Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes Issue plus a bunch of other things going on


  • Please log in to reply
13 replies to this topic

#1 breathe27

breathe27

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:32 PM

Posted 23 November 2015 - 05:52 PM

I have these websites listed on my exclusions list and I cannot delete them. Any sugestions on what to do to get rid of them? Reinstalling malwarebytes did not work. You can see a screenshot of the names of the websites in the attachment.

 

It also became apparent to me that something was redirecting my internet traffic to another IP address. I am using ZoneAlarm and everytime I run any kind of program, it always wants to connect to C:/Windows/Explorer.EXE. I ran avast and that was trying to connect to it too. But it was denied by ZoneAlarm and it still completed the task, it just didn't connect to Explorer.EXE. I really suspect something is running in the background. Back a couple of months ago, I was using Audacity, the recording program, and I downloaded a bunch of plugins. Turns out the plugins were loaded with malware. As soon as I installed some of them, my normally quiet computer fan, began to run non stop and my computer was badly overheating. I ran Malwarebytes, Spy Search and Destroy and a bunch of other programs at that time, but none of them worked.

 

So the overheating is not caused by anything but some kind of malware running in the background. (I also cleaned the vents)

 

So, any idea what might be happening here?

Attached Files



BC AdBot (Login to Remove)

 


#2 breathe27

breathe27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:32 PM

Posted 23 November 2015 - 08:53 PM

Here is the frst log followed by the additional log file text.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:22-11-2015
Ran by Anon4902 (administrator) on DV7-7073CA (23-11-2015 10:56:27)
Running from C:\Users\Anon4902\Desktop
Loaded Profiles: Anon4902 (Available Profiles: UpdatusUser & Anon4902 & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Program Files\Cyberfox\Cyberfox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Users\Anon4902\AppData\Local\Google\Update\GoogleUpdate.exe
(Flux Software LLC) C:\Users\Anon4902\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(8pecxstudios) C:\Program Files\Cyberfox\Cyberfox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2015-01-04] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134792 2015-11-07] (Check Point Software Technologies Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2377681282-867560761-243087652-1001\...\Run: [Google Update] => C:\Users\Anon4902\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-06-15] (Google Inc.)
HKU\S-1-5-21-2377681282-867560761-243087652-1001\...\Run: [f.lux] => C:\Users\Anon4902\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2377681282-867560761-243087652-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-08-28] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Internet Explorer:
==================
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2377681282-867560761-243087652-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON/4
HKU\S-1-5-21-2377681282-867560761-243087652-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {25DFA50D-C3CE-4A6B-B6FB-CEB0871CA0E2} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-111074-26712-11/4?satitle={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-111074-26712-11/4?satitle={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2377681282-867560761-243087652-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-111074-26712-11/4?satitle={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183
FF DefaultSearchEngine: Ixquick HTTPS
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-06-07] ( HP)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-05-14] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2377681282-867560761-243087652-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Anon4902\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2377681282-867560761-243087652-1001: @talk.google.com/O1DPlugin -> C:\Users\Anon4902\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2377681282-867560761-243087652-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Anon4902\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2377681282-867560761-243087652-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Anon4902\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-08-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-08-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-08-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-08-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-08-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Anon4902\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Anon4902\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\ixquick-https.xml [2015-11-12]
FF SearchPlugin: C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\privatelee-https.xml [2015-11-12]
FF SearchPlugin: C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\startpage-ssl.xml [2015-11-12]
FF Extension: Twitter Disconnect - C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\extensions\twitter@disconnect.me.xpi [2015-09-06]
FF Extension: Google Disconnect - C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\extensions\google@disconnect.me.xpi [2015-09-06]
FF Extension: Facebook Disconnect - C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\extensions\facebook@disconnect.me.xpi [2015-09-06]
FF Extension: Disconnect - C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\extensions\2.0@disconnect.me.xpi [2015-09-06]
FF Extension: Memory Restart - C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\extensions\memoryrestart@teamextension.com.xpi [2015-11-12]
FF Extension: No Name - C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\Extensions\fbp@fbpurity.com.xpi [2015-11-19] [not signed]
FF Extension: Facebook™ Disconnect - C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\Extensions\jid0-dBgF7UkIiOsWqvBng4hYu@jetpack.xpi [2015-09-06]
FF Extension: Pop-up Controller - C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\Extensions\jid1-MIAJd5BiK7V4Pw@jetpack.xpi [2015-09-11]
FF Extension: Google translate https - C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\Extensions\jid1-vhLR6vkMUx9csw@jetpack.xpi [2015-09-20]
FF Extension: YouTube™ AdBlock - C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\Extensions\jid1-w4wG5nJhx4LJZr@jetpack.xpi [2015-08-05]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-11-10] [not signed]

Chrome:
=======
CHR StartupUrls: Profile 3 -> "chrome://chrome-signin/?source=0","hxxps://www.youtube.com/watch?v=H_ustCy4Ks8","hxxps://www.google.ca/search?q=anonymous&oq=anonymous&ie=UTF-8&aqs=chrome..69i57j0l5.4169j0j7&sourceid=chrome-instant&ion=1&espv=2&biw=1600&bih=760&dpr=1&cad=cbv&sei=39_YVcG3OcPXoASd8oLoBg","hxxps://www.youtube.com/user/AnonymousWorldvoce","hxxps://www.facebook.com/settings?tab=security&section=login_alerts&view","hxxps://accounts.google.com/ServiceLogin?sacu=1&scc=1&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&hl=en&service=mail#identifier","hxxps://anoninsiders.net/how-to-join-anonymous-1527/","hxxps://www.google.ca/search?q=torrentfreaks+vpn+anonymity&oq=torrentfreaks+vpn+anonymity&aqs=chrome..69i57&sourceid=chrome&es_sm=93&ie=UTF-8","hxxps://we.riseup.net/","hxxps://whyweprotest.net/","hxxps://www.google.ca/search?num=100&newwindow=1&espv=2&q=cybrary+it+reviews&search_plus_one=form&oq=ciberary+it&gs_l=serp.1.1.0i13l4.6352.7136.0.9382.3.3.0.0.0.0.82.232.3.3.0....0...1c.1.64.serp..2.1.82.CUmq1drTj2I","hxxps://www.cybrary.it/wp-login.php?redirect_to=https%3A%2F%2Fwww.cybrary.it%2Fabout%2F","hxxps://www.google.ca/search?num=100&newwindow=1&espv=2&q=best+way+to+install+kali+linux+on+windows+7&search_plus_one=form&oq=best+way+to+install+kali+linux+on+windows+7&gs_l=serp.12...10156.16350.0.17980.21.17.4.0.0.0.108.1361.15j2.17.0....0...1c.1.64.serp..9.12.692.Re1Nz0xzibU","hxxp://docs.kali.org/installation/dual-boot-kali-with-windows","hxxp://docs.kali.org/downloading/kali-linux-live-usb-install","hxxp://bazaar.launchpad.net/~image-writer-devs/win32-image-writer/master/files","hxxp://docs.kali.org/introduction/download-official-kali-linux-images","hxxps://www.kali.org/downloads/","hxxps://www.google.ca/search?num=100&newwindow=1&espv=2&q=instructions+for+installing+kali+linux&search_plus_one=form&oq=instructions+for+installing+kali+linux&gs_l=serp.3..0i22i30.24217.32625.0.33028.42.30.2.10.10.0.163.2492.24j4.28.0....0...1c.1.64.serp..5.37.2270.XPbABk_yLC4","hxxp://docs.kali.org/installation/dual-boot-kali-with-windows","hxxp://tools.kali.org/tools-listing","hxxps://www.cybrary.it/"
CHR Profile: C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-02]
CHR Extension: (Google Docs) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-02]
CHR Extension: (Google Drive) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-02]
CHR Extension: (YouTube) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-02]
CHR Extension: (Google Search) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-02]
CHR Extension: (Google Sheets) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-02]
CHR Extension: (Disconnect Search) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2015-08-02]
CHR Extension: (Disconnect) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-08-02]
CHR Extension: (Website Logon) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2015-08-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-02]
CHR Extension: (UglyEmail) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldgiafaliifpknmgofiifianlnbgflgj [2015-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-02]
CHR Extension: (Gmail) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-02]
CHR Profile: C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-02]
CHR Extension: (Google Docs) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-02]
CHR Extension: (Google Drive) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-02]
CHR Extension: (YouTube) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-02]
CHR Extension: (Google Search) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-02]
CHR Extension: (Google Sheets) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-02]
CHR Extension: (Disconnect Search) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2015-08-02]
CHR Extension: (Website Logon) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2015-08-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-02]
CHR Extension: (Gmail) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-02]
CHR Profile: C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-22]
CHR Extension: (Google Docs) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-22]
CHR Extension: (Google Drive) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-22]
CHR Extension: (YouTube) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-22]
CHR Extension: (Google Search) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-22]
CHR Extension: (Google Sheets) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-22]
CHR Extension: (Disconnect Search) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2015-08-22]
CHR Extension: (Disconnect) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-08-22]
CHR Extension: (Website Logon) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2015-08-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-22]
CHR Extension: (Gmail) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-22]
CHR HKLM-x32\...\Chrome\Extension: [hmobfennjmjnkdbklhcnnfbhfibedgkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeoacafpbcihiomhlakheieifhpjdfeo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-15] (Adobe Systems Incorporated)
S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S3 Disconnect Desktop Updater; C:\Users\Anon4902\AppData\Roaming\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe [358400 2015-07-23] (Disconnect)
S3 disconnect-openvpn; C:\Users\Anon4902\AppData\Roaming\Disconnect\Disconnect Desktop\nssm.exe [338944 2014-08-31] ()
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-28] (Ulead Systems, Inc.) [File not signed]
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3722912 2015-11-07] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1424184 2015-07-31] (Motorola Solutions, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 hswpan; C:\Windows\system32\drivers\hswpan.sys [108288 2011-12-07] (Ozmo Inc)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-07-31] (REALiX™)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2015-07-31] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0078.sys [28640 2015-02-02] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11532704 2015-07-31] (Intel Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [294104 2015-07-31] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [20016 2011-10-13] (Synaptics Incorporated)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2012-02-27] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2012-02-27] (Microsoft Corporation) [File not signed]
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-08-13] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [146072 2015-08-13] (Oracle Corporation)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [462304 2015-11-07] (Check Point Software Technologies Ltd.)
S3 ZMHHPAudioSrv; C:\Windows\System32\drivers\zmhhpau.sys [45056 2013-06-19] (ZOOM)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-23 10:56 - 2015-11-23 10:56 - 00031316 _____ C:\Users\Anon4902\Desktop\FRST.txt
2015-11-23 01:06 - 2015-11-23 01:08 - 169567064 _____ C:\Users\Anon4902\Desktop\EmsisoftEmergencyKit.exe
2015-11-23 00:49 - 2015-11-23 00:49 - 02346496 _____ (Farbar) C:\Users\Anon4902\Desktop\FRST64.exe
2015-11-22 23:28 - 2015-11-22 23:28 - 00781312 _____ C:\Users\Anon4902\Downloads\delfix_1.011.exe
2015-11-22 23:27 - 2015-11-22 23:27 - 05198336 _____ (AVAST Software) C:\Users\Anon4902\Downloads\aswMBR.exe
2015-11-22 23:21 - 2015-11-22 23:21 - 00957952 _____ (Farbar) C:\Users\Anon4902\Downloads\ListParts64(1).exe
2015-11-22 23:20 - 2015-11-22 23:20 - 00957952 _____ (Farbar) C:\Users\Anon4902\Downloads\ListParts64.exe
2015-11-22 23:19 - 2015-11-22 23:19 - 02346496 _____ (Farbar) C:\Users\Anon4902\Downloads\FRST64.exe
2015-11-22 23:18 - 2015-11-22 23:18 - 01717248 _____ (Farbar) C:\Users\Anon4902\Downloads\FRST.exe
2015-11-22 23:16 - 2015-11-22 23:16 - 02870984 _____ (ESET) C:\Users\Anon4902\Downloads\esetsmartinstaller_enu.exe
2015-11-22 23:16 - 2015-11-22 23:16 - 00000000 ____D C:\Program Files (x86)\ESET
2015-11-22 22:32 - 2015-11-22 23:05 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-22 22:32 - 2015-11-22 22:32 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-11-22 22:31 - 2015-11-22 22:31 - 00000848 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2015-11-22 22:31 - 2015-11-22 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-11-22 22:31 - 2015-11-22 22:31 - 00000000 ____D C:\Program Files\RogueKiller
2015-11-22 22:28 - 2015-11-22 22:30 - 28423304 _____ (Adlice Software ) C:\Users\Anon4902\Downloads\setup.exe
2015-11-22 22:14 - 2015-11-22 22:14 - 01472131 _____ C:\Users\Anon4902\Downloads\vba32arkit.zip
2015-11-22 22:13 - 2015-11-22 22:14 - 04397752 _____ (Kaspersky Lab ZAO) C:\Users\Anon4902\Downloads\tdsskiller(1).exe
2015-11-20 16:33 - 2015-11-20 16:35 - 00430818 _____ C:\Windows\system32\Drivers\vsconfig.xml
2015-11-20 16:33 - 2015-11-20 16:33 - 00000762 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2015-11-20 16:33 - 2015-11-20 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-11-20 16:31 - 2015-11-20 16:33 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2015-11-20 16:28 - 2015-11-20 16:28 - 00000000 ____D C:\ProgramData\CheckPoint
2015-11-20 16:26 - 2015-11-20 16:26 - 00117312 _____ (Gibson Research Corp.) C:\Users\Anon4902\Downloads\securable.exe
2015-11-17 20:29 - 2015-11-17 20:29 - 09262716 _____ C:\Users\Anon4902\Desktop\nov 17 capture.pcapng
2015-11-15 01:00 - 2015-11-22 01:13 - 00001466 _____ C:\Windows\setupact.log
2015-11-15 01:00 - 2015-11-15 01:00 - 00000000 _____ C:\Windows\setuperr.log
2015-11-12 18:16 - 2015-11-12 18:16 - 00001853 _____ C:\Users\Public\Desktop\Hydrogen.lnk
2015-11-12 18:16 - 2015-11-12 18:16 - 00000000 ____D C:\Users\Anon4902\.hydrogen
2015-11-12 18:15 - 2015-11-12 18:15 - 00000000 ____D C:\Program Files (x86)\Hydrogen
2015-11-12 16:24 - 2015-11-12 16:24 - 00000000 ____D C:\Users\Anon4902\AppData\Local\niemiro
2015-11-12 16:03 - 2015-08-10 13:22 - 00408541 _____ C:\Users\Anon4902\Documents\ireb-r7.zip
2015-11-12 16:01 - 2015-09-18 01:13 - 44228656 _____ C:\Users\Anon4902\Documents\communication-and-presentation.zip
2015-11-12 15:45 - 2015-11-12 16:18 - 00000856 _____ C:\Users\Public\Desktop\Cyberfox.lnk
2015-11-12 15:45 - 2015-11-12 15:45 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cyberfox
2015-11-12 15:45 - 2015-11-12 15:45 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\8pecxstudios
2015-11-12 15:45 - 2015-11-12 15:45 - 00000000 ____D C:\Users\Anon4902\AppData\Local\8pecxstudios
2015-11-12 15:45 - 2015-11-12 15:45 - 00000000 ____D C:\Program Files\Cyberfox
2015-11-10 17:02 - 2015-11-12 03:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-09 21:41 - 2015-11-09 21:41 - 00000000 ____D C:\Users\Public\Documents\HostsMan Backups
2015-11-09 21:41 - 2015-11-09 21:41 - 00000000 ____D C:\ProgramData\abelhadigital.com
2015-11-09 21:28 - 2015-11-12 16:13 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\MPC-HC
2015-11-07 02:36 - 2015-11-07 02:36 - 00462304 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys
2015-11-02 20:06 - 2015-11-02 20:06 - 00000000 ____D C:\Users\Anon4902\Documents\Avatar
2015-10-31 00:41 - 2015-11-15 20:16 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\foobar2000
2015-10-31 00:41 - 2015-10-31 00:41 - 00001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2015-10-31 00:41 - 2015-10-31 00:41 - 00000991 _____ C:\Users\Public\Desktop\foobar2000.lnk
2015-10-31 00:41 - 2015-10-31 00:41 - 00000000 ____D C:\Program Files (x86)\foobar2000
2015-10-25 22:38 - 2015-10-25 22:38 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-10-25 22:38 - 2015-10-25 22:38 - 00000000 ____D C:\Users\Anon4902\AppData\Local\FluxSoftware

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-23 10:56 - 2015-07-17 22:01 - 00000000 ____D C:\FRST
2015-11-23 10:55 - 2015-01-04 00:46 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-11-23 10:25 - 2012-02-27 18:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-23 03:20 - 2015-01-03 12:32 - 01082424 _____ C:\Windows\WindowsUpdate.log
2015-11-23 00:42 - 2015-10-01 00:25 - 00002914 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Anon4902
2015-11-22 22:53 - 2015-06-25 10:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-11-22 02:00 - 2015-01-04 00:39 - 00000000 ____D C:\Users\Anon4902\AppData\Local\Adobe
2015-11-22 01:22 - 2009-07-13 22:45 - 00031472 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-22 01:22 - 2009-07-13 22:45 - 00031472 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-22 01:14 - 2015-01-04 00:34 - 00000000 ____D C:\Users\Anon4902\AppData\LocalLow\AuthenTec
2015-11-22 01:13 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-21 14:23 - 2009-07-13 23:13 - 00740242 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-21 02:51 - 2015-10-14 14:10 - 00002086 ____H C:\Users\Anon4902\.swfinfo
2015-11-20 17:54 - 2015-01-11 05:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-11-20 17:54 - 2015-01-11 05:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-20 16:36 - 2015-07-31 01:33 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-20 16:00 - 2015-07-12 10:55 - 00000000 ____D C:\Users\Anon4902\Desktop\backups
2015-11-18 18:09 - 2015-02-02 23:37 - 00001964 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2015-11-18 05:48 - 2015-10-01 00:25 - 00000000 ____D C:\ProgramData\ProductData
2015-11-15 21:13 - 2015-01-04 01:42 - 00000000 ____D C:\Users\Anon4902\AppData\Local\CrashDumps
2015-11-15 20:54 - 2015-01-16 21:00 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\Skype
2015-11-15 20:51 - 2015-08-09 00:58 - 00000000 ____D C:\temp
2015-11-15 20:46 - 2015-01-04 19:09 - 00000000 ____D C:\Users\Anon4902\Documents\Youcam
2015-11-12 18:44 - 2015-01-04 00:38 - 00000000 ____D C:\Users\Anon4902\AppData\Local\VirtualStore
2015-11-12 18:16 - 2015-07-11 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2015-11-12 18:16 - 2015-01-04 00:34 - 00000000 ____D C:\Users\Anon4902
2015-11-12 16:18 - 2015-07-29 20:05 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-12 16:12 - 2015-07-29 20:07 - 00000000 ____D C:\Users\Anon4902\Documents\CCleaner Reg Backups
2015-11-12 15:52 - 2015-01-11 00:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-12 14:58 - 2015-03-09 11:19 - 00007608 _____ C:\Users\Anon4902\AppData\Local\Resmon.ResmonCfg
2015-11-12 12:50 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2015-11-11 02:42 - 2015-01-11 03:45 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\Audacity
2015-11-11 00:41 - 2015-01-11 03:44 - 00000000 ____D C:\Program Files (x86)\Audacity
2015-11-10 18:25 - 2012-02-27 18:59 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 18:25 - 2012-02-27 18:59 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-10 18:25 - 2012-02-27 18:59 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 16:36 - 2015-09-19 08:13 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\ProductData
2015-11-10 16:36 - 2015-07-05 20:54 - 00000000 ____D C:\Users\Guest
2015-11-10 16:36 - 2015-02-09 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-11-10 16:36 - 2015-02-09 20:58 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2015-11-03 23:31 - 2015-01-08 23:28 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\vlc
2015-11-02 19:54 - 2012-02-27 19:09 - 00000000 ____D C:\ProgramData\Skype
2015-11-02 01:30 - 2015-08-21 19:36 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\Wireshark
2015-11-02 00:42 - 2015-08-23 19:14 - 00000000 ____D C:\Users\Anon4902\.VirtualBox
2015-11-01 18:03 - 2015-04-18 01:57 - 00000000 ____D C:\Users\Anon4902\Desktop\Tor Browser
2015-11-01 17:33 - 2015-07-19 02:13 - 00000000 ____D C:\Program Files\Java
2015-11-01 17:30 - 2015-06-09 14:01 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-31 21:58 - 2015-06-09 14:22 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-31 21:57 - 2015-05-19 10:04 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-31 02:07 - 2012-05-22 22:05 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-31 02:01 - 2015-08-28 06:32 - 00000000 ____D C:\Users\Anon4902\.oracle_jre_usage
2015-10-31 01:59 - 2015-02-12 21:42 - 00000000 ____D C:\ProgramData\Oracle
2015-10-27 18:28 - 2015-10-21 16:28 - 00000000 ___HD C:\_acestream_cache_
2015-10-27 16:51 - 2015-10-22 21:20 - 00001609 _____ C:\Users\Public\Desktop\Wireshark.lnk
2015-10-27 16:47 - 2015-08-13 16:03 - 00002577 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2015-10-27 16:45 - 2015-06-15 11:25 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2377681282-867560761-243087652-1001UA.job
2015-10-27 16:45 - 2015-06-15 11:25 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2377681282-867560761-243087652-1001Core.job
2015-10-27 16:41 - 2015-07-29 20:05 - 00000000 ____D C:\Program Files\CCleaner
2015-10-25 18:20 - 2015-06-15 11:25 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2377681282-867560761-243087652-1001UA
2015-10-25 18:20 - 2015-06-15 11:25 - 00003512 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2377681282-867560761-243087652-1001Core
2015-10-25 17:54 - 2015-04-16 07:27 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-25 17:54 - 2015-04-16 07:27 - 00000000 ____D C:\Windows\system32\appraiser

==================== Files in the root of some directories =======

2015-04-26 09:09 - 2015-04-26 09:09 - 0003584 _____ () C:\Users\Anon4902\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-09 11:19 - 2015-11-12 14:58 - 0007608 _____ () C:\Users\Anon4902\AppData\Local\Resmon.ResmonCfg
2015-02-02 23:22 - 2015-02-02 23:22 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Anon4902\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Anon4902\AppData\Local\Temp\HPPSdr.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-20 00:25

==================== End of FRST.txt ============================

 

 

 

Additional:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:22-11-2015
Ran by Anon4902 (2015-11-23 10:57:20)
Running from C:\Users\Anon4902\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-01-04 06:34:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2377681282-867560761-243087652-500 - Administrator - Disabled)
Anon4902 (S-1-5-21-2377681282-867560761-243087652-1001 - Administrator - Enabled) => C:\Users\Anon4902
Guest (S-1-5-21-2377681282-867560761-243087652-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2377681282-867560761-243087652-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-2377681282-867560761-243087652-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version:  - )
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.159 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)
Cyberfox Web Browser (HKLM\...\{5EFB52C0-4EC9-46B4-80EB-8432C6599641}_is1) (Version: 42.0.1.0 - 8pecxstudios)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5822 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disconnect Desktop (HKU\S-1-5-21-2377681282-867560761-243087652-1001\...\Disconnect Desktop 2.0.5) (Version: 2.0.5 - Disconnect)
Disconnect Desktop (x32 Version: 2.0.5 - Disconnect) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.70 - DivX, LLC)
DVC5.1 Driver (HKLM-x32\...\{0DCCE3F4-E888-40E8-8AE5-CF8058F25631}) (Version:  - )
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{768A6276-5822-489C-8A2B-67190F745655}) (Version: 4.1.2 - Hewlett-Packard)
Exact Audio Copy 1.0beta4 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta4 - Andre Wiethoff)
f.lux (HKU\S-1-5-21-2377681282-867560761-243087652-1001\...\Flux) (Version:  - )
FlacSquisher 1.3.5 (HKLM-x32\...\FlacSquisher) (Version: 1.3.5 - FlacSquisher)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
Freemake Video Converter version 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{B288E426-9954-451C-B811-B0F234CF0EDD}) (Version: 1.3.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP SimplePass (HKLM-x32\...\{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}) (Version: 6.0.100.276 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{1DFA0C99-6E2E-46F4-B242-51C7CF41DDE5}) (Version: 4.5.12.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{A772EA32-AE5B-4474-BFC0-4C69C04AFF6A}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
H-Series_ASIO64 (HKLM\...\{5ACDFB68-D994-48E0-A579-2AFA6B851710}) (Version: 2.0.0.3 - ZOOM)
Hydrogen 0.9.6 preview release for windows (HKLM-x32\...\{B24839E5-A70C-48AD-B4D9-B9FB46B4B038}_is1) (Version:  - hydrogen-music.org)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2626 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Music device driver (HKLM\...\{4169B8AC-D144-4E38-A9CA-637EA44129ED}) (Version: 1.5.5310.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.122 - IObit)
iSkysoft DVD Creator(Build 3.1.0) (HKLM-x32\...\iSkysoft DVD Creator_is1) (Version:  - Wondershare Software)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
iZotope Vinyl (HKLM-x32\...\iZotope Vinyl_is1) (Version: 1.61 - iZotope, Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.9.8 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.8 - )
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
NirSoft WirelessNetView (HKLM-x32\...\NirSoft WirelessNetView) (Version:  - )
NVIDIA Graphics Driver 306.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.14 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
OpenVPN 2.3.6-I603  (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I603 - )
Oracle VM VirtualBox 5.0.2 (HKLM\...\{6CB00039-29CC-42A1-8ED2-820821DA2B8A}) (Version: 5.0.2 - Oracle Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
RegAlyzer (HKLM-x32\...\{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1) (Version: 1.6.2.16 - Safer-Networking Ltd.)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
Samsung DVC Media 5.1 (HKLM-x32\...\{158BC6C5-5950-4FDD-BE33-0294668923F2}) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
SMI Grabber Device (HKLM-x32\...\{B03B98E3-2795-48F6-BA33-793BBF5DF685}) (Version: 1.0.0.29 - Somagic)
Spotify (HKU\S-1-5-21-2377681282-867560761-243087652-1001\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
StudioTax 2013 (HKLM-x32\...\{B5747C27-92C0-4419-944B-D52772B29DB8}) (Version: 9.1.11.1 - BHOK IT Consulting)
StudioTax 2014 (HKLM-x32\...\{3C685D9F-F531-4D8C-926D-17F2F06B78EF}) (Version: 10.0.5.2 - BHOK IT Consulting)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
Ulead VideoStudio SE DVD (HKLM-x32\...\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}) (Version: 10.0 - Ulead Systems)
Validity WBF DDK (HKLM\...\{DA83578A-7DB2-4CF6-9453-CF24C7917AB8}) (Version: 4.3.301.0 - Validity Sensors, Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.12.8 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.8 - The Wireshark developer community, hxxp://www.wireshark.org)
ZoneAlarm Firewall (x32 Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 14.1.011.000 - Check Point)
ZoneAlarm Security (x32 Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2377681282-867560761-243087652-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Anon4902\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2377681282-867560761-243087652-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Anon4902\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

12-11-2015 15:25:42 Windows Modules Installer
14-11-2015 16:08:06 Windows Update
18-11-2015 06:03:29 Windows Update
23-11-2015 01:33:49 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-10-27 17:57 - 00000869 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B0D337F-4B17-4C2B-B93C-BCAEF1C98312} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {15B207CC-A979-4275-89B7-812E22074904} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {17BF206F-4E82-4B4E-A506-3B9B84F9602E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {1ACC71FE-D244-432B-9668-5196F104F867} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)
Task: {2139959D-FA7A-44AA-B106-31DB5EFDC037} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-11-04] (HP Inc.)
Task: {409A1212-6213-4B73-A763-8E6D59BF4856} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {41A0C337-C469-4978-8E12-E06E369E8ABC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {44A9B4EA-35BB-4045-9CA4-D29B1F22444A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4556EABE-04B8-4ADE-8296-3DD8DCF9ADE8} - System32\Tasks\Disconnect Desktop Updater => C:\Users\Anon4902\AppData\Roaming\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe [2015-07-23] (Disconnect)
Task: {48529DD9-153B-418A-8EF2-C222206834C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {48542136-6DA1-46BC-9365-C1F8556E4D8D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2013-11-04] (Hewlett-Packard Company)
Task: {71074874-90D4-4FB3-A0D9-D25D39A277E4} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-01-13] ()
Task: {71F26F98-1C71-4831-A78E-EF1AFF011B60} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {72366DBE-A850-43E7-92B2-DA2DB7AA53D3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2377681282-867560761-243087652-1001Core => C:\Users\Anon4902\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-15] (Google Inc.)
Task: {82D0DC50-91E4-4229-99C3-769C6C9FA8F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B5E7B7EC-1BEA-425C-9FF6-5ADEA4B444A2} - System32\Tasks\Uninstaller_SkipUac_Anon4902 => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-07-15] (IObit)
Task: {BB1096E6-C748-464A-8E44-F1E42AA8ED3E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {C66588A8-1D41-4EC3-A332-9E2BCB370D65} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {C708C5CD-7406-4D61-A15B-88B483099338} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-25] (CyberLink)
Task: {CAF66B1E-1C04-4571-80F6-8F8B44BF232C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2377681282-867560761-243087652-1001UA => C:\Users\Anon4902\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-15] (Google Inc.)
Task: {D7389EB4-F5A4-4CD5-A9C0-91DA876CBCD4} - System32\Tasks\AdobeAAMUpdater-1.0-DV7-7073CA-Anon4902 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-22] (Adobe Systems Incorporated)
Task: {F450D734-755D-4FC4-B0FF-146C2667B6C3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2377681282-867560761-243087652-1001Core.job => C:\Users\Anon4902\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2377681282-867560761-243087652-1001UA.job => C:\Users\Anon4902\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-05-22 22:05 - 2012-08-28 01:50 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-05-22 22:03 - 2011-12-16 14:37 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-05-22 22:03 - 2012-01-18 17:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-07 05:16 - 2013-06-07 05:16 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2015-06-25 10:23 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-25 10:23 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-25 10:23 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-25 10:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-25 10:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-01-04 10:53 - 2015-01-04 10:53 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2012-05-22 22:08 - 2011-11-29 22:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-05-22 22:03 - 2011-12-16 12:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\26332563.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\26332563.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2377681282-867560761-243087652-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Anon4902\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 65.87.230.4 - 65.87.230.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: BLEServicesCtrl => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: UVS10 Preload => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{3537EBA0-8251-4FA0-A9B0-229134605925}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{B841A9B7-9D5F-4D08-B5EE-B3A5B6F67941}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{DBAC22A8-E426-43F2-B9DB-7F5C94344461}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{54445CE4-64F3-4D58-A757-73D1F9FACBD5}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [{548904A6-53C8-42DC-8586-81A198A885A2}] => (Allow) C:\Users\Anon4902\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [TCP Query User{20DFD6BA-0E78-451F-B655-E23BAA31A83A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{E3379B5C-BD4B-4671-A558-A18BB4FDD32B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A5907277-9205-4F19-B651-5511F620FC64}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{F9FB339E-88EB-4037-92E5-AAF06F0970B1}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{9351B284-00BB-46B8-AEB4-F23855404C80}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{74A2CE9E-01F1-48B0-A8C9-C11C174EA6E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D794A004-F1A4-46A0-A769-241CC88AF3C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{66A1994A-CF8E-4424-88F5-3979816B9671}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7AE400D0-57ED-4929-839F-3E16F4173158}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2F225B24-A353-47B1-9F60-92233B0718A8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{28A2760E-9CEC-49FC-913C-8E753F1B7D72}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6EECC4FE-1F1A-4569-8EAC-61F726194866}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B8952146-625E-4205-A5C4-949899E2005A}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{B61453B8-2D16-4787-A16A-F5E87CB86FE9}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{5A509A6B-63D8-4A6E-9570-57456617CB02}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6602A43F-DE19-493F-8A63-3C6EA379C90D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5DC97278-D27D-48F6-9CAA-27A230DE4655}] => (Allow) C:\Users\Anon4902\AppData\Local\Temp\7zS2A10\HPDiagnosticCoreUI.exe
FirewallRules: [{9D9EBDF6-28F0-447D-BAB3-72A4FCF01DD3}] => (Allow) C:\Users\Anon4902\AppData\Local\Temp\7zS2A10\HPDiagnosticCoreUI.exe
FirewallRules: [{0B4D5E40-A405-434A-A262-A34D271EE856}] => (Allow) C:\Users\Anon4902\AppData\Local\Temp\7zS2AF8\HPDiagnosticCoreUI.exe
FirewallRules: [{58001707-C31C-4A8D-886E-7F7EB19C3157}] => (Allow) C:\Users\Anon4902\AppData\Local\Temp\7zS2AF8\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{B7659CE8-89B6-4AA2-BD0F-8E75D04432AE}C:\users\anon4902\appdata\local\temp\7zs2af8\hpdiagnosticcoreui.exe] => (Allow) C:\users\anon4902\appdata\local\temp\7zs2af8\hpdiagnosticcoreui.exe
FirewallRules: [UDP Query User{C6769A1B-4FBC-4D81-9AA1-100FCB429D3A}C:\users\anon4902\appdata\local\temp\7zs2af8\hpdiagnosticcoreui.exe] => (Allow) C:\users\anon4902\appdata\local\temp\7zs2af8\hpdiagnosticcoreui.exe
FirewallRules: [{FB9036AF-FB38-468C-A898-73903957F29E}] => (Allow) C:\Users\Anon4902\AppData\Local\Temp\7zS2FDB\HPDiagnosticCoreUI.exe
FirewallRules: [{AE942549-279C-4C41-88B4-6BB22452D84F}] => (Allow) C:\Users\Anon4902\AppData\Local\Temp\7zS2FDB\HPDiagnosticCoreUI.exe
FirewallRules: [{933167F8-E85B-4D61-B1D4-93E151596D2B}] => (Allow) C:\Users\Anon4902\AppData\Local\Temp\7zS2FDB\HPDiagnosticCoreUI.exe
FirewallRules: [{7195D5B8-4006-4889-89F5-872C6E790D3B}] => (Allow) C:\Users\Anon4902\AppData\Local\Temp\7zS2FDB\HPDiagnosticCoreUI.exe
FirewallRules: [{1C0BFF8B-6EF2-40D7-9EB3-4BDB2713960E}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{7DC33156-CB47-4F33-894D-58CEE772FD10}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{AEA252AA-B47B-446C-A485-2A4C7C1B4065}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{809AA5E5-0119-4B10-868B-50909AAA3473}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Validity Sensors (WBF) (PID=0018)
Description: Validity Sensors (WBF) (PID=0018)
Class Guid: {24619924-aa9e-486f-99f9-847a5986b6be}
Manufacturer: Validity Sensors, Inc.
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================


Error: (11/22/2015 11:16:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/22/2015 11:16:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Report Id: 7008e7fe-9102-11e5-b76f-00ac11ffda59

Error: (11/22/2015 01:13:54 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.

Error: (11/22/2015 01:13:47 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (11/22/2015 01:13:47 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Report Id: 41144df1-90e8-11e5-a1a0-00ac11ffda59

Error: (11/21/2015 01:30:07 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.

Error: (11/21/2015 01:30:04 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog


System errors:
=============
Error: (11/23/2015 10:48:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/23/2015 10:48:37 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Anon4902\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/23/2015 10:48:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/23/2015 10:48:36 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Anon4902\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/23/2015 10:48:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/23/2015 10:48:36 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Anon4902\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/23/2015 10:48:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/23/2015 10:48:36 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Anon4902\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/23/2015 10:48:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/23/2015 10:48:35 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Anon4902\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


CodeIntegrity:
===================================
  Date: 2015-08-03 15:04:16.138
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-03 15:04:16.134
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-03 15:04:15.703
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-03 15:04:15.698
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-03 15:04:13.830
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-03 15:04:13.826
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-03 15:04:13.183
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-03 15:04:13.178
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-07-29 19:11:17.444
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-29 19:11:17.413
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 56%
Total physical RAM: 8091.31 MB
Available physical RAM: 3538.52 MB
Total Virtual: 16180.82 MB
Available Virtual: 12671.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:670.1 GB) (Free:13.14 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:698.63 GB) (Free:3.03 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:28.24 GB) (Free:0.19 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 02B32781)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=670.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=28.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=102 MB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: A7864633)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by breathe27, 23 November 2015 - 09:17 PM.


#3 breathe27

breathe27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:32 PM

Posted 23 November 2015 - 08:55 PM

This is the stuff that was removed by EST online scanner:

 

C:\Program Files (x86)\NirSoft\WirelessNetView\WirelessNetView.exe    a variant of Win32/PSWTool.WirelessNetView.A potentially unsafe application    cleaned by deleting - quarantined
C:\Users\Anon4902\Downloads\CamStudio_Setup_2-7_r316-4677.exe    Win32/WinWrapper.J potentially unwanted application    deleted - quarantined
C:\Users\Anon4902\Downloads\ccsetup508pro.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\Anon4902\Downloads\windows.7.codec.pack.v4.1.3.setup.exe    a variant of Win32/OpenCandy.A potentially unsafe application    deleted - quarantined
D:\JESUS\Backup Set 2013-09-01 190001\Backup Files 2013-09-08 190002\Backup files 17.zip    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    deleted - quarantined
D:\JESUS\Backup Set 2013-09-01 190001\Backup Files 2013-09-08 190002\Backup files 18.zip    JS/Adware.MultiPlug.I application    deleted - quarantined
D:\JESUS\Backup Set 2013-09-01 190001\Backup Files 2013-09-08 190002\Backup files 28.zip    Win32/OpenCandy potentially unsafe application    deleted - quarantined
D:\JESUS\Backup Set 2013-09-01 190001\Backup Files 2013-09-08 190002\Backup files 29.zip    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    deleted - quarantined
D:\JESUS\Backup Set 2013-09-01 190001\Backup Files 2013-09-08 190002\Backup files 34.zip    Win32/OpenCandy potentially unsafe application    deleted - quarantined
D:\JESUS\Backup Set 2013-09-01 190001\Backup Files 2013-09-08 190002\Backup files 4.zip    Win32/OpenCandy potentially unsafe application    deleted - quarantined
D:\JESUS\Backup Set 2013-09-01 190001\Backup Files 2013-09-08 190002\Backup files 5.zip    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
D:\JESUS\Backup Set 2013-09-01 190001\Backup Files 2013-09-22 190001\Backup files 1.zip    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    deleted - quarantined
D:\JESUS\Backup Set 2013-09-01 190001\Backup Files 2013-09-29 190003\Backup files 1.zip    Win32/OpenCandy potentially unsafe application    deleted - quarantined
D:\JESUS\Backup Set 2013-09-01 190001\Backup Files 2013-09-29 190003\Backup files 4.zip    Win32/OpenCandy potentially unsafe application    deleted - quarantined
D:\JESUS\Backup Set 2013-09-01 190001\Backup Files 2014-02-09 190003\Backup files 14.zip    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    deleted - quarantined
D:\JESUS\Backup Set 2013-09-01 190001\Backup Files 2014-02-09 190003\Backup files 5.zip    JS/Adware.MultiPlug.I application    deleted - quarantined
D:\JESUS\Backup Set 2013-09-01 190001\Backup Files 2014-03-09 190001\Backup files 1.zip    Win32/OpenCandy potentially unsafe application    deleted - quarantined
 



#4 breathe27

breathe27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:32 PM

Posted 23 November 2015 - 08:58 PM

Adw Cleaner log:

 

# AdwCleaner v5.022 - Logfile created 23/11/2015 at 13:45:32
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Anon4902 - DV7-7073CA
# Running from : C:\Users\Anon4902\Downloads\01 HACKING TOOLS\FIX\adwcleaner_5.022.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[x] Folder Not Deleted : C:\_acestream_cache_
[x] Folder Not Deleted : C:\ProgramData\SecTaskMan
[x] Folder Not Deleted : C:\Users\Anon4902\AppData\Roaming\.acestream

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[x] [C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\prefs.js] [Preference] Not Deleted : user_pref("browser.search.defaultenginename", "Ixquick hxxpS");
[x] [C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\prefs.js] [Preference] Not Deleted : user_pref("network.hxxp.request.max-start-delay", 0);
[x] [C:\Users\Anon4902\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\4yomj723.default\prefs.js] [Preference] Not Deleted : user_pref("browser.search.hiddenOneOffs", "Google,Yahoo,Bing,Amazon.com,DuckDuckGo (SSL),Ixquick (SSL),Twitter");
[-] [C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1620 bytes] ##########
 



#5 breathe27

breathe27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:32 PM

Posted 23 November 2015 - 09:01 PM

Rkill log file:

 

Rkill 2.8.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/23/2015 02:20:45 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_1be864e21a2d2b97\usbuhci.sys : 30,720 : 07/13/2009 06:06 PM : 81fb2216d3a60d1284455d511797db3d [Pos Repl]
 +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.18328_none_1be17b8a1a31cc37\usbuhci.sys : 30,720 : 11/26/2013 07:41 PM : dd253afc3bc6cba412342de60c3647f3 [Pos Repl]
 +-> C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.22526_none_1c6919a73351367a\usbuhci.sys : 30,720 : 11/26/2013 07:42 PM : 2e682dce4319a90e02a327f8a427544a [Pos Repl]

Checking HOSTS File:


Program finished at: 11/23/2015 02:22:20 PM
Execution time: 0 hours(s), 1 minute(s), and 35 seconds(s)
 


Edited by breathe27, 23 November 2015 - 09:19 PM.


#6 breathe27

breathe27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:32 PM

Posted 23 November 2015 - 09:03 PM

AswMBR scan:

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-11-23 14:43:11
-----------------------------
14:43:11.171    OS Version: Windows x64 6.1.7601 Service Pack 1
14:43:11.171    Number of processors: 8 586 0x3A09
14:43:11.171    ComputerName: DV7-7073CA  UserName: Anon4902
14:43:14.510    Initialize success
14:43:14.666    VM: initialized successfully
14:43:14.666    VM: Intel CPU BiosDisabled
14:49:07.866    AVAST engine defs: 15112300
14:49:22.717    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:49:22.717    Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 8
14:49:22.717    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
14:49:22.717    Disk 1 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 8
14:49:22.795    Disk 0 MBR read successfully
14:49:22.795    Disk 0 MBR scan
14:49:22.826    Disk 0 Windows 7 default MBR code
14:49:22.826    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
14:49:22.826    Disk 0 default boot code
14:49:22.857    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       686183 MB offset 409600
14:49:22.904    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        28918 MB offset 1405712384
14:49:22.935    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      102 MB offset 1464936448
14:49:23.107    Disk 0 scanning C:\Windows\system32\drivers
14:49:39.768    Service scanning
14:50:19.891    Modules scanning
14:50:19.891    Disk 0 trace - called modules:
14:50:19.907    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
14:50:19.907    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007314790]
14:50:19.922    3 CLASSPNP.SYS[fffff88001c5843f] -> nt!IofCallDriver -> [0xfffffa8008450b10]
14:50:19.922    5 hpdskflt.sys[fffff8800160b379] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800976e050]
14:50:21.638    AVAST engine scan C:\Windows
14:50:25.585    AVAST engine scan C:\Windows\system32
14:55:10.005    AVAST engine scan C:\Windows\system32\drivers
14:55:27.758    AVAST engine scan C:\Users\Anon4902
15:03:15.838    Disk 0 MBR has been saved successfully to "C:\Users\Anon4902\Downloads\01 HACKING TOOLS\FIX\EST TXT FILE FROM SCAN\MBR.dat"
15:03:15.869    The log file has been saved successfully to "C:\Users\Anon4902\Downloads\01 HACKING TOOLS\FIX\EST TXT FILE FROM SCAN\aswMBR.txt"


aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-11-23 14:43:11
-----------------------------
14:43:11.171    OS Version: Windows x64 6.1.7601 Service Pack 1
14:43:11.171    Number of processors: 8 586 0x3A09
14:43:11.171    ComputerName: DV7-7073CA  UserName: Anon4902
14:43:14.510    Initialize success
14:43:14.666    VM: initialized successfully
14:43:14.666    VM: Intel CPU BiosDisabled
14:49:07.866    AVAST engine defs: 15112300
14:49:22.717    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:49:22.717    Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 8
14:49:22.717    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
14:49:22.717    Disk 1 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 8
14:49:22.795    Disk 0 MBR read successfully
14:49:22.795    Disk 0 MBR scan
14:49:22.826    Disk 0 Windows 7 default MBR code
14:49:22.826    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
14:49:22.826    Disk 0 default boot code
14:49:22.857    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       686183 MB offset 409600
14:49:22.904    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        28918 MB offset 1405712384
14:49:22.935    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      102 MB offset 1464936448
14:49:23.107    Disk 0 scanning C:\Windows\system32\drivers
14:49:39.768    Service scanning
14:50:19.891    Modules scanning
14:50:19.891    Disk 0 trace - called modules:
14:50:19.907    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
14:50:19.907    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007314790]
14:50:19.922    3 CLASSPNP.SYS[fffff88001c5843f] -> nt!IofCallDriver -> [0xfffffa8008450b10]
14:50:19.922    5 hpdskflt.sys[fffff8800160b379] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800976e050]
14:50:21.638    AVAST engine scan C:\Windows
14:50:25.585    AVAST engine scan C:\Windows\system32
14:55:10.005    AVAST engine scan C:\Windows\system32\drivers
14:55:27.758    AVAST engine scan C:\Users\Anon4902
15:03:15.838    Disk 0 MBR has been saved successfully to "C:\Users\Anon4902\Downloads\01 HACKING TOOLS\FIX\EST TXT FILE FROM SCAN\MBR.dat"
15:03:15.869    The log file has been saved successfully to "C:\Users\Anon4902\Downloads\01 HACKING TOOLS\FIX\EST TXT FILE FROM SCAN\aswMBR.txt"
16:09:11.817    AVAST engine scan C:\ProgramData
16:22:10.353    Disk 0 statistics 5710150/0/0 @ 0.68 MB/s
16:22:10.353    Scan finished successfully
16:43:21.959    Disk 0 MBR has been saved successfully to "C:\Users\Anon4902\Downloads\01 HACKING TOOLS\FIX\EST TXT FILE FROM SCAN\MBR.dat"
16:43:21.974    The log file has been saved successfully to "C:\Users\Anon4902\Downloads\01 HACKING TOOLS\FIX\EST TXT FILE FROM SCAN\aswMBR.txt"

 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:32 PM

Posted 25 November 2015 - 02:57 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF DefaultSearchEngine: Ixquick HTTPS
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF SearchPlugin: C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\ixquick-https.xml [2015-11-12]
FF SearchPlugin: C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\privatelee-https.xml [2015-11-12]
FF SearchPlugin: C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\startpage-ssl.xml [2015-11-12]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\ixquick-https.xml
C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\privatelee-https.xml
C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\startpage-ssl.xml 

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


(Default browser: "C:\Program Files\Cyberfox\Cyberfox.exe"

You should restore the settings of Cyberfox. I'm not familiar with the application.

How is the computer running now?

#8 breathe27

breathe27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:32 PM

Posted 25 November 2015 - 04:15 PM

Here is the fixlog.txt.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:23-11-2015
Ran by Anon4902 (2015-11-25 15:05:21) Run:1
Running from C:\Users\Anon4902\Desktop
Loaded Profiles: Anon4902 (Available Profiles: UpdatusUser & Anon4902 & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF DefaultSearchEngine: Ixquick HTTPS
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF SearchPlugin: C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\ixquick-https.xml [2015-11-12]
FF SearchPlugin: C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\privatelee-https.xml [2015-11-12]
FF SearchPlugin: C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\startpage-ssl.xml [2015-11-12]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\ixquick-https.xml
C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\privatelee-https.xml
C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\startpage-ssl.xml

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Firefox DefaultSearchEngine removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\ixquick-https.xml => moved successfully
C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\privatelee-https.xml => moved successfully
C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\startpage-ssl.xml => moved successfully
catchme => service removed successfully
"C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\ixquick-https.xml" => not found.
"C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\privatelee-https.xml" => not found.
"C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\startpage-ssl.xml" => not found.
EmptyTemp: => 102.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 15:06:02 ====



#9 breathe27

breathe27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:32 PM

Posted 25 November 2015 - 04:28 PM

# AdwCleaner v5.022 - Logfile created 25/11/2015 at 15:23:58
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Anon4902 - DV7-7073CA
# Running from : C:\Users\Anon4902\Desktop\adwcleaner_5.022.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\_acestream_cache_
[-] Folder Deleted : C:\ProgramData\SecTaskMan

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\prefs.js]

[Preference] Deleted : user_pref("network.hxxp.request.max-start-delay", 0);

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [962 bytes] ##########
 



#10 breathe27

breathe27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:32 PM

Posted 25 November 2015 - 04:35 PM

The system is running a lot better than it was a few days ago. It still seems to me like there is something still hanging on. The fan is coming on intermittently as though something is trying to hog resources but then it gets stopped before starting again and this repeats over and over again. It's not like I am using much on here just reading a few webpages is about it.

 

It is much quieter now though, but sometimes it does start to speed up again.



#11 breathe27

breathe27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:32 PM

Posted 25 November 2015 - 04:39 PM

Oh and regarding cyberfox I have it in safemode.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:32 PM

Posted 26 November 2015 - 07:42 AM


Use Internet explorer and install the latest important windows updates.

Follow the instructions and do not use the computer while these are being installed.

Keep me posted.

#13 breathe27

breathe27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:32 PM

Posted 26 November 2015 - 10:07 AM

Internet Explorer doesn't work. I prefer not to use internet Explorer though due to their flagrant disregard for privacy. I tried installing it but it will not connect to the internet.



#14 breathe27

breathe27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:32 PM

Posted 26 November 2015 - 10:11 AM

Yeah just double checked and IE is not working at all. It's very slow once I hit a button and it will not connect to any webpages.

 

Also, my computer is slow to start. Icons on my desktop take forever to show. Is there a fix for that?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users