Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32/Cuebot-J and Trojan:Win32/Suloc.C!plock won't go away


  • This topic is locked This topic is locked
13 replies to this topic

#1 breathe27

breathe27

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:29 PM

Posted 22 February 2016 - 07:07 PM

Hi I would love it if someone can please help me get rid of this virus. I've done scans with everything and nothing seems to help in getting rid of whatever it is that I have. I've done a scan with Microsoft Security Essentials and most other programs but it's still here.

 

MSSE has said that it has caught a virus called Trojan:Win32/Suloc.C!plock but then it seems to come back again or come back with a different virus name and as part of another file on my system. When I delete the file, it comes back and points to another file name, but the file is not a virus. If that's what is happening...but I've been having a bunch of trouble and noticing some weird things running as a service under the task manager including RpcSs on port 644 which from what I gathered by doing a search was the W32/Cuebot-J? virus.

 

I also ran netstat -ban and from what I could tell, something is connecting to my computer remotely. I think whoever  and whatever it is, is monitoring my internet activity. I suspect this, but I can't be entirely certain, but someone turned up on youtube saying something to me that hinted that they were watching me. Maybe I am just being paranoid, but there is something not right.

 

I've attached a screen shot of what happens every time I try to stop these remote procedure services. It says access denied. So I can't even turn it off. There's no reason why there should be a remote procedure running on my system so it has to be a virus. I also noticed that nvdia is constantly turning itself back on not matter how many times I turn it off.

 

Can someone help me out? I would greatly appreciate it!

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 breathe27

breathe27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:29 PM

Posted 22 February 2016 - 07:12 PM

Oh and when I had MSSE running, it seemed like it was hijacked as the quarantined result would magically disappear without even giving me time to delete the virus. I thought the way that this happened was very peculiar. 

 

I ended up uninstalling MSSE and then reinstalling it.

 

I also find it odd how NVIDIA keeps turning on by itself after I have turned it off dozens of times a day.



#3 breathe27

breathe27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:29 PM

Posted 22 February 2016 - 08:06 PM

Oh above I meant RpcSs with PID 644. I made a mistake thinking it was a port.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:29 PM

Posted 23 February 2016 - 09:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.

#5 breathe27

breathe27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:29 PM

Posted 23 February 2016 - 02:47 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/23/2016
Scan Time: 9:32 AM
Logfile: Scan Log malware bytes.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.23.03
Rootkit Database: v2016.02.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Anon4902

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 440894
Time Elapsed: 1 hr, 2 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Attached Files



#6 breathe27

breathe27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:29 PM

Posted 23 February 2016 - 02:56 PM

# AdwCleaner v5.036 - Logfile created 23/02/2016 at 13:50:44
# Updated 22/02/2016 by Xplode
# Database : 2016-02-22.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Anon4902 - DV7-7073CA
# Running from : C:\Users\Anon4902\Desktop\adwcleaner_5.036.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Anon4902\AppData\Local\Hola
[-] Folder Deleted : C:\Users\Anon4902\AppData\Roaming\Hola

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\MozillaPlugins\@hola.org/FlashPlayer
[-] Key Deleted : HKCU\Software\MozillaPlugins\@hola.org/vlc
[-] Key Deleted : [x64] HKLM\SOFTWARE\Hola
[-] Key Deleted : HKU\.DEFAULT\Software\Hola

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1057 bytes] - [23/02/2016 13:50:44]
C:\AdwCleaner\AdwCleaner[S1].txt - [1084 bytes] - [23/02/2016 13:48:38]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1203 bytes] ##########
 



#7 breathe27

breathe27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:29 PM

Posted 23 February 2016 - 03:31 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016 01
Ran by Anon4902 (administrator) on DV7-7073CA (23-02-2016 13:58:57)
Running from C:\Users\Anon4902\Desktop
Loaded Profiles: Anon4902 (Available Profiles: Anon4902 & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Cyberfox\Cyberfox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2015-01-04] (IDT, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-11] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-08-01] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2377681282-867560761-243087652-1001\...\Run: [Google Update] => C:\Users\Anon4902\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-06-15] (Google Inc.)
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll [95712 2015-11-05] (Zemana Ltd.)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175368 2015-12-16] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [86936 2015-11-05] (Zemana Ltd.)
AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [153392 2015-12-16] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Anon4902\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Anon4902\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Anon4902\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Anon4902\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Anon4902\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Anon4902\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4761697C-B3B5-4610-AD17-D2B8CC9232D5}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2377681282-867560761-243087652-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2377681282-867560761-243087652-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON/4
HKU\S-1-5-21-2377681282-867560761-243087652-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2377681282-867560761-243087652-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://g.msn.com/HPCON/4
SearchScopes: HKLM -> {25DFA50D-C3CE-4A6B-B6FB-CEB0871CA0E2} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-111074-26712-11/4?satitle={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-111074-26712-11/4?satitle={searchTerms}
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-2377681282-867560761-243087652-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2377681282-867560761-243087652-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-111074-26712-11/4?satitle={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-07] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-07] (Oracle Corporation)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-07] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-07] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\9gibnrzv.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-15] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-06-07] ( HP)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-05-14] (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2377681282-867560761-243087652-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Anon4902\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2377681282-867560761-243087652-1001: @talk.google.com/O1DPlugin -> C:\Users\Anon4902\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2377681282-867560761-243087652-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Anon4902\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-2377681282-867560761-243087652-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Anon4902\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Anon4902\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Anon4902\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR StartupUrls: Profile 3 -> "chrome://chrome-signin/?source=0","hxxps://www.youtube.com/watch?v=H_ustCy4Ks8","hxxps://www.google.ca/search?q=anonymous&oq=anonymous&ie=UTF-8&aqs=chrome..69i57j0l5.4169j0j7&sourceid=chrome-instant&ion=1&espv=2&biw=1600&bih=760&dpr=1&cad=cbv&sei=39_YVcG3OcPXoASd8oLoBg","hxxps://www.youtube.com/user/AnonymousWorldvoce","hxxps://www.facebook.com/settings?tab=security&section=login_alerts&view","hxxps://accounts.google.com/ServiceLogin?sacu=1&scc=1&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&hl=en&service=mail#identifier","hxxps://anoninsiders.net/how-to-join-anonymous-1527/","hxxps://www.google.ca/search?q=torrentfreaks+vpn+anonymity&oq=torrentfreaks+vpn+anonymity&aqs=chrome..69i57&sourceid=chrome&es_sm=93&ie=UTF-8","hxxps://we.riseup.net/","hxxps://whyweprotest.net/","hxxps://www.google.ca/search?num=100&newwindow=1&espv=2&q=cybrary+it+reviews&search_plus_one=form&oq=ciberary+it&gs_l=serp.1.1.0i13l4.6352.7136.0.9382.3.3.0.0.0.0.82.232.3.3.0....0...1c.1.64.serp..2.1.82.CUmq1drTj2I","hxxps://www.cybrary.it/wp-login.php?redirect_to=https%3A%2F%2Fwww.cybrary.it%2Fabout%2F","hxxps://www.google.ca/search?num=100&newwindow=1&espv=2&q=best+way+to+install+kali+linux+on+windows+7&search_plus_one=form&oq=best+way+to+install+kali+linux+on+windows+7&gs_l=serp.12...10156.16350.0.17980.21.17.4.0.0.0.108.1361.15j2.17.0....0...1c.1.64.serp..9.12.692.Re1Nz0xzibU","hxxp://docs.kali.org/installation/dual-boot-kali-with-windows","hxxp://docs.kali.org/downloading/kali-linux-live-usb-install","hxxp://bazaar.launchpad.net/~image-writer-devs/win32-image-writer/master/files","hxxp://docs.kali.org/introduction/download-official-kali-linux-images","hxxps://www.kali.org/downloads/","hxxps://www.google.ca/search?num=100&newwindow=1&espv=2&q=instructions+for+installing+kali+linux&search_plus_one=form&oq=instructions+for+installing+kali+linux&gs_l=serp.3..0i22i30.24217.32625.0.33028.42.30.2.10.10.0.163.2492.24j4.28.0....0...1c.1.64.serp..5.37.2270.XPbABk_yLC4","hxxp://docs.kali.org/installation/dual-boot-kali-with-windows","hxxp://tools.kali.org/tools-listing","hxxps://www.cybrary.it/"
CHR Profile: C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-02]
CHR Extension: (Google Docs) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-02]
CHR Extension: (Google Drive) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-02]
CHR Extension: (YouTube) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-02]
CHR Extension: (Google Search) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-02]
CHR Extension: (Google Sheets) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-02]
CHR Extension: (Disconnect Search) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2015-08-02]
CHR Extension: (Disconnect) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-08-02]
CHR Extension: (Website Logon) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2015-08-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-02]
CHR Extension: (UglyEmail) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldgiafaliifpknmgofiifianlnbgflgj [2015-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-02]
CHR Extension: (Gmail) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-02]
CHR Profile: C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-02]
CHR Extension: (Google Docs) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-02]
CHR Extension: (Google Drive) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-02]
CHR Extension: (YouTube) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-02]
CHR Extension: (Google Search) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-02]
CHR Extension: (Google Sheets) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-02]
CHR Extension: (Disconnect Search) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2015-08-02]
CHR Extension: (Website Logon) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2015-08-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-02]
CHR Extension: (Gmail) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-02]
CHR Profile: C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-22]
CHR Extension: (Google Docs) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-22]
CHR Extension: (Google Drive) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-22]
CHR Extension: (YouTube) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-22]
CHR Extension: (Google Search) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-22]
CHR Extension: (Google Sheets) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-22]
CHR Extension: (Disconnect Search) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2015-08-22]
CHR Extension: (Disconnect) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-08-22]
CHR Extension: (Website Logon) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2015-08-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-22]
CHR Extension: (Gmail) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-22]
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168 2015-12-20] (Hewlett-Packard Company)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-28] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1424184 2015-07-31] (Motorola Solutions, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 hswpan; C:\Windows\system32\drivers\hswpan.sys [108288 2011-12-07] (Ozmo Inc)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-07-31] (REALiX™)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-23] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2015-07-31] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0078.sys [28640 2015-02-02] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11532704 2015-07-31] (Intel Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [294104 2015-07-31] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [20016 2011-10-13] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-12-25] ()
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2012-02-27] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2012-02-27] (Microsoft Corporation) [File not signed]
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-08-13] (Oracle Corporation)
S3 ZMHHPAudioSrv; C:\Windows\System32\drivers\zmhhpau.sys [45056 2013-06-19] (ZOOM)
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-23 13:58 - 2016-02-23 13:59 - 00030399 _____ C:\Users\Anon4902\Desktop\FRST.txt
2016-02-23 13:58 - 2016-02-23 13:58 - 00000000 ____D C:\FRST
2016-02-23 13:48 - 2016-02-23 13:50 - 00000000 ____D C:\AdwCleaner
2016-02-23 13:42 - 2016-02-23 13:42 - 00001077 _____ C:\Users\Anon4902\Desktop\Scan Log malware bytes.txt
2016-02-23 09:28 - 2016-02-23 13:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-23 09:12 - 2016-02-23 09:12 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-23 09:12 - 2016-02-23 09:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-23 09:12 - 2016-02-23 09:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-23 09:12 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-23 09:12 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-23 09:12 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-23 09:10 - 2016-02-23 09:10 - 02371072 _____ (Farbar) C:\Users\Anon4902\Desktop\FRST64.exe
2016-02-23 09:10 - 2016-02-23 09:10 - 01511936 _____ C:\Users\Anon4902\Desktop\adwcleaner_5.036.exe
2016-02-23 09:09 - 2016-02-23 09:09 - 22908888 _____ (Malwarebytes ) C:\Users\Anon4902\Desktop\mbam-setup-2.2.0.1024.exe
2016-02-22 15:50 - 2016-02-22 15:50 - 00000218 _____ C:\Users\Anon4902\AppData\Local\recently-used.xbel
2016-02-18 14:22 - 2016-02-18 14:22 - 00475442 _____ C:\Users\Anon4902\Downloads\financial_assessment_worksheet.pdf
2016-02-15 10:21 - 2016-02-15 10:21 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cyberfox
2016-02-15 10:20 - 2016-02-23 13:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-15 10:20 - 2016-02-15 10:20 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-15 10:20 - 2016-02-15 10:20 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-15 10:20 - 2016-02-15 10:20 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-15 04:06 - 2016-02-15 04:07 - 49320984 _____ (8pecxstudios ) C:\Users\Anon4902\Desktop\Cyberfox-44.0.2.en-US.win64-x86_64.intel.exe
2016-02-15 01:35 - 2016-02-15 01:35 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-02-15 01:35 - 2016-02-15 01:35 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-02-15 01:35 - 2016-02-15 01:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-02-15 01:06 - 2016-02-15 01:06 - 00000000 ____D C:\Windows\ERUNT
2016-02-13 05:53 - 2016-02-15 01:33 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-13 04:42 - 2016-02-13 04:42 - 00615478 _____ C:\Users\Anon4902\Downloads\Autoruns(1).zip
2016-02-13 04:39 - 2016-02-13 04:39 - 00001100 _____ C:\Users\Public\Desktop\AntiLogger Free.lnk
2016-02-13 04:39 - 2015-11-05 15:00 - 00143904 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2016-02-13 04:38 - 2016-02-13 04:38 - 01846024 _____ (Malwarebytes ) C:\Users\Anon4902\Downloads\mbae-setup-1.08.1.1045(1).exe
2016-02-13 04:37 - 2016-02-13 04:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2016-02-13 04:37 - 2016-02-13 04:39 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2016-02-13 04:37 - 2016-02-13 04:39 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2016-02-13 04:36 - 2016-02-13 04:36 - 00000000 ____D C:\Users\Anon4902\AppData\Local\Zemana
2016-02-13 04:36 - 2016-02-13 04:36 - 00000000 ____D C:\Users\Anon4902\AppData\Local\AntiLogger Free
2016-02-13 04:35 - 2016-02-13 04:35 - 04081976 _____ C:\Users\Anon4902\Downloads\tweaking.com_envelope_printer_setup.exe
2016-02-13 04:33 - 2016-02-13 04:33 - 04177016 _____ (CSIS Security Group) C:\Users\Anon4902\Downloads\HeimdalSetup.exe
2016-02-13 04:33 - 2016-02-13 04:33 - 03719928 _____ (Zemana Ltd. ) C:\Users\Anon4902\Downloads\AntiLoggerFree_Setup.exe
2016-02-13 04:31 - 2016-02-13 04:31 - 00865272 _____ (Panda Security ) C:\Users\Anon4902\Downloads\usbvaccine.exe
2016-02-13 03:53 - 2016-02-13 03:53 - 14243008 _____ (Microsoft Corporation) C:\Users\Anon4902\Desktop\mseinstall.exe
2016-02-13 03:48 - 2016-02-13 03:51 - 151992592 _____ (Microsoft Corporation) C:\Users\Anon4902\Desktop\msert(1).exe
2016-02-12 07:58 - 2016-02-12 07:58 - 00422656 _____ C:\Users\Anon4902\Documents\rca vhf8294data.pdf
2016-02-12 00:23 - 2016-02-12 00:23 - 00003160 _____ C:\Windows\System32\Tasks\{F0E3BE61-819D-4DA7-B2A9-2FB600B41C64}
2016-02-12 00:17 - 2016-02-12 00:21 - 00000000 ____D C:\AVG_Remover
2016-02-12 00:17 - 2016-02-12 00:17 - 07814344 _____ ( ) C:\Users\Anon4902\Desktop\AVG_Remover.exe
2016-02-12 00:15 - 2016-02-12 00:16 - 02132576 _____ (AVG Technologies) C:\Users\Anon4902\Downloads\AVGIDPUninstaller.exe
2016-02-11 16:36 - 2016-02-11 16:36 - 00059503 _____ C:\Users\Anon4902\Downloads\avgremover_msilog.txt
2016-02-11 16:24 - 2016-02-11 16:24 - 00000193 _____ C:\Windows\WORDPAD.INI
2016-02-11 11:19 - 2016-02-11 11:19 - 22908888 _____ (Malwarebytes ) C:\Users\Anon4902\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-11 10:49 - 2016-02-11 10:54 - 222163916 _____ C:\Users\Anon4902\Downloads\avg_arl_ffi_all_120_150814a10442.zip
2016-02-11 10:44 - 2016-02-11 10:44 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Anon4902\Downloads\avg_remover_stf_x64_2014_4116.exe
2016-02-11 10:35 - 2016-02-11 12:47 - 00012958 _____ C:\Windows\system32\avgrep.txt
2016-02-11 10:19 - 2016-02-12 00:18 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\AVG
2016-02-11 10:19 - 2016-02-11 10:19 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\TuneUp Software
2016-02-11 10:13 - 2016-02-12 00:18 - 00000000 ____D C:\ProgramData\Avg
2016-02-11 10:11 - 2016-02-12 00:21 - 00000000 ____D C:\Users\Anon4902\AppData\Local\Avg
2016-02-11 10:11 - 2016-02-11 10:11 - 02895648 _____ (AVG Technologies) C:\Users\Anon4902\Downloads\AVG_Protection_1070.exe
2016-02-11 09:44 - 2016-02-11 09:44 - 00272684 _____ C:\Users\Anon4902\Desktop\PortRef2.zip
2016-02-11 09:44 - 2016-02-11 09:44 - 00272431 _____ C:\Users\Anon4902\Desktop\PortRef1.zip
2016-02-11 09:44 - 2016-02-11 09:44 - 00170783 _____ C:\Users\Anon4902\Desktop\portlist.zip
2016-02-11 03:31 - 2016-02-11 03:31 - 00000000 ____D C:\Users\Anon4902\Downloads\mediamonkeys EQ presets
2016-02-11 00:12 - 2016-02-11 00:12 - 00006503 _____ C:\Users\Anon4902\Downloads\mediamonkeys EQ presets.zip
2016-02-11 00:07 - 2016-02-11 00:07 - 15912272 _____ (Ventis Media Inc. ) C:\Users\Anon4902\Desktop\MediaMonkey_4.1.11.1783.exe
2016-02-09 12:41 - 2016-02-09 12:41 - 00000000 ____D C:\Users\Anon4902\Documents\Scanned Receipts
2016-02-08 05:24 - 2016-02-08 05:29 - 19990099 _____ C:\Users\Anon4902\Downloads\Guitar_Auction_eCatalog_Feb27_v2-5_low.pdf
2016-02-07 21:10 - 2016-02-07 21:10 - 00000000 ____D C:\Users\Anon4902\Downloads\TCPView(1)
2016-02-07 21:09 - 2016-02-07 21:09 - 00291606 _____ C:\Users\Anon4902\Downloads\TCPView(1).zip
2016-02-07 20:25 - 2016-02-07 20:25 - 00000000 ____D C:\Users\Anon4902\Documents\Network Monitor 3
2016-02-07 20:22 - 2016-02-07 20:22 - 00001016 _____ C:\Users\Anon4902\Desktop\Microsoft Network Monitor 3.4.lnk
2016-02-07 20:22 - 2016-02-07 20:22 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
2016-02-07 20:22 - 2016-02-07 20:22 - 00000000 ____D C:\Program Files\Microsoft Network Monitor 3
2016-02-07 20:21 - 2016-02-07 20:21 - 06837560 _____ (Microsoft Corporation) C:\Users\Anon4902\Downloads\NM34_x64.exe
2016-02-07 00:17 - 2016-02-07 00:15 - 00110176 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2016-02-06 22:28 - 2016-02-06 22:28 - 00003578 _____ C:\Windows\System32\Tasks\ShouldIRemoveIt_Notifications
2016-02-06 21:39 - 2016-02-06 21:39 - 00004418 _____ C:\Windows\System32\Tasks\ShouldIRemoveIt
2016-02-06 21:16 - 2016-02-06 21:16 - 00001229 _____ C:\Users\Anon4902\Desktop\Should I Remove It.lnk
2016-02-06 21:16 - 2016-02-06 21:16 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-02-06 21:16 - 2016-02-06 21:16 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
2016-02-06 21:16 - 2016-02-06 21:16 - 00000000 ____D C:\Program Files (x86)\Reason
2016-02-06 16:35 - 2016-02-06 16:38 - 151696664 _____ (Microsoft Corporation) C:\Users\Anon4902\Downloads\msert.exe
2016-02-06 10:46 - 2016-02-06 10:49 - 151711512 _____ (Microsoft Corporation) C:\Users\Anon4902\Desktop\msert.exe
2016-01-28 20:53 - 2016-01-28 20:53 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\ProductData
2016-01-28 08:12 - 2016-02-07 00:15 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-01-28 08:09 - 2016-01-28 08:10 - 56786528 _____ (Oracle Corporation) C:\Users\Anon4902\Downloads\jre-8u71-windows-x64.exe
2016-01-27 19:20 - 2016-01-27 19:20 - 00943909 _____ C:\Users\Anon4902\Desktop\chicken-cooking-times-EN.pdf
2016-01-25 12:30 - 2016-01-25 12:30 - 176850482 _____ C:\Users\Anon4902\Downloads\Unplugged.zip
2016-01-25 10:10 - 2016-01-25 10:10 - 00665600 _____ C:\Users\Anon4902\Downloads\MicrosoftFixit50656.msi
2016-01-25 09:42 - 2016-01-25 09:42 - 00683008 _____ C:\Users\Anon4902\Downloads\MicrosoftFixit50671.msi
2016-01-24 15:19 - 2016-01-24 15:19 - 00023629 _____ C:\Users\Anon4902\Downloads\Attachment-1.jpeg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-23 13:54 - 2015-01-04 19:09 - 00000000 ____D C:\Users\Anon4902\Documents\Youcam
2016-02-23 13:53 - 2015-01-04 00:34 - 00000000 ____D C:\Users\Anon4902\AppData\LocalLow\AuthenTec
2016-02-23 13:52 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-23 13:04 - 2015-06-15 11:25 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2377681282-867560761-243087652-1001UA.job
2016-02-23 04:40 - 2009-07-13 22:45 - 00031472 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-23 04:40 - 2009-07-13 22:45 - 00031472 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-22 23:15 - 2015-03-09 11:19 - 00007626 _____ C:\Users\Anon4902\AppData\Local\Resmon.ResmonCfg
2016-02-22 21:52 - 2015-05-11 03:15 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\MediaMonkey
2016-02-22 20:16 - 2015-01-04 00:39 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AA098732-A43A-4D0A-9B16-20FDF6EBA89F}
2016-02-22 16:46 - 2009-07-13 23:13 - 00740242 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-22 16:46 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-02-22 14:03 - 2015-06-15 11:25 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2377681282-867560761-243087652-1001Core.job
2016-02-22 11:05 - 2015-12-09 04:44 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\deluge
2016-02-21 01:00 - 2015-02-12 19:54 - 00000000 ____D C:\Users\Anon4902\AppData\Local\ElevatedDiagnostics
2016-02-20 12:07 - 2016-01-14 09:07 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAnon4902
2016-02-20 12:07 - 2016-01-14 09:07 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForAnon4902.job
2016-02-18 15:21 - 2016-01-08 22:48 - 00000856 _____ C:\Users\Public\Desktop\Cyberfox.lnk
2016-02-17 18:00 - 2016-01-13 22:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-15 10:21 - 2016-01-08 22:48 - 00000000 ____D C:\Program Files\Cyberfox
2016-02-15 10:20 - 2015-01-04 00:39 - 00000000 ____D C:\Users\Anon4902\AppData\Local\Adobe
2016-02-15 06:21 - 2015-01-08 23:28 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\vlc
2016-02-15 01:36 - 2015-01-05 14:46 - 00001945 _____ C:\Windows\epplauncher.mif
2016-02-15 01:33 - 2016-01-14 03:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-15 01:06 - 2016-01-08 16:07 - 00001399 _____ C:\DelFix.txt
2016-02-14 17:45 - 2015-01-04 01:42 - 00000000 ____D C:\Users\Anon4902\AppData\Local\CrashDumps
2016-02-13 05:04 - 2015-07-11 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2016-02-13 04:04 - 2015-03-12 22:11 - 00000000 ____D C:\Windows\pss
2016-02-13 01:22 - 2016-01-02 21:12 - 00000000 ____D C:\Users\Anon4902\Desktop\WRITINGS
2016-02-11 16:36 - 2016-01-11 02:39 - 01234330 _____ C:\Windows\ntbtlog.txt
2016-02-11 10:19 - 2015-07-31 01:33 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-11 00:08 - 2015-06-11 03:10 - 00001003 _____ C:\Users\Public\Desktop\MediaMonkey.lnk
2016-02-11 00:08 - 2015-06-11 03:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2016-02-11 00:08 - 2015-06-11 03:10 - 00000000 ____D C:\Program Files (x86)\MediaMonkey
2016-02-11 00:05 - 2015-10-31 00:41 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\foobar2000
2016-02-10 00:25 - 2016-01-14 03:22 - 00000968 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-10 00:25 - 2015-07-29 20:05 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-02-09 12:42 - 2015-02-02 23:37 - 00001964 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2016-02-09 12:38 - 2015-02-02 23:22 - 00000000 ____D C:\ProgramData\HP
2016-02-07 19:02 - 2015-01-16 21:00 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\Skype
2016-02-07 00:17 - 2016-01-10 01:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-07 00:17 - 2015-07-19 02:13 - 00000000 ____D C:\Program Files\Java
2016-02-07 00:17 - 2015-06-09 14:01 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-07 00:16 - 2015-08-28 06:32 - 00000000 ____D C:\Users\Anon4902\.oracle_jre_usage
2016-02-07 00:14 - 2016-01-10 01:13 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-06 21:32 - 2012-02-27 19:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-02-06 21:32 - 2011-10-12 18:57 - 00000000 ____D C:\Program Files\Hewlett-Packard
2016-02-06 21:10 - 2015-12-31 18:02 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-02-06 21:08 - 2015-12-31 18:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-02-06 21:08 - 2015-12-31 18:02 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-02-06 21:07 - 2016-01-14 08:07 - 00000000 ____D C:\Users\Anon4902\AppData\Local\NVIDIA
2016-02-02 20:19 - 2015-01-04 08:16 - 00717428 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-01 13:59 - 2015-06-15 11:25 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2377681282-867560761-243087652-1001UA
2016-02-01 13:58 - 2015-06-15 11:25 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2377681282-867560761-243087652-1001Core
2016-01-27 15:49 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-27 15:35 - 2015-07-29 20:07 - 00000000 ____D C:\Users\Anon4902\Documents\CCleaner Reg Backups
2016-01-27 15:28 - 2015-11-28 12:21 - 00000000 ____D C:\Users\Anon4902\Desktop\JRT_NewerVersion
2016-01-25 10:31 - 2015-08-04 09:20 - 00000000 ____D C:\Windows\System32\Tasks\Event Viewer Tasks
2016-01-25 10:13 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2016-01-25 09:44 - 2009-07-13 23:08 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-25 09:37 - 2015-01-04 00:37 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\Hewlett-Packard

==================== Files in the root of some directories =======

2015-12-27 01:29 - 2015-12-27 01:29 - 0174471 _____ () C:\Users\Anon4902\AppData\Local\ars.cache
2015-12-27 01:29 - 2015-12-27 01:29 - 0611812 _____ () C:\Users\Anon4902\AppData\Local\census.cache
2015-04-26 09:09 - 2015-04-26 09:09 - 0003584 _____ () C:\Users\Anon4902\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-27 01:09 - 2015-12-27 01:09 - 0000036 _____ () C:\Users\Anon4902\AppData\Local\housecall.guid.cache
2016-02-22 15:50 - 2016-02-22 15:50 - 0000218 _____ () C:\Users\Anon4902\AppData\Local\recently-used.xbel
2015-03-09 11:19 - 2016-02-22 23:15 - 0007626 _____ () C:\Users\Anon4902\AppData\Local\Resmon.ResmonCfg
2015-12-27 01:15 - 2015-12-27 01:15 - 0000010 _____ () C:\Users\Anon4902\AppData\Local\sponge.last.runtime.cache
2015-02-02 23:22 - 2015-02-02 23:22 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Anon4902\AppData\Local\Temp\ACLMInstaller.exe
C:\Users\Anon4902\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\Anon4902\AppData\Local\Temp\HPPSdr.exe
C:\Users\Anon4902\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Anon4902\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Anon4902\AppData\Local\Temp\sqlite3.dll
C:\Users\Anon4902\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-18 00:03

==================== End of FRST.txt ============================

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:29 PM

Posted 24 February 2016 - 08:15 AM



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2377681282-867560761-243087652-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
CustomCLSID: HKU\S-1-5-21-2377681282-867560761-243087652-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Anon4902\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
IE trusted site: HKU\S-1-5-21-2377681282-867560761-243087652-1001\...\hola.org -> hxxp://hola.org

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#9 breathe27

breathe27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:29 PM

Posted 24 February 2016 - 09:47 AM

I notice that when I am using the internet on my iphone, the harddrive attached to my computer turns on or wakes up from sleep. I am doing a malwarebytes scan of it right now. But I wonder if that hard drive is not infected.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:29 PM

Posted 24 February 2016 - 11:35 AM

Have you completed my sugested fix?

Are you doing any Sync with the computer and the phone?

#11 breathe27

breathe27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:29 PM

Posted 24 February 2016 - 12:21 PM

Yes I completed the fix. It seems to be a little better. I will keep you posted if I notice anything else unusual.



#12 breathe27

breathe27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:29 PM

Posted 24 February 2016 - 12:26 PM

No I don't have any kind of sync set up that I know of...but who knows if something else isn't syncing without my knowledge. I'm doing a scan with malwarebytes to check it but it's taking a very long time because the drive is 2TB and it's nearly full. I suspect it has some errors on it too perhaps. I also tried another scan of it to fix any errors but it was taking hours and hours so I stopped it, not to mention it was using almost 6BG of memory while performing the scan.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:29 PM

Posted 24 February 2016 - 03:08 PM

May be you need to defrag your computer.

http://www.howtogeek.com/215413/why-does-emptying-disk-space-speed-up-computers/

Start it just before going to bed. It may run all night.

===

#14 breathe27

breathe27
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:29 PM

Posted 24 February 2016 - 03:49 PM

Ok I'll give that a shot






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users