Malwarebytes Issue plus a bunch of other things going on

[breathe]

Hi there,

 

1. There are these websites listed on my exclusions list in malwarebytes and I cannot delete them. Any sugestions on what to do to get rid of them? Reinstalling malwarebytes did not work. Any idea how to delete them or is this a result of using that process in the trial version and now this free version does not use that kind of exclusion?

 

2. It also became apparent to me that something was redirecting my internet traffic to another IP address. I am using ZoneAlarm and everytime I run any kind of program, it always wants to connect to C:/Windows/Explorer.EXE but in a suspicious way. Also, I am getting a weird thing about Office redirecting my documents to some website? I ran avast and that was trying to connect to it too. But it was denied by ZoneAlarm and it still completed the task, it just didn't connect to Explorer.EXE. I really suspect something is running in the background. Back a couple of months ago, I was using Audacity, the recording program, and I downloaded a bunch of plugins. Turns out the plugins were loaded with malware. As soon as I installed some of them, my normally quiet computer fan, began to run non stop and my computer was badly overheating. I ran Malwarebytes, Spy Search and Destroy and a bunch of other programs at that time, but none of them worked.

 

So the overheating is not caused by anything but some kind of malware running in the background. (I also cleaned the vents)

 

So, any idea what might be happening here?

 

 

Here is the frst log followed by the additional log file text.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:22-11-2015
Ran by Anon4902 (administrator) on DV7-7073CA (23-11-2015 10:56:27)
Running from C:\Users\Anon4902\Desktop
Loaded Profiles: Anon4902 (Available Profiles: UpdatusUser & Anon4902 & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Program Files\Cyberfox\Cyberfox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Users\Anon4902\AppData\Local\Google\Update\GoogleUpdate.exe
(Flux Software LLC) C:\Users\Anon4902\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(8pecxstudios) C:\Program Files\Cyberfox\Cyberfox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2015-01-04] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134792 2015-11-07] (Check Point Software Technologies Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2377681282-867560761-243087652-1001\...\Run: [Google Update] => C:\Users\Anon4902\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-06-15] (Google Inc.)
HKU\S-1-5-21-2377681282-867560761-243087652-1001\...\Run: [f.lux] => C:\Users\Anon4902\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2377681282-867560761-243087652-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-08-28] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Internet Explorer:
==================
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2377681282-867560761-243087652-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON/4
HKU\S-1-5-21-2377681282-867560761-243087652-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {25DFA50D-C3CE-4A6B-B6FB-CEB0871CA0E2} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-111074-26712-11/4?satitle={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-111074-26712-11/4?satitle={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2377681282-867560761-243087652-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-111074-26712-11/4?satitle={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183
FF DefaultSearchEngine: Ixquick HTTPS
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-06-07] ( HP)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-05-14] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2377681282-867560761-243087652-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Anon4902\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2377681282-867560761-243087652-1001: @talk.google.com/O1DPlugin -> C:\Users\Anon4902\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2377681282-867560761-243087652-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Anon4902\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2377681282-867560761-243087652-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Anon4902\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-08-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-08-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-08-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-08-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-08-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Anon4902\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Anon4902\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\ixquick-https.xml [2015-11-12]
FF SearchPlugin: C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\privatelee-https.xml [2015-11-12]
FF SearchPlugin: C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\searchplugins\startpage-ssl.xml [2015-11-12]
FF Extension: Twitter Disconnect - C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\extensions\twitter@disconnect.me.xpi [2015-09-06]
FF Extension: Google Disconnect - C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\extensions\google@disconnect.me.xpi [2015-09-06]
FF Extension: Facebook Disconnect - C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\extensions\facebook@disconnect.me.xpi [2015-09-06]
FF Extension: Disconnect - C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\extensions\2.0@disconnect.me.xpi [2015-09-06]
FF Extension: Memory Restart - C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\extensions\memoryrestart@teamextension.com.xpi [2015-11-12]
FF Extension: No Name - C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\Extensions\fbp@fbpurity.com.xpi [2015-11-19] [not signed]
FF Extension: Facebook™ Disconnect - C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\Extensions\jid0-dBgF7UkIiOsWqvBng4hYu@jetpack.xpi [2015-09-06]
FF Extension: Pop-up Controller - C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\Extensions\jid1-MIAJd5BiK7V4Pw@jetpack.xpi [2015-09-11]
FF Extension: Google translate https - C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\Extensions\jid1-vhLR6vkMUx9csw@jetpack.xpi [2015-09-20]
FF Extension: YouTube™ AdBlock - C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\Extensions\jid1-w4wG5nJhx4LJZr@jetpack.xpi [2015-08-05]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-11-10] [not signed]

Chrome:
=======
CHR StartupUrls: Profile 3 -> "chrome://chrome-signin/?source=0","hxxps://www.youtube.com/watch?v=H_ustCy4Ks8","hxxps://www.google.ca/search?q=anonymous&oq=anonymous&ie=UTF-8&aqs=chrome..69i57j0l5.4169j0j7&sourceid=chrome-instant&ion=1&espv=2&biw=1600&bih=760&dpr=1&cad=cbv&sei=39_YVcG3OcPXoASd8oLoBg","hxxps://www.youtube.com/user/AnonymousWorldvoce","hxxps://www.facebook.com/settings?tab=security&section=login_alerts&view","hxxps://accounts.google.com/ServiceLogin?sacu=1&scc=1&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&hl=en&service=mail#identifier","hxxps://anoninsiders.net/how-to-join-anonymous-1527/","hxxps://www.google.ca/search?q=torrentfreaks+vpn+anonymity&oq=torrentfreaks+vpn+anonymity&aqs=chrome..69i57&sourceid=chrome&es_sm=93&ie=UTF-8","hxxps://we.riseup.net/","hxxps://whyweprotest.net/","hxxps://www.google.ca/search?num=100&newwindow=1&espv=2&q=cybrary+it+reviews&search_plus_one=form&oq=ciberary+it&gs_l=serp.1.1.0i13l4.6352.7136.0.9382.3.3.0.0.0.0.82.232.3.3.0....0...1c.1.64.serp..2.1.82.CUmq1drTj2I","hxxps://www.cybrary.it/wp-login.php?redirect_to=https%3A%2F%2Fwww.cybrary.it%2Fabout%2F","hxxps://www.google.ca/search?num=100&newwindow=1&espv=2&q=best+way+to+install+kali+linux+on+windows+7&search_plus_one=form&oq=best+way+to+install+kali+linux+on+windows+7&gs_l=serp.12...10156.16350.0.17980.21.17.4.0.0.0.108.1361.15j2.17.0....0...1c.1.64.serp..9.12.692.Re1Nz0xzibU","hxxp://docs.kali.org/installation/dual-boot-kali-with-windows","hxxp://docs.kali.org/downloading/kali-linux-live-usb-install","hxxp://bazaar.launchpad.net/~image-writer-devs/win32-image-writer/master/files","hxxp://docs.kali.org/introduction/download-official-kali-linux-images","hxxps://www.kali.org/downloads/","hxxps://www.google.ca/search?num=100&newwindow=1&espv=2&q=instructions+for+installing+kali+linux&search_plus_one=form&oq=instructions+for+installing+kali+linux&gs_l=serp.3..0i22i30.24217.32625.0.33028.42.30.2.10.10.0.163.2492.24j4.28.0....0...1c.1.64.serp..5.37.2270.XPbABk_yLC4","hxxp://docs.kali.org/installation/dual-boot-kali-with-windows","hxxp://tools.kali.org/tools-listing","hxxps://www.cybrary.it/"
CHR Profile: C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-02]
CHR Extension: (Google Docs) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-02]
CHR Extension: (Google Drive) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-02]
CHR Extension: (YouTube) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-02]
CHR Extension: (Google Search) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-02]
CHR Extension: (Google Sheets) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-02]
CHR Extension: (Disconnect Search) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2015-08-02]
CHR Extension: (Disconnect) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-08-02]
CHR Extension: (Website Logon) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2015-08-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-02]
CHR Extension: (UglyEmail) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldgiafaliifpknmgofiifianlnbgflgj [2015-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-02]
CHR Extension: (Gmail) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-02]
CHR Profile: C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-02]
CHR Extension: (Google Docs) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-02]
CHR Extension: (Google Drive) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-02]
CHR Extension: (YouTube) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-02]
CHR Extension: (Google Search) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-02]
CHR Extension: (Google Sheets) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-02]
CHR Extension: (Disconnect Search) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2015-08-02]
CHR Extension: (Website Logon) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2015-08-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-02]
CHR Extension: (Gmail) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-02]
CHR Profile: C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-22]
CHR Extension: (Google Docs) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-22]
CHR Extension: (Google Drive) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-22]
CHR Extension: (YouTube) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-22]
CHR Extension: (Google Search) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-22]
CHR Extension: (Google Sheets) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-22]
CHR Extension: (Disconnect Search) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2015-08-22]
CHR Extension: (Disconnect) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-08-22]
CHR Extension: (Website Logon) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2015-08-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-22]
CHR Extension: (Gmail) - C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-22]
CHR HKLM-x32\...\Chrome\Extension: [hmobfennjmjnkdbklhcnnfbhfibedgkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeoacafpbcihiomhlakheieifhpjdfeo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-15] (Adobe Systems Incorporated)
S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S3 Disconnect Desktop Updater; C:\Users\Anon4902\AppData\Roaming\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe [358400 2015-07-23] (Disconnect)
S3 disconnect-openvpn; C:\Users\Anon4902\AppData\Roaming\Disconnect\Disconnect Desktop\nssm.exe [338944 2014-08-31] ()
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-28] (Ulead Systems, Inc.) [File not signed]
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3722912 2015-11-07] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1424184 2015-07-31] (Motorola Solutions, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 hswpan; C:\Windows\system32\drivers\hswpan.sys [108288 2011-12-07] (Ozmo Inc)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-07-31] (REALiX™)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2015-07-31] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0078.sys [28640 2015-02-02] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11532704 2015-07-31] (Intel Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [294104 2015-07-31] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [20016 2011-10-13] (Synaptics Incorporated)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2012-02-27] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2012-02-27] (Microsoft Corporation) [File not signed]
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-08-13] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [146072 2015-08-13] (Oracle Corporation)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [462304 2015-11-07] (Check Point Software Technologies Ltd.)
S3 ZMHHPAudioSrv; C:\Windows\System32\drivers\zmhhpau.sys [45056 2013-06-19] (ZOOM)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-23 10:56 - 2015-11-23 10:56 - 00031316 _____ C:\Users\Anon4902\Desktop\FRST.txt
2015-11-23 01:06 - 2015-11-23 01:08 - 169567064 _____ C:\Users\Anon4902\Desktop\EmsisoftEmergencyKit.exe
2015-11-23 00:49 - 2015-11-23 00:49 - 02346496 _____ (Farbar) C:\Users\Anon4902\Desktop\FRST64.exe
2015-11-22 23:28 - 2015-11-22 23:28 - 00781312 _____ C:\Users\Anon4902\Downloads\delfix_1.011.exe
2015-11-22 23:27 - 2015-11-22 23:27 - 05198336 _____ (AVAST Software) C:\Users\Anon4902\Downloads\aswMBR.exe
2015-11-22 23:21 - 2015-11-22 23:21 - 00957952 _____ (Farbar) C:\Users\Anon4902\Downloads\ListParts64(1).exe
2015-11-22 23:20 - 2015-11-22 23:20 - 00957952 _____ (Farbar) C:\Users\Anon4902\Downloads\ListParts64.exe
2015-11-22 23:19 - 2015-11-22 23:19 - 02346496 _____ (Farbar) C:\Users\Anon4902\Downloads\FRST64.exe
2015-11-22 23:18 - 2015-11-22 23:18 - 01717248 _____ (Farbar) C:\Users\Anon4902\Downloads\FRST.exe
2015-11-22 23:16 - 2015-11-22 23:16 - 02870984 _____ (ESET) C:\Users\Anon4902\Downloads\esetsmartinstaller_enu.exe
2015-11-22 23:16 - 2015-11-22 23:16 - 00000000 ____D C:\Program Files (x86)\ESET
2015-11-22 22:32 - 2015-11-22 23:05 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-22 22:32 - 2015-11-22 22:32 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-11-22 22:31 - 2015-11-22 22:31 - 00000848 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2015-11-22 22:31 - 2015-11-22 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-11-22 22:31 - 2015-11-22 22:31 - 00000000 ____D C:\Program Files\RogueKiller
2015-11-22 22:28 - 2015-11-22 22:30 - 28423304 _____ (Adlice Software ) C:\Users\Anon4902\Downloads\setup.exe
2015-11-22 22:14 - 2015-11-22 22:14 - 01472131 _____ C:\Users\Anon4902\Downloads\vba32arkit.zip
2015-11-22 22:13 - 2015-11-22 22:14 - 04397752 _____ (Kaspersky Lab ZAO) C:\Users\Anon4902\Downloads\tdsskiller(1).exe
2015-11-20 16:33 - 2015-11-20 16:35 - 00430818 _____ C:\Windows\system32\Drivers\vsconfig.xml
2015-11-20 16:33 - 2015-11-20 16:33 - 00000762 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2015-11-20 16:33 - 2015-11-20 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-11-20 16:31 - 2015-11-20 16:33 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2015-11-20 16:28 - 2015-11-20 16:28 - 00000000 ____D C:\ProgramData\CheckPoint
2015-11-20 16:26 - 2015-11-20 16:26 - 00117312 _____ (Gibson Research Corp.) C:\Users\Anon4902\Downloads\securable.exe
2015-11-17 20:29 - 2015-11-17 20:29 - 09262716 _____ C:\Users\Anon4902\Desktop\nov 17 capture.pcapng
2015-11-15 01:00 - 2015-11-22 01:13 - 00001466 _____ C:\Windows\setupact.log
2015-11-15 01:00 - 2015-11-15 01:00 - 00000000 _____ C:\Windows\setuperr.log
2015-11-12 18:16 - 2015-11-12 18:16 - 00001853 _____ C:\Users\Public\Desktop\Hydrogen.lnk
2015-11-12 18:16 - 2015-11-12 18:16 - 00000000 ____D C:\Users\Anon4902\.hydrogen
2015-11-12 18:15 - 2015-11-12 18:15 - 00000000 ____D C:\Program Files (x86)\Hydrogen
2015-11-12 16:24 - 2015-11-12 16:24 - 00000000 ____D C:\Users\Anon4902\AppData\Local\niemiro
2015-11-12 16:03 - 2015-08-10 13:22 - 00408541 _____ C:\Users\Anon4902\Documents\ireb-r7.zip
2015-11-12 16:01 - 2015-09-18 01:13 - 44228656 _____ C:\Users\Anon4902\Documents\communication-and-presentation.zip
2015-11-12 15:45 - 2015-11-12 16:18 - 00000856 _____ C:\Users\Public\Desktop\Cyberfox.lnk
2015-11-12 15:45 - 2015-11-12 15:45 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cyberfox
2015-11-12 15:45 - 2015-11-12 15:45 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\8pecxstudios
2015-11-12 15:45 - 2015-11-12 15:45 - 00000000 ____D C:\Users\Anon4902\AppData\Local\8pecxstudios
2015-11-12 15:45 - 2015-11-12 15:45 - 00000000 ____D C:\Program Files\Cyberfox
2015-11-10 17:02 - 2015-11-12 03:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-09 21:41 - 2015-11-09 21:41 - 00000000 ____D C:\Users\Public\Documents\HostsMan Backups
2015-11-09 21:41 - 2015-11-09 21:41 - 00000000 ____D C:\ProgramData\abelhadigital.com
2015-11-09 21:28 - 2015-11-12 16:13 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\MPC-HC
2015-11-07 02:36 - 2015-11-07 02:36 - 00462304 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys
2015-11-02 20:06 - 2015-11-02 20:06 - 00000000 ____D C:\Users\Anon4902\Documents\Avatar
2015-10-31 00:41 - 2015-11-15 20:16 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\foobar2000
2015-10-31 00:41 - 2015-10-31 00:41 - 00001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2015-10-31 00:41 - 2015-10-31 00:41 - 00000991 _____ C:\Users\Public\Desktop\foobar2000.lnk
2015-10-31 00:41 - 2015-10-31 00:41 - 00000000 ____D C:\Program Files (x86)\foobar2000
2015-10-25 22:38 - 2015-10-25 22:38 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-10-25 22:38 - 2015-10-25 22:38 - 00000000 ____D C:\Users\Anon4902\AppData\Local\FluxSoftware

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-23 10:56 - 2015-07-17 22:01 - 00000000 ____D C:\FRST
2015-11-23 10:55 - 2015-01-04 00:46 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-11-23 10:25 - 2012-02-27 18:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-23 03:20 - 2015-01-03 12:32 - 01082424 _____ C:\Windows\WindowsUpdate.log
2015-11-23 00:42 - 2015-10-01 00:25 - 00002914 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Anon4902
2015-11-22 22:53 - 2015-06-25 10:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-11-22 02:00 - 2015-01-04 00:39 - 00000000 ____D C:\Users\Anon4902\AppData\Local\Adobe
2015-11-22 01:22 - 2009-07-13 22:45 - 00031472 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-22 01:22 - 2009-07-13 22:45 - 00031472 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-22 01:14 - 2015-01-04 00:34 - 00000000 ____D C:\Users\Anon4902\AppData\LocalLow\AuthenTec
2015-11-22 01:13 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-21 14:23 - 2009-07-13 23:13 - 00740242 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-21 02:51 - 2015-10-14 14:10 - 00002086 ____H C:\Users\Anon4902\.swfinfo
2015-11-20 17:54 - 2015-01-11 05:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-11-20 17:54 - 2015-01-11 05:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-20 16:36 - 2015-07-31 01:33 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-20 16:00 - 2015-07-12 10:55 - 00000000 ____D C:\Users\Anon4902\Desktop\backups
2015-11-18 18:09 - 2015-02-02 23:37 - 00001964 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2015-11-18 05:48 - 2015-10-01 00:25 - 00000000 ____D C:\ProgramData\ProductData
2015-11-15 21:13 - 2015-01-04 01:42 - 00000000 ____D C:\Users\Anon4902\AppData\Local\CrashDumps
2015-11-15 20:54 - 2015-01-16 21:00 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\Skype
2015-11-15 20:51 - 2015-08-09 00:58 - 00000000 ____D C:\temp
2015-11-15 20:46 - 2015-01-04 19:09 - 00000000 ____D C:\Users\Anon4902\Documents\Youcam
2015-11-12 18:44 - 2015-01-04 00:38 - 00000000 ____D C:\Users\Anon4902\AppData\Local\VirtualStore
2015-11-12 18:16 - 2015-07-11 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2015-11-12 18:16 - 2015-01-04 00:34 - 00000000 ____D C:\Users\Anon4902
2015-11-12 16:18 - 2015-07-29 20:05 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-12 16:12 - 2015-07-29 20:07 - 00000000 ____D C:\Users\Anon4902\Documents\CCleaner Reg Backups
2015-11-12 15:52 - 2015-01-11 00:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-12 14:58 - 2015-03-09 11:19 - 00007608 _____ C:\Users\Anon4902\AppData\Local\Resmon.ResmonCfg
2015-11-12 12:50 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2015-11-11 02:42 - 2015-01-11 03:45 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\Audacity
2015-11-11 00:41 - 2015-01-11 03:44 - 00000000 ____D C:\Program Files (x86)\Audacity
2015-11-10 18:25 - 2012-02-27 18:59 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 18:25 - 2012-02-27 18:59 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-10 18:25 - 2012-02-27 18:59 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 16:36 - 2015-09-19 08:13 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\ProductData
2015-11-10 16:36 - 2015-07-05 20:54 - 00000000 ____D C:\Users\Guest
2015-11-10 16:36 - 2015-02-09 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-11-10 16:36 - 2015-02-09 20:58 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2015-11-03 23:31 - 2015-01-08 23:28 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\vlc
2015-11-02 19:54 - 2012-02-27 19:09 - 00000000 ____D C:\ProgramData\Skype
2015-11-02 01:30 - 2015-08-21 19:36 - 00000000 ____D C:\Users\Anon4902\AppData\Roaming\Wireshark
2015-11-02 00:42 - 2015-08-23 19:14 - 00000000 ____D C:\Users\Anon4902\.VirtualBox
2015-11-01 18:03 - 2015-04-18 01:57 - 00000000 ____D C:\Users\Anon4902\Desktop\Tor Browser
2015-11-01 17:33 - 2015-07-19 02:13 - 00000000 ____D C:\Program Files\Java
2015-11-01 17:30 - 2015-06-09 14:01 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-31 21:58 - 2015-06-09 14:22 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-31 21:57 - 2015-05-19 10:04 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-31 02:07 - 2012-05-22 22:05 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-31 02:01 - 2015-08-28 06:32 - 00000000 ____D C:\Users\Anon4902\.oracle_jre_usage
2015-10-31 01:59 - 2015-02-12 21:42 - 00000000 ____D C:\ProgramData\Oracle
2015-10-27 18:28 - 2015-10-21 16:28 - 00000000 ___HD C:\_acestream_cache_
2015-10-27 16:51 - 2015-10-22 21:20 - 00001609 _____ C:\Users\Public\Desktop\Wireshark.lnk
2015-10-27 16:47 - 2015-08-13 16:03 - 00002577 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2015-10-27 16:45 - 2015-06-15 11:25 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2377681282-867560761-243087652-1001UA.job
2015-10-27 16:45 - 2015-06-15 11:25 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2377681282-867560761-243087652-1001Core.job
2015-10-27 16:41 - 2015-07-29 20:05 - 00000000 ____D C:\Program Files\CCleaner
2015-10-25 18:20 - 2015-06-15 11:25 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2377681282-867560761-243087652-1001UA
2015-10-25 18:20 - 2015-06-15 11:25 - 00003512 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2377681282-867560761-243087652-1001Core
2015-10-25 17:54 - 2015-04-16 07:27 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-25 17:54 - 2015-04-16 07:27 - 00000000 ____D C:\Windows\system32\appraiser

==================== Files in the root of some directories =======

2015-04-26 09:09 - 2015-04-26 09:09 - 0003584 _____ () C:\Users\Anon4902\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-09 11:19 - 2015-11-12 14:58 - 0007608 _____ () C:\Users\Anon4902\AppData\Local\Resmon.ResmonCfg
2015-02-02 23:22 - 2015-02-02 23:22 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Anon4902\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Anon4902\AppData\Local\Temp\HPPSdr.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-20 00:25

==================== End of FRST.txt ============================

 

 

 

Additional:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:22-11-2015
Ran by Anon4902 (2015-11-23 10:57:20)
Running from C:\Users\Anon4902\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-01-04 06:34:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2377681282-867560761-243087652-500 - Administrator - Disabled)
Anon4902 (S-1-5-21-2377681282-867560761-243087652-1001 - Administrator - Enabled) => C:\Users\Anon4902
Guest (S-1-5-21-2377681282-867560761-243087652-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2377681282-867560761-243087652-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-2377681282-867560761-243087652-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version:  - )
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.159 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)
Cyberfox Web Browser (HKLM\...\{5EFB52C0-4EC9-46B4-80EB-8432C6599641}_is1) (Version: 42.0.1.0 - 8pecxstudios)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5822 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disconnect Desktop (HKU\S-1-5-21-2377681282-867560761-243087652-1001\...\Disconnect Desktop 2.0.5) (Version: 2.0.5 - Disconnect)
Disconnect Desktop (x32 Version: 2.0.5 - Disconnect) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.70 - DivX, LLC)
DVC5.1 Driver (HKLM-x32\...\{0DCCE3F4-E888-40E8-8AE5-CF8058F25631}) (Version:  - )
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{768A6276-5822-489C-8A2B-67190F745655}) (Version: 4.1.2 - Hewlett-Packard)
Exact Audio Copy 1.0beta4 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta4 - Andre Wiethoff)
f.lux (HKU\S-1-5-21-2377681282-867560761-243087652-1001\...\Flux) (Version:  - )
FlacSquisher 1.3.5 (HKLM-x32\...\FlacSquisher) (Version: 1.3.5 - FlacSquisher)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
Freemake Video Converter version 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{B288E426-9954-451C-B811-B0F234CF0EDD}) (Version: 1.3.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP SimplePass (HKLM-x32\...\{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}) (Version: 6.0.100.276 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{1DFA0C99-6E2E-46F4-B242-51C7CF41DDE5}) (Version: 4.5.12.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{A772EA32-AE5B-4474-BFC0-4C69C04AFF6A}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
H-Series_ASIO64 (HKLM\...\{5ACDFB68-D994-48E0-A579-2AFA6B851710}) (Version: 2.0.0.3 - ZOOM)
Hydrogen 0.9.6 preview release for windows (HKLM-x32\...\{B24839E5-A70C-48AD-B4D9-B9FB46B4B038}_is1) (Version:  - hydrogen-music.org)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2626 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Music device driver (HKLM\...\{4169B8AC-D144-4E38-A9CA-637EA44129ED}) (Version: 1.5.5310.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.122 - IObit)
iSkysoft DVD Creator(Build 3.1.0) (HKLM-x32\...\iSkysoft DVD Creator_is1) (Version:  - Wondershare Software)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
iZotope Vinyl (HKLM-x32\...\iZotope Vinyl_is1) (Version: 1.61 - iZotope, Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.9.8 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.8 - )
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
NirSoft WirelessNetView (HKLM-x32\...\NirSoft WirelessNetView) (Version:  - )
NVIDIA Graphics Driver 306.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.14 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
OpenVPN 2.3.6-I603  (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I603 - )
Oracle VM VirtualBox 5.0.2 (HKLM\...\{6CB00039-29CC-42A1-8ED2-820821DA2B8A}) (Version: 5.0.2 - Oracle Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
RegAlyzer (HKLM-x32\...\{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1) (Version: 1.6.2.16 - Safer-Networking Ltd.)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
Samsung DVC Media 5.1 (HKLM-x32\...\{158BC6C5-5950-4FDD-BE33-0294668923F2}) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
SMI Grabber Device (HKLM-x32\...\{B03B98E3-2795-48F6-BA33-793BBF5DF685}) (Version: 1.0.0.29 - Somagic)
Spotify (HKU\S-1-5-21-2377681282-867560761-243087652-1001\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
StudioTax 2013 (HKLM-x32\...\{B5747C27-92C0-4419-944B-D52772B29DB8}) (Version: 9.1.11.1 - BHOK IT Consulting)
StudioTax 2014 (HKLM-x32\...\{3C685D9F-F531-4D8C-926D-17F2F06B78EF}) (Version: 10.0.5.2 - BHOK IT Consulting)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
Ulead VideoStudio SE DVD (HKLM-x32\...\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}) (Version: 10.0 - Ulead Systems)
Validity WBF DDK (HKLM\...\{DA83578A-7DB2-4CF6-9453-CF24C7917AB8}) (Version: 4.3.301.0 - Validity Sensors, Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.12.8 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.8 - The Wireshark developer community, hxxp://www.wireshark.org)
ZoneAlarm Firewall (x32 Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 14.1.011.000 - Check Point)
ZoneAlarm Security (x32 Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2377681282-867560761-243087652-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Anon4902\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2377681282-867560761-243087652-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Anon4902\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

12-11-2015 15:25:42 Windows Modules Installer
14-11-2015 16:08:06 Windows Update
18-11-2015 06:03:29 Windows Update
23-11-2015 01:33:49 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-10-27 17:57 - 00000869 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B0D337F-4B17-4C2B-B93C-BCAEF1C98312} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {15B207CC-A979-4275-89B7-812E22074904} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {17BF206F-4E82-4B4E-A506-3B9B84F9602E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {1ACC71FE-D244-432B-9668-5196F104F867} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)
Task: {2139959D-FA7A-44AA-B106-31DB5EFDC037} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-11-04] (HP Inc.)
Task: {409A1212-6213-4B73-A763-8E6D59BF4856} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {41A0C337-C469-4978-8E12-E06E369E8ABC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {44A9B4EA-35BB-4045-9CA4-D29B1F22444A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4556EABE-04B8-4ADE-8296-3DD8DCF9ADE8} - System32\Tasks\Disconnect Desktop Updater => C:\Users\Anon4902\AppData\Roaming\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe [2015-07-23] (Disconnect)
Task: {48529DD9-153B-418A-8EF2-C222206834C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {48542136-6DA1-46BC-9365-C1F8556E4D8D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2013-11-04] (Hewlett-Packard Company)
Task: {71074874-90D4-4FB3-A0D9-D25D39A277E4} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-01-13] ()
Task: {71F26F98-1C71-4831-A78E-EF1AFF011B60} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {72366DBE-A850-43E7-92B2-DA2DB7AA53D3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2377681282-867560761-243087652-1001Core => C:\Users\Anon4902\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-15] (Google Inc.)
Task: {82D0DC50-91E4-4229-99C3-769C6C9FA8F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B5E7B7EC-1BEA-425C-9FF6-5ADEA4B444A2} - System32\Tasks\Uninstaller_SkipUac_Anon4902 => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-07-15] (IObit)
Task: {BB1096E6-C748-464A-8E44-F1E42AA8ED3E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {C66588A8-1D41-4EC3-A332-9E2BCB370D65} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {C708C5CD-7406-4D61-A15B-88B483099338} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-25] (CyberLink)
Task: {CAF66B1E-1C04-4571-80F6-8F8B44BF232C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2377681282-867560761-243087652-1001UA => C:\Users\Anon4902\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-15] (Google Inc.)
Task: {D7389EB4-F5A4-4CD5-A9C0-91DA876CBCD4} - System32\Tasks\AdobeAAMUpdater-1.0-DV7-7073CA-Anon4902 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-22] (Adobe Systems Incorporated)
Task: {F450D734-755D-4FC4-B0FF-146C2667B6C3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2377681282-867560761-243087652-1001Core.job => C:\Users\Anon4902\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2377681282-867560761-243087652-1001UA.job => C:\Users\Anon4902\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-05-22 22:05 - 2012-08-28 01:50 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-05-22 22:03 - 2011-12-16 14:37 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-05-22 22:03 - 2012-01-18 17:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-07 05:16 - 2013-06-07 05:16 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2015-06-25 10:23 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-25 10:23 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-25 10:23 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-25 10:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-25 10:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-01-04 10:53 - 2015-01-04 10:53 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2012-05-22 22:08 - 2011-11-29 22:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-05-22 22:03 - 2011-12-16 12:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\26332563.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\26332563.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2377681282-867560761-243087652-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Anon4902\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 65.87.230.4 - 65.87.230.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: BLEServicesCtrl => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: UVS10 Preload => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{3537EBA0-8251-4FA0-A9B0-229134605925}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [uDP Query User{B841A9B7-9D5F-4D08-B5EE-B3A5B6F67941}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{DBAC22A8-E426-43F2-B9DB-7F5C94344461}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [uDP Query User{54445CE4-64F3-4D58-A757-73D1F9FACBD5}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [{548904A6-53C8-42DC-8586-81A198A885A2}] => (Allow) C:\Users\Anon4902\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [TCP Query User{20DFD6BA-0E78-451F-B655-E23BAA31A83A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [uDP Query User{E3379B5C-BD4B-4671-A558-A18BB4FDD32B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A5907277-9205-4F19-B651-5511F620FC64}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{F9FB339E-88EB-4037-92E5-AAF06F0970B1}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [uDP Query User{9351B284-00BB-46B8-AEB4-F23855404C80}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{74A2CE9E-01F1-48B0-A8C9-C11C174EA6E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D794A004-F1A4-46A0-A769-241CC88AF3C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{66A1994A-CF8E-4424-88F5-3979816B9671}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7AE400D0-57ED-4929-839F-3E16F4173158}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2F225B24-A353-47B1-9F60-92233B0718A8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{28A2760E-9CEC-49FC-913C-8E753F1B7D72}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6EECC4FE-1F1A-4569-8EAC-61F726194866}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B8952146-625E-4205-A5C4-949899E2005A}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [uDP Query User{B61453B8-2D16-4787-A16A-F5E87CB86FE9}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{5A509A6B-63D8-4A6E-9570-57456617CB02}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6602A43F-DE19-493F-8A63-3C6EA379C90D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5DC97278-D27D-48F6-9CAA-27A230DE4655}] => (Allow) C:\Users\Anon4902\AppData\Local\Temp\7zS2A10\HPDiagnosticCoreUI.exe
FirewallRules: [{9D9EBDF6-28F0-447D-BAB3-72A4FCF01DD3}] => (Allow) C:\Users\Anon4902\AppData\Local\Temp\7zS2A10\HPDiagnosticCoreUI.exe
FirewallRules: [{0B4D5E40-A405-434A-A262-A34D271EE856}] => (Allow) C:\Users\Anon4902\AppData\Local\Temp\7zS2AF8\HPDiagnosticCoreUI.exe
FirewallRules: [{58001707-C31C-4A8D-886E-7F7EB19C3157}] => (Allow) C:\Users\Anon4902\AppData\Local\Temp\7zS2AF8\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{B7659CE8-89B6-4AA2-BD0F-8E75D04432AE}C:\users\anon4902\appdata\local\temp\7zs2af8\hpdiagnosticcoreui.exe] => (Allow) C:\users\anon4902\appdata\local\temp\7zs2af8\hpdiagnosticcoreui.exe
FirewallRules: [uDP Query User{C6769A1B-4FBC-4D81-9AA1-100FCB429D3A}C:\users\anon4902\appdata\local\temp\7zs2af8\hpdiagnosticcoreui.exe] => (Allow) C:\users\anon4902\appdata\local\temp\7zs2af8\hpdiagnosticcoreui.exe
FirewallRules: [{FB9036AF-FB38-468C-A898-73903957F29E}] => (Allow) C:\Users\Anon4902\AppData\Local\Temp\7zS2FDB\HPDiagnosticCoreUI.exe
FirewallRules: [{AE942549-279C-4C41-88B4-6BB22452D84F}] => (Allow) C:\Users\Anon4902\AppData\Local\Temp\7zS2FDB\HPDiagnosticCoreUI.exe
FirewallRules: [{933167F8-E85B-4D61-B1D4-93E151596D2B}] => (Allow) C:\Users\Anon4902\AppData\Local\Temp\7zS2FDB\HPDiagnosticCoreUI.exe
FirewallRules: [{7195D5B8-4006-4889-89F5-872C6E790D3B}] => (Allow) C:\Users\Anon4902\AppData\Local\Temp\7zS2FDB\HPDiagnosticCoreUI.exe
FirewallRules: [{1C0BFF8B-6EF2-40D7-9EB3-4BDB2713960E}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{7DC33156-CB47-4F33-894D-58CEE772FD10}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{AEA252AA-B47B-446C-A485-2A4C7C1B4065}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{809AA5E5-0119-4B10-868B-50909AAA3473}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Validity Sensors (WBF) (PID=0018)
Description: Validity Sensors (WBF) (PID=0018)
Class Guid: {24619924-aa9e-486f-99f9-847a5986b6be}
Manufacturer: Validity Sensors, Inc.
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================


Error: (11/22/2015 11:16:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/22/2015 11:16:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Report Id: 7008e7fe-9102-11e5-b76f-00ac11ffda59

Error: (11/22/2015 01:13:54 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.

Error: (11/22/2015 01:13:47 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (11/22/2015 01:13:47 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Report Id: 41144df1-90e8-11e5-a1a0-00ac11ffda59

Error: (11/21/2015 01:30:07 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.

Error: (11/21/2015 01:30:04 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog


System errors:
=============
Error: (11/23/2015 10:48:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/23/2015 10:48:37 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Anon4902\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/23/2015 10:48:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/23/2015 10:48:36 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Anon4902\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/23/2015 10:48:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/23/2015 10:48:36 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Anon4902\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/23/2015 10:48:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/23/2015 10:48:36 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Anon4902\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/23/2015 10:48:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/23/2015 10:48:35 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Anon4902\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


CodeIntegrity:
===================================
  Date: 2015-08-03 15:04:16.138
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-03 15:04:16.134
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-03 15:04:15.703
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-03 15:04:15.698
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-03 15:04:13.830
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-03 15:04:13.826
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-03 15:04:13.183
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-08-03 15:04:13.178
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-07-29 19:11:17.444
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-29 19:11:17.413
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 56%
Total physical RAM: 8091.31 MB
Available physical RAM: 3538.52 MB
Total Virtual: 16180.82 MB
Available Virtual: 12671.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:670.1 GB) (Free:13.14 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:698.63 GB) (Free:3.03 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:28.24 GB) (Free:0.19 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 02B32781)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=670.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=28.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=102 MB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: A7864633)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[TwinHeadedEagle]

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

• We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
• Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
• Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
• Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
• Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
• Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

---

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.

Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[breathe]

Thanks for responding.

 

FRST.txt and Addition.txt attached.

FRST.txt

Addition.txt

[TwinHeadedEagle]

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

createsrpoint;autoclean;emptyclsid;emptyalltemp;ipconfig /flushdns >>"%temp%\log.txt";b

• Right-click on icon and select Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

---

Check Disk

• Press the + R on your keyboard at the same time. Type cmd and click OK.
• Copy/Enter the command below and press Enter:

• chkdsk C: /r

• You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
• All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.

Check Disk report:

• Press the + R on your keyboard at the same time. Type eventvwr and click OK.
• In the left panel, expand Windows Logs and then click on Application.
• Now, on the right side, click on Filter Current Log.
• Under Event Sources, check only Wininit and click OK.
• Now you'll be presented with one or multiple Wininit logs.
• Click on an entry corresponding to the date and time of the disk check.
• On the top main menu, click Action > Copy > Copy Details as Text.
• Paste the contents into your next reply.

[breathe]

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          11/24/2015 1:21:53 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      DV7-7073CA
Description:


Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x225a.
Cleaning up instance tags for file 0x183f6.
  358912 file records processed.                                         

File verification completed.
  10719 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  10080 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  461626 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  358912 file SDs/SIDs processed.                                        

Cleaning up 2372 unused index entries from index $SII of file 0x9.
Cleaning up 2372 unused index entries from index $SDH of file 0x9.
Cleaning up 2372 unused security descriptors.
Security descriptor verification completed.
  51358 data files processed.                                           

CHKDSK is verifying Usn Journal...
  37134992 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  358896 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  3663919 free clusters processed.                                        

Free space verification is complete.
Windows has made corrections to the file system.

 702651391 KB total disk space.
 687349136 KB in 265200 files.
    160792 KB in 51359 indexes.
         0 KB in bad sectors.
    485783 KB in use by the system.
     65536 KB occupied by the log file.
  14655680 KB available on disk.

      4096 bytes in each allocation unit.
 175662847 total allocation units on disk.
   3663920 allocation units available on disk.

Internal Info:
00 7a 05 00 9a d4 04 00 6c a7 08 00 00 00 00 00  .z......l.......
fd 49 00 00 60 27 00 00 00 00 00 00 00 00 00 00  .I..`'..........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-11-24T19:21:53.000000000Z" />
    <EventRecordID>511029</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>DV7-7073CA</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x225a.
Cleaning up instance tags for file 0x183f6.
  358912 file records processed.                                         

File verification completed.
  10719 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  10080 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  461626 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  358912 file SDs/SIDs processed.                                        

Cleaning up 2372 unused index entries from index $SII of file 0x9.
Cleaning up 2372 unused index entries from index $SDH of file 0x9.
Cleaning up 2372 unused security descriptors.
Security descriptor verification completed.
  51358 data files processed.                                           

CHKDSK is verifying Usn Journal...
  37134992 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  358896 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  3663919 free clusters processed.                                        

Free space verification is complete.
Windows has made corrections to the file system.

 702651391 KB total disk space.
 687349136 KB in 265200 files.
    160792 KB in 51359 indexes.
         0 KB in bad sectors.
    485783 KB in use by the system.
     65536 KB occupied by the log file.
  14655680 KB available on disk.

      4096 bytes in each allocation unit.
 175662847 total allocation units on disk.
   3663920 allocation units available on disk.

Internal Info:
00 7a 05 00 9a d4 04 00 6c a7 08 00 00 00 00 00  .z......l.......
fd 49 00 00 60 27 00 00 00 00 00 00 00 00 00 00  .I..`'..........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

Scan with ZOEK.docx

[TwinHeadedEagle]

Do you have Zoek-results report?

[breathe]

Can you see the attachment?

[breathe]

Ok I attached the right file

[breathe]

Zoek results now attached.

zoek-results.txt

[TwinHeadedEagle]

Where did you get this Zoek script? This is not what I instructed you to do. Please run it one more time by explicitly following my instructions.

[breathe]

I can't paste it on here. I keep getting an error message that the post is too long.

[TwinHeadedEagle]

Can you attach it?

[breathe]

Ok second try.

zoek-results.txt

[breathe]

Ok regarding this. The instructions were not clear to me. I was looking for them to be in order like below, not the script being way above the instructions, as it didn't make sense to me when I first read it. Instead the script itself is above the instructions.

 

I will redo the scan and post the proper results.

 

In the main box please paste in the following script:

 

createsrpoint;
autoclean;
emptyclsid;
emptyalltemp;
ipconfig /flushdns >>"%temp%\log.txt";b

[breathe]

Zoek.exe v5.0.0.1 Updated 22-November-2015
Tool run by Anon4902 on Tue 11/24/2015 at 21:54:02.05.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Anon4902\Desktop\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2015-11-24-151233.log    140577 bytes
C:\zoek-results2015-11-25-035109.log    10951 bytes

==== System Restore Info ======================

11/24/2015 10:05:57 PM Zoek.exe System Restore Point Created Successfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

==== Deleting Files \ Folders ======================

C:\Users\Anon4902\AppData\Roaming\ProductData deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Anon4902\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\4yomj723.default
user_pref("browser.startup.homepage", "https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/");

ProfilePath: C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183
user_pref("browser.search.defaultenginename", "Ixquick HTTPS");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Anon4902\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\4yomj723.default
- Disconnect - %ProfilePath%\extensions\2.0@disconnect.me.xpi

ProfilePath: C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183
- Disconnect - %ProfilePath%\extensions\2.0@disconnect.me.xpi
- Facebook Disconnect - %ProfilePath%\extensions\facebook@disconnect.me.xpi
- F.B. Purity - Cleans Up Facebook - %ProfilePath%\extensions\fbp@fbpurity.com.xpi
- Google Disconnect - %ProfilePath%\extensions\google@disconnect.me.xpi
- Facebook Disconnect - %ProfilePath%\extensions\jid0-dBgF7UkIiOsWqvBng4hYu@jetpack.xpi
- Pop-up Controller - %ProfilePath%\extensions\jid1-MIAJd5BiK7V4Pw@jetpack.xpi
- Undetermined - %ProfilePath%\extensions\jid1-vhLR6vkMUx9csw@jetpack.xpi
- YouTube AdBlock - %ProfilePath%\extensions\jid1-w4wG5nJhx4LJZr@jetpack.xpi
- Memory Restart - %ProfilePath%\extensions\memoryrestart@teamextension.com.xpi
- Twitter Disconnect - %ProfilePath%\extensions\twitter@disconnect.me.xpi

ExtDir: C:\Users\Anon4902\AppData\Roaming\Mozilla\Extensions
- Disconnect - %ExtDir%\2.0@disconnect.me

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- TrueSuite Website Logon - %AppDir%\distribution\bundles\websitelogon@truesuite.com

==== Firefox Plugins ======================

Profilepath: C:\Users\Anon4902\AppData\Roaming\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183
C92C7CA0E78F327951229F98BAEA15DB    - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll -    Shockwave for Director / Shockwave for Director
F114FBA6246530B89DD1E04351E0EAC5    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll -    Shockwave Flash
7D127425BBE91DF37448A7F44C1DDA52    - C:\Users\Anon4902\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll -    Google Update
49D429EBF5305FC9ADD7545B7C914333    - C:\Users\Anon4902\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll -    Google Talk Plugin
6BEAD7859E8A087BE04556AB5A78855C    - C:\Users\Anon4902\AppData\Roaming\Mozilla\plugins\npo1d.dll -    Google Talk Plugin Video Renderer


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hmobfennjmjnkdbklhcnnfbhfibedgkk - No path found[]
jeoacafpbcihiomhlakheieifhpjdfeo - No path found[]
kanflfepiobnpjbljmngfgegijhdpljm - C:\Program Files (x86)\HP SimplePass\tschrome.crx[04/01/2013 02:25 AM]

Disconnect Search - Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk
Disconnect - Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo
Website Logon - Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm
Chrome Hotword Shared Module - Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
UglyEmail - Anon4902\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldgiafaliifpknmgofiifianlnbgflgj
Disconnect Search - Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk
Website Logon - Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kanflfepiobnpjbljmngfgegijhdpljm
Chrome Hotword Shared Module - Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Disconnect Search - Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk
Disconnect - Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo
Website Logon - Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kanflfepiobnpjbljmngfgegijhdpljm
Chrome Hotword Shared Module - Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lccekmodgklaepjeofjdjpbminllajkg

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://g.msn.com/HPCON/4"
"Old Start Page"="http://g.msn.com/HPCON/4"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://g.msn.com/HPCON/4"
"Old Start Page"="http://g.msn.com/HPCON/4"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{25DFA50D-C3CE-4A6B-B6FB-CEB0871CA0E2} - http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
HKLM\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.com/rover/1/706-111074-26712-11/4?satitle={searchTerms}
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} - http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
HKLM\Wow6432Node\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.com/rover/1/706-111074-26712-11/4?satitle={searchTerms}
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.com/rover/1/706-111074-26712-11/4?satitle={searchTerms}

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Anon4902\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Anon4902\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Anon4902\AppData\Local\Mozilla\Firefox\Profiles\g5qgpscc.default-1438055325183\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully
C:\Users\Anon4902\AppData\Local\Google\Chrome\User Data\Profile 3\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=50 folders=44 46170557 bytes)

==== Empty Temp Folders ======================

C:\Users\Anon4902\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Guest\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Anon4902\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Anon4902\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted

==== EOF on Wed 11/25/2015 at  0:07:27.74 ======================
 

[TwinHeadedEagle]

How is your PC behaving now?

[breathe]

The computer is running a little bit warm and the fan is still running, though not like a hairdryer, but compared to before yesterday it is a lot better.

 

I still wonder if there is something else running though. I remember when I first got this computer, the fan never ran at all until it was infected.

[TwinHeadedEagle]

Your PC seems clean. Since this is a Laptop, it is much more prone to dust problems than Desktop PC, so you should check if it is overheating.

[breathe]

What do you make of this? I did a scan with RogueKiller but this PUM will not stay deleted from the registry. This is the second time I have tried to kill it but it won't go away. So there is definitely still an infection. I don't know what else to do to delete it though. Any ideas?

 

I hit delete. Then it gave me an error message. Should I run this program in safe mode?

 

Anyway, here is the text file of before I hit delete. After that I will also post the subsequent file.

 

RogueKiller V10.11.7.0 (x64) [Nov 23 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Anon4902 [Administrator]
Started from : C:\Users\Anon4902\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 11/25/2015 04:42:10

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2377681282-867560761-243087652-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2377681282-867560761-243087652-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4761697C-B3B5-4610-AD17-D2B8CC9232D5} | DhcpNameServer : 65.87.230.4 65.87.230.5 ([-][CANADA (CA)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4761697C-B3B5-4610-AD17-D2B8CC9232D5} | DhcpNameServer : 65.87.230.4 65.87.230.5 ([-][CANADA (CA)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4761697C-B3B5-4610-AD17-D2B8CC9232D5} | DhcpNameServer : 65.87.230.4 65.87.230.5 ([-][CANADA (CA)])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 89e59afe521d81054fb98b020cadd2f4
[bSP] 968d3d3f2a999b9cf2b15f1305525274 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 686183 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1405712384 | Size: 28918 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 80353ac5d4ea281cf081eb40e632ac74
[bSP] 53611c13299017bd2f74a66e1b7b7175 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 715402 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

RogueKiller V10.11.7.0 (x64) [Nov 23 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Anon4902 [Administrator]
Started from : C:\Users\Anon4902\Desktop\RogueKillerX64.exe
Mode : Delete -- Date : 11/25/2015 08:54:00

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2377681282-867560761-243087652-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> ERROR [0]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2377681282-867560761-243087652-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> ERROR [2]
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4761697C-B3B5-4610-AD17-D2B8CC9232D5} | DhcpNameServer :  ([-][CANADA (CA)])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4761697C-B3B5-4610-AD17-D2B8CC9232D5} | DhcpNameServer :  ([-][CANADA (CA)])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4761697C-B3B5-4610-AD17-D2B8CC9232D5} | DhcpNameServer :  ([-][CANADA (CA)])  -> Replaced ()

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 89e59afe521d81054fb98b020cadd2f4
[bSP] 968d3d3f2a999b9cf2b15f1305525274 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 686183 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1405712384 | Size: 28918 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 80353ac5d4ea281cf081eb40e632ac74
[bSP] 53611c13299017bd2f74a66e1b7b7175 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 715402 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

 

 

[breathe]

Or is this just my own internet settings? I don't know much about proxy stuff.

[TwinHeadedEagle]

Hm, let's use FRST again.
 
 
Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

[breathe]

Scan results uploaded.

FRST.txt

Addition.txt

[TwinHeadedEagle]

Reports do not show sings of infection.

[breathe]

Ok great. Hopefully it's ok now. Thanks for your valuable assistance!

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!