Voods Posted December 3, 2015 ID:1004867 Share Posted December 3, 2015 Hi there I have been having multiple issues with my laptop. Tried fixing with the various programs that are commonly used to no resolve. My internet is really slow, takes 5 mins sometimes to download a file the size of 500kb. Thats if it stays connected. My connection breaks over 40 times a day. Malwarebytes only loads around 1 in 20 times, even using Chameleon doesn't work, when it did load, nothing was found, either in SuperantiSpyware either. Out of desperation, I tried using aswmbr and combofix myself, but still to no avail. I've had to borrow a computer to get online for a prolonged period of time. It's the only computer in the house that is having issues, it's also running slow. I have also scanned with unhackme, sophos, stinger, gmer, rkill. But still nothing found. It's practicall like a zombie. I had to uninstall Java, as I noticed 14 instances of javaws.exe, which was alarming. Also, the system file csrss.exe has no file location or details about it, i'm sure i've noticed it pointing to system32 before. Any help would be most welcome. RegardsDave Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted December 3, 2015 ID:1004869 Share Posted December 3, 2015 Hello, Please follow this topic and attach required reports https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/ Link to post Share on other sites More sharing options...
Voods Posted December 3, 2015 Author ID:1004876 Share Posted December 3, 2015 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-12-2015Ran by Davina-Divine (administrator) on DIVINE (03-12-2015 13:16:10)Running from C:\Users\Davina-Divine\DownloadsLoaded Profiles: Davina-Divine (Available Profiles: Davina-Divine)Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Windows\System32\WLTRYSVC.EXE(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE(Microsoft Corporation) C:\Windows\System32\wlanext.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(F-Secure Corporation) C:\Program Files\F-Secure\Freedome\Freedome\1\FreedomeService.exe() C:\Program Files\Comodo\IceDragon\icedragon_updater.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe() C:\Users\Davina-Divine\AppData\Roaming\Dashlane\Dashlane.exe(Greatis Software) C:\Program Files\UnHackMe\hackmon.exe() C:\Users\Davina-Divine\AppData\Roaming\Dashlane\DashlanePlugin.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe(Microsoft Corporation) C:\Windows\System32\cmd.exe() C:\Users\Davina-Divine\AppData\Roaming\Dashlane\DashlanePlugin.exe(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe(Microsoft Corporation) C:\Windows\System32\prevhost.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.)HKU\S-1-5-21-2091952882-4294398361-615148702-1000\...\Run: [Dashlane] => C:\Users\Davina-Divine\AppData\Roaming\Dashlane\Dashlane.exe [227712 2015-10-28] ()HKU\S-1-5-21-2091952882-4294398361-615148702-1000\...\Run: [DashlanePlugin] => C:\Users\Davina-Divine\AppData\Roaming\Dashlane\DashlanePlugin.exe [285568 2015-10-28] ()HKU\S-1-5-21-2091952882-4294398361-615148702-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-19] (Piriform Ltd)ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)BootExecute: autocheck autochk * PartizanPCloudBroom.exe \systemroot\system32\BroomData.bit ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 172.20.10.1Tcpip\..\Interfaces\{1C861901-1A62-4C31-A871-8A33AE4073AA}: [DhcpNameServer] 194.168.4.100 194.168.8.100Tcpip\..\Interfaces\{26B12864-EF32-48D9-8560-C4F1D327A274}: [DhcpNameServer] 172.20.10.1Tcpip\..\Interfaces\{DA754577-4946-4694-ACEF-8F0EF042C470}: [DhcpNameServer] 172.20.10.1 Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\S-1-5-21-2091952882-4294398361-615148702-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-2091952882-4294398361-615148702-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-2091952882-4294398361-615148702-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.comSearchScopes: HKLM -> DefaultScope value is missingSearchScopes: HKU\S-1-5-21-2091952882-4294398361-615148702-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}Toolbar: HKLM - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Davina-Divine\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2015-10-28] (Dashlane) FireFox:========FF ProfilePath: C:\Users\Davina-Divine\AppData\Roaming\Mozilla\Firefox\Profiles\hiuj3mky.defaultFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-12] ()FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [No File]FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [No File]FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-09-07] ()FF Plugin: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-09-07] ()FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-09-07] ()FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Davina-Divine\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2015-11-19] ()FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Davina-Divine\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2015-11-19] (Hola)FF Plugin HKU\S-1-5-21-2091952882-4294398361-615148702-1000: @hola.org/FlashPlayer -> C:\Users\Davina-Divine\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll [2015-11-11] ()FF Plugin HKU\S-1-5-21-2091952882-4294398361-615148702-1000: @hola.org/vlc -> C:\Users\Davina-Divine\AppData\Local\Hola\firefox\app\vlc\npvlc.dll [2015-11-11] (Hola)FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-09-07] [not signed]FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-09-07] [not signed]FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-09-07] [not signed]FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.comFF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.comFF HKLM\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.comFF HKU\S-1-5-21-2091952882-4294398361-615148702-1000\...\Firefox\Extensions: [jetpack-extension@dashlane.com] - C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\Extensions\JetPack_expanded\jetpack-extension@dashlane.comFF Extension: Dashlane - C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\Extensions\JetPack_expanded\jetpack-extension@dashlane.com [2015-10-28] [not signed] Chrome: =======CHR Profile: C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-07]CHR Extension: (Google Docs) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-07]CHR Extension: (Google Drive) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]CHR Extension: (YouTube) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]CHR Extension: (Google Search) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]CHR Extension: (Kaspersky Protection) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-09-07]CHR Extension: (Session Buddy) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2015-09-18]CHR Extension: (Dashlane) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2015-11-25]CHR Extension: (Google Sheets) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-07]CHR Extension: (Google Docs Offline) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-12-02]CHR Extension: (Webproxy.net - Unblock any website) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpmikmnnnoacchojfpdgfdgpkfgajhim [2015-10-17]CHR Extension: (Similar Sites) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\necpbmbhhdiplmfhmjicabdeighkndkn [2015-10-07]CHR Extension: (Chrome Web Store Payments) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-07]CHR Extension: (Gmail) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-07]CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Davina-Divine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhplgjpclknigjpccbcnmicgcieojbh [2015-12-01]CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)R2 AVP15.0.2; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-06-27] (Kaspersky Lab ZAO)S2 BAsfIpM; C:\Windows\system32\basfipm.exe [77824 2004-04-01] (Broadcom Corp.) [File not signed]S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-03-14] (Intel Corporation)S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-07] (Dropbox, Inc.)S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-07] (Dropbox, Inc.)R2 Freedome Service; C:\Program Files\F-Secure\Freedome\Freedome\1\FreedomeService.exe [379432 2015-10-21] (F-Secure Corporation)S3 ICCS; C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)R2 IceDragonUpdater; C:\Program Files\Comodo\IceDragon\icedragon_updater.exe [1972408 2015-10-05] ()R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [242928 2013-07-17] ()R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [1253376 2007-03-16] (Dell Inc.) [File not signed]R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2525936 2013-07-17] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Acceler; C:\Windows\System32\DRIVERS\accelern.sys [44144 2012-05-23] (ST Microelectronics)R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-05] (Atheros Communications, Inc.)R3 BTWAMPFL; C:\Windows\system32\drivers\btwampfl.sys [302120 2015-09-06] (Broadcom Corporation.)R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [197864 2015-06-27] (Kaspersky Lab UK Ltd)R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [368392 2013-02-20] (Intel Corporation)R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [153784 2015-06-27] (Kaspersky Lab ZAO)R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [54640 2015-06-27] (Kaspersky Lab ZAO)R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [128728 2015-06-27] (Kaspersky Lab ZAO)R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [44208 2015-06-27] (Kaspersky Lab ZAO)R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [692920 2015-10-06] (Kaspersky Lab ZAO)R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [34160 2015-06-27] (Kaspersky Lab ZAO)R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [36208 2015-06-27] (Kaspersky Lab ZAO)R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [35696 2015-06-27] (Kaspersky Lab ZAO)R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [23920 2015-06-27] (Kaspersky Lab ZAO)R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-27] (Kaspersky Lab ZAO)R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [72560 2015-06-27] (Kaspersky Lab ZAO)R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [157240 2015-10-06] (Kaspersky Lab ZAO)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-12-03] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [48928 2013-01-23] (Intel Corporation)R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10375680 2013-05-29] (Intel Corporation)U0 Partizan; C:\Windows\System32\drivers\Partizan.sys [35816 2015-11-25] (Greatis Software)S3 RegGuard; C:\Windows\system32\Drivers\regguard.sys [24416 2015-12-01] (Greatis Software)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [30248 2015-10-21] (The OpenVPN Project)S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]S3 catchme; \??\C:\Users\DAVINA~1\AppData\Local\Temp\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-03 13:16 - 2015-12-03 13:16 - 00019515 _____ C:\Users\Davina-Divine\Downloads\FRST.txt2015-12-03 13:15 - 2015-12-03 13:16 - 00000000 ____D C:\FRST2015-12-03 13:14 - 2015-12-03 13:14 - 01721344 _____ (Farbar) C:\Users\Davina-Divine\Downloads\FRST.exe2015-12-02 00:22 - 2015-12-02 00:22 - 00198491 _____ C:\ComboFix.txt2015-12-01 20:59 - 2015-12-02 00:22 - 00000000 ____D C:\Qoobox2015-12-01 20:59 - 2015-12-02 00:19 - 00000000 ____D C:\Windows\erdnt2015-12-01 20:59 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe2015-12-01 20:59 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe2015-12-01 20:59 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2015-12-01 20:59 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2015-12-01 20:59 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2015-12-01 20:59 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe2015-12-01 20:59 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe2015-12-01 20:59 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe2015-12-01 20:55 - 2015-12-01 20:57 - 05639299 ____R (Swearware) C:\Users\Davina-Divine\Downloads\ComboFix.exe2015-12-01 19:57 - 2015-12-01 19:57 - 00013182 _____ C:\Users\Davina-Divine\Desktop\attach.txt2015-12-01 19:57 - 2015-12-01 19:56 - 00020164 _____ C:\Users\Davina-Divine\Desktop\dds.txt2015-12-01 19:54 - 2015-12-01 19:55 - 00688992 ____R (Swearware) C:\Users\Davina-Divine\Downloads\dds.com2015-12-01 19:28 - 2015-12-01 19:28 - 00002933 _____ C:\Users\Davina-Divine\Desktop\aswMBR.txt2015-12-01 19:28 - 2015-12-01 19:28 - 00000512 _____ C:\Users\Davina-Divine\Desktop\MBR.dat2015-12-01 17:50 - 2015-12-01 17:50 - 00000558 _____ C:\Windows\system32\BroomData.bit2015-12-01 17:14 - 2015-12-01 17:15 - 05200384 _____ (AVAST Software) C:\Users\Davina-Divine\Downloads\aswmbr.exe2015-12-01 16:59 - 2015-12-01 17:00 - 00380416 _____ C:\Users\Davina-Divine\Downloads\dolmkye1.exe2015-12-01 16:47 - 2015-12-01 16:47 - 00001240 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk2015-12-01 16:46 - 2015-12-01 16:46 - 00001266 _____ C:\Users\Public\Desktop\herdProtect.lnk2015-12-01 16:45 - 2015-12-01 16:45 - 00001227 _____ C:\Users\Davina-Divine\Desktop\Should I Remove It.lnk2015-12-01 16:45 - 2015-12-01 16:45 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin2015-12-01 16:45 - 2015-12-01 16:45 - 00000000 ____D C:\Users\Davina-Divine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It2015-12-01 00:16 - 2015-12-01 00:17 - 01125626 _____ C:\Users\Davina-Divine\Downloads\ProcessExplorer.zip2015-12-01 00:02 - 2015-12-01 00:02 - 00086076 _____ C:\TDSSKiller.2.6.20.0_01.12.2015_00.02.04_log.txt2015-11-29 18:39 - 2015-11-29 18:44 - 568565930 _____ C:\Users\Davina-Divine\Downloads\Slender - The Arrival (Www.ApunKaGames.Net).zip2015-11-29 17:24 - 2015-11-29 17:24 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\37CE5554.sys2015-11-28 17:30 - 2015-11-28 17:30 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\51860BDA.sys2015-11-28 17:19 - 2015-11-28 17:19 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\068903AA.sys2015-11-28 14:13 - 2015-12-01 00:01 - 00000000 ____D C:\Users\Davina-Divine\AppData\Local\CrashDumps2015-11-26 11:12 - 2015-11-26 11:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2015-11-26 11:08 - 2015-11-26 11:32 - 00000000 ____D C:\Users\Davina-Divine\Desktop\mbar2015-11-26 11:08 - 2015-11-26 11:08 - 00001535 _____ C:\Users\Davina-Divine\Desktop\JRT1.txt2015-11-26 11:04 - 2015-11-26 11:04 - 00002474 _____ C:\Users\Davina-Divine\Desktop\Rkill1.txt2015-11-26 11:02 - 2015-11-30 23:58 - 00002250 _____ C:\Users\Davina-Divine\Desktop\Rkill.txt2015-11-26 10:43 - 2015-11-26 10:44 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Davina-Divine\Downloads\rkill.exe2015-11-26 10:43 - 2015-11-26 10:44 - 01599336 _____ (Malwarebytes) C:\Users\Davina-Divine\Downloads\JRT.exe2015-11-26 10:41 - 2015-11-26 10:45 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Davina-Divine\Downloads\mbar-1.09.3.1001.exe2015-11-26 09:59 - 2015-11-26 10:03 - 00000000 ____D C:\Users\Davina-Divine\AppData\Roaming\Dashlane2015-11-26 09:59 - 2015-11-26 09:59 - 00513832 _____ (Dashlane inc.) C:\Users\Davina-Divine\Downloads\Dashlane_Launcher_bchrome-1441010438.exe2015-11-26 09:49 - 2015-11-26 09:49 - 00038064 _____ C:\Users\Davina-Divine\Desktop\zoek-results.txt2015-11-26 09:27 - 2015-11-26 00:41 - 00024064 _____ C:\Windows\zoek-delete.exe2015-11-26 00:11 - 2015-11-26 00:11 - 00000000 ____D C:\Users\Davina-Divine\AppData\Roaming\OpenOffice2015-11-25 23:30 - 2015-11-25 23:30 - 00262144 _____ C:\Windows\system32\config\elam2015-11-25 22:54 - 2015-12-03 13:16 - 00000000 ____D C:\ProgramData\RegRun2015-11-25 22:49 - 2015-11-25 22:50 - 00000000 ____D C:\Users\Davina-Divine\Desktop\RK_Quarantine2015-11-25 22:33 - 2015-12-02 12:18 - 00000264 _____ C:\Windows\system32\PARTIZAN.TXT2015-11-25 22:30 - 2015-11-25 22:30 - 00040208 _____ (Greatis Software) C:\Windows\system32\Partizan.exe2015-11-25 22:25 - 2015-12-01 00:11 - 00024416 _____ (Greatis Software) C:\Windows\system32\Drivers\regguard.sys2015-11-25 22:11 - 2015-11-25 22:11 - 00504554 _____ C:\Users\Davina-Divine\Desktop\regrunlog.txt2015-11-25 21:45 - 2015-11-25 21:45 - 00003090 _____ C:\Windows\Tasks\SCHEDLGU.TXT2015-11-25 21:40 - 2015-11-25 21:40 - 00184620 _____ C:\Users\Davina-Divine\Downloads\JavaRa-2.6.1.zip2015-11-25 21:35 - 2015-11-25 21:35 - 00000000 ____D C:\Windows\system32\appmgmt2015-11-25 21:03 - 2015-11-25 23:26 - 00000000 ____D C:\zoek_backup2015-11-25 17:56 - 2015-11-25 17:56 - 00002747 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk2015-11-25 17:56 - 2015-11-25 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos2015-11-25 17:43 - 2015-11-25 17:50 - 139457000 _____ (Sophos Limited) C:\Users\Davina-Divine\Downloads\Sophos Virus Removal Tool.exe2015-11-25 17:42 - 2015-11-25 17:56 - 00000000 ____D C:\Program Files\Sophos2015-11-25 17:42 - 2015-11-25 17:55 - 00000000 ____D C:\Users\Davina-Divine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos2015-11-25 17:42 - 2015-11-25 17:42 - 00000000 ____D C:\ProgramData\Sophos2015-11-25 17:38 - 2015-11-25 17:38 - 00000130 ___RH C:\Users\Davina-Divine\Downloads\Stinger.opt2015-11-25 17:10 - 2015-11-25 17:15 - 00000821 _____ C:\Users\Davina-Divine\Downloads\Stinger_25112015_171009.html2015-11-25 17:10 - 2015-11-25 17:10 - 00000000 ____D C:\Program Files\McAfee2015-11-25 17:07 - 2015-11-25 17:08 - 15624560 _____ (McAfee Inc) C:\Users\Davina-Divine\Downloads\stinger32.exe2015-11-25 16:15 - 2015-11-25 16:16 - 30625033 _____ C:\Users\Davina-Divine\Desktop\regrunck_result.txt2015-11-25 15:55 - 2015-12-01 00:10 - 00000000 ____D C:\Users\Public\Documents\regruninfo2015-11-25 15:55 - 2015-12-01 00:04 - 00000000 ____D C:\Users\Davina-Divine\Documents\RegRun22015-11-25 15:55 - 2015-11-25 15:55 - 00035816 _____ (Greatis Software) C:\Windows\system32\Drivers\Partizan.sys2015-11-25 15:55 - 2015-11-25 15:55 - 00000913 _____ C:\Users\Davina-Divine\Desktop\UnHackMe.lnk2015-11-25 15:55 - 2015-11-25 15:55 - 00000002 RSHOT C:\Windows\winstart.bat2015-11-25 15:55 - 2015-11-25 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe2015-11-25 15:55 - 2013-09-05 10:19 - 00012800 _____ (Greatis Software, LLC.) C:\Windows\system32\Drivers\UnHackMeDrv.sys2015-11-25 15:54 - 2015-12-01 00:03 - 00000000 ____D C:\Program Files\UnHackMe2015-11-25 02:45 - 2015-12-01 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect2015-11-25 02:45 - 2015-12-01 16:45 - 00000000 ____D C:\Program Files\Reason2015-11-25 01:21 - 2015-11-25 01:21 - 00030454 _____ C:\Users\Davina-Divine\Downloads\DashlaneExport.xls2015-11-25 01:08 - 2015-12-01 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security2015-11-25 01:08 - 2015-11-25 01:08 - 00000000 ____D C:\Program Files\Panda Security2015-11-25 00:56 - 2015-12-01 00:01 - 00000000 ____D C:\AdwCleaner2015-11-25 00:52 - 2015-11-25 15:36 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit2015-11-25 00:52 - 2015-11-25 03:52 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit2015-11-25 00:44 - 2015-11-30 23:54 - 00001070 _____ C:\Users\Davina-Divine\Desktop\JRT.txt2015-11-25 00:34 - 2015-11-25 00:34 - 00085176 _____ C:\TDSSKiller.2.6.20.0_25.11.2015_00.34.06_log.txt2015-11-22 13:58 - 2015-11-22 14:25 - 120133206 _____ C:\Users\Davina-Divine\Downloads\480P_200k_28498621.mp42015-11-15 11:11 - 2015-11-15 11:11 - 00000388 _____ C:\Users\Davina-Divine\Documents\cc_20151115_111119.reg2015-11-12 18:36 - 2015-12-03 12:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-11-12 14:24 - 2015-11-03 17:46 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-11-12 01:18 - 2015-11-12 01:18 - 00000011 _____ C:\Users\Davina-Divine\Documents\skype.txt2015-11-11 23:06 - 2015-11-25 21:38 - 00000000 ____D C:\Program Files\Mozilla Firefox2015-11-11 21:55 - 2015-11-25 15:36 - 00000000 ____D C:\Program Files\Common Files\Java2015-11-11 21:52 - 2015-11-11 21:54 - 05617377 _____ C:\Users\Davina-Divine\Downloads\classtab.zip2015-11-11 21:50 - 2015-11-11 21:50 - 00584288 _____ (Oracle Corporation) C:\Users\Davina-Divine\Downloads\jxpiinstall.exe2015-11-11 21:40 - 2014-10-06 08:36 - 00287478 ____N C:\Users\Davina-Divine\Desktop\jszip.js2015-11-11 21:40 - 2014-10-06 08:36 - 00007747 ____N C:\Users\Davina-Divine\Desktop\FileSaver.js2015-11-11 21:39 - 2015-11-11 21:39 - 00075942 _____ C:\Users\Davina-Divine\Downloads\instatake-master.zip2015-11-11 19:57 - 2015-11-11 19:58 - 00000000 ____D C:\Users\Davina-Divine\AppData\Local\iWesoft2015-11-11 19:57 - 2015-11-11 19:57 - 00000000 ____D C:\Users\Davina-Divine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Instagram Downloader2015-11-11 19:57 - 2015-11-11 19:57 - 00000000 ____D C:\Program Files\Instagram Downloader2015-11-11 19:53 - 2015-11-11 19:54 - 03998208 _____ (iWesoft) C:\Users\Davina-Divine\Downloads\InstagramDownloader_setup.exe2015-11-11 19:34 - 2015-11-03 21:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-11-11 19:34 - 2015-10-30 22:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2015-11-11 19:34 - 2015-10-30 22:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2015-11-11 19:34 - 2015-10-30 22:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-11-11 19:34 - 2015-10-30 22:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-11-11 19:34 - 2015-10-30 22:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2015-11-11 19:34 - 2015-10-30 22:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2015-11-11 19:34 - 2015-10-30 22:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2015-11-11 19:34 - 2015-10-30 22:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2015-11-11 19:34 - 2015-10-30 22:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-11-11 19:34 - 2015-10-30 22:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2015-11-11 19:34 - 2015-10-30 22:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2015-11-11 19:34 - 2015-10-30 22:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-11-11 19:34 - 2015-10-30 22:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-11-11 19:34 - 2015-10-30 22:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2015-11-11 19:34 - 2015-10-30 22:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2015-11-11 19:34 - 2015-10-30 22:36 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2015-11-11 19:34 - 2015-10-30 22:31 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2015-11-11 19:34 - 2015-10-30 22:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-11-11 19:34 - 2015-10-30 22:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2015-11-11 19:34 - 2015-10-30 22:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2015-11-11 19:34 - 2015-10-30 22:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-11-11 19:34 - 2015-10-30 22:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-11-11 19:34 - 2015-10-30 22:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll2015-11-11 19:34 - 2015-10-30 22:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-11-11 19:34 - 2015-10-30 22:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2015-11-11 19:34 - 2015-10-30 22:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-11-11 19:34 - 2015-10-30 22:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-11-11 19:34 - 2015-10-30 22:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-11-11 19:34 - 2015-10-30 22:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2015-11-11 19:34 - 2015-10-30 22:09 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-11-11 19:34 - 2015-10-30 21:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-11-11 19:34 - 2015-10-30 21:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-11-11 19:34 - 2015-10-30 21:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-11-11 19:34 - 2015-10-20 00:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe2015-11-11 19:34 - 2015-10-20 00:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-11-11 19:34 - 2015-10-20 00:52 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2015-11-11 19:34 - 2015-10-20 00:52 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2015-11-11 19:34 - 2015-10-20 00:48 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2015-11-11 19:34 - 2015-10-20 00:45 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2015-11-11 19:34 - 2015-10-20 00:45 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2015-11-11 19:34 - 2015-10-20 00:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-11-11 19:34 - 2015-10-20 00:45 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2015-11-11 19:34 - 2015-10-20 00:45 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2015-11-11 19:34 - 2015-10-20 00:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2015-11-11 19:34 - 2015-10-20 00:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2015-11-11 19:34 - 2015-10-20 00:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2015-11-11 19:34 - 2015-10-20 00:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2015-11-11 19:34 - 2015-10-20 00:45 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2015-11-11 19:34 - 2015-10-20 00:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe2015-11-11 19:34 - 2015-10-20 00:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2015-11-11 19:34 - 2015-10-20 00:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2015-11-11 19:34 - 2015-10-20 00:45 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll2015-11-11 19:34 - 2015-10-20 00:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll2015-11-11 19:34 - 2015-10-20 00:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2015-11-11 19:34 - 2015-10-20 00:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2015-11-11 19:34 - 2015-10-20 00:45 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2015-11-11 19:34 - 2015-10-20 00:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe2015-11-11 19:34 - 2015-10-20 00:44 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2015-11-11 19:34 - 2015-10-20 00:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2015-11-11 19:34 - 2015-10-20 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll2015-11-11 19:34 - 2015-10-20 00:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2015-11-11 19:34 - 2015-10-20 00:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll2015-11-11 19:34 - 2015-10-19 23:29 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys2015-11-11 19:34 - 2015-10-19 23:28 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys2015-11-11 19:34 - 2015-10-19 23:28 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys2015-11-11 19:34 - 2015-10-13 16:31 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2015-11-11 19:34 - 2015-10-13 16:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys2015-11-11 19:34 - 2015-10-13 04:50 - 00712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys2015-11-11 19:31 - 2015-09-23 13:09 - 00371920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys2015-11-11 19:31 - 2015-09-23 13:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll2015-11-11 19:30 - 2015-10-20 17:46 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2015-11-11 19:30 - 2015-10-20 17:46 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2015-11-11 19:30 - 2015-10-20 17:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2015-11-11 19:30 - 2015-10-20 17:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2015-11-11 19:30 - 2015-10-20 17:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2015-11-11 19:30 - 2015-10-20 17:46 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2015-11-11 19:30 - 2015-10-20 17:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2015-11-11 19:30 - 2015-10-20 17:45 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2015-11-11 19:30 - 2015-10-20 17:45 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll2015-11-11 19:30 - 2015-10-20 17:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2015-11-11 19:30 - 2015-10-20 17:45 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll2015-11-11 19:30 - 2015-10-01 17:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll2015-11-11 19:30 - 2015-10-01 17:50 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll2015-11-10 17:00 - 2015-11-10 17:01 - 07368965 _____ C:\Users\Davina-Divine\Downloads\TL-WN722N_V1_140918.zip2015-11-10 09:42 - 2015-11-10 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox2015-11-06 00:58 - 2015-11-06 00:58 - 04619566 _____ C:\Users\Davina-Divine\Documents\vmbjqhyc.flv2015-11-06 00:54 - 2015-11-06 00:56 - 09055670 _____ C:\Users\Davina-Divine\Documents\raddakgq.flv2015-11-04 16:51 - 2015-11-04 16:52 - 05650915 _____ C:\Users\Davina-Divine\Downloads\Movie.wmv2015-11-04 02:28 - 2015-11-14 13:02 - 00000000 ____D C:\Users\Davina-Divine\Documents\classtab2015-11-03 01:39 - 2015-11-03 01:58 - 60728165 _____ C:\Users\Davina-Divine\Downloads\480P_600K_59658781.mp4 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-03 13:16 - 2009-07-14 02:37 - 00000000 ____D C:\Windows2015-12-03 13:06 - 2015-09-07 12:47 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-12-03 12:58 - 2015-09-07 12:53 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job2015-12-03 12:46 - 2015-09-07 12:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab2015-12-03 12:41 - 2015-09-07 12:47 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-12-03 01:13 - 2015-09-06 22:03 - 00000000 ___HD C:\Windows\system32\WLANProfiles2015-12-03 00:32 - 2015-10-03 14:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-12-02 13:58 - 2015-09-07 12:53 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job2015-12-02 13:20 - 2015-09-08 14:43 - 00000000 ____D C:\Users\Davina-Divine\AppData\Roaming\MPC-HC2015-12-02 12:26 - 2009-07-14 04:34 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-12-02 12:26 - 2009-07-14 04:34 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-12-02 12:24 - 2010-11-20 21:01 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI2015-12-02 12:24 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\inf2015-12-02 12:20 - 2015-09-30 13:30 - 00000000 ___RD C:\Users\Davina-Divine\Dropbox2015-12-02 12:20 - 2015-09-07 12:52 - 00000000 ____D C:\Users\Davina-Divine\AppData\Local\Dropbox2015-12-02 12:18 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-12-02 00:16 - 2009-07-14 02:04 - 00000215 _____ C:\Windows\system.ini2015-12-01 21:04 - 2015-09-07 22:58 - 00000000 ____D C:\ProgramData\TEMP2015-12-01 16:47 - 2015-09-08 13:10 - 00000000 ____D C:\Users\Davina-Divine\Downloads\clean2015-11-28 14:16 - 2015-09-07 22:55 - 00000000 ____D C:\Program Files\System Ninja2015-11-28 10:26 - 2015-09-14 01:55 - 00000000 ____D C:\Users\Davina-Divine\AppData\Roaming\vlc2015-11-26 11:08 - 2015-09-07 13:01 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys2015-11-26 10:03 - 2015-09-07 12:36 - 00001731 _____ C:\Users\Davina-Divine\Desktop\Dashlane.lnk2015-11-26 10:03 - 2015-09-07 12:36 - 00000000 ____D C:\Users\Davina-Divine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane2015-11-25 23:10 - 2009-07-14 02:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy2015-11-25 21:41 - 2014-04-20 11:57 - 00000000 ____D C:\Users\Davina-Divine\Desktop\JavaRa-2.62015-11-25 21:38 - 2015-09-07 12:46 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service2015-11-25 21:36 - 2015-09-07 12:48 - 00000000 ____D C:\Program Files\Java2015-11-25 15:55 - 2009-07-14 02:04 - 00002577 _____ C:\Windows\system32\config.nt2015-11-25 15:55 - 2009-07-14 02:04 - 00001688 _____ C:\Windows\system32\autoexec.nt2015-11-25 15:38 - 2015-09-05 20:36 - 00000000 ____D C:\Users\Davina-Divine2015-11-25 15:37 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\AppCompat2015-11-25 15:36 - 2015-09-09 16:59 - 00000000 ____D C:\Users\Davina-Divine\AppData\Roaming\Comodo2015-11-25 15:36 - 2015-09-09 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo2015-11-25 15:36 - 2015-09-09 16:59 - 00000000 ____D C:\Program Files\Comodo2015-11-25 15:36 - 2015-09-07 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-11-25 15:36 - 2015-09-07 13:01 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware2015-11-25 15:36 - 2015-09-07 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2015-11-25 15:36 - 2015-09-07 12:48 - 00000000 ____D C:\ProgramData\Oracle2015-11-25 15:36 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\registration2015-11-25 15:35 - 2015-09-07 13:01 - 00000000 ____D C:\ProgramData\Malwarebytes2015-11-25 01:06 - 2015-09-07 12:49 - 00000000 ____D C:\Users\Davina-Divine\.oracle_jre_usage2015-11-24 13:30 - 2015-10-25 15:53 - 00000000 ____D C:\Users\Davina-Divine\AppData\Roaming\Hola2015-11-23 11:15 - 2015-09-07 13:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2015-11-13 03:57 - 2009-07-14 04:33 - 00284336 _____ C:\Windows\system32\FNTCACHE.DAT2015-11-12 18:36 - 2015-10-07 15:11 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2015-11-12 18:36 - 2015-10-07 15:11 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2015-11-12 04:04 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\rescache2015-11-12 03:25 - 2010-11-21 00:47 - 00000000 ____D C:\Program Files\Windows Journal2015-11-11 21:54 - 2015-09-07 12:49 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll2015-11-11 18:56 - 2015-09-07 12:47 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-11-11 18:54 - 2015-09-07 22:58 - 00000000 ____D C:\Program Files\SpywareBlaster2015-11-10 17:07 - 2015-09-06 14:52 - 00000000 ____D C:\Users\Davina-Divine\AppData\Local\ElevatedDiagnostics2015-11-10 09:42 - 2015-09-07 12:52 - 00000000 ____D C:\Program Files\Dropbox2015-11-07 17:45 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\NDF Some files in TEMP:====================C:\Users\Davina-Divine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxpi68i.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-12-01 18:58 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
Voods Posted December 3, 2015 Author ID:1004877 Share Posted December 3, 2015 Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-12-2015Ran by Davina-Divine (2015-12-03 13:17:01)Running from C:\Users\Davina-Divine\DownloadsMicrosoft Windows 7 Professional Service Pack 1 (X86) (2015-09-05 20:36:40)Boot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2091952882-4294398361-615148702-500 - Administrator - Disabled)Davina-Divine (S-1-5-21-2091952882-4294398361-615148702-1000 - Administrator - Enabled) => C:\Users\Davina-DivineGuest (S-1-5-21-2091952882-4294398361-615148702-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )AccelerometerP11 (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.34 - STMicroelectronics)Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)Apple Application Support (32-bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.0.2.0 - Auslogics Labs Pty Ltd)AvaCam v3.6.3 (HKLM\...\AvaCam_is1) (Version: - RGS-Avance software)Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)Broadcom Advanced Control Suite 2 (HKLM\...\InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}) (Version: 7.73.01 - Broadcom)Broadcom Advanced Control Suite 2 (Version: 7.73.01 - Broadcom) HiddenBroadcom ASF Management Applications (HKLM\...\InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}) (Version: 5.09.01 - Broadcom)Broadcom ASF Management Applications (Version: 5.09.01 - Broadcom) HiddenBroadcom Gigabit Integrated Controller (HKLM\...\{49F3D04B-B849-4C89-AB31-2366A004EA28}) (Version: 12.24.01 - Broadcom Corporation)Broadcom Gigabit Integrated Controller (HKLM\...\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}) (Version: 9.02.06 - Broadcom Corporation)CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5844 - CDBurnerXP)Comodo IceDragon (HKLM\...\Comodo IceDragon) (Version: 40.1.1.18 - COMODO)CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)Dashlane (HKU\S-1-5-21-2091952882-4294398361-615148702-1000\...\Dashlane) (Version: 3.5.2.94798 - Dashlane SAS)Dell Custom Help (Version: 16.01.1000.0235 - Intel Corporation) HiddenDell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)Dell System Detect (HKU\S-1-5-21-2091952882-4294398361-615148702-1000\...\73f463568823ebbe) (Version: 6.6.0.1 - Dell)Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.)Dropbox (HKLM\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)Dropbox Update Helper (Version: 1.3.27.35 - Dropbox, Inc.) HiddenFreedome (HKLM\...\F-Secure Freedome) (Version: 1.0.1958.0 - F-Secure Corporation)Google Chrome (HKLM\...\{B903EB60-537C-3462-836A-514220BAD8F3}) (Version: 66.101.32853 - Google, Inc.)Google Update Helper (Version: 1.3.28.15 - Google Inc.) HiddenherdProtect Anti-Malware Scanner (HKLM\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)Instagram Downloader (HKLM\...\{9DFA525A-6D12-444B-8F5A-63E2947FFC5D}) (Version: 2.3.0.0 - iWesoft)Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel)Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)iTunes (HKLM\...\{025E78AC-BD91-4E9E-B165-3C09D4084BA4}) (Version: 12.2.2.25 - Apple Inc.)Kaspersky Internet Security (HKLM\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.396 - Kaspersky Lab)Kaspersky Internet Security (Version: 15.0.2.396 - Kaspersky Lab) HiddenK-Lite Codec Pack 11.4.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 11.4.0 - )Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Mouse Suite for Laptop Computers (HKLM\...\{BF13AA9D-E4CE-4015-9778-ECC1D4FB06E4}) (Version: 2.50.024 - Dell)Mozilla Firefox 42.0 (x86 en-US) (HKLM\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.98 - Panda Security)Pidgin (HKLM\...\Pidgin) (Version: 2.10.11 - )PornHub Video Downloader 3.32 (HKLM\...\PornHub Video Downloader_is1) (Version: - DownloadToolz, Inc.)Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Should I Remove It (HKU\S-1-5-21-2091952882-4294398361-615148702-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)Should I Remove It (Version: 1.0.4 - Reason Software Company Inc.) HiddenSkype™ 7.11 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.11.102 - Skype Technologies S.A.)Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)Spotify (HKU\S-1-5-21-2091952882-4294398361-615148702-1000\...\Spotify) (Version: 1.0.13.108.gcd94e7db - Spotify AB)SpywareBlaster 5.2 (HKLM\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSystem Ninja version 3.1 (HKLM\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.1 - SingularLabs)Texas Instruments PCIxx21/x515 drivers. (HKLM\...\InstallShield_{52503B4E-149A-4731-A6FF-495067EABFDC}) (Version: 1.01.0001 - Texas Instruments Inc.)TI_Inst (Version: 1.01.0001 - Texas Instruments Inc.) HiddenUnHackMe 5.99 release (HKLM\...\UnHackMe_is1) (Version: - Greatis Software, LLC.)VC_CRT_x86 (Version: 1.02.0000 - Intel Corporation) HiddenVLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8900 - Broadcom Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2091952882-4294398361-615148702-1000_Classes\CLSID\{cb4c77f0-ab2a-407c-93ac-963769824b18}\localserver32 -> C:\Users\DAVINA~1\AppData\Local\Temp\{b3ede298-ae75-4a1c-ab7e-1b9229b77bbe}\IDriver.NonElevated.exe (the data entry has 10 more characters). ==================== Restore Points ========================= 25-11-2015 17:41:41 Installed Sophos Virus Removal Tool.25-11-2015 17:53:08 Revo Uninstaller's restore point - Sophos Virus Removal Tool25-11-2015 17:56:32 Installed Sophos Virus Removal Tool.25-11-2015 20:55:15 Windows Update25-11-2015 21:08:45 Revo Uninstaller's restore point - Java 8 Update 6525-11-2015 21:09:33 Removed Java 8 Update 6525-11-2015 22:24:42 RegRun Virus Scan25-11-2015 22:29:02 RegRun Virus Scan25-11-2015 22:52:10 zoek.exe restore point26-11-2015 11:04:33 JRT Pre-Junkware Removal30-11-2015 23:49:14 JRT Pre-Junkware Removal01-12-2015 00:10:42 RegRun Virus Scan01-12-2015 16:08:17 Windows Update01-12-2015 16:44:56 Installed Should I Remove It ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:04 - 2015-12-02 00:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {123D5F91-6A76-4D65-950C-24341AF7E3AB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-12] (Adobe Systems Incorporated)Task: {238E09A4-9AE1-484C-919B-1E95FA30B03F} - System32\Tasks\{9E84CD96-E116-4AD7-B947-8C1558524361} => C:\Program Files\Skype\Phone\Skype.exe [2015-09-17] (Skype Technologies S.A.)Task: {34E942A1-6096-42CB-A0F1-4B0ADD47B21F} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files\UnHackMe\hackmon.exe [2013-09-05] (Greatis Software)Task: {360E4BF5-6730-499C-BA06-97FA2DB3D668} - System32\Tasks\{837B0283-DA49-42FD-AD31-0F4C551FEAA1} => pcalua.exe -a "C:\Users\Davina-Divine\Downloads\Driver stuff\R257684\Setup.exe" -d "C:\Users\Davina-Divine\Downloads\Driver stuff\R257684"Task: {44A009F9-6305-405C-8155-795D75F53F3C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)Task: {5DB47763-2083-49D4-8159-28CD3A7EC16E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-09-07] (Dropbox, Inc.)Task: {7593C972-EB36-4E5A-8A11-802AD57538B6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {78D377AF-6D02-4453-820E-79758E9187B4} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-09-07] (Dropbox, Inc.)Task: {ADD8DF85-71D4-4925-A602-34574D9B7A36} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)Task: {BA213375-3B46-4F29-A34F-12DF5A900AB1} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-08-24] ()Task: {C5D46E67-4B12-4C41-BA06-0AEC09FAD9F1} - System32\Tasks\{AF7F0362-7FF7-4050-B291-3732D626DB1E} => pcalua.exe -a "C:\Users\Davina-Divine\Downloads\Driver stuff\R87462\setup.exe" -d "C:\Users\Davina-Divine\Downloads\Driver stuff\R87462"Task: {DA3EE255-EACE-47E9-A234-584B4CC23559} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)Task: {DD03964B-14C5-4E20-942D-BC2FAFDE000B} - System32\Tasks\{0DE96EDA-5A0A-40F2-A540-7524D3863FC6} => pcalua.exe -a C:\dell\drivers\R129472\BtSwSP2.exe -d C:\dell\drivers\R129472Task: {F8B2E1DE-7A22-4D3C-B29F-7446D14ED010} - System32\Tasks\{37F0C711-6718-4F4A-BA17-D6C01CD4A8C6} => C:\Program Files\Skype\Phone\Skype.exe [2015-09-17] (Skype Technologies S.A.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exeTask: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-09-06 14:33 - 2007-03-16 17:10 - 00020480 _____ () C:\Windows\System32\WLTRYSVC.EXE2015-09-06 14:33 - 2007-03-16 17:10 - 00757760 _____ () C:\Windows\System32\bcm1xsup.dll2015-09-07 12:51 - 2013-10-23 14:23 - 00089136 _____ () C:\Windows\System32\cpwmon2k.dll2015-05-15 15:27 - 2015-05-15 15:27 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-05-15 15:27 - 2015-05-15 15:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2015-10-05 14:17 - 2015-10-05 14:17 - 01972408 _____ () C:\Program Files\Comodo\IceDragon\icedragon_updater.exe2015-12-02 12:19 - 2015-12-02 12:19 - 00071168 _____ () c:\Users\Davina-Divine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxpi68i.dll2015-09-07 12:54 - 2015-09-03 00:11 - 00012800 _____ () C:\Program Files\Dropbox\Client\QtQuick.2\qtquick2plugin.dll2015-09-07 12:54 - 2015-09-03 00:11 - 00779776 _____ () C:\Program Files\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll2015-09-07 12:54 - 2015-09-03 00:11 - 00056320 _____ () C:\Program Files\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll2015-09-07 12:54 - 2015-09-03 00:11 - 00012288 _____ () C:\Program Files\Dropbox\Client\QtQuick\Window.2\windowplugin.dll2015-11-26 10:03 - 2015-10-28 10:08 - 00227712 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\Dashlane.exe2015-11-26 10:02 - 2015-10-28 10:02 - 00339328 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.5.2.94798.dll2015-11-26 10:02 - 2015-10-28 10:02 - 00422784 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.5.2.94798.dll2015-11-26 10:02 - 2015-10-28 10:02 - 00443264 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.5.2.94798.dll2015-11-26 10:02 - 2015-10-28 10:02 - 31263616 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.5.2.94798.dll2015-11-26 10:02 - 2015-10-28 10:02 - 00276352 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.5.2.94798.dll2015-11-26 10:02 - 2015-10-28 10:02 - 05762944 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.5.2.94798.dll2015-11-26 10:02 - 2015-10-28 10:02 - 06811008 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.5.2.94798.dll2015-11-26 10:03 - 2015-10-28 10:08 - 00285568 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\DashlanePlugin.exe2015-11-26 10:02 - 2015-10-28 10:02 - 13234048 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.5.2.94798.dll2015-11-26 10:02 - 2015-10-28 10:02 - 02073472 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.5.2.94798.dll2015-11-26 10:02 - 2015-10-28 10:02 - 00338304 _____ () C:\Users\Davina-Divine\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.5.2.94798.dll2015-11-11 18:55 - 2015-11-07 04:36 - 01532744 _____ () C:\Program Files\Google\Chrome\Application\46.0.2490.86\libglesv2.dll2015-11-11 18:55 - 2015-11-07 04:36 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\46.0.2490.86\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2091952882-4294398361-615148702-1000\...\hola.org -> hxxp://hola.org ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2091952882-4294398361-615148702-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Davina-Divine\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 172.20.10.1 - 194.168.4.100HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartupMSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Windows\system32\WLTRAY.exeMSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITORMSCONFIG\startupreg: FreedomeAutoStart => "C:\Program Files\F-Secure\Freedome\Freedome\1\Freedome.exe" -mMSCONFIG\startupreg: FreeFallProtection => C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exeMSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exeMSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exeMSCONFIG\startupreg: IntelPROSet => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/WirelessMSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exeMSCONFIG\startupreg: PMX Daemon => ICO.EXEMSCONFIG\startupreg: RealProtect => "C:\Program Files\McAfee\Real Protect\RealProtect.exe" --runMSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrunMSCONFIG\startupreg: Spotify => "C:\Users\Davina-Divine\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimizedMSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Davina-Divine\AppData\Roaming\Spotify\SpotifyWebHelper.exe"MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exeFirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exeFirewallRules: [{63CE89A9-D1E0-4CCE-AD22-CF46E2A959BC}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exeFirewallRules: [{7F0BC400-995A-4162-B971-8CCDE9D25647}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exeFirewallRules: [{D40D8763-E89C-48B5-8F8D-7490167D36E8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exeFirewallRules: [{336868B4-63DA-43BE-8CD8-D73D5F29CF0A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{7C9CEA5A-4A94-4E0D-B00D-510CA2357682}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{2A849A30-DEE1-4BC0-9E9A-2C72E7AE1324}] => (Allow) C:\Program Files\iTunes\iTunes.exeFirewallRules: [{9C89442A-0814-46A4-8A23-EC49CF80584C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exeFirewallRules: [{6660BA3E-C6CA-44E3-8881-A9F261113F1F}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exeFirewallRules: [{437AB6EB-CF44-4099-A7FC-80E581CE764A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exeFirewallRules: [{561BCB4A-4145-41CA-A2C1-9B0333D1AD61}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exeFirewallRules: [{C66E8C1A-CA72-4960-9015-CD61015EC475}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Faulty Device Manager Devices ============= Name: Mass Storage ControllerDescription: Mass Storage ControllerClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: SM Bus ControllerDescription: SM Bus ControllerClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Broadcom USHDescription: Broadcom USHClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors:==================Error: (12/02/2015 10:10:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 11876029 Error: (12/02/2015 10:10:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 11876029 Error: (12/02/2015 10:10:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/02/2015 10:09:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 11868431 Error: (12/02/2015 10:09:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 11868431 Error: (12/02/2015 10:09:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/02/2015 10:09:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 11867199 Error: (12/02/2015 10:09:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 11867199 Error: (12/02/2015 10:09:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/02/2015 10:09:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 11866169 System errors:=============Error: (12/02/2015 00:18:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dllError Code: 126 Error: (12/02/2015 00:15:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dllError Code: 126 Error: (12/02/2015 00:15:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s). Error: (12/01/2015 09:16:38 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 21:15:20 on 01/12/2015 was unexpected. Error: (12/01/2015 09:03:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (12/01/2015 09:00:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (12/01/2015 09:00:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s). Error: (12/01/2015 05:51:37 PM) (Source: SCardSvr) (EventID: 610) (User: )Description: The handle is invalid.Broadcom Corp Contacted SmartCard 0GET_STATEXX XX XX XX Error: (12/01/2015 00:09:25 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dllError Code: 126 Error: (11/30/2015 11:55:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s). ==================== Memory info =========================== Processor: Intel® Core i5-2520M CPU @ 2.50GHzPercentage of memory in use: 66%Total physical RAM: 3240.9 MBAvailable physical RAM: 1098.66 MBTotal Virtual: 6480.11 MBAvailable Virtual: 3525.19 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:286.75 GB) (Free:179.13 GB) NTFSDrive e: (RECOVERY) (Fixed) (Total:11.3 GB) (Free:5.99 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: DAB7380D)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=11.3 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=286.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted December 4, 2015 ID:1005047 Share Posted December 4, 2015 Please upload reports instead of copy/paste. Thanks! Link to post Share on other sites More sharing options...
Voods Posted December 4, 2015 Author ID:1005082 Share Posted December 4, 2015 ApologiesFRST.txtAddition.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted December 4, 2015 ID:1005121 Share Posted December 4, 2015 Scan with ZOEKPlease download ZOEK by Smeenk and save it to your desktop.Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Right-click on icon and select Run as Administrator to start the tool.Wait patiently until the main console will appear, it may take a minute or two.In the main box please paste in the following script:createsrpoint;autoclean;emptyclsid;emptyalltemp;ipconfig /flushdns >>"%temp%\log.txt";bMake sure that Scan All Users option is checked.Push Run Script and wait patiently. The scan may take a couple of minutes.When the scan completes, a zoek-results logfile should open in notepad.If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)Upload it in your next reply. Link to post Share on other sites More sharing options...
Voods Posted December 4, 2015 Author ID:1005138 Share Posted December 4, 2015 Here's the log for Zoekzoek-results.log Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted December 4, 2015 ID:1005142 Share Posted December 4, 2015 Your PC seems clean. How is it behaving now? Link to post Share on other sites More sharing options...
Voods Posted December 5, 2015 Author ID:1005309 Share Posted December 5, 2015 I will give it a few days and see how it runs. Was any issue found what so ever? Just to menton, when zoek ran, it has uninstalled Dashlane, my password manager. Is there a reason for this? Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted December 5, 2015 ID:1005322 Share Posted December 5, 2015 In your Zoek report, I don't see records that Zoek deleted Dashlane. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 14, 2015 Root Admin ID:1006989 Share Posted December 14, 2015 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts