Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Redirects, Antivirus disabled and can't open AV or malware program

Started by Janelle11 , Nov 18 2015 07:06 PM

This topic is locked

#1
Janelle11

Posted 18 November 2015 - 07:06 PM

New Member

Member
9 posts

I first noticed when I tried to click on a product on a website (secure I've shopped there before), another web tab opened and the original website moved to the new tab while the current tab redirected some crap: buy a phone for a dollar or your computer is infected. It happens on just about every website I go to. I tried opening pages in firefox and noticed a virus "Trovigo" came up so I tried removing it but had no success. Trying to open the webpages in fire fox I just get a blank screen, while in IE I get that redirect and new tab previously mentioned.

So I thought I'd run my antivirus program and noticed it had been disabled. I tried clicking on the icon to open it and nothing happens. Same from the menu bar. I can uninstall it, I click on uninstall under programs and nothing happens, I downloaded an avg removal tool and it would not run. I also have malwarebytes on my computer and it won't run or uninstall either. I'm very limited in what I can do as I can't run my antivirus or anti malware software and I'm getting redirected a lot. Please help.

I'm running Windows 7. 32 bit

#2
Valinorum

Posted 19 November 2015 - 10:02 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Follow this link and post the logs.

#3
Janelle11

Posted 19 November 2015 - 04:22 PM

New Member

Topic Starter
Member
9 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-11-2015
Ran by Janelle (administrator) on JANELLE-PC (19-11-2015 11:44:28)
Running from C:\Users\Janelle\Desktop
Loaded Profiles: Janelle (Available Profiles: Janelle & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple, Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Wireless Service) C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe
() C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(NewSoft) C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
(D-Link Corp.) C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe
(Wireless Service) C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(Palit Microsystems Ltd.) C:\Program Files\Thunder Master\THPanel.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Maxis, a brand of Electronic Arts) C:\Program Files\Maxis\The Sims\Sims.exe
() C:\Users\Janelle\AppData\Local\Temp\~f1d055.tmp
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NUSB3MON] => C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-09-26] (NEC Electronics Corporation)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [ChangeFilterMerit] => C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe [51280 2007-06-08] (NewSoft)
HKLM\...\Run: [Presto! PVR Monitor] => C:\Program Files\NewSoft\Presto! PVR\Monitor.exe [157520 2009-11-26] (NewSoft)
HKLM\...\Run: [D-Link D-Link DWA-525] => C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe [995328 2009-11-24] (D-Link Corp.)
HKLM\...\Run: [WZCSLDR2] => C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe [122880 2009-11-03] (Wireless Service)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-15] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1611160 2011-03-28] (CANON INC.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4370976 2014-12-12] (Fitbit, Inc.)
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\Run: [Mobile Partner] => C:\Program Files\Optus Mini WiFi\Optus Mini WiFi Modem
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\Run: [THPanel] => C:\Program Files\Thunder Master\THPanel.exe [2042696 2012-04-11] (Palit Microsystems Ltd.)
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4370976 2014-12-12] (Fitbit, Inc.)
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {297ffbf8-0c6a-11df-87cb-806e6f6e6963} - D:\Start.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {4ebd4e29-33de-11e0-bee4-defb1a6706b8} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {51ba6375-0115-11e1-ae57-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {51ba638d-0115-11e1-ae57-001e101f3315} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {5a8a78e0-b929-11e0-b3ff-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {5a8a78e4-b929-11e0-b3ff-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {5c51d456-4a01-11e0-ac55-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {5c51d45a-4a01-11e0-ac55-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {70d8ec22-185d-11e0-a0b2-920ea53f6d78} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {74db3061-4ba8-11e1-87fd-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {74db3064-4ba8-11e1-87fd-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {76417362-2770-11e0-b698-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {76417366-2770-11e0-b698-6cf0490a9bf1} - G:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {802a8046-bbae-11df-b218-6cf0490a9bf1} - J:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {802a804b-bbae-11df-b218-6cf0490a9bf1} - J:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {d8a91766-49f8-11e0-a892-92c8e960808a} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {f6502cc1-122a-11df-858b-6cf0490a9bf1} - E:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {f6502cc8-122a-11df-858b-6cf0490a9bf1} - F:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{149CC6EF-9337-4A3F-BD77-26F34B0C8474}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{74A031B9-AAA3-47C6-9EEC-9BB9FE64F581}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
URLSearchHook: HKLM - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll No File
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-28] (Oracle Corporation)
BHO: BitTorrentBar Toolbar -> {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -> C:\Program Files\BitTorrentBar\tbBitT.dll => No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Toolbar - Big Fish Games -> {C7C9FC25-88B0-4682-9C9F-2608E9117647} -> C:\Program Files\bfgbartb\BfgBarDx.dll [2010-09-14] ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-28] (Oracle Corporation)
Toolbar: HKLM - Toolbar - Big Fish Games - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\bfgbartb\BfgBarDx.dll [2010-09-14] ()
Toolbar: HKLM - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKU\S-1-5-21-2642413585-4074018743-1779551095-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2642413585-4074018743-1779551095-1000 -> BitTorrentBar Toolbar - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll No File
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.com/s/v/66.30/uploader2.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} hxxps://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Janelle\AppData\Roaming\Mozilla\Firefox\Profiles\tqjnalkk.default-1447883432554
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll [2012-06-03] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-21] (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-09] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-10-16] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2013-05-29]

Chrome:
=======
CHR Profile: C:\Users\Janelle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Janelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-13]
CHR Extension: (YouTube) - C:\Users\Janelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-13]
CHR Extension: (YouTube) - C:\Users\Janelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-13]
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [110592 2008-04-23] (Apple, Inc.) [File not signed]
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 D_Link_DWA-525; C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe [126976 2009-11-03] (Wireless Service) [File not signed]
R2 D_Link_DWA-525_WPS; C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe [40960 2009-07-07] () [File not signed]
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [5738528 2014-12-12] (Fitbit, Inc.) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
R1 Avgdiskx; C:\windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\windows\System32\DRIVERS\avgidsdriverx.sys [224736 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [107488 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
S3 BVRPMPR5; C:\windows\system32\drivers\BVRPMPR5.SYS [49904 2009-05-21] (Avanquest Software) [File not signed]
R3 LVPr2Mon; C:\windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 LVUSBSta; C:\windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R0 mv91cons; C:\windows\System32\DRIVERS\mv91cons.sys [20008 2009-10-10] (Marvell Semiconductor Inc.)
R0 mv91xx; C:\windows\System32\DRIVERS\mv91xx.sys [253480 2009-10-09] (Marvell Semiconductor, Inc.)
R3 netr28; C:\windows\System32\DRIVERS\Dnetr28.sys [668160 2009-11-09] (Ralink Technology, Corp.)
S3 PID_PEPI; C:\windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-12-16] ()
S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [44032 2012-07-09] (Apple, Inc.) [File not signed]
S3 BS1858543190; \??\C:\Users\Janelle\AppData\Local\Temp\NTFS.sys [X]
S3 gdrv; \??\C:\windows\gdrv.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 RTL2832UBDA; system32\drivers\RTL2832UBDA.sys [X]
S3 RTL2832UUSB; System32\Drivers\RTL2832UUSB.sys [X]
S3 RTL2832U_IRHID; system32\DRIVERS\RTL2832U_IRHID.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-19 11:44 - 2015-11-19 11:45 - 00020182 _____ C:\Users\Janelle\Desktop\FRST.txt
2015-11-19 11:42 - 2015-11-19 11:44 - 00000000 ____D C:\FRST
2015-11-19 11:42 - 2015-11-19 11:42 - 01378816 _____ (Farbar) C:\Users\Janelle\Desktop\FRST.exe
2015-11-19 09:31 - 2015-11-19 09:32 - 01847144 _____ (Malwarebytes ) C:\Users\Janelle\Downloads\mbae-setup-1.08.1.1044.exe
2015-11-19 09:20 - 2015-11-19 09:21 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Janelle\Downloads\avg_remover_stf_x86_2015_5501.exe
2015-11-19 09:11 - 2015-11-19 09:11 - 02895464 _____ (AVG Technologies) C:\Users\Janelle\Downloads\AVG_Protection_Free_1115.exe
2015-11-19 08:50 - 2015-11-19 08:50 - 00000000 ____D C:\Users\Janelle\Desktop\Old Firefox Data
2015-11-19 08:39 - 2015-11-19 09:23 - 00290304 _____ (Microsoft Corporation) C:\windows\system32\subinacl.exe
2015-11-19 08:39 - 2015-11-19 08:39 - 00000000 ____D C:\Program Files\Adware Removal Tool by TSA
2015-11-19 08:38 - 2015-11-19 08:39 - 00700584 _____ C:\Users\Janelle\Downloads\Adware_Removal_Tool_by_TSA.exe
2015-11-19 08:27 - 2015-11-19 08:27 - 00000000 ____D C:\Users\Janelle\AppData\Local\{0E0E519C-6D13-4982-8023-6E2F930D2000}
2015-11-16 08:31 - 2015-11-16 08:31 - 00000000 ____D C:\Users\Janelle\AppData\Local\{82C64DE5-CE2E-4F8C-81F9-48782CAA1EE9}
2015-11-16 08:30 - 2015-11-16 08:30 - 00159560 _____ C:\windows\Minidump\111615-78406-01.dmp
2015-11-15 18:20 - 2015-11-15 18:20 - 00000582 _____ C:\windows\eReg.dat
2015-11-15 18:20 - 2015-11-15 18:20 - 00000000 ____D C:\Users\Janelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxis
2015-11-15 18:20 - 2015-11-15 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
2015-11-15 18:01 - 2015-11-15 18:03 - 00000000 ____D C:\Program Files\Maxis
2015-11-15 18:00 - 2015-11-15 18:00 - 00000000 ____D C:\Users\Janelle\AppData\Local\{CD5C4956-9D3E-449D-8A13-A27244E0A530}
2015-11-13 08:26 - 2015-11-13 08:26 - 00000000 ____D C:\Users\Janelle\AppData\Local\{25D92368-44CE-448F-ABD7-98A12F71F1B9}
2015-11-12 23:22 - 2015-11-12 23:23 - 00159560 _____ C:\windows\Minidump\111215-35615-01.dmp
2015-11-11 14:08 - 2015-11-11 14:08 - 00000000 ____D C:\Users\Janelle\AppData\Local\{6473B373-F13C-4CE7-9CD8-EAF81763C25C}
2015-11-01 07:33 - 2015-11-01 08:55 - 00000000 ____D C:\windows\A3W_DATA
2015-11-01 07:26 - 2015-11-01 07:26 - 00000000 __RSH C:\MSDOS.SYS
2015-11-01 07:26 - 2015-11-01 07:26 - 00000000 __RSH C:\IO.SYS

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-19 11:43 - 2015-02-08 20:18 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-19 09:59 - 2011-07-13 12:31 - 01173504 ___SH C:\Users\Janelle\Desktop\Thumbs.db
2015-11-19 09:24 - 2009-07-14 15:34 - 00023392 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-19 09:24 - 2009-07-14 15:34 - 00023392 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-19 09:00 - 2009-11-03 14:39 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-19 08:55 - 2011-02-11 14:54 - 00003284 _____ C:\windows\system32\ANIWZCS{149CC6EF-9337-4A3F-BD77-26F34B0C8474}
2015-11-19 08:55 - 2011-02-11 14:54 - 00003284 _____ C:\Users\Janelle\AppData\Roaming\ANIWZCS{149CC6EF-9337-4A3F-BD77-26F34B0C8474}
2015-11-19 08:55 - 2011-02-11 14:47 - 00000008 _____ C:\windows\system32\ANIWZCSUSERNAME{149CC6EF-9337-4A3F-BD77-26F34B0C8474}
2015-11-19 08:55 - 2011-01-24 13:48 - 00000374 _____ C:\windows\system32\Drivers\etc\hosts.ics
2015-11-19 08:55 - 2010-02-19 00:40 - 00000000 ____D C:\Users\Janelle\Tracing
2015-11-19 08:54 - 2015-03-31 11:23 - 25646850 _____ C:\windows\system32\debug.log
2015-11-19 08:54 - 2015-02-08 20:18 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-19 08:54 - 2014-12-16 09:54 - 00007278 _____ C:\windows\setupact.log
2015-11-19 08:54 - 2012-08-13 16:27 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-19 08:54 - 2009-07-14 15:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-19 08:25 - 2014-12-16 09:54 - 00011194 _____ C:\windows\PFRO.log
2015-11-19 08:21 - 2014-12-19 10:57 - 00000000 ____D C:\Users\Janelle\AppData\Local\CrashDumps
2015-11-18 21:31 - 2015-04-03 12:57 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-11-18 18:44 - 2015-01-07 10:59 - 00286964 _____ C:\windows\system32\CFG1858543190
2015-11-16 08:30 - 2010-02-13 22:42 - 00000000 ____D C:\windows\Minidump
2015-11-16 08:29 - 2015-01-07 10:58 - 350698506 _____ C:\windows\MEMORY.DMP
2015-11-15 18:03 - 2010-01-29 15:21 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-11-15 18:01 - 2010-01-29 15:21 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2015-11-15 16:01 - 2010-04-02 00:51 - 00000000 ____D C:\Program Files\Warcraft II BNE
2015-11-15 15:32 - 2010-02-13 22:47 - 00000000 ____D C:\ProgramData\TEMP
2015-11-11 14:06 - 2010-02-19 00:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-11-11 14:04 - 2012-04-30 22:07 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-11-11 12:54 - 2014-12-16 09:59 - 00000000 ____D C:\ProgramData\MFAData
2015-11-09 17:18 - 2014-12-16 21:56 - 00013856 _____ C:\windows\WindowsUpdate.log
2015-11-09 17:17 - 2010-06-05 06:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-11-01 08:54 - 2013-05-01 16:48 - 00000086 _____ C:\windows\CIV.INI

==================== Files in the root of some directories =======

2011-02-11 14:58 - 2015-02-07 15:50 - 0000280 _____ () C:\Users\Janelle\AppData\Roaming\ANICONFIG_{149CC6EF-9337-4A3F-BD77-26F34B0C8474}.ini
2011-02-11 14:54 - 2015-11-19 08:55 - 0003284 _____ () C:\Users\Janelle\AppData\Roaming\ANIWZCS{149CC6EF-9337-4A3F-BD77-26F34B0C8474}
2011-06-18 03:37 - 2012-10-22 15:32 - 0005120 _____ () C:\Users\Janelle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-03 18:32 - 2015-01-04 09:02 - 0007601 _____ () C:\Users\Janelle\AppData\Local\Resmon.ResmonCfg
2011-05-20 17:38 - 2011-05-20 17:38 - 0000000 _____ () C:\Users\Janelle\AppData\Local\{B7EE91D5-832C-49BF-B429-AF4120102726}
2011-04-09 01:28 - 2011-04-09 01:28 - 0000059 _____ () C:\ProgramData\user.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-11 15:20

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-11-2015
Ran by Janelle (2015-11-19 11:45:59)
Running from C:\Users\Janelle\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2010-02-05 08:47:23)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2642413585-4074018743-1779551095-500 - Administrator - Disabled)
Guest (S-1-5-21-2642413585-4074018743-1779551095-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2642413585-4074018743-1779551095-1005 - Limited - Enabled)
Janelle (S-1-5-21-2642413585-4074018743-1779551095-1000 - Administrator - Enabled) => C:\Users\Janelle
UpdatusUser (S-1-5-21-2642413585-4074018743-1779551095-1006 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements (HKLM\...\BFG-4 Elements) (Version: - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adelantado Trilogy: Book One (HKLM\...\BFG-Adelantado Trilogy - Book One) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alice Greenfingers (HKLM\...\BFG-Alice Greenfingers) (Version: - )
Alice Greenfingers 2 (HKLM\...\BFG-Alice Greenfingers 2) (Version: - )
All My Gods (HKLM\...\BFG-All My Gods) (Version: - )
Amazing Animals (HKLM\...\{A007BA13-8719-4740-96B6-F5CAE41A7736}) (Version: 1.10.000 - )
American History Lux (HKLM\...\BFG-American History Lux) (Version: - )
Ancient Rome (HKLM\...\BFG-Ancient Rome) (Version: - )
Ant War (HKLM\...\BFG-Ant War) (Version: - )
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ares 2.1.5 (HKLM\...\Ares) (Version: 2.1.5-Build#3039 - Ares Development Group)
Artist Colony (HKLM\...\BFG-Artist Colony) (Version: - )
Australian Explorers (HKLM\...\{970E1903-680C-4D78-9F82-3A3BDD01700F}) (Version: 1.10.000 - )
Avalon (HKLM\...\BFG-Avalon) (Version: - )
Aveyond (HKLM\...\BFG-Aveyond) (Version: - )
Aveyond 2 (HKLM\...\BFG-Aveyond 2) (Version: - )
Aveyond: Gates of Night (HKLM\...\BFG-Aveyond - Gates of Night) (Version: - )
Aveyond: Lord of Twilight (HKLM\...\BFG-Aveyond - Lord of Twilight) (Version: - )
Aveyond: The Darkthrop Prophecy (HKLM\...\BFG-Aveyond - The Darkthrop Prophecy) (Version: - )
Aveyond: The Lost Orb (HKLM\...\BFG-Aveyond - The Lost Orb) (Version: - )
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4457 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
Big Fish Games Toolbar 2.0 (HKLM\...\BfgBar) (Version: - )
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
BitTorrent (HKLM\...\BitTorrent) (Version: 7.2.0 - )
BitTorrentBar Toolbar (HKLM\...\BitTorrentBar Toolbar) (Version: 6.2.7.3 - BitTorrentBar)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brain Training for Dummies (HKLM\...\BFG-Brain Training for Dummies) (Version: - )
Build-a-lot (HKLM\...\BFG-Build-a-lot) (Version: - )
Build-a-lot 2: Town of the Year (HKLM\...\BFG-Build-a-lot 2 - Town of the Year) (Version: - )
Build-a-lot: On Vacation (HKLM\...\BFG-Build-a-lot - On Vacation) (Version: - )
Burger Shop 2 (HKLM\...\BFG-Burger Shop 2) (Version: - )
Campgrounds (HKLM\...\BFG-Campgrounds) (Version: - )
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version: - )
Canon MG2100 series On-screen Manual (HKLM\...\Canon MG2100 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version: - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
Chocolatier (HKLM\...\BFG-Chocolatier) (Version: - )
Chocolatier 2: Secret Ingredients (HKLM\...\BFG-Chocolatier 2 - Secret Ingredients) (Version: - )
Cooking Academy (HKLM\...\BFG-Cooking Academy) (Version: - )
Cooking Academy: Restaurant Royale (HKLM\...\BFG-Cooking Academy - Restaurant Royale) (Version: - )
Cruise Clues: Caribbean Adventure (HKLM\...\BFG-Cruise Clues - Caribbean Adventure) (Version: - )
Cute Knight (HKLM\...\BFG-Cute Knight) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Deadly Sin (HKLM\...\BFG-Deadly Sin) (Version: - )
Diner Dash (HKLM\...\BFG-Diner Dash) (Version: - )
D-Link DWA-525 (HKLM\...\{1DEB8A37-56C9-4E41-9102-171D8EC91DF0}) (Version: - D-Link)
Dragon Keeper (HKLM\...\BFG-Dragon Keeper) (Version: - )
Dragonsphere (HKLM\...\GOGPACKDRAGONSPHERE_is1) (Version: 2.0.0.13 - GOG.com)
Dream Chronicles: The Book of Air (HKLM\...\BFG-Dream Chronicles - The Book of Air) (Version: - )
Empires & Dungeons (HKLM\...\BFG-Empires & Dungeons) (Version: - )
Escape From Paradise (HKLM\...\BFG-Escape From Paradise) (Version: - )
Escape From Paradise 2: A Kingdom's Quest (HKLM\...\BFG-Escape From Paradise 2 - A Kingdom's Quest) (Version: - )
Fairy Island (HKLM\...\BFG-Fairy Island) (Version: - )
Farm Frenzy (HKLM\...\BFG-Farm Frenzy) (Version: - )
Farm Frenzy 2 (HKLM\...\BFG-Farm Frenzy 2) (Version: - )
Farm Frenzy 3: Ice Age (HKLM\...\BFG-Farm Frenzy 3 - Ice Age) (Version: - )
Farm Tribe (HKLM\...\BFG-Farm Tribe) (Version: - )
Farm Tribe 2 Survey (HKLM\...\BFG-Farm Tribe 2 Survey) (Version: - )
Fashion Boutique (HKLM\...\BFG-Fashion Boutique) (Version: - )
Fish Tycoon (HKLM\...\BFG-Fish Tycoon) (Version: - )
FishCo (HKLM\...\BFG-FishCo) (Version: - )
Fishdom (HKLM\...\BFG-Fishdom) (Version: - )
Fishdom H2O: Hidden Odyssey ™ (HKLM\...\BFG-Fishdom H2O - Hidden Odyssey) (Version: - )
Fitbit Connect (HKLM\...\{D626E72A-ED95-489A-9B8B-0B2A7B649A85}) (Version: 2.0.0.6518 - Fitbit Inc.)
Forgotten Lands: First Colony ™ (HKLM\...\BFG-Forgotten Lands - First Colony) (Version: - )
Garden Defense (HKLM\...\BFG-Garden Defense) (Version: - )
Garden Panic (HKLM\...\BFG-Garden Panic) (Version: - )
Ghost in the Sheet (HKLM\...\BFG-Ghost in the Sheet) (Version: - )
Golden Trails 2: The Lost Legacy (HKLM\...\BFG-Golden Trails 2 - The Lost Legacy) (Version: - )
Golden Trails: The New Western Rush (HKLM\...\BFG-Golden Trails The New Western Rush) (Version: - )
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hidden World (HKLM\...\BFG-Hidden World) (Version: - )
Hobby Farm (HKLM\...\BFG-Hobby Farm) (Version: - )
Home Sweet Home (HKLM\...\BFG-Home Sweet Home) (Version: - )
I SPY™ Fun House (HKLM\...\BFG-I SPY™ Fun House) (Version: - )
Ice Cream Tycoon (HKLM\...\BFG-Ice Cream Tycoon) (Version: - )
Insaniquarium! Deluxe (HKLM\...\BFG-Insaniquarium! Deluxe) (Version: - )
iPod for Windows 2006-06-28 (HKLM\...\InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}) (Version: 4.7.0 - Apple Computer, Inc.)
iPod for Windows 2006-06-28 (Version: 4.7.0 - Apple Computer, Inc.) Hidden
iPod Reset Utility (HKLM\...\{20ED157B-1A84-4DF7-945E-4951A38A9CBA}) (Version: 1.0.4.71 - Apple Inc.)
iTunes (HKLM\...\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}) (Version: 11.0.4.4 - Apple Inc.)
Jack of All Tribes (HKLM\...\BFG-Jack of All Tribes) (Version: - )
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Life Quest ™ (HKLM\...\BFG-Life Quest) (Version: - )
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Magic Farm: Ultimate Flower (HKLM\...\BFG-Magic Farm - Ultimate Flower) (Version: - )
Magic Seeds (HKLM\...\BFG-Magic Seeds) (Version: - )
Malwarebytes Anti-Malware version 1.65.0.1400 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.65.0.1400 - Malwarebytes Corporation)
Master of Defense (HKLM\...\BFG-Master of Defense) (Version: - )
Media Player Codec Pack 3.9.6 (HKLM\...\Media Player - Codec Pack) (Version: - Media Player Codec Pack)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Millennium: A New Hope (HKLM\...\BFG-Millennium - A New Hope) (Version: - )
Monster Mash (HKLM\...\BFG-Monster Mash) (Version: - )
Mozilla Firefox 28.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 28.0 (x86 en-GB)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
My Farm Life 2 (HKLM\...\BFG-My Farm Life 2) (Version: - )
My Life Story (HKLM\...\BFG-My Life Story) (Version: - )
NEC Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.14.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.14.0 - NEC Electronics Corporation) Hidden
Nightmare Adventures: The Witch's Prison (HKLM\...\BFG-Nightmare Adventures - The Witch's Prison) (Version: - )
Nightmare Realm (HKLM\...\BFG-Nightmare Realm) (Version: - )
NVIDIA 3D Vision Controller Driver 296.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.16 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.14.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.14.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Optus Mini WiFi Modem (HKLM\...\Optus Mini WiFi Modem) (Version: TOOL-ConnLaucher_WIN1.01.01.74 - Huawei Technologies Co.,Ltd)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plant Tycoon (HKLM\...\BFG-Plant Tycoon) (Version: - )
Presto! PVR (HKLM\...\{BC0DCD27-345B-4013-A6E0-67EC92DF32C8}) (Version: 5.73.03 - NewSoft)
Ranch Rush 2 - Sara's Island Experiment (HKLM\...\BFG-Ranch Rush 2 - Sara's Island Experiment) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5943 - Realtek Semiconductor Corp.)
Roads of Rome (HKLM\...\BFG-Roads of Rome) (Version: - )
Royal Defense (HKLM\...\BFG-Royal Defense) (Version: - )
Royal Envoy (HKLM\...\BFG-Royal Envoy) (Version: - )
Sid Meier's Civilization 4 (HKLM\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.52 - Firaxis Games)
Sid Meier's Civilization 4 (Version: 1.00.0000 - Firaxis Games) Hidden
Silent Scream: The Dancer Survey (HKLM\...\BFG-Silent Scream - The Dancer Survey) (Version: - )
Skyborn (HKLM\...\BFG-Skyborn) (Version: - )
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonya Survey (HKLM\...\BFG-Sonya Survey) (Version: - )
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Syberia - Part 2 (HKLM\...\BFG-Syberia - Part 2) (Version: - )
Syberia (HKLM\...\BFG-Syberia) (Version: - )
Sylia - Act 1 (HKLM\...\BFG-Sylia - Act 1) (Version: - )
Taipan v1.11 (HKLM\...\Taipan_is1) (Version: - DigitalLabs.net)
Tasty Planet: Back for Seconds (HKLM\...\BFG-Tasty Planet - Back for Seconds) (Version: - )
The Island: Castaway (HKLM\...\BFG-The Island - Castaway) (Version: - )
The Promised Land (HKLM\...\BFG-The Promised Land) (Version: - )
The Sims Deluxe Edition (HKLM\...\{10798AE3-DCBB-43C3-9C93-C23512427E25}) (Version: - )
The Timebuilders: Pyramid Rising (HKLM\...\BFG-The Timebuilders - Pyramid Rising) (Version: - )
Thunder Master v1.1 (HKLM\...\{EE04522C-0814-4B63-AE57-0B63E5A355BB}_is1) (Version: 1.1.0.1 - Palit Microsystems Ltd.)
Toolbar - Big Fish Games (HKLM\...\bfgbartb) (Version: 2.1.0.13 - Big Fish Games, Inc.)
Totem Tribe (HKLM\...\BFG-Totem Tribe) (Version: - )
TP-LINK Driver Installation Program (HKLM\...\{E63F3DF4-18E8-4F46-BBD8-E64FC9C370AD}) (Version: 7.1 - TP-LINK)
TV Farm 2 (HKLM\...\BFG-TV Farm 2) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Viking Saga (HKLM\...\BFG-Viking Saga) (Version: - )
Virtual City (HKLM\...\BFG-Virtual City) (Version: - )
Virtual City 2: Paradise Resort (HKLM\...\BFG-Virtual City 2 - Paradise Resort) (Version: - )
Virtual Families (HKLM\...\BFG-Virtual Families) (Version: - )
Virtual Families 2 (HKLM\...\BFG-Virtual Families 2) (Version: - )
Virtual Farm (HKLM\...\BFG-Virtual Farm) (Version: - )
Virtual Farm 2 (HKLM\...\BFG-Virtual Farm 2) (Version: - )
Virtual Farm 2 (HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\Virtual Farm 2) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
Virtual Villagers: A New Home (HKLM\...\BFG-Virtual Villagers) (Version: - )
Virtual Villagers: New Believers (HKLM\...\BFG-Virtual Villagers - New Believers) (Version: - )
Virtual Villagers: The Lost Children (HKLM\...\BFG-Virtual Villagers - The Lost Children) (Version: - )
Virtual Villagers: The Secret City (HKLM\...\BFG-Virtual Villagers - The Secret City) (Version: - )
Virtual Villagers: The Tree of Life (HKLM\...\BFG-Virtual Villagers - The Tree of Life) (Version: - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Wandering Willows (HKLM\...\BFG-Wandering Willows) (Version: - )
Warcraft II BNE (HKLM\...\Warcraft II BNE) (Version: - )
Weather Lord (HKLM\...\BFG-Weather Lord) (Version: - )
Wild Tribe (HKLM\...\BFG-Wild Tribe) (Version: - )
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Wonderburg (HKLM\...\BFG-Wonderburg) (Version: - )
World Atlas 2009 (HKLM\...\{E21A7C56-8918-4759-88AF-BB9BD67191FB}) (Version: 1.10.000 - )
XAce Plus v2.6 (HKLM\...\XAce Plus v2.6) (Version: - )
Youda Camper (HKLM\...\BFG-Youda Camper) (Version: - )
Youda Safari (HKLM\...\BFG-Youda Safari) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2642413585-4074018743-1779551095-1000_Classes\CLSID\{1AACCFAB-1679-268A-6D1A-9DF759CA176E}\InprocServer32 -> C:\Program Files\Windows Live\Photo Gallery\MicrosoftEffects.dll => No File
CustomCLSID: HKU\S-1-5-21-2642413585-4074018743-1779551095-1000_Classes\CLSID\{429D1B29-4C69-99BE-861B-2904B96F4EE1}\InprocServer32 -> C:\Program Files\Windows Live\Photo Gallery\MicrosoftEffects.dll => No File
CustomCLSID: HKU\S-1-5-21-2642413585-4074018743-1779551095-1000_Classes\CLSID\{9F513431-89B9-5915-D7A0-4A32A40C70CB}\InprocServer32 -> C:\Program Files\Windows Live\Photo Gallery\MicrosoftEffects.dll => No File
CustomCLSID: HKU\S-1-5-21-2642413585-4074018743-1779551095-1000_Classes\CLSID\{E3BC9085-6ED0-3EE1-9AD8-E2DC8F52E679}\InprocServer32 -> C:\Program Files\Windows Live\Photo Gallery\MicrosoftEffects.dll => No File

==================== Restore Points =========================

03-05-2015 21:55:40 Windows Backup
10-05-2015 20:00:13 Windows Backup
17-05-2015 20:00:11 Windows Backup
24-05-2015 20:00:12 Windows Backup
04-06-2015 10:20:21 Windows Backup
09-06-2015 17:09:54 Windows Backup
30-06-2015 19:23:00 Windows Backup
06-07-2015 16:21:58 Windows Backup
25-07-2015 11:57:55 Windows Backup
11-08-2015 11:36:18 Windows Backup
23-08-2015 16:28:29 Windows Backup
25-08-2015 18:53:46 Windows Backup
01-09-2015 11:19:39 Windows Backup
09-09-2015 01:44:16 Windows Backup
13-09-2015 20:00:07 Windows Backup
04-10-2015 19:00:14 Windows Backup
26-10-2015 09:52:50 Windows Backup
01-11-2015 20:51:09 Windows Backup
08-11-2015 19:00:08 Windows Backup
15-11-2015 18:03:07 Installed The Sims Deluxe Edition
15-11-2015 19:00:09 Windows Backup

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:04 - 2009-06-11 08:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5168FC9D-AB6E-4705-B23A-957C0D4E8762} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {6E16B38E-4876-4E41-905E-43DF2D47347E} - System32\Tasks\0215avUpdateInfo => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe [2015-02-18] ()
Task: {86C8C0CB-F317-4545-BE85-210FED485CA5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {AD935B85-06E3-4818-9B8C-4E487D478F9B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\0215avUpdateInfo.job => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-08-13 16:25 - 2013-01-19 01:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2011-02-11 14:47 - 2011-02-11 14:47 - 00073728 _____ () C:\Program Files\D-Link\DWA-525 revA\ANPDApi.dll
2011-02-11 14:46 - 2009-10-19 21:59 - 00274432 _____ () C:\Program Files\D-Link\DWA-525 revA\WlanApp.dll
2011-02-11 14:46 - 2009-07-07 22:49 - 00040960 _____ () C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe
2012-04-30 22:07 - 2011-02-07 18:56 - 00138192 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2009-10-14 16:36 - 2009-10-14 16:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-19 22:02 - 2014-11-19 22:02 - 40622592 ____R () C:\Program Files\Fitbit Connect\libcef.dll
2009-10-14 16:34 - 2009-10-14 16:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2015-11-19 10:27 - 2015-11-19 10:27 - 00653340 _____ () C:\Users\Janelle\AppData\Local\Temp\~efe7a1\~df394b.tmp
2015-11-15 18:19 - 2000-12-06 21:16 - 00835628 _____ () C:\Program Files\Maxis\The Sims\gimex.DLL
2010-05-25 06:33 - 2010-05-25 06:33 - 03822592 _____ () C:\windows\system32\ffdshow.ax
2009-08-12 08:19 - 2009-08-12 08:19 - 00797184 _____ () C:\windows\system32\ac3filter.ax
2015-11-19 10:27 - 2015-11-19 10:27 - 00046592 _____ () C:\Users\Janelle\AppData\Local\Temp\~f1d055.tmp

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:02A78DF6
AlternateDataStreams: C:\ProgramData\TEMP:041ED421
AlternateDataStreams: C:\ProgramData\TEMP:04ADB7A6
AlternateDataStreams: C:\ProgramData\TEMP:058A7351
AlternateDataStreams: C:\ProgramData\TEMP:108BC6C8
AlternateDataStreams: C:\ProgramData\TEMP:1226FEE8
AlternateDataStreams: C:\ProgramData\TEMP:14750D76
AlternateDataStreams: C:\ProgramData\TEMP:15752405
AlternateDataStreams: C:\ProgramData\TEMP:178093AE
AlternateDataStreams: C:\ProgramData\TEMP:19C541B5
AlternateDataStreams: C:\ProgramData\TEMP:1B9E79B3
AlternateDataStreams: C:\ProgramData\TEMP:2216A431
AlternateDataStreams: C:\ProgramData\TEMP:2342AE46
AlternateDataStreams: C:\ProgramData\TEMP:241FA548
AlternateDataStreams: C:\ProgramData\TEMP:258D2F8B
AlternateDataStreams: C:\ProgramData\TEMP:268BA8AB
AlternateDataStreams: C:\ProgramData\TEMP:27F44544
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2F141B68
AlternateDataStreams: C:\ProgramData\TEMP:2F5A06FD
AlternateDataStreams: C:\ProgramData\TEMP:351662E7
AlternateDataStreams: C:\ProgramData\TEMP:35629AE6
AlternateDataStreams: C:\ProgramData\TEMP:36A39835
AlternateDataStreams: C:\ProgramData\TEMP:375FC7E7
AlternateDataStreams: C:\ProgramData\TEMP:38D2EA83
AlternateDataStreams: C:\ProgramData\TEMP:3A4676D7
AlternateDataStreams: C:\ProgramData\TEMP:3AB8D21A
AlternateDataStreams: C:\ProgramData\TEMP:3C9B05C4
AlternateDataStreams: C:\ProgramData\TEMP:3CA557DB
AlternateDataStreams: C:\ProgramData\TEMP:44E16D4A
AlternateDataStreams: C:\ProgramData\TEMP:453190EC
AlternateDataStreams: C:\ProgramData\TEMP:461BD06D
AlternateDataStreams: C:\ProgramData\TEMP:4AEAF2B6
AlternateDataStreams: C:\ProgramData\TEMP:4C3504B5
AlternateDataStreams: C:\ProgramData\TEMP:4E6B8D68
AlternateDataStreams: C:\ProgramData\TEMP:581B0446
AlternateDataStreams: C:\ProgramData\TEMP:5ED747B8
AlternateDataStreams: C:\ProgramData\TEMP:5F7DD688
AlternateDataStreams: C:\ProgramData\TEMP:60C897F3
AlternateDataStreams: C:\ProgramData\TEMP:61A065F2
AlternateDataStreams: C:\ProgramData\TEMP:627B7F7C
AlternateDataStreams: C:\ProgramData\TEMP:6407DD2D
AlternateDataStreams: C:\ProgramData\TEMP:640DDEFF
AlternateDataStreams: C:\ProgramData\TEMP:6514A833
AlternateDataStreams: C:\ProgramData\TEMP:663B62CA
AlternateDataStreams: C:\ProgramData\TEMP:6BF0805F
AlternateDataStreams: C:\ProgramData\TEMP:6C7EBDC3
AlternateDataStreams: C:\ProgramData\TEMP:708BB0FA
AlternateDataStreams: C:\ProgramData\TEMP:74091520
AlternateDataStreams: C:\ProgramData\TEMP:7425C891
AlternateDataStreams: C:\ProgramData\TEMP:751D6870
AlternateDataStreams: C:\ProgramData\TEMP:76466F4C
AlternateDataStreams: C:\ProgramData\TEMP:7D288858
AlternateDataStreams: C:\ProgramData\TEMP:7EC01D6D
AlternateDataStreams: C:\ProgramData\TEMP:80E965A3
AlternateDataStreams: C:\ProgramData\TEMP:8140CB50
AlternateDataStreams: C:\ProgramData\TEMP:84151293
AlternateDataStreams: C:\ProgramData\TEMP:84BD8B63
AlternateDataStreams: C:\ProgramData\TEMP:88E3B9B6
AlternateDataStreams: C:\ProgramData\TEMP:89A5891E
AlternateDataStreams: C:\ProgramData\TEMP:8BCF4DE2
AlternateDataStreams: C:\ProgramData\TEMP:8F827F9E
AlternateDataStreams: C:\ProgramData\TEMP:91486201
AlternateDataStreams: C:\ProgramData\TEMP:92DB4653
AlternateDataStreams: C:\ProgramData\TEMP:9547F1DB
AlternateDataStreams: C:\ProgramData\TEMP:961B4D58
AlternateDataStreams: C:\ProgramData\TEMP:971DCCE2
AlternateDataStreams: C:\ProgramData\TEMP:98DD1050
AlternateDataStreams: C:\ProgramData\TEMP:99AC3203
AlternateDataStreams: C:\ProgramData\TEMP:9D03192E
AlternateDataStreams: C:\ProgramData\TEMP:9D6EAEC3
AlternateDataStreams: C:\ProgramData\TEMP:9E3E060F
AlternateDataStreams: C:\ProgramData\TEMP:A00BCDEF
AlternateDataStreams: C:\ProgramData\TEMP:A18D1A5B
AlternateDataStreams: C:\ProgramData\TEMP:A3063E0E
AlternateDataStreams: C:\ProgramData\TEMP:A3750BE5
AlternateDataStreams: C:\ProgramData\TEMP:A561576B
AlternateDataStreams: C:\ProgramData\TEMP:A819A132
AlternateDataStreams: C:\ProgramData\TEMP:AA004D25
AlternateDataStreams: C:\ProgramData\TEMP:AB03533D
AlternateDataStreams: C:\ProgramData\TEMP:AC0528D9
AlternateDataStreams: C:\ProgramData\TEMP:AFB24B00
AlternateDataStreams: C:\ProgramData\TEMP:BB8C0761
AlternateDataStreams: C:\ProgramData\TEMP:BFAD7A5D
AlternateDataStreams: C:\ProgramData\TEMP:C00D30BD
AlternateDataStreams: C:\ProgramData\TEMP:C37283B5
AlternateDataStreams: C:\ProgramData\TEMP:C8182692
AlternateDataStreams: C:\ProgramData\TEMP:C86B29EB
AlternateDataStreams: C:\ProgramData\TEMP:CA8D6B60
AlternateDataStreams: C:\ProgramData\TEMP:CAE2C3A5
AlternateDataStreams: C:\ProgramData\TEMP:CC45913B
AlternateDataStreams: C:\ProgramData\TEMP:D01ACC06
AlternateDataStreams: C:\ProgramData\TEMP:D1713795
AlternateDataStreams: C:\ProgramData\TEMP:D2D4B33E
AlternateDataStreams: C:\ProgramData\TEMP:D3A8AA31
AlternateDataStreams: C:\ProgramData\TEMP:D890DD02
AlternateDataStreams: C:\ProgramData\TEMP:DDEB08FD
AlternateDataStreams: C:\ProgramData\TEMP:E266F325
AlternateDataStreams: C:\ProgramData\TEMP:E6D148BC
AlternateDataStreams: C:\ProgramData\TEMP:E8BF029E
AlternateDataStreams: C:\ProgramData\TEMP:E962FBDB
AlternateDataStreams: C:\ProgramData\TEMP:F1175E1D
AlternateDataStreams: C:\ProgramData\TEMP:F3591DDB
AlternateDataStreams: C:\ProgramData\TEMP:F863930B
AlternateDataStreams: C:\ProgramData\TEMP:FACB65E7
AlternateDataStreams: C:\ProgramData\TEMP:FD38E906
AlternateDataStreams: C:\ProgramData\TEMP:FD786DCA
AlternateDataStreams: C:\ProgramData\TEMP:FF9C44FE

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\freetoolsassociation.com -> hxxp://activegs.freetoolsassociation.com
IE trusted site: HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\virtualapple.org -> hxxp://www.virtualapple.org

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Janelle\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ATICustomerCare => "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1DF5F7FE-1B80-4D2C-B574-D6C3C704B125}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{D6299A4F-8E95-4AD5-8D48-6AAF2EAECF19}C:\program files\ares\ares.exe] => (Allow) C:\program files\ares\ares.exe
FirewallRules: [UDP Query User{F3EAF886-733C-4D16-93C0-48BEB6902A1F}C:\program files\ares\ares.exe] => (Allow) C:\program files\ares\ares.exe
FirewallRules: [{3E86F518-3720-44FC-89FC-2910DF1D374B}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{E4BE0681-4C09-4C91-B6FD-13E29C7A2387}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7436B416-58C8-4BAF-BDB8-0A34AA8D1CE1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{65F09159-C964-4A8F-BB2F-AA099DBD285E}C:\program files\ares\ares.exe] => (Block) C:\program files\ares\ares.exe
FirewallRules: [UDP Query User{8AB619C5-5527-4E5F-8A20-5038CB6307B0}C:\program files\ares\ares.exe] => (Block) C:\program files\ares\ares.exe
FirewallRules: [TCP Query User{906BC1D0-AF25-4090-BF15-3B1F340BAB7D}C:\program files\windows live\messenger\msnmsgr.exe] => (Allow) C:\program files\windows live\messenger\msnmsgr.exe
FirewallRules: [UDP Query User{C88B1CCB-2924-4FF4-9DA9-1ECB9EA8C44A}C:\program files\windows live\messenger\msnmsgr.exe] => (Allow) C:\program files\windows live\messenger\msnmsgr.exe
FirewallRules: [{18D85950-BD66-4A19-A120-5DFF32B4440E}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{32079E64-9C97-4FBD-BE86-074C11889302}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{53212FDE-B629-456B-A011-E6F92F887781}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C468419F-ADC3-4069-B0F6-7795B87511D5}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{A7357106-E161-457D-A163-BBD736EB51ED}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{9194F754-C705-4E5D-9235-C3B986ADE138}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{DA3FF9C0-155B-4761-8F9B-6CB0113C80BF}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{B78E6641-014E-402B-B8E5-0706CEECBBAB}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/19/2015 08:23:23 AM) (Source: ) (EventID: 0) (User: )
Description: 1

Error: (11/19/2015 08:23:23 AM) (Source: ) (EventID: 0) (User: )
Description: 1

System errors:
=============
Error: (11/19/2015 11:29:20 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/19/2015 11:29:20 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/19/2015 11:29:07 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/19/2015 11:29:04 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/19/2015 10:21:11 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/19/2015 08:57:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (11/19/2015 08:57:32 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/19/2015 08:54:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG WatchDog service failed to start due to the following error:
%%1053

Error: (11/19/2015 08:54:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AVG WatchDog service to connect.

Error: (11/19/2015 08:54:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVGIDSAgent service failed to start due to the following error:
%%1053

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 63%
Total physical RAM: 2043.49 MB
Available physical RAM: 753.55 MB
Total Virtual: 4086.98 MB
Available Virtual: 1822.49 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:931.32 GB) (Free:790.98 GB) NTFS
Drive d: (The Sims Deluxe) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS
Drive e: (SEA_DISC) (Fixed) (Total:298.02 GB) (Free:11.61 GB) FAT32
Drive f: (Mini_WiFi) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8280A354)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.3 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 298.1 GB) (Disk ID: 170A8AE2)
Partition 1: (Active) - (Size=298.1 GB) - (Type=0C)

==================== End of Addition.txt ============================

Thank You!

#4
Valinorum

Posted 20 November 2015 - 09:17 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Step #1 Uninstall Programs
I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
- Mozilla Firefox 28.0 (Outdated)
- Java 7 Update 51 (Outdated)
- BitTorrentBar Toolbar
- BitTorrent

Step #2 Fix with FRST
Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.

Open Notepad.exe. Do not use any other text editor software;

Copy and Paste the contents inside the code-box to your Notepad --

Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
RemoveProxy:
AlternateDataStreams: C:\ProgramData\TEMP:02A78DF6
AlternateDataStreams: C:\ProgramData\TEMP:041ED421
AlternateDataStreams: C:\ProgramData\TEMP:04ADB7A6
AlternateDataStreams: C:\ProgramData\TEMP:058A7351
AlternateDataStreams: C:\ProgramData\TEMP:108BC6C8
AlternateDataStreams: C:\ProgramData\TEMP:1226FEE8
AlternateDataStreams: C:\ProgramData\TEMP:14750D76
AlternateDataStreams: C:\ProgramData\TEMP:15752405
AlternateDataStreams: C:\ProgramData\TEMP:178093AE
AlternateDataStreams: C:\ProgramData\TEMP:19C541B5
AlternateDataStreams: C:\ProgramData\TEMP:1B9E79B3
AlternateDataStreams: C:\ProgramData\TEMP:2216A431
AlternateDataStreams: C:\ProgramData\TEMP:2342AE46
AlternateDataStreams: C:\ProgramData\TEMP:241FA548
AlternateDataStreams: C:\ProgramData\TEMP:258D2F8B
AlternateDataStreams: C:\ProgramData\TEMP:268BA8AB
AlternateDataStreams: C:\ProgramData\TEMP:27F44544
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2F141B68
AlternateDataStreams: C:\ProgramData\TEMP:2F5A06FD
AlternateDataStreams: C:\ProgramData\TEMP:351662E7
AlternateDataStreams: C:\ProgramData\TEMP:35629AE6
AlternateDataStreams: C:\ProgramData\TEMP:36A39835
AlternateDataStreams: C:\ProgramData\TEMP:375FC7E7
AlternateDataStreams: C:\ProgramData\TEMP:38D2EA83
AlternateDataStreams: C:\ProgramData\TEMP:3A4676D7
AlternateDataStreams: C:\ProgramData\TEMP:3AB8D21A
AlternateDataStreams: C:\ProgramData\TEMP:3C9B05C4
AlternateDataStreams: C:\ProgramData\TEMP:3CA557DB
AlternateDataStreams: C:\ProgramData\TEMP:44E16D4A
AlternateDataStreams: C:\ProgramData\TEMP:453190EC
AlternateDataStreams: C:\ProgramData\TEMP:461BD06D
AlternateDataStreams: C:\ProgramData\TEMP:4AEAF2B6
AlternateDataStreams: C:\ProgramData\TEMP:4C3504B5
AlternateDataStreams: C:\ProgramData\TEMP:4E6B8D68
AlternateDataStreams: C:\ProgramData\TEMP:581B0446
AlternateDataStreams: C:\ProgramData\TEMP:5ED747B8
AlternateDataStreams: C:\ProgramData\TEMP:5F7DD688
AlternateDataStreams: C:\ProgramData\TEMP:60C897F3
AlternateDataStreams: C:\ProgramData\TEMP:61A065F2
AlternateDataStreams: C:\ProgramData\TEMP:627B7F7C
AlternateDataStreams: C:\ProgramData\TEMP:6407DD2D
AlternateDataStreams: C:\ProgramData\TEMP:640DDEFF
AlternateDataStreams: C:\ProgramData\TEMP:6514A833
AlternateDataStreams: C:\ProgramData\TEMP:663B62CA
AlternateDataStreams: C:\ProgramData\TEMP:6BF0805F
AlternateDataStreams: C:\ProgramData\TEMP:6C7EBDC3
AlternateDataStreams: C:\ProgramData\TEMP:708BB0FA
AlternateDataStreams: C:\ProgramData\TEMP:74091520
AlternateDataStreams: C:\ProgramData\TEMP:7425C891
AlternateDataStreams: C:\ProgramData\TEMP:751D6870
AlternateDataStreams: C:\ProgramData\TEMP:76466F4C
AlternateDataStreams: C:\ProgramData\TEMP:7D288858
AlternateDataStreams: C:\ProgramData\TEMP:7EC01D6D
AlternateDataStreams: C:\ProgramData\TEMP:80E965A3
AlternateDataStreams: C:\ProgramData\TEMP:8140CB50
AlternateDataStreams: C:\ProgramData\TEMP:84151293
AlternateDataStreams: C:\ProgramData\TEMP:84BD8B63
AlternateDataStreams: C:\ProgramData\TEMP:88E3B9B6
AlternateDataStreams: C:\ProgramData\TEMP:89A5891E
AlternateDataStreams: C:\ProgramData\TEMP:8BCF4DE2
AlternateDataStreams: C:\ProgramData\TEMP:8F827F9E
AlternateDataStreams: C:\ProgramData\TEMP:91486201
AlternateDataStreams: C:\ProgramData\TEMP:92DB4653
AlternateDataStreams: C:\ProgramData\TEMP:9547F1DB
AlternateDataStreams: C:\ProgramData\TEMP:961B4D58
AlternateDataStreams: C:\ProgramData\TEMP:971DCCE2
AlternateDataStreams: C:\ProgramData\TEMP:98DD1050
AlternateDataStreams: C:\ProgramData\TEMP:99AC3203
AlternateDataStreams: C:\ProgramData\TEMP:9D03192E
AlternateDataStreams: C:\ProgramData\TEMP:9D6EAEC3
AlternateDataStreams: C:\ProgramData\TEMP:9E3E060F
AlternateDataStreams: C:\ProgramData\TEMP:A00BCDEF
AlternateDataStreams: C:\ProgramData\TEMP:A18D1A5B
AlternateDataStreams: C:\ProgramData\TEMP:A3063E0E
AlternateDataStreams: C:\ProgramData\TEMP:A3750BE5
AlternateDataStreams: C:\ProgramData\TEMP:A561576B
AlternateDataStreams: C:\ProgramData\TEMP:A819A132
AlternateDataStreams: C:\ProgramData\TEMP:AA004D25
AlternateDataStreams: C:\ProgramData\TEMP:AB03533D
AlternateDataStreams: C:\ProgramData\TEMP:AC0528D9
AlternateDataStreams: C:\ProgramData\TEMP:AFB24B00
AlternateDataStreams: C:\ProgramData\TEMP:BB8C0761
AlternateDataStreams: C:\ProgramData\TEMP:BFAD7A5D
AlternateDataStreams: C:\ProgramData\TEMP:C00D30BD
AlternateDataStreams: C:\ProgramData\TEMP:C37283B5
AlternateDataStreams: C:\ProgramData\TEMP:C8182692
AlternateDataStreams: C:\ProgramData\TEMP:C86B29EB
AlternateDataStreams: C:\ProgramData\TEMP:CA8D6B60
AlternateDataStreams: C:\ProgramData\TEMP:CAE2C3A5
AlternateDataStreams: C:\ProgramData\TEMP:CC45913B
AlternateDataStreams: C:\ProgramData\TEMP:D01ACC06
AlternateDataStreams: C:\ProgramData\TEMP:D1713795
AlternateDataStreams: C:\ProgramData\TEMP:D2D4B33E
AlternateDataStreams: C:\ProgramData\TEMP:D3A8AA31
AlternateDataStreams: C:\ProgramData\TEMP:D890DD02
AlternateDataStreams: C:\ProgramData\TEMP:DDEB08FD
AlternateDataStreams: C:\ProgramData\TEMP:E266F325
AlternateDataStreams: C:\ProgramData\TEMP:E6D148BC
AlternateDataStreams: C:\ProgramData\TEMP:E8BF029E
AlternateDataStreams: C:\ProgramData\TEMP:E962FBDB
AlternateDataStreams: C:\ProgramData\TEMP:F1175E1D
AlternateDataStreams: C:\ProgramData\TEMP:F3591DDB
AlternateDataStreams: C:\ProgramData\TEMP:F863930B
AlternateDataStreams: C:\ProgramData\TEMP:FACB65E7
AlternateDataStreams: C:\ProgramData\TEMP:FD38E906
AlternateDataStreams: C:\ProgramData\TEMP:FD786DCA
AlternateDataStreams: C:\ProgramData\TEMP:FF9C44FE
2015-11-19 10:27 - 2015-11-19 10:27 - 00046592 _____ () C:\Users\Janelle\AppData\Local\Temp\~f1d055.tmp
2015-11-19 10:27 - 2015-11-19 10:27 - 00653340 _____ () C:\Users\Janelle\AppData\Local\Temp\~efe7a1\~df394b.tmp
Toolbar: HKU\S-1-5-21-2642413585-4074018743-1779551095-1000 -> BitTorrentBar Toolbar - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll No File
Toolbar: HKLM - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll No File
BHO: BitTorrentBar Toolbar -> {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -> C:\Program Files\BitTorrentBar\tbBitT.dll => No File
URLSearchHook: HKLM - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll No File
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {297ffbf8-0c6a-11df-87cb-806e6f6e6963} - D:\Start.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {4ebd4e29-33de-11e0-bee4-defb1a6706b8} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {51ba6375-0115-11e1-ae57-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {51ba638d-0115-11e1-ae57-001e101f3315} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {5a8a78e0-b929-11e0-b3ff-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {5a8a78e4-b929-11e0-b3ff-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {5c51d456-4a01-11e0-ac55-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {5c51d45a-4a01-11e0-ac55-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {70d8ec22-185d-11e0-a0b2-920ea53f6d78} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {74db3061-4ba8-11e1-87fd-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {74db3064-4ba8-11e1-87fd-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {76417362-2770-11e0-b698-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {76417366-2770-11e0-b698-6cf0490a9bf1} - G:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {802a8046-bbae-11df-b218-6cf0490a9bf1} - J:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {802a804b-bbae-11df-b218-6cf0490a9bf1} - J:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {d8a91766-49f8-11e0-a892-92c8e960808a} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {f6502cc1-122a-11df-858b-6cf0490a9bf1} - E:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {f6502cc8-122a-11df-858b-6cf0490a9bf1} - F:\AutoRun.exe
() C:\Users\Janelle\AppData\Local\Temp\~f1d055.tmp
CMD: bitsadmin /reset /allusers
End

Click on File > Save as...
- Inside the File Name box type fixlist.txt;
- From the Save as type drop down list, choose All Files
Save the file to your Desktop;
Re-run FRST.exe and click Fix;
- Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
After the completion, a log will be produced;
Copy and Paste the contents of the log in your next reply.

Step #3 Fix with AdwCleaner
- Download AdwCleaner by Xplode to your Desktop from the following link.
  - Download Link #1
  - Download Link #2
- Right-click on AdwCleaner.exe and choose Run as administrator;
- Click on Option and put a tick mark on everything;
- Click on Scan and let the program run unhindered;
- When done, click on Clean and allow the system to reboot after it is done;
- A log will be opened automatically after the restart. If not, it is located in C:\AdwCleaner\AdwCleaner[CX].txt, where X is replaced with a number;
- Copy and Paste the contents of this log in your reply.

Required Log(s):
- FRST Fix Log
- AdwCleaner Log

Regards,
Valinorum

#5
Janelle11

Posted 20 November 2015 - 05:04 PM

New Member

Topic Starter
Member
9 posts

Fix result of Farbar Recovery Scan Tool (x86) Version:20-11-2015
Ran by Janelle (2015-11-21 09:48:53) Run:3
Running from C:\Users\Janelle\Desktop
Loaded Profiles: Janelle (Available Profiles: Janelle & UpdatusUser)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
RemoveProxy:
AlternateDataStreams: C:\ProgramData\TEMP:02A78DF6
AlternateDataStreams: C:\ProgramData\TEMP:041ED421
AlternateDataStreams: C:\ProgramData\TEMP:04ADB7A6
AlternateDataStreams: C:\ProgramData\TEMP:058A7351
AlternateDataStreams: C:\ProgramData\TEMP:108BC6C8
AlternateDataStreams: C:\ProgramData\TEMP:1226FEE8
AlternateDataStreams: C:\ProgramData\TEMP:14750D76
AlternateDataStreams: C:\ProgramData\TEMP:15752405
AlternateDataStreams: C:\ProgramData\TEMP:178093AE
AlternateDataStreams: C:\ProgramData\TEMP:19C541B5
AlternateDataStreams: C:\ProgramData\TEMP:1B9E79B3
AlternateDataStreams: C:\ProgramData\TEMP:2216A431
AlternateDataStreams: C:\ProgramData\TEMP:2342AE46
AlternateDataStreams: C:\ProgramData\TEMP:241FA548
AlternateDataStreams: C:\ProgramData\TEMP:258D2F8B
AlternateDataStreams: C:\ProgramData\TEMP:268BA8AB
AlternateDataStreams: C:\ProgramData\TEMP:27F44544
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2F141B68
AlternateDataStreams: C:\ProgramData\TEMP:2F5A06FD
AlternateDataStreams: C:\ProgramData\TEMP:351662E7
AlternateDataStreams: C:\ProgramData\TEMP:35629AE6
AlternateDataStreams: C:\ProgramData\TEMP:36A39835
AlternateDataStreams: C:\ProgramData\TEMP:375FC7E7
AlternateDataStreams: C:\ProgramData\TEMP:38D2EA83
AlternateDataStreams: C:\ProgramData\TEMP:3A4676D7
AlternateDataStreams: C:\ProgramData\TEMP:3AB8D21A
AlternateDataStreams: C:\ProgramData\TEMP:3C9B05C4
AlternateDataStreams: C:\ProgramData\TEMP:3CA557DB
AlternateDataStreams: C:\ProgramData\TEMP:44E16D4A
AlternateDataStreams: C:\ProgramData\TEMP:453190EC
AlternateDataStreams: C:\ProgramData\TEMP:461BD06D
AlternateDataStreams: C:\ProgramData\TEMP:4AEAF2B6
AlternateDataStreams: C:\ProgramData\TEMP:4C3504B5
AlternateDataStreams: C:\ProgramData\TEMP:4E6B8D68
AlternateDataStreams: C:\ProgramData\TEMP:581B0446
AlternateDataStreams: C:\ProgramData\TEMP:5ED747B8
AlternateDataStreams: C:\ProgramData\TEMP:5F7DD688
AlternateDataStreams: C:\ProgramData\TEMP:60C897F3
AlternateDataStreams: C:\ProgramData\TEMP:61A065F2
AlternateDataStreams: C:\ProgramData\TEMP:627B7F7C
AlternateDataStreams: C:\ProgramData\TEMP:6407DD2D
AlternateDataStreams: C:\ProgramData\TEMP:640DDEFF
AlternateDataStreams: C:\ProgramData\TEMP:6514A833
AlternateDataStreams: C:\ProgramData\TEMP:663B62CA
AlternateDataStreams: C:\ProgramData\TEMP:6BF0805F
AlternateDataStreams: C:\ProgramData\TEMP:6C7EBDC3
AlternateDataStreams: C:\ProgramData\TEMP:708BB0FA
AlternateDataStreams: C:\ProgramData\TEMP:74091520
AlternateDataStreams: C:\ProgramData\TEMP:7425C891
AlternateDataStreams: C:\ProgramData\TEMP:751D6870
AlternateDataStreams: C:\ProgramData\TEMP:76466F4C
AlternateDataStreams: C:\ProgramData\TEMP:7D288858
AlternateDataStreams: C:\ProgramData\TEMP:7EC01D6D
AlternateDataStreams: C:\ProgramData\TEMP:80E965A3
AlternateDataStreams: C:\ProgramData\TEMP:8140CB50
AlternateDataStreams: C:\ProgramData\TEMP:84151293
AlternateDataStreams: C:\ProgramData\TEMP:84BD8B63
AlternateDataStreams: C:\ProgramData\TEMP:88E3B9B6
AlternateDataStreams: C:\ProgramData\TEMP:89A5891E
AlternateDataStreams: C:\ProgramData\TEMP:8BCF4DE2
AlternateDataStreams: C:\ProgramData\TEMP:8F827F9E
AlternateDataStreams: C:\ProgramData\TEMP:91486201
AlternateDataStreams: C:\ProgramData\TEMP:92DB4653
AlternateDataStreams: C:\ProgramData\TEMP:9547F1DB
AlternateDataStreams: C:\ProgramData\TEMP:961B4D58
AlternateDataStreams: C:\ProgramData\TEMP:971DCCE2
AlternateDataStreams: C:\ProgramData\TEMP:98DD1050
AlternateDataStreams: C:\ProgramData\TEMP:99AC3203
AlternateDataStreams: C:\ProgramData\TEMP:9D03192E
AlternateDataStreams: C:\ProgramData\TEMP:9D6EAEC3
AlternateDataStreams: C:\ProgramData\TEMP:9E3E060F
AlternateDataStreams: C:\ProgramData\TEMP:A00BCDEF
AlternateDataStreams: C:\ProgramData\TEMP:A18D1A5B
AlternateDataStreams: C:\ProgramData\TEMP:A3063E0E
AlternateDataStreams: C:\ProgramData\TEMP:A3750BE5
AlternateDataStreams: C:\ProgramData\TEMP:A561576B
AlternateDataStreams: C:\ProgramData\TEMP:A819A132
AlternateDataStreams: C:\ProgramData\TEMP:AA004D25
AlternateDataStreams: C:\ProgramData\TEMP:AB03533D
AlternateDataStreams: C:\ProgramData\TEMP:AC0528D9
AlternateDataStreams: C:\ProgramData\TEMP:AFB24B00
AlternateDataStreams: C:\ProgramData\TEMP:BB8C0761
AlternateDataStreams: C:\ProgramData\TEMP:BFAD7A5D
AlternateDataStreams: C:\ProgramData\TEMP:C00D30BD
AlternateDataStreams: C:\ProgramData\TEMP:C37283B5
AlternateDataStreams: C:\ProgramData\TEMP:C8182692
AlternateDataStreams: C:\ProgramData\TEMP:C86B29EB
AlternateDataStreams: C:\ProgramData\TEMP:CA8D6B60
AlternateDataStreams: C:\ProgramData\TEMP:CAE2C3A5
AlternateDataStreams: C:\ProgramData\TEMP:CC45913B
AlternateDataStreams: C:\ProgramData\TEMP:D01ACC06
AlternateDataStreams: C:\ProgramData\TEMP:D1713795
AlternateDataStreams: C:\ProgramData\TEMP:D2D4B33E
AlternateDataStreams: C:\ProgramData\TEMP:D3A8AA31
AlternateDataStreams: C:\ProgramData\TEMP:D890DD02
AlternateDataStreams: C:\ProgramData\TEMP:DDEB08FD
AlternateDataStreams: C:\ProgramData\TEMP:E266F325
AlternateDataStreams: C:\ProgramData\TEMP:E6D148BC
AlternateDataStreams: C:\ProgramData\TEMP:E8BF029E
AlternateDataStreams: C:\ProgramData\TEMP:E962FBDB
AlternateDataStreams: C:\ProgramData\TEMP:F1175E1D
AlternateDataStreams: C:\ProgramData\TEMP:F3591DDB
AlternateDataStreams: C:\ProgramData\TEMP:F863930B
AlternateDataStreams: C:\ProgramData\TEMP:FACB65E7
AlternateDataStreams: C:\ProgramData\TEMP:FD38E906
AlternateDataStreams: C:\ProgramData\TEMP:FD786DCA
AlternateDataStreams: C:\ProgramData\TEMP:FF9C44FE
2015-11-19 10:27 - 2015-11-19 10:27 - 00046592 _____ () C:\Users\Janelle\AppData\Local\Temp\~f1d055.tmp
2015-11-19 10:27 - 2015-11-19 10:27 - 00653340 _____ () C:\Users\Janelle\AppData\Local\Temp\~efe7a1\~df394b.tmp
Toolbar: HKU\S-1-5-21-2642413585-4074018743-1779551095-1000 -> BitTorrentBar Toolbar - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll No File
Toolbar: HKLM - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll No File
BHO: BitTorrentBar Toolbar -> {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -> C:\Program Files\BitTorrentBar\tbBitT.dll => No File
URLSearchHook: HKLM - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll No File
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {297ffbf8-0c6a-11df-87cb-806e6f6e6963} - D:\Start.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {4ebd4e29-33de-11e0-bee4-defb1a6706b8} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {51ba6375-0115-11e1-ae57-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {51ba638d-0115-11e1-ae57-001e101f3315} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {5a8a78e0-b929-11e0-b3ff-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {5a8a78e4-b929-11e0-b3ff-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {5c51d456-4a01-11e0-ac55-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {5c51d45a-4a01-11e0-ac55-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {70d8ec22-185d-11e0-a0b2-920ea53f6d78} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {74db3061-4ba8-11e1-87fd-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {74db3064-4ba8-11e1-87fd-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {76417362-2770-11e0-b698-6cf0490a9bf1} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {76417366-2770-11e0-b698-6cf0490a9bf1} - G:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {802a8046-bbae-11df-b218-6cf0490a9bf1} - J:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {802a804b-bbae-11df-b218-6cf0490a9bf1} - J:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {d8a91766-49f8-11e0-a892-92c8e960808a} - F:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {f6502cc1-122a-11df-858b-6cf0490a9bf1} - E:\AutoRun.exe
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\...\MountPoints2: {f6502cc8-122a-11df-858b-6cf0490a9bf1} - F:\AutoRun.exe
() C:\Users\Janelle\AppData\Local\Temp\~f1d055.tmp
CMD: bitsadmin /reset /allusers
End

*****************

Restore point was successfully created.
Processes closed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.

========= End of RemoveProxy: =========

"C:\ProgramData\TEMP" => ":02A78DF6" ADS not found.
"C:\ProgramData\TEMP" => ":041ED421" ADS not found.
"C:\ProgramData\TEMP" => ":04ADB7A6" ADS not found.
"C:\ProgramData\TEMP" => ":058A7351" ADS not found.
"C:\ProgramData\TEMP" => ":108BC6C8" ADS not found.
"C:\ProgramData\TEMP" => ":1226FEE8" ADS not found.
"C:\ProgramData\TEMP" => ":14750D76" ADS not found.
"C:\ProgramData\TEMP" => ":15752405" ADS not found.
"C:\ProgramData\TEMP" => ":178093AE" ADS not found.
"C:\ProgramData\TEMP" => ":19C541B5" ADS not found.
"C:\ProgramData\TEMP" => ":1B9E79B3" ADS not found.
"C:\ProgramData\TEMP" => ":2216A431" ADS not found.
"C:\ProgramData\TEMP" => ":2342AE46" ADS not found.
"C:\ProgramData\TEMP" => ":241FA548" ADS not found.
"C:\ProgramData\TEMP" => ":258D2F8B" ADS not found.
"C:\ProgramData\TEMP" => ":268BA8AB" ADS not found.
"C:\ProgramData\TEMP" => ":27F44544" ADS not found.
"C:\ProgramData\TEMP" => ":2CB9631F" ADS not found.
"C:\ProgramData\TEMP" => ":2F141B68" ADS not found.
"C:\ProgramData\TEMP" => ":2F5A06FD" ADS not found.
"C:\ProgramData\TEMP" => ":351662E7" ADS not found.
"C:\ProgramData\TEMP" => ":35629AE6" ADS not found.
"C:\ProgramData\TEMP" => ":36A39835" ADS not found.
"C:\ProgramData\TEMP" => ":375FC7E7" ADS not found.
"C:\ProgramData\TEMP" => ":38D2EA83" ADS not found.
"C:\ProgramData\TEMP" => ":3A4676D7" ADS not found.
"C:\ProgramData\TEMP" => ":3AB8D21A" ADS not found.
"C:\ProgramData\TEMP" => ":3C9B05C4" ADS not found.
"C:\ProgramData\TEMP" => ":3CA557DB" ADS not found.
"C:\ProgramData\TEMP" => ":44E16D4A" ADS not found.
"C:\ProgramData\TEMP" => ":453190EC" ADS not found.
"C:\ProgramData\TEMP" => ":461BD06D" ADS not found.
"C:\ProgramData\TEMP" => ":4AEAF2B6" ADS not found.
"C:\ProgramData\TEMP" => ":4C3504B5" ADS not found.
"C:\ProgramData\TEMP" => ":4E6B8D68" ADS not found.
"C:\ProgramData\TEMP" => ":581B0446" ADS not found.
"C:\ProgramData\TEMP" => ":5ED747B8" ADS not found.
"C:\ProgramData\TEMP" => ":5F7DD688" ADS not found.
"C:\ProgramData\TEMP" => ":60C897F3" ADS not found.
"C:\ProgramData\TEMP" => ":61A065F2" ADS not found.
"C:\ProgramData\TEMP" => ":627B7F7C" ADS not found.
"C:\ProgramData\TEMP" => ":6407DD2D" ADS not found.
"C:\ProgramData\TEMP" => ":640DDEFF" ADS not found.
"C:\ProgramData\TEMP" => ":6514A833" ADS not found.
"C:\ProgramData\TEMP" => ":663B62CA" ADS not found.
"C:\ProgramData\TEMP" => ":6BF0805F" ADS not found.
"C:\ProgramData\TEMP" => ":6C7EBDC3" ADS not found.
"C:\ProgramData\TEMP" => ":708BB0FA" ADS not found.
"C:\ProgramData\TEMP" => ":74091520" ADS not found.
"C:\ProgramData\TEMP" => ":7425C891" ADS not found.
"C:\ProgramData\TEMP" => ":751D6870" ADS not found.
"C:\ProgramData\TEMP" => ":76466F4C" ADS not found.
"C:\ProgramData\TEMP" => ":7D288858" ADS not found.
"C:\ProgramData\TEMP" => ":7EC01D6D" ADS not found.
"C:\ProgramData\TEMP" => ":80E965A3" ADS not found.
"C:\ProgramData\TEMP" => ":8140CB50" ADS not found.
"C:\ProgramData\TEMP" => ":84151293" ADS not found.
"C:\ProgramData\TEMP" => ":84BD8B63" ADS not found.
"C:\ProgramData\TEMP" => ":88E3B9B6" ADS not found.
"C:\ProgramData\TEMP" => ":89A5891E" ADS not found.
"C:\ProgramData\TEMP" => ":8BCF4DE2" ADS not found.
"C:\ProgramData\TEMP" => ":8F827F9E" ADS not found.
"C:\ProgramData\TEMP" => ":91486201" ADS not found.
"C:\ProgramData\TEMP" => ":92DB4653" ADS not found.
"C:\ProgramData\TEMP" => ":9547F1DB" ADS not found.
"C:\ProgramData\TEMP" => ":961B4D58" ADS not found.
"C:\ProgramData\TEMP" => ":971DCCE2" ADS not found.
"C:\ProgramData\TEMP" => ":98DD1050" ADS not found.
"C:\ProgramData\TEMP" => ":99AC3203" ADS not found.
"C:\ProgramData\TEMP" => ":9D03192E" ADS not found.
"C:\ProgramData\TEMP" => ":9D6EAEC3" ADS not found.
"C:\ProgramData\TEMP" => ":9E3E060F" ADS not found.
"C:\ProgramData\TEMP" => ":A00BCDEF" ADS not found.
"C:\ProgramData\TEMP" => ":A18D1A5B" ADS not found.
"C:\ProgramData\TEMP" => ":A3063E0E" ADS not found.
"C:\ProgramData\TEMP" => ":A3750BE5" ADS not found.
"C:\ProgramData\TEMP" => ":A561576B" ADS not found.
"C:\ProgramData\TEMP" => ":A819A132" ADS not found.
"C:\ProgramData\TEMP" => ":AA004D25" ADS not found.
"C:\ProgramData\TEMP" => ":AB03533D" ADS not found.
"C:\ProgramData\TEMP" => ":AC0528D9" ADS not found.
"C:\ProgramData\TEMP" => ":AFB24B00" ADS not found.
"C:\ProgramData\TEMP" => ":BB8C0761" ADS not found.
"C:\ProgramData\TEMP" => ":BFAD7A5D" ADS not found.
"C:\ProgramData\TEMP" => ":C00D30BD" ADS not found.
"C:\ProgramData\TEMP" => ":C37283B5" ADS not found.
"C:\ProgramData\TEMP" => ":C8182692" ADS not found.
"C:\ProgramData\TEMP" => ":C86B29EB" ADS not found.
"C:\ProgramData\TEMP" => ":CA8D6B60" ADS not found.
"C:\ProgramData\TEMP" => ":CAE2C3A5" ADS not found.
"C:\ProgramData\TEMP" => ":CC45913B" ADS not found.
"C:\ProgramData\TEMP" => ":D01ACC06" ADS not found.
"C:\ProgramData\TEMP" => ":D1713795" ADS not found.
"C:\ProgramData\TEMP" => ":D2D4B33E" ADS not found.
"C:\ProgramData\TEMP" => ":D3A8AA31" ADS not found.
"C:\ProgramData\TEMP" => ":D890DD02" ADS not found.
"C:\ProgramData\TEMP" => ":DDEB08FD" ADS not found.
"C:\ProgramData\TEMP" => ":E266F325" ADS not found.
"C:\ProgramData\TEMP" => ":E6D148BC" ADS not found.
"C:\ProgramData\TEMP" => ":E8BF029E" ADS not found.
"C:\ProgramData\TEMP" => ":E962FBDB" ADS not found.
"C:\ProgramData\TEMP" => ":F1175E1D" ADS not found.
"C:\ProgramData\TEMP" => ":F3591DDB" ADS not found.
"C:\ProgramData\TEMP" => ":F863930B" ADS not found.
"C:\ProgramData\TEMP" => ":FACB65E7" ADS not found.
"C:\ProgramData\TEMP" => ":FD38E906" ADS not found.
"C:\ProgramData\TEMP" => ":FD786DCA" ADS not found.
"C:\ProgramData\TEMP" => ":FF9C44FE" ADS not found.
"C:\Users\Janelle\AppData\Local\Temp\~f1d055.tmp" => not found.
"C:\Users\Janelle\AppData\Local\Temp\~efe7a1\~df394b.tmp" => not found.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => value not found.
HKCR\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => value not found.
HKCR\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => key not found.
HKCR\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => key not found.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => value not found.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D => key not found.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => key not found.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{297ffbf8-0c6a-11df-87cb-806e6f6e6963} => key not found.
HKCR\CLSID\{297ffbf8-0c6a-11df-87cb-806e6f6e6963} => key not found.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ebd4e29-33de-11e0-bee4-defb1a6706b8} => key not found.
HKCR\CLSID\{4ebd4e29-33de-11e0-bee4-defb1a6706b8} => key not found.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51ba6375-0115-11e1-ae57-6cf0490a9bf1} => key not found.
HKCR\CLSID\{51ba6375-0115-11e1-ae57-6cf0490a9bf1} => key not found.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51ba638d-0115-11e1-ae57-001e101f3315} => key not found.
HKCR\CLSID\{51ba638d-0115-11e1-ae57-001e101f3315} => key not found.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a8a78e0-b929-11e0-b3ff-6cf0490a9bf1} => key not found.
HKCR\CLSID\{5a8a78e0-b929-11e0-b3ff-6cf0490a9bf1} => key not found.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a8a78e4-b929-11e0-b3ff-6cf0490a9bf1} => key not found.
HKCR\CLSID\{5a8a78e4-b929-11e0-b3ff-6cf0490a9bf1} => key not found.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c51d456-4a01-11e0-ac55-6cf0490a9bf1} => key not found.
HKCR\CLSID\{5c51d456-4a01-11e0-ac55-6cf0490a9bf1} => key not found.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c51d45a-4a01-11e0-ac55-6cf0490a9bf1} => key not found.
HKCR\CLSID\{5c51d45a-4a01-11e0-ac55-6cf0490a9bf1} => key not found.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70d8ec22-185d-11e0-a0b2-920ea53f6d78} => key not found.
HKCR\CLSID\{70d8ec22-185d-11e0-a0b2-920ea53f6d78} => key not found.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74db3061-4ba8-11e1-87fd-6cf0490a9bf1} => key not found.
HKCR\CLSID\{74db3061-4ba8-11e1-87fd-6cf0490a9bf1} => key not found.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74db3064-4ba8-11e1-87fd-6cf0490a9bf1} => key not found.
HKCR\CLSID\{74db3064-4ba8-11e1-87fd-6cf0490a9bf1} => key not found.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76417362-2770-11e0-b698-6cf0490a9bf1} => key not found.
HKCR\CLSID\{76417362-2770-11e0-b698-6cf0490a9bf1} => key not found.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76417366-2770-11e0-b698-6cf0490a9bf1} => key not found.
HKCR\CLSID\{76417366-2770-11e0-b698-6cf0490a9bf1} => key not found.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{802a8046-bbae-11df-b218-6cf0490a9bf1} => key not found.
HKCR\CLSID\{802a8046-bbae-11df-b218-6cf0490a9bf1} => key not found.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{802a804b-bbae-11df-b218-6cf0490a9bf1} => key not found.
HKCR\CLSID\{802a804b-bbae-11df-b218-6cf0490a9bf1} => key not found.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8a91766-49f8-11e0-a892-92c8e960808a} => key not found.
HKCR\CLSID\{d8a91766-49f8-11e0-a892-92c8e960808a} => key not found.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6502cc1-122a-11df-858b-6cf0490a9bf1} => key not found.
HKCR\CLSID\{f6502cc1-122a-11df-858b-6cf0490a9bf1} => key not found.
HKU\S-1-5-21-2642413585-4074018743-1779551095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6502cc8-122a-11df-858b-6cf0490a9bf1} => key not found.
HKCR\CLSID\{f6502cc8-122a-11df-858b-6cf0490a9bf1} => key not found.
C:\Users\Janelle\AppData\Local\Temp\~f1d055.tmp
C:\Users\Janelle\AppData\Local\Temp\~f1d055.tmp => No running process found

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 9 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 09:50:01 ====

More to come in next reply

#6
Janelle11

Posted 20 November 2015 - 05:14 PM

New Member

Topic Starter
Member
9 posts

# AdwCleaner v5.021 - Logfile created 21/11/2015 at 10:06:02
# Updated 14/11/2015 by Xplode
# Database : 2015-11-19.4 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Janelle - JANELLE-PC
# Running from : C:\Users\Janelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYASD836\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Avg_Update_0215av
[-] Folder Deleted : C:\windows\system32\C2MP

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Avg Secure Update

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Proxy settings cleared
:: Winsock settings cleared
:: TCP/IP settings cleared
:: Firewall settings cleared
:: IPSec settings cleared
:: BITS queue cleared
:: Chrome policies deleted

*************************

C:\AdwCleanerDebug.txt - [55 bytes] - [16/12/2014 09:46:05]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1158 bytes] ##########

Thanks!

#7
Valinorum

Posted 21 November 2015 - 12:19 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Uninstall your current anti-virus completely nad restart your PC. Try to install antivirus now.

#8
Janelle11

Posted 21 November 2015 - 01:37 AM

New Member

Topic Starter
Member
9 posts

I can't uninstall it still

I can't uninstall AVG.

but I can uninstall malwarebytes, which I could not before. Should I uninstall malwarebytes?

Edited by Janelle11, 21 November 2015 - 01:40 AM.

#9
Valinorum

Posted 22 November 2015 - 06:49 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Follow Section-C from here to uninstall AVG anti-virus. Uninstall Malwarebytes' Anti-Malware as well and restart your PC. Re-download them again and install. Perform a scan with them and see if they are working properly.

#10
Janelle11

Posted 22 November 2015 - 03:53 PM

New Member

Topic Starter
Member
9 posts

Thanks again!

I could run the uninstaller (twice) and it did.....something, but AVG is still there. It still cant be uninstalled, but I tried running it and it said it's missing a DLL file, so it seems to have half uninstalled. It still shows on my programs list.

Malwarebytes successfully uninstalled, but cannot be reinstalled.

Edited by Janelle11, 22 November 2015 - 04:03 PM.

#11
Valinorum

Posted 22 November 2015 - 09:46 PM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

What happens when you try to re-install MBAM? Post a fresh FRST scan log for my perusal.

#12
Janelle11

Posted 23 November 2015 - 01:17 AM

New Member

Topic Starter
Member
9 posts

I could download MBAM and save it to my desktop, but when I got to run the installer, nothing happens.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-11-2015
Ran by Janelle (administrator) on JANELLE-PC (23-11-2015 18:11:43)
Running from C:\Users\Janelle\Desktop
Loaded Profiles: Janelle (Available Profiles: Janelle & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple, Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Wireless Service) C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(D-Link Corp.) C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe
(Wireless Service) C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(Palit Microsystems Ltd.) C:\Program Files\Thunder Master\THPanel.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Maxis, a brand of Electronic Arts) C:\Program Files\Maxis\The Sims\Sims.exe
() C:\Users\Janelle\AppData\Local\Temp\~f1d055.tmp
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Toolbar - Big Fish Games -> {C7C9FC25-88B0-4682-9C9F-2608E9117647} -> C:\Program Files\bfgbartb\BfgBarDx.dll [2010-09-14] ()
Toolbar: HKLM - Toolbar - Big Fish Games - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\bfgbartb\BfgBarDx.dll [2010-09-14] ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKU\S-1-5-21-2642413585-4074018743-1779551095-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.com/s/v/66.30/uploader2.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} hxxps://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll [2012-06-03] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-21] (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-09] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-10-16] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2013-05-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [110592 2008-04-23] (Apple, Inc.) [File not signed]
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
U2 D_Link_DWA-525; C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe [126976 2009-11-03] (Wireless Service) [File not signed]
S2 D_Link_DWA-525_WPS; C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe [40960 2009-07-07] () [File not signed]
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [5738528 2014-12-12] (Fitbit, Inc.) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-23 09:02 - 2015-11-23 09:00 - 22908888 _____ (Malwarebytes ) C:\Users\Janelle\Desktop\mbam-setup-2.2.0.1024.exe
2015-11-23 08:59 - 2015-11-23 09:00 - 22908888 _____ (Malwarebytes ) C:\Users\Janelle\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-23 08:33 - 2015-11-23 08:41 - 00000543 _____ C:\cleanup.bat
2015-11-23 08:32 - 2015-11-23 08:39 - 00000000 ____D C:\AVG_Remover
2015-11-23 08:30 - 2015-11-23 08:30 - 00000000 ____D C:\Users\Janelle\AppData\Local\{2AB940E5-5ED8-49BB-9B56-889069CAFD5A}
2015-11-22 19:04 - 2015-11-22 19:04 - 00159560 _____ C:\windows\Minidump\112215-37752-01.dmp
2015-11-21 21:34 - 2015-11-22 09:36 - 00000000 ____D C:\Users\Janelle\AppData\Local\{575662BF-AF81-4500-AFD1-3DACDE884D0B}
2015-11-21 09:32 - 2015-11-21 09:32 - 00000000 ____D C:\Users\Janelle\AppData\Local\{FE369369-0CB8-4C5E-9D5C-C79AE32E67BC}
2015-11-20 09:18 - 2015-11-23 18:11 - 00000000 ____D C:\Users\Janelle\Desktop\FRST-OlderVersion
2015-11-19 11:45 - 2015-11-19 11:46 - 00037707 _____ C:\Users\Janelle\Desktop\Addition.txt
2015-11-19 11:44 - 2015-11-23 18:11 - 00015538 _____ C:\Users\Janelle\Desktop\FRST.txt
2015-11-19 11:42 - 2015-11-23 18:11 - 01717248 _____ (Farbar) C:\Users\Janelle\Desktop\FRST.exe
2015-11-19 11:42 - 2015-11-23 18:11 - 00000000 ____D C:\FRST
2015-11-19 08:50 - 2015-11-19 08:50 - 00000000 ____D C:\Users\Janelle\Desktop\Old Firefox Data
2015-11-19 08:39 - 2015-11-19 09:23 - 00290304 _____ (Microsoft Corporation) C:\windows\system32\subinacl.exe
2015-11-19 08:39 - 2015-11-19 08:39 - 00000000 ____D C:\Program Files\Adware Removal Tool by TSA
2015-11-19 08:38 - 2015-11-19 08:39 - 00700584 _____ C:\Users\Janelle\Downloads\Adware_Removal_Tool_by_TSA.exe
2015-11-19 08:27 - 2015-11-19 08:27 - 00000000 ____D C:\Users\Janelle\AppData\Local\{0E0E519C-6D13-4982-8023-6E2F930D2000}
2015-11-16 08:31 - 2015-11-16 08:31 - 00000000 ____D C:\Users\Janelle\AppData\Local\{82C64DE5-CE2E-4F8C-81F9-48782CAA1EE9}
2015-11-16 08:30 - 2015-11-16 08:30 - 00159560 _____ C:\windows\Minidump\111615-78406-01.dmp
2015-11-15 18:20 - 2015-11-15 18:20 - 00000582 _____ C:\windows\eReg.dat
2015-11-15 18:20 - 2015-11-15 18:20 - 00000000 ____D C:\Users\Janelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxis
2015-11-15 18:20 - 2015-11-15 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
2015-11-15 18:01 - 2015-11-15 18:03 - 00000000 ____D C:\Program Files\Maxis
2015-11-15 18:00 - 2015-11-15 18:00 - 00000000 ____D C:\Users\Janelle\AppData\Local\{CD5C4956-9D3E-449D-8A13-A27244E0A530}
2015-11-13 08:26 - 2015-11-13 08:26 - 00000000 ____D C:\Users\Janelle\AppData\Local\{25D92368-44CE-448F-ABD7-98A12F71F1B9}
2015-11-12 23:22 - 2015-11-12 23:23 - 00159560 _____ C:\windows\Minidump\111215-35615-01.dmp
2015-11-11 14:08 - 2015-11-11 14:08 - 00000000 ____D C:\Users\Janelle\AppData\Local\{6473B373-F13C-4CE7-9CD8-EAF81763C25C}
2015-11-01 07:33 - 2015-11-01 08:55 - 00000000 ____D C:\windows\A3W_DATA
2015-11-01 07:26 - 2015-11-01 07:26 - 00000000 __RSH C:\MSDOS.SYS
2015-11-01 07:26 - 2015-11-01 07:26 - 00000000 __RSH C:\IO.SYS

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-23 18:11 - 2015-02-08 20:18 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-23 18:09 - 2011-02-11 14:54 - 00003284 _____ C:\Users\Janelle\AppData\Roaming\ANIWZCS{149CC6EF-9337-4A3F-BD77-26F34B0C8474}
2015-11-23 18:08 - 2015-02-08 20:18 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-23 11:39 - 2011-02-11 14:47 - 00000008 _____ C:\windows\system32\ANIWZCSUSERNAME{149CC6EF-9337-4A3F-BD77-26F34B0C8474}
2015-11-23 09:05 - 2010-01-29 15:21 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-11-23 09:04 - 2011-01-18 12:28 - 00000000 ____D C:\Users\Janelle\AppData\Local\Newsoft
2015-11-23 08:52 - 2009-07-14 15:34 - 00023392 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-23 08:52 - 2009-07-14 15:34 - 00023392 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-23 08:43 - 2015-03-31 11:23 - 25666002 _____ C:\windows\system32\debug.log
2015-11-23 08:43 - 2014-12-16 09:54 - 00007726 _____ C:\windows\setupact.log
2015-11-23 08:43 - 2012-08-13 16:27 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-23 08:43 - 2011-07-13 12:31 - 01173504 ___SH C:\Users\Janelle\Desktop\Thumbs.db
2015-11-23 08:43 - 2011-01-24 13:48 - 00000374 _____ C:\windows\system32\Drivers\etc\hosts.ics
2015-11-23 08:43 - 2010-02-19 00:40 - 00000000 ____D C:\Users\Janelle\Tracing
2015-11-23 08:43 - 2009-07-14 15:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-23 08:30 - 2011-02-11 14:54 - 00003284 _____ C:\windows\system32\ANIWZCS{149CC6EF-9337-4A3F-BD77-26F34B0C8474}
2015-11-23 08:28 - 2014-12-16 09:54 - 00014994 _____ C:\windows\PFRO.log
2015-11-23 08:15 - 2010-02-13 22:47 - 00000000 ____D C:\ProgramData\TEMP
2015-11-22 19:04 - 2010-02-13 22:42 - 00000000 ____D C:\windows\Minidump
2015-11-22 19:04 - 2010-02-05 19:47 - 00000000 ____D C:\Users\Janelle
2015-11-22 19:03 - 2015-01-07 10:58 - 280755306 _____ C:\windows\MEMORY.DMP
2015-11-22 10:13 - 2014-12-19 10:57 - 00000000 ____D C:\Users\Janelle\AppData\Local\CrashDumps
2015-11-21 10:06 - 2014-12-16 09:46 - 00000000 ____D C:\AdwCleaner
2015-11-21 09:36 - 2009-11-03 14:39 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-21 09:24 - 2011-01-11 20:43 - 00000000 ____D C:\Users\Janelle\AppData\LocalLow\Temp
2015-11-21 09:18 - 2012-03-27 22:17 - 00000000 ____D C:\Program Files\Java
2015-11-21 09:16 - 2015-03-04 18:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-11-18 21:31 - 2015-04-03 12:57 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-11-18 18:44 - 2015-01-07 10:59 - 00286964 _____ C:\windows\system32\CFG1858543190
2015-11-15 18:01 - 2010-01-29 15:21 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2015-11-15 16:01 - 2010-04-02 00:51 - 00000000 ____D C:\Program Files\Warcraft II BNE
2015-11-11 14:06 - 2010-02-19 00:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-11-11 14:04 - 2012-04-30 22:07 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-11-11 12:54 - 2014-12-16 09:59 - 00000000 ____D C:\ProgramData\MFAData
2015-11-09 17:18 - 2014-12-16 21:56 - 00013856 _____ C:\windows\WindowsUpdate.log
2015-11-09 17:17 - 2010-06-05 06:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-11-01 08:54 - 2013-05-01 16:48 - 00000086 _____ C:\windows\CIV.INI

==================== Files in the root of some directories =======

2011-02-11 14:58 - 2015-02-07 15:50 - 0000280 _____ () C:\Users\Janelle\AppData\Roaming\ANICONFIG_{149CC6EF-9337-4A3F-BD77-26F34B0C8474}.ini
2011-02-11 14:54 - 2015-11-23 18:09 - 0003284 _____ () C:\Users\Janelle\AppData\Roaming\ANIWZCS{149CC6EF-9337-4A3F-BD77-26F34B0C8474}
2011-06-18 03:37 - 2012-10-22 15:32 - 0005120 _____ () C:\Users\Janelle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-03 18:32 - 2015-01-04 09:02 - 0007601 _____ () C:\Users\Janelle\AppData\Local\Resmon.ResmonCfg
2011-05-20 17:38 - 2011-05-20 17:38 - 0000000 _____ () C:\Users\Janelle\AppData\Local\{B7EE91D5-832C-49BF-B429-AF4120102726}
2011-04-09 01:28 - 2011-04-09 01:28 - 0000059 _____ () C:\ProgramData\user.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2015-11-21 13:00

==================== End of FRST.txt ============================