 ___RD C:\Users\Julz\Dropbox
2015-09-16 09:26 - 2015-05-20 18:31 - 00000000 ____D C:\Users\Julz\AppData\Roaming\Dropbox
2015-09-16 09:25 - 2015-05-20 22:12 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-09-16 09:23 - 2015-05-20 16:52 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-16 09:23 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-15 23:55 - 2015-05-21 11:04 - 00000000 ____D C:\Users\Julz\AppData\Roaming\Nitro PDF
2015-09-15 22:45 - 2015-05-20 22:11 - 00000000 ____D C:\Users\Julz\AppData\Roaming\vlc
2015-09-15 22:45 - 2015-05-20 20:03 - 00000000 ____D C:\Users\Julz\AppData\Roaming\KeePass
2015-09-15 17:19 - 2015-04-03 15:41 - 00000000 __SHD C:\Users\Julz\AppData\Local\EmieUserList
2015-09-15 17:19 - 2015-04-03 15:41 - 00000000 __SHD C:\Users\Julz\AppData\Local\EmieSiteList
2015-09-15 17:19 - 2015-04-03 15:41 - 00000000 __SHD C:\Users\Julz\AppData\Local\EmieBrowserModeList
2015-09-15 09:17 - 2015-05-20 16:52 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 09:17 - 2015-05-20 16:52 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-14 20:54 - 2013-10-31 05:13 - 00158046 _____ C:\Windows\PFRO.log
2015-09-14 20:41 - 2015-05-23 16:02 - 00000000 ____D C:\Users\Julz\AppData\Local\CrashDumps
2015-09-14 19:41 - 2015-05-20 22:12 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-09-14 19:40 - 2015-05-20 22:12 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-09-14 19:40 - 2015-05-20 22:12 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-09-14 19:40 - 2015-05-20 22:12 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-09-14 19:40 - 2015-05-20 22:12 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-09-14 19:40 - 2015-05-20 22:12 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-14 19:40 - 2015-05-20 22:12 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-09-14 19:40 - 2015-05-20 22:12 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-09-14 17:15 - 2015-05-30 15:43 - 00000000 ____D C:\Users\Julz\AppData\Roaming\FileZilla
2015-09-14 17:14 - 2015-05-28 09:36 - 00000000 ____D C:\Users\Julz\AppData\Local\Screencast-O-Matic-v2
2015-09-14 10:57 - 2015-05-20 16:52 - 00000000 ____D C:\Users\Julz\AppData\Local\Google
2015-09-11 17:22 - 2015-06-14 20:11 - 00000000 ____D C:\Users\Julz\Desktop\Vape
2015-09-10 12:20 - 2015-06-29 16:49 - 00000600 _____ C:\Users\Julz\AppData\Local\PUTTY.RND
2015-09-10 09:10 - 2015-05-20 17:38 - 00000968 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
2015-09-10 09:10 - 2015-05-20 17:38 - 00000000 ____D C:\Program Files (x86)\eM Client
2015-09-04 13:41 - 2015-08-06 14:36 - 00028691 _____ C:\Users\Julz\Desktop\menu.html
2015-09-04 08:53 - 2015-05-22 15:19 - 00000000 ____D C:\Users\Julz\AppData\Roaming\FireShot
2015-08-27 17:07 - 2015-05-22 16:04 - 00000132 _____ C:\Users\Julz\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-08-26 11:24 - 2015-05-20 20:20 - 00000000 ____D C:\Users\Julz\AppData\Local\MiPhoneManager
2015-08-24 09:06 - 2012-06-26 23:14 - 00000000 ____D C:\ProgramData\Skype
2015-08-19 16:22 - 2015-07-05 15:59 - 00000000 ____D C:\Users\Julz\AppData\Local\Apple Computer
2015-08-19 13:23 - 2015-05-20 09:58 - 00000000 ____D C:\Users\Julz\Desktop\The Dog Line
==================== Files in the root of some directories =======
2015-05-22 16:04 - 2015-08-27 17:07 - 0000132 _____ () C:\Users\Julz\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-06-17 15:09 - 2015-08-11 10:40 - 0001456 _____ () C:\Users\Julz\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-06-29 16:49 - 2015-09-10 12:20 - 0000600 _____ () C:\Users\Julz\AppData\Local\PUTTY.RND
2015-09-15 15:15 - 2015-09-15 15:15 - 0101991 _____ () C:\Users\Julz\AppData\Local\Temp12333.exe.exe
Some files in TEMP:
====================
C:\Users\Julz\AppData\Local\Temp\2ED.tmp.exe
C:\Users\Julz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaqxqqf.dll
C:\Users\Julz\AppData\Local\Temp\gamesters.dll
C:\Users\Julz\AppData\Local\Temp\haemocyanin.dll
C:\Users\Julz\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Julz\AppData\Local\Temp\npp.6.8.1.Installer.exe
C:\Users\Julz\AppData\Local\Temp\proxy_vole4702605630398537146.dll
C:\Users\Julz\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Julz\AppData\Local\Temp\{0ABFB6A1-36D1-49BB-B476-492CC3145E6C}-DropboxClient_3.8.8.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-11 18:42
==================== End of FRST.txt ============================
ADDITION
Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Julz (2015-09-16 21:53:56)
Running from C:\Users\Julz\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-10-30 17:49:43)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4086147149-4148274582-3694653352-500 - Administrator - Disabled)
Guest (S-1-5-21-4086147149-4148274582-3694653352-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4086147149-4148274582-3694653352-1002 - Limited - Enabled)
Julz (S-1-5-21-4086147149-4148274582-3694653352-1000 - Administrator - Enabled) => C:\Users\Julz
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image 2014 (HKLM-x32\...\{1F91344A-B963-4431-89E8-4F80DEE282BE}Visible) (Version: 17.0.5560 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.5560 - Acronis) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.29.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0407 - Disc Soft Ltd)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.3.60494 - Dell)
Dell Touchpad (HKLM\...\Elantech) (Version: 10.3.2.2 - ELAN Microelectronic Corp.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Dropbox (HKU\S-1-5-21-4086147149-4148274582-3694653352-1000\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
eM Client (HKLM-x32\...\{66293340-18DC-45D7-B125-4AAA4E57B554}) (Version: 6.0.23181.0 - eM Client Inc.)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
FileZilla Client 3.12.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.12.0.2 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.93 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Hotspot Shield 4.15.3 (HKLM-x32\...\HotspotShield) (Version: 4.15.3 - AnchorFree Inc.)
iFree Skype Recorder 6.0.15 (HKLM-x32\...\iFree Skype Recorder) (Version: 6.0.15 - iFree Skype Recorder)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.7.248 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{a2a04474-104a-49b3-9bf5-33afee260030}) (Version: 17.14.0 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Mi PC Suite (HKU\S-1-5-21-4086147149-4148274582-3694653352-1000\...\MiPhoneManager) (Version: - Xiaomi Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
Nitro Pro 9 (HKLM\...\{1E1E5195-5FD9-4C7A-A2B6-75851E89FD8D}) (Version: 9.0.3.2 - Nitro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.14.010 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.39034 - Realtek Semiconductor Corp.)
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 4.1 - Screaming Frog Ltd)
Screencast-O-Matic v2.0 (HKLM-x32\...\Screencast-O-Matic v2.0) (Version: v2-1.8 - Screencast-O-Matic)
Serato DJ (HKLM-x32\...\{9e649cc6-2e9a-4d16-a834-ec9b64c5a459}) (Version: 1.6.1.5835 - )
Serato DJ (x32 Version: 1.6.1.5835 - Serato) Hidden
Simple Sticky Notes 3.0 (HKLM-x32\...\Simple Sticky Notes_is1) (Version: - Simnet Ltd.)
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
Time Doctor Lite (HKLM-x32\...\Time Doctor Lite 2.3.46) (Version: 2.3.46 - Time Doctor LLC)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL))
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
World of Tanks (HKU\S-1-5-21-4086147149-4148274582-3694653352-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812asia}_is1) (Version: - Wargaming.net)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4086147149-4148274582-3694653352-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Julz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4086147149-4148274582-3694653352-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Julz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4086147149-4148274582-3694653352-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Julz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4086147149-4148274582-3694653352-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Julz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4086147149-4148274582-3694653352-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Julz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4086147149-4148274582-3694653352-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Julz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4086147149-4148274582-3694653352-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Julz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4086147149-4148274582-3694653352-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Julz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4086147149-4148274582-3694653352-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Julz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4086147149-4148274582-3694653352-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Julz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4086147149-4148274582-3694653352-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Julz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 10:34 - 2015-05-20 20:23 - 00000887 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activation.acronis.com
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {15B74A17-8F18-4092-8800-C08E59CD0DE2} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {2B7F40D9-226E-488C-BBB8-866F65B913FD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4086147149-4148274582-3694653352-1000Core => C:\Users\Julz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {3E1671C6-1594-43C6-B374-0E62412F2451} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-20] (Google Inc.)
Task: {7E7D3EF6-7720-45D5-952E-4612871C01AC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {8C04003F-2204-4B82-BEF1-0413E049DEC7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4086147149-4148274582-3694653352-1000UA => C:\Users\Julz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {9A7B538A-C435-41CF-BCE3-D823E2681968} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {AD6F437F-0E7A-401F-AB4D-B7A38B69D44A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-04-10] (Dell Inc.)
Task: {B5281AEF-E6D6-48F0-A52C-2AAC3A649256} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-20] (Google Inc.)
Task: {C3F06931-B111-4E5D-AB0B-BC55DCF7F594} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {CEA42310-2EB2-4358-A511-8B90DCC890D3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-14] (AVAST Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4086147149-4148274582-3694653352-1000Core.job => C:\Users\Julz\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4086147149-4148274582-3694653352-1000UA.job => C:\Users\Julz\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-07-10 01:32 - 2015-07-10 01:32 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-04-16 04:13 - 2015-04-16 04:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-06-04 06:59 - 2015-06-04 06:59 - 00589520 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2012-06-27 00:11 - 2012-03-20 07:09 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2012-06-26 23:02 - 2012-01-11 04:36 - 00159360 _____ () C:\Program Files\Conexant\SA3\MaxxAudioWrapper.dll
2015-08-26 11:21 - 2015-07-03 17:24 - 00146224 _____ () C:\Users\Julz\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe
2015-09-14 19:40 - 2015-09-14 19:40 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-14 19:40 - 2015-09-14 19:40 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-15 20:10 - 2015-09-15 20:10 - 02962944 _____ () C:\Program Files\AVAST Software\Avast\defs\15091500\algo.dll
2015-09-16 09:26 - 2015-09-16 09:26 - 02962944 _____ () C:\Program Files\AVAST Software\Avast\defs\15091501\algo.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-04 06:57 - 2015-06-04 06:57 - 01749200 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2015-06-04 07:19 - 2015-06-04 07:19 - 00616144 _____ () C:\Program Files (x86)\Hotspot Shield\bin\HssRep.4.15.3.dll
2015-04-25 09:03 - 2015-04-25 09:03 - 00280143 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libidn-11.dll
2009-03-28 04:02 - 2009-03-28 04:02 - 01554920 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libeay32.dll
2009-03-28 04:02 - 2009-03-28 04:02 - 00332254 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libssl32.dll
2015-08-26 11:21 - 2015-07-03 17:25 - 00127280 _____ () C:\Users\Julz\AppData\Local\MiPhoneManager\main\MiPlugin4NSIS.dll
2015-08-26 11:21 - 2015-07-03 17:24 - 00066352 _____ () C:\Users\Julz\AppData\Local\MiPhoneManager\main\MiFramework.dll
2015-08-26 11:21 - 2015-07-03 17:19 - 00099600 _____ () C:\Users\Julz\AppData\Local\MiPhoneManager\main\zlib1.dll
2015-08-26 11:21 - 2015-07-03 17:25 - 00018736 _____ () C:\Users\Julz\AppData\Local\MiPhoneManager\main\MiTrace.dll
2015-09-16 09:25 - 2015-09-16 09:25 - 00071168 _____ () c:\users\julz\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaqxqqf.dll
2015-05-20 18:36 - 2015-08-05 13:26 - 00012800 _____ () C:\Users\Julz\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-05-20 18:36 - 2015-08-05 13:26 - 00779776 _____ () C:\Users\Julz\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-29 07:55 - 2015-08-05 13:26 - 00056320 _____ () C:\Users\Julz\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-05-20 18:36 - 2015-08-05 13:26 - 00012288 _____ () C:\Users\Julz\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-09-16 09:24 - 2015-09-16 09:24 - 00098816 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\win32api.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00110080 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\pywintypes27.dll
2015-09-16 09:24 - 2015-09-16 09:24 - 00364544 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\pythoncom27.dll
2015-09-16 09:24 - 2015-09-16 09:24 - 00045568 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\_socket.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 01161216 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\_ssl.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00320512 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\win32com.shell.shell.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00713216 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\_hashlib.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 01176576 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\wx._core_.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00806400 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\wx._gdi_.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00816128 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\wx._windows_.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 01067008 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\wx._controls_.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00733184 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\wx._misc_.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00682496 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\pysqlite2._sqlite.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00087552 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\_ctypes.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00119808 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\win32file.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00108544 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\win32security.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00007168 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\hashobjs_ext.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00068096 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\usb_ext.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00167936 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\win32gui.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00018432 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\win32event.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00128512 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\_elementtree.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00127488 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\pyexpat.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00013824 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\common.time34.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00036864 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\_psutil_windows.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00038912 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\win32inet.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00011264 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\win32crypt.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00077312 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\wx._html2.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00027136 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\_multiprocessing.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00020480 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\_yappi.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00035840 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\win32process.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00686080 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\unicodedata.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00123392 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\wx._wizard.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00024064 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\win32pipe.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00010240 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\select.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00025600 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\win32pdh.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00525640 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\windows._lib_cacheinvalidation.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00017408 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\win32profile.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00022528 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\win32ts.pyd
2015-09-16 09:24 - 2015-09-16 09:24 - 00078848 _____ () C:\Users\Julz\AppData\Local\Temp\_MEI49722\wx._animate.pyd
2015-05-20 22:12 - 2015-05-20 22:12 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-05-20 18:44 - 2015-05-20 18:44 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-06-26 23:03 - 2012-02-02 05:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-06-26 23:02 - 2012-01-21 19:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-07-10 01:32 - 2015-07-10 01:32 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-09-16 15:41 - 2015-09-12 08:22 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\libglesv2.dll
2015-09-16 15:41 - 2015-09-12 08:22 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS:nlsPreferences
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\Users\Julz\Desktop\Einstein Collars Price Change.docx:com.dropbox.attributes
AlternateDataStreams: C:\Users\Julz\Desktop\GK and Wire Price Change.docx:com.dropbox.attributes
AlternateDataStreams: C:\Users\Julz\Desktop\product-page-template - Copy - Copy.html:com.dropbox.attributes
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-4086147149-4148274582-3694653352-1000\...\dell.com -> dell.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4086147149-4148274582-3694653352-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Julz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\Services: syncagentsrv => 2
MSCONFIG\startupfolder: C:^Users^Julz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BLEServicesCtrl => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSystemDetect => C:\Users\Julz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{3E85856F-BBAC-4313-9C76-C1EE48A61B13}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{403D7220-6D59-4958-A19C-0BD182DE03E3}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{EE3BDDDE-8F37-4BF6-85D7-78E7CA872AC9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BE27DDA2-4DF0-4ACB-AD21-383CD20D441F}] => (Allow) LPort=2869
FirewallRules: [{B7343633-D872-4DBC-9E23-C6FF0D766F53}] => (Allow) LPort=1900
FirewallRules: [{7D39BE2E-4923-4D2A-81DA-17FD93E242DD}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{659610B4-4F08-4D80-AD7E-AE077452320E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{F0712FE2-FC7D-4AFC-9ABB-08596E30179E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{BE2A9511-027E-457D-BB78-96996D5831AF}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe
FirewallRules: [{05A484CE-B028-4FB6-A36E-EBB3932357FA}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe
FirewallRules: [{AA6C31A9-0328-4A2B-8555-A619DA7B7332}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe
FirewallRules: [{8615F987-D073-4476-8769-527077821FF3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{9CD8D6A8-5719-4453-9DE1-F867DD50DDA2}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{D02F2E17-0C29-4631-9B92-DD29CE3A7924}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{DB91A8CF-6443-464E-A24A-077ED1E817E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8CA24CC1-C3A7-460D-A035-E601621CAF48}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5868C8DE-1719-433C-AB71-3412C4B03ED0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D3F7AF6B-7210-43EF-BEC4-0043ED88F463}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{98ADFEC8-D794-4FD5-BE05-668B7C807F6A}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{4C712A34-0620-41E8-9411-E29EE4BD4DBD}] => (Allow) C:\Users\Julz\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BDDA5F77-A984-4C86-A6D9-026E988392F3}] => (Allow) C:\Users\Julz\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C1573ED4-9665-4E1E-9816-4D75C06A147F}] => (Allow) C:\Users\Julz\AppData\Local\MiPhoneManager\main\MiPCSuite.exe
FirewallRules: [TCP Query User{7F1E6D6B-AD6C-46B6-AA60-AD0758CC027B}C:\users\julz\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\julz\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe
FirewallRules: [UDP Query User{9BBC9068-10C5-4FD5-8E33-408FE3850B73}C:\users\julz\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\julz\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe
FirewallRules: [TCP Query User{1D228B6A-8683-46AC-91C4-2F90BF3B5A4F}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Block) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [UDP Query User{7569191E-14FC-4C87-B425-109DAA065D96}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Block) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [TCP Query User{5A37EAFE-E105-4F12-AA32-8FB995D26108}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{03D091A3-F733-49D6-AEE9-098C48372F04}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe
FirewallRules: [{1A370B71-C0F8-4CED-A279-08D15579B443}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{E99D5705-D454-4CE9-A2C8-6E0FCA736BDC}C:\users\julz\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\julz\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{6B2FD20C-DAC0-4BA3-B5A9-3E7DEDEE824A}C:\users\julz\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\julz\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{C7F0F43C-6ED4-41E8-8BD4-3E99690E0907}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{26B688BF-3CAF-4652-9F42-67B5086CC1E8}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{9940EE1C-7ACC-4C27-B3A3-0327827939CF}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{FE3DBD09-C30B-4BBD-9A4E-C637D8C67EFD}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{4431E5EA-3A10-4EAB-BD96-809AAE4A130A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F2D9894D-0450-4D64-9338-015ABDE5A0D1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DE8EEA31-BED6-4D8E-903C-8E0520DD32C2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{31B06D34-228B-488F-9B52-F8FDC056E4B9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8B0F423C-5B62-46DD-AB9B-83F398B63AC5}] => (Allow) C:\Games\Steam\Steam.exe
FirewallRules: [{84344516-17E0-4836-BB77-F568BB8DF2DB}] => (Allow) C:\Games\Steam\Steam.exe
FirewallRules: [{F91F17A1-EF6F-490E-8C05-0C9183C8F0D8}] => (Allow) C:\Games\Battle.net\Battle.net.exe
FirewallRules: [{3A70A657-A571-4A2D-A163-D67EF12C7EE3}] => (Allow) C:\Games\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{037FCA74-1DFF-46CC-9D0D-7A2F07457EE0}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CC43CC55-89EC-469A-A33A-E9538C6FF576}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [{A6F0940F-67C5-4B1A-80C3-21346E78264F}] => (Allow) C:\Games\Hearthstone\Hearthstone.exe
FirewallRules: [{1EEB4EF6-38F9-405E-B481-A3F73E3F46E2}] => (Allow) C:\Games\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{035B0BA7-6D65-4EF2-ACAD-FEEF3CD56624}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{41F2A030-6498-4583-93B0-5D4A3F07E7EC}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F1174247-5688-4593-92D8-88E432E71BB4}C:\users\julz\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Block) C:\users\julz\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe
FirewallRules: [UDP Query User{8A70E1C1-BD1D-4367-9107-DF044C07E3FD}C:\users\julz\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Block) C:\users\julz\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe
FirewallRules: [{49B35F32-8282-4C6E-BE85-EF2D6DCFB83D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0BF3C495-53FD-48FD-88C6-193A4D3261DC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EAE6B77D-E096-495F-8D96-8F38CB1E3C36}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{77AFB086-C151-4E18-A32C-2CE903F2CFD0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0C172F31-1A3D-4416-ACC2-7C8946F4AFC1}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{C4A8D48E-052A-4566-92B2-DB5324AABF1A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{01C4A034-2D85-4DFC-8A11-735273E18489}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{E2B476BD-B4D0-440E-A7CF-F17C32310B26}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/16/2015 01:28:17 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
Error: (09/16/2015 09:23:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/15/2015 11:28:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/15/2015 03:30:25 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed SketchUp 2015; Error = 0x80070422).
Error: (09/15/2015 03:30:23 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed SketchUp 2015; Error = 0x80070422).
Error: (09/15/2015 02:45:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9890
Error: (09/15/2015 02:45:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9890
Error: (09/15/2015 02:45:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/15/2015 09:16:19 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
Error: (09/15/2015 08:29:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (09/15/2015 02:45:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DellDataVault service.
Error: (09/12/2015 02:16:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DiagTrack service.
Error: (09/11/2015 01:53:28 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (09/11/2015 01:53:27 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (09/11/2015 09:08:21 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:06:20 AM on 9/11/2015 was unexpected.
Error: (09/11/2015 09:07:13 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {BEBA2AA5-B5A7-4DD3-9AD6-43B24CDD3B7D}
Error: (09/10/2015 07:52:30 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ZeroConfigService service.
Error: (09/09/2015 08:55:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
Error: (09/09/2015 05:48:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DellDataVault service.
Error: (09/09/2015 09:49:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
CodeIntegrity:
===================================
Date: 2015-09-16 15:18:30.284
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-16 15:18:20.224
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-16 15:18:20.173
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-16 15:18:19.731
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-16 15:18:19.668
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-16 15:18:12.787
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-16 15:18:12.727
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-16 15:18:12.544
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-16 15:18:12.488
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-16 15:18:12.324
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 35%
Total physical RAM: 8067.36 MB
Available physical RAM: 5194.07 MB
Total Virtual: 16132.92 MB
Available Virtual: 12825.2 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:445.91 GB) (Free:171.74 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6D99B500)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=445.9 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================