Tried Chrome.exe removal and Hitman pro went bluescreen

[Lioness]

I have used every scanner possible I think but I am still having issues. I started going thru files one by one and I am finding a Chrome symbols in files where they shouldnt be. I have also found 20 viruses on one usb and 19 on another with ClamWin. one even had a worm on it. I deleted them but i feel something isnt right with the computer. I also went thru files on my computer and found the same Chrome symbol on files on here and i found a virus and trojan on another program i use to play a game. I started the removal of chrome.exe but Hitman Pro went Blue screen and I started the next step but i am not sure what files to delete. I need help.

 

[Lioness]

Also I forgot to ask I wasn't sure but on the Farbar Recovery Tool I just ran to get the FRST and Additional rreport was I supposed to do the fix on that or wait? There appeared to be some things from my registry in there and I didn't want to mess things up more so I just closed it. Please Inform ??

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.

Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyclsid;
  emptyalltemp;
  ipconfig /flushdns >>"%temp%\log.txt";b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.

 

[Lioness]

I am sorry but I have been scanning everything I open lately and this Zoek is saying it has some issues with virustotal. Check this out Antivirus scan for 0080253e617db80cf3e4652357cb1eb05f17cbfc704e704e77aabec63065982e at 2015-11-23 23:08:47 UTC - VirusTotal is that a false positive or is something wrong?

 

[TwinHeadedEagle]

This is False Positive, it happens with almost all removal tools we use.

 

[Lioness]

This is the log requested. please inform on status of computer


Zoek.exe v5.0.0.1 Updated 22-November-2015
Tool run by User on Wed 11/25/2015 at 10:17:05.46.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11/25/2015 10:19:38 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Program Files\iYogi Support Dock deleted successfully
C:\Program Files\MediaFire Desktop deleted successfully
C:\Program Files\Zemana AntiMalware deleted successfully
C:\PROGRA~2\Atheros deleted successfully
C:\PROGRA~2\dbg deleted successfully
C:\PROGRA~2\GlarySoft deleted successfully
C:\PROGRA~2\Seagate deleted successfully
C:\PROGRA~2\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully
C:\Users\User\AppData\Roaming\EncryptStick deleted successfully
C:\Users\User\AppData\Roaming\GlarySoft deleted successfully
C:\Users\User\AppData\Roaming\HP Photo Creations deleted successfully
C:\Users\User\AppData\Roaming\QuickScan deleted successfully
C:\Users\User\AppData\Roaming\Seagate deleted successfully
C:\Users\User\AppData\Roaming\TeamViewer deleted successfully
C:\Users\User\AppData\Roaming\WinRAR deleted successfully
C:\Users\User\AppData\Local\CrashDumps deleted successfully
C:\Users\User\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\User\AppData\Local\EmieSiteList deleted successfully
C:\Users\User\AppData\Local\EmieUserList deleted successfully
C:\Users\User\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ZAMSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ZAMSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InnovativeSolutions_monitor deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InnovativeSolutions_monitor deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\User\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\icqe3hli.default

user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("services.sync.account", "brazileticia@yahoo.com");
---- FireFox user.js and prefs.js backups ----

prefs_20151125_1130_.backup

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ulcrnb2b.default-1425351486652

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20151125_1130_.backup

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gohj1e8b.default

prefs.js not found
user.js not found
---- FireFox user.js and prefs.js backups ----


==== Batch Command(s) Run By Tool======================


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

==== Deleting Files \ Folders ======================

C:\Program Files\iYogi Support Dock not found
C:\Program Files\MediaFire Desktop not found
C:\Program Files\Zemana AntiMalware not found
C:\PROGRA~2\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found
C:\Users\User\AppData\Local\Z@!-ec7835da-7c79-4290-a3f4-a12da4e68386.tmp deleted
C:\Users\User\AppData\LocalLow\ADSRemoval deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\User\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\icqe3hli.default
user_pref("browser.startup.homepage", "tagged.com");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ulcrnb2b.default-1425351486652
user_pref("browser.startup.homepage", "about:home");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com" [02/26/2015 06:12 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\User\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\icqe3hli.default
- Empty Cache Button - %ProfilePath%\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
- FT DeepDark - %ProfilePath%\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
- iMacros for Firefox - %ProfilePath%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
- Undetermined - %ProfilePath%\extensions\cookieSwap@cookieSwap.mozdev.org.xpi
- Stylish - %ProfilePath%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
- Undetermined - %ProfilePath%\extensions\{891f0410-aaa2-11e0-9f1c-0800200c9a66}.xpi
- Fasterfox - %ProfilePath%\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Theme Font amp; Size Changer - %ProfilePath%\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ulcrnb2b.default-1425351486652
- Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
- Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
- Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ulcrnb2b.default-1425351486652
E7AC2BFD4928D251DAF1E51176C9EDD0 - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll - Adobe Acrobat
7D127425BBE91DF37448A7F44C1DDA52 - C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll - Google Update
0D80C49D9A4A3E096296C67BD015F614 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
85341C4A2D9F9BC245B8552F45740351 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll - Virtual Keyboard KAV
B15EEF78E1D9D049E5B2C1B70CE47573 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll - Content Blocker KAV
D31C4608FDCD9CEB756F45E91DCF64F8 - C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U45
66F9ADD8A2335EF9870AFDA4F35F492B - C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.450.14
D71FD9D50DEE32075F0D4F93CE2051ED - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
FD3DD0EE2D03B2BA55A8FAEC211C3B89 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
1A4574EF548F0C871013EA5568ACAE05 - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll - Foxit Reader Plugin for Mozilla


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86


AdBlock - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

==== Chromium Fix ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mediaservices-d.openxenterprise.com_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - {searchTerms} - Google Search
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - {searchTerms} - Bing

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvUpdater deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup deleted successfully

==== Empty IE Cache ======================

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\User\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=13 folders=6 1792200 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Wed 11/25/2015 at 11:55:53.93 ======================

 

[TwinHeadedEagle]

Very good. How is your PC behaving now?

 

[Lioness]

It is running a lot better but i am still noticing some things, like in processes on task manager there is always about 10 Google Chromes running when I have it open and it takes up a lot of the CPU usage. i have one program that doesnt run anymore but I am thinking of reinstalling it. It is still slow but not as slow as it was. I used to be able to use three browsers at once for a game I played and I cannot still do that without it being sluggish. It has had some improvement though no more blue screen and it does run for longer periods of time now. I had it on all day yesterday to test it and it never went blue screen once. My updates and Windows Defender is now working again since February was last time it was working correctly. Is there anything else i can do?

 

[TwinHeadedEagle]

Your configuration isn't that powerful, so sometimes you can experience such lags and huge CPU usage.

 

[Lioness]

Is that normal to have so many Chrome processes running at the same time in the task manager? I have found that Chrome symbol in my pictures and music as well This is one instance of finding it in my files. The second one i found in my music folder and this is what it went to. Any suggestions?

 

[TwinHeadedEagle]

Let's reinstall Google Chrome completely:


Uninstall Chrome

Export your bookmarks
Import or export bookmarks - Chrome Help


Close all Chrome windows and tabs.
Go to the Start menu > Control Panel.
Click Programs and Features.
Double-click Google Chrome.
Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.


Click Start, copy in search %LOCALAPPDATA%\ and remove folder Google

Download Chrome
Chrome Browser

 

[Lioness]

I was wanting to inquire why that file has a worm and whether it's a false negative or an injection from a virus on my computer? I have downloaded it but I didn't open it.

 

[Lioness]

Today I have had some issues with the computer again more things wrong. lol It has shut off twice today while i was on the internet it just shut off no warning or anything. Also my printer no longer works since i deleted Chrome as it was my main browser. I meant by my earlier statement was it a false positive or is something going wrong with my computer when i download things? I also didn't trust that so i deleted it already until i heard back from you. Thanks again

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[Lioness]

This is frst scan results

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-12-2015
Ran by User (administrator) on USER-PC (01-12-2015 13:59:49)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(alch) C:\Program Files\ClamWin\bin\ClamTray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe
(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.)
HKLM\...\Run: [ClamWin] => C:\Program Files\ClamWin\bin\ClamTray.exe [86016 2015-05-05] (alch)
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-470659228-1914503675-2800085871-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819232 2015-10-24] (SUPERAntiSpyware)
HKU\S-1-5-21-470659228-1914503675-2800085871-1000\...\Run: [HP ENVY 7640 series (NET) #2] => C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe [2424840 2014-08-22] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-470659228-1914503675-2800085871-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-470659228-1914503675-2800085871-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [] -> {b5458932-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\User\AppData\Local\MediaFire Desktop\\MFShellIconOverlayError.dll [2015-11-05] ()
ShellIconOverlayIdentifiers: [] -> {b5458930-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\User\AppData\Local\MediaFire Desktop\\MFShellIconOverlaySynced.dll [2015-11-05] ()
ShellIconOverlayIdentifiers: [] -> {b5458934-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\User\AppData\Local\MediaFire Desktop\\MFShellIconOverlayReadOnly.dll [2015-11-05] ()
ShellIconOverlayIdentifiers: [] -> {b5458933-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\User\AppData\Local\MediaFire Desktop\\MFShellIconOverlayLock.dll [2015-11-05] ()
ShellIconOverlayIdentifiers: [] -> {b5458931-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\User\AppData\Local\MediaFire Desktop\\MFShellIconOverlaySyncing.dll [2015-11-05] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{3E3B9458-94D3-409F-A7ED-4740E26603BD}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3E3B9458-94D3-409F-A7ED-4740E26603BD}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-470659228-1914503675-2800085871-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.com/
HKU\S-1-5-21-470659228-1914503675-2800085871-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/WOL_WCP
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-470659228-1914503675-2800085871-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ulcrnb2b.default-1425351486652
FF Homepage: about:home
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-26] ()
FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-26] ()
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-02-26] [not signed]
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-26] [not signed]
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-26] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-26] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-26] [not signed]
FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 AVP15.0.2; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-06-23] (Kaspersky Lab ZAO)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-12] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-12] (Dropbox, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-11-22] (SurfRight B.V.)
S4 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3208496 2015-05-19] (Qualcomm Atheros Communications, Inc.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [197864 2015-06-23] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [153784 2015-06-23] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [54640 2015-06-23] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [128728 2015-06-23] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [44208 2015-06-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [692920 2015-10-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [34160 2015-06-23] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [36208 2015-06-23] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [35696 2015-06-23] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [23920 2015-06-23] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-23] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [72560 2015-06-23] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [157240 2015-10-06] (Kaspersky Lab ZAO)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [68208 2011-03-23] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [9472 2009-07-24] (Primax Ltd)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 GrooveAuditService; no ImagePath
U3 GrooveInstallerService; no ImagePath
U0 SR; no ImagePath
U2 srservice; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-01 13:58 - 2015-12-01 13:58 - 00000000 ____D C:\Users\User\Downloads\FRST-OlderVersion
2015-11-30 23:31 - 2014-08-22 04:25 - 00587272 _____ (Hewlett-Packard Development Company, LP) C:\Windows\system32\HPDiscoPMDC11.dll
2015-11-30 20:53 - 2015-11-30 20:53 - 00000000 ____D C:\Users\User\Documents\Recipes
2015-11-30 19:11 - 2015-11-30 19:11 - 00004096 ____H C:\Users\User\AppData\Local\keyfile3.drm
2015-11-30 13:34 - 2015-11-30 13:34 - 00000000 ____D C:\Users\User\AppData\Local\GWX
2015-11-29 13:34 - 2015-11-29 13:34 - 00169225 _____ C:\Users\User\Documents\Chrome bookmarks_11_29_15.html
2015-11-27 16:36 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-27 16:36 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-27 16:36 - 2015-10-29 11:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-27 16:36 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-27 16:36 - 2015-10-20 11:46 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-27 16:36 - 2015-10-20 11:46 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-27 16:36 - 2015-10-20 11:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-27 16:36 - 2015-10-20 11:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-27 16:36 - 2015-10-20 11:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-27 16:36 - 2015-10-20 11:46 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-27 16:36 - 2015-10-20 11:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-27 16:36 - 2015-10-20 11:45 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-27 16:36 - 2015-10-20 11:45 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-27 16:36 - 2015-10-20 11:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-27 16:36 - 2015-10-20 11:45 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-27 15:21 - 2015-08-05 11:40 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2015-11-27 15:21 - 2015-08-05 10:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-11-27 15:20 - 2015-11-03 15:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-27 15:20 - 2015-11-03 11:46 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-27 15:20 - 2015-10-30 16:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-27 15:20 - 2015-10-30 16:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-27 15:20 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-27 15:20 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-27 15:20 - 2015-10-30 16:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-27 15:20 - 2015-10-30 16:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-27 15:20 - 2015-10-30 16:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-27 15:20 - 2015-10-30 16:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-27 15:20 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-27 15:20 - 2015-10-30 16:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-27 15:20 - 2015-10-30 16:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-27 15:20 - 2015-10-30 16:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-27 15:20 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-27 15:20 - 2015-10-30 16:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-27 15:20 - 2015-10-30 16:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-27 15:20 - 2015-10-30 16:36 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-27 15:20 - 2015-10-30 16:31 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-27 15:20 - 2015-10-30 16:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-27 15:20 - 2015-10-30 16:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-27 15:20 - 2015-10-30 16:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-27 15:20 - 2015-10-30 16:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-27 15:20 - 2015-10-30 16:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-27 15:20 - 2015-10-30 16:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-27 15:20 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-27 15:20 - 2015-10-30 16:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-27 15:20 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-27 15:20 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-27 15:20 - 2015-10-30 16:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-27 15:20 - 2015-10-30 16:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-27 15:20 - 2015-10-30 16:09 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-27 15:20 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-27 15:20 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-27 15:20 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-27 15:20 - 2015-10-19 18:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-27 15:20 - 2015-10-12 22:50 - 00712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-27 15:20 - 2015-10-01 11:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-27 15:20 - 2015-10-01 11:50 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-27 15:19 - 2015-10-19 18:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-11-27 15:19 - 2015-10-19 18:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-27 15:19 - 2015-10-19 18:52 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-27 15:19 - 2015-10-19 18:52 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-27 15:19 - 2015-10-19 18:48 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-27 15:19 - 2015-10-19 18:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-27 15:19 - 2015-10-19 18:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-27 15:19 - 2015-10-19 18:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-27 15:19 - 2015-10-19 18:44 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-27 15:19 - 2015-10-19 18:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-27 15:19 - 2015-10-19 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-27 15:19 - 2015-10-19 18:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-27 15:19 - 2015-10-19 18:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-27 15:19 - 2015-10-19 17:29 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-27 15:19 - 2015-10-19 17:28 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-27 15:19 - 2015-10-19 17:28 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-27 15:19 - 2015-10-13 10:31 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-27 15:19 - 2015-10-13 10:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-27 15:19 - 2015-09-23 07:09 - 00371920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-27 15:19 - 2015-09-23 07:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-26 11:42 - 2015-11-26 11:42 - 00985600 _____ C:\Users\User\Downloads\MicrosoftFixit50123.msi
2015-11-25 12:56 - 2015-11-25 12:56 - 00000000 ____D C:\Users\User\AppData\Roaming\TeamViewer
2015-11-25 12:44 - 2015-11-25 12:44 - 00011407 _____ C:\Users\User\Desktop\zoek-results.txt
2015-11-25 11:55 - 2015-11-25 11:55 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore
2015-11-25 11:52 - 2015-11-25 10:16 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-11-25 10:15 - 2015-11-25 11:41 - 00000000 ____D C:\zoek_backup
2015-11-24 02:13 - 2015-11-24 02:13 - 00043870 _____ C:\Users\User\Downloads\Addition_22-11-2015_18-24-24.txt
2015-11-24 02:11 - 2015-11-24 02:11 - 00035596 _____ C:\Users\User\Downloads\FRST_22-11-2015_18-24-24.txt
2015-11-23 17:07 - 2015-11-23 17:07 - 01309184 _____ C:\Users\User\Downloads\zoek.exe
2015-11-22 18:22 - 2015-11-22 18:24 - 00043870 _____ C:\Users\User\Downloads\Addition.txt
2015-11-22 18:18 - 2015-12-01 13:59 - 00020402 _____ C:\Users\User\Downloads\FRST.txt
2015-11-22 18:17 - 2015-12-01 13:59 - 00000000 ____D C:\FRST
2015-11-22 18:12 - 2015-12-01 13:58 - 01721344 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-11-22 16:16 - 2015-11-22 16:16 - 00004332 _____ C:\Users\User\Desktop\RogueKiller wanted to delete.txt
2015-11-22 14:48 - 2015-11-22 18:01 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-22 14:48 - 2015-11-22 14:48 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-11-22 14:47 - 2015-11-22 14:47 - 19740232 _____ C:\Users\User\Downloads\RogueKiller.exe
2015-11-22 13:21 - 2015-11-22 13:35 - 00000000 ____D C:\Program Files\HitmanPro
2015-11-22 13:21 - 2015-11-22 13:21 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-11-22 13:21 - 2015-11-22 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-11-22 12:40 - 2015-11-22 13:51 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-22 12:40 - 2015-11-22 12:40 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-22 12:40 - 2015-11-22 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-22 12:40 - 2015-11-22 12:40 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-11-22 12:40 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-22 12:40 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-22 12:40 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-22 12:36 - 2015-11-22 12:36 - 22908888 _____ (Malwarebytes ) C:\Users\User\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-22 12:24 - 2015-11-22 12:24 - 00000022 _____ C:\Users\User\Downloads\ESETPoweliksCleaner.exe_20151122.122446.2508.zip
2015-11-22 12:22 - 2015-11-22 12:22 - 00224968 _____ (ESET) C:\Users\User\Downloads\ESETPoweliksCleaner.exe
2015-11-22 12:22 - 2015-11-22 12:22 - 00000022 _____ C:\Users\User\Downloads\ESETPoweliksCleaner.exe_20151122.122240.5444.zip
2015-11-19 05:33 - 2015-11-19 06:47 - 00000000 ____D C:\Users\User\Downloads\Other
2015-11-17 02:10 - 2015-11-17 02:10 - 00005376 _____ C:\Users\User\Desktop\clamWin files deleted.txt
2015-11-16 22:55 - 2015-11-16 22:57 - 00000000 ____D C:\Users\User\AppData\Roaming\.clamwin
2015-11-16 22:55 - 2015-11-16 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
2015-11-16 22:55 - 2015-11-16 22:55 - 00000000 ____D C:\ProgramData\.clamwin
2015-11-16 22:55 - 2015-11-16 22:55 - 00000000 ____D C:\Program Files\ClamWin
2015-11-16 22:48 - 2015-11-16 22:49 - 108583716 _____ (alch ) C:\Users\User\Downloads\clamwin-0.98.7-setup.exe
2015-11-16 16:50 - 2015-11-16 17:35 - 00000000 ____D C:\Users\User\Downloads\Shaun 2
2015-11-13 11:44 - 2015-11-16 16:12 - 00000000 ___RD C:\Users\User\MediaFire
2015-11-12 22:04 - 2015-11-16 16:17 - 00000000 ____D C:\Users\User\AppData\Local\MediaFire Desktop
2015-11-12 20:54 - 2015-11-13 11:41 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\659859C3.sys
2015-11-12 20:29 - 2015-11-12 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-12 20:26 - 2015-12-01 13:32 - 00000892 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-12 20:26 - 2015-12-01 13:27 - 00000888 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-12 20:25 - 2015-11-12 20:29 - 00000000 ____D C:\Program Files\Dropbox
2015-11-12 20:25 - 2015-11-12 20:25 - 00660960 _____ (Dropbox, Inc.) C:\Users\User\Downloads\DropboxInstaller (2).exe
2015-11-06 14:58 - 2015-11-12 21:04 - 00000000 ____D C:\Users\User\AppData\Local\Dropbox
2015-11-06 14:58 - 2015-11-06 14:58 - 00000000 ____D C:\ProgramData\Dropbox
2015-11-06 14:57 - 2015-11-12 20:30 - 00001184 _____ C:\Users\User\Desktop\Dropbox (Pandas Box).lnk
2015-11-06 14:57 - 2015-11-06 14:57 - 00000000 __HDL C:\Users\User\Dropbox
2015-11-04 21:09 - 2015-11-04 22:32 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\43DB740D.sys
2015-11-04 13:58 - 2015-11-04 13:59 - 01592568 _____ (LogMeIn, Inc.) C:\Users\User\Downloads\Support-LogMeInRescue (1).exe
2015-11-04 00:45 - 2015-11-04 00:46 - 00092656 _____ C:\Users\User\Downloads\WinKeyFinder175.zip
2015-11-03 21:06 - 2015-11-03 21:39 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\13BB232A.sys
2015-11-02 21:18 - 2015-11-02 21:18 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\1DDA5EC7.sys
2015-11-01 15:08 - 2015-11-01 15:08 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\68747557.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-01 13:53 - 2009-07-13 20:37 - 00000000 ___HD C:\Windows\inf
2015-12-01 13:53 - 2009-07-13 20:37 - 00000000 ____D C:\Windows
2015-12-01 13:50 - 2015-02-26 18:12 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-12-01 13:42 - 2009-07-13 22:34 - 00017168 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-01 13:42 - 2009-07-13 22:34 - 00017168 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-01 13:37 - 2013-09-26 11:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-01 13:28 - 2015-04-07 21:14 - 00000000 ___RD C:\Users\User\Dropbox (Pandas Box)
2015-12-01 13:28 - 2015-04-07 19:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2015-12-01 13:27 - 2015-03-14 21:51 - 00000296 _____ C:\Windows\Tasks\Health-Check-auto.job
2015-12-01 13:26 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-01 00:00 - 2015-02-22 03:38 - 00001962 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2015-11-30 23:35 - 2015-02-22 03:52 - 00002176 _____ C:\Users\Public\Desktop\HP ENVY 7640 series.lnk
2015-11-30 23:35 - 2015-02-22 03:52 - 00001138 _____ C:\Users\Public\Desktop\Shop for Supplies - HP ENVY 7640 series.lnk
2015-11-30 23:18 - 2015-03-14 21:51 - 00000298 _____ C:\Windows\Tasks\Health-Check-deep.job
2015-11-30 23:18 - 2015-03-14 21:51 - 00000290 _____ C:\Windows\Tasks\Health-Check.job
2015-11-30 13:38 - 2013-09-25 21:30 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-29 18:00 - 2013-10-05 11:23 - 00000000 ____D C:\Program Files\Google
2015-11-27 19:13 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache
2015-11-27 16:06 - 2013-09-26 10:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-27 16:05 - 2013-10-06 15:46 - 00000000 ____D C:\Windows\system32\MRT
2015-11-27 15:47 - 2013-10-06 15:46 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-27 15:28 - 2009-07-14 01:50 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-25 10:15 - 2015-05-13 14:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-23 12:10 - 2014-04-16 02:08 - 00000000 ____D C:\Windows\Minidump
2015-11-19 04:57 - 2015-04-25 13:52 - 00000000 ____D C:\Users\User\Downloads\Dynasty gifs
2015-11-19 04:44 - 2015-10-22 21:17 - 00000000 ____D C:\Users\User\Downloads\Lathan
2015-11-19 04:44 - 2013-11-06 19:47 - 00000000 ____D C:\Users\User\Downloads\angeles
2015-11-17 23:14 - 2013-09-26 11:44 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2015-11-07 17:18 - 2014-01-02 19:17 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2015-11-05 19:40 - 2009-07-13 22:53 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-03-12 20:49 - 2015-03-14 21:39 - 0000078 _____ () C:\Users\User\AppData\Roaming\mbam.context.scan
2015-11-30 19:11 - 2015-11-30 19:11 - 0004096 ____H () C:\Users\User\AppData\Local\keyfile3.drm
2015-02-22 02:12 - 2015-02-22 02:12 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpprw_sh.dll
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsravv2.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-30 14:25
==================== End of FRST.txt ============================


This Addition scan results

Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-12-2015
Ran by User (2015-12-01 14:01:49)
Running from C:\Users\User\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2013-09-26 16:05:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-470659228-1914503675-2800085871-500 - Administrator - Disabled)
Guest (S-1-5-21-470659228-1914503675-2800085871-501 - Limited - Disabled)
User (S-1-5-21-470659228-1914503675-2800085871-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.135 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.135 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\{3CE0C7DC-ED5B-450E-9C5F-49702C263544}) (Version: 12.1.7.157 - Adobe Systems, Inc)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 10.0.1 (HKLM\...\Ashampoo Burning Studio 10_is1) (Version: 10.0.1 - ashampoo GmbH & Co. KG)
Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Auto-Pet-Buy version 1.2.2.2 (HKLM\...\{F6A21126-4EB9-48CF-91DC-63AEF81D7872}_is1) (Version: 1.2.2.2 - Rodolfo U. Batista)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
ClamWin Free Antivirus 0.98.7 (HKLM\...\ClamWin Free Antivirus_is1) (Version: - alch)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Foxit Reader (HKLM\...\{BDDF6AEE-7AD7-4CDA-B57F-5BDF9417AD4F}) (Version: 5.1.3.1201 - Foxit Corporation)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.251 - SurfRight B.V.)
HP ENVY 7640 series Basic Device Software (HKLM\...\{85FF0AA2-49C8-4FEB-8F0F-F9A9303C0B38}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
HP ENVY 7640 series Help (HKLM\...\{462AAD1D-9165-4D62-8A3C-EAD926FD3650}) (Version: 34.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
iTunes (HKLM\...\{E05D82D8-FE70-4228-B073-B0C07FE27595}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Kaspersky Internet Security (HKLM\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.396 - Kaspersky Lab)
Kaspersky Internet Security (Version: 15.0.2.396 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Publisher 2002 (HKLM\...\{90190409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-470659228-1914503675-2800085871-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Pale Moon 24.2.2 (x86 en-US) (HKLM\...\Pale Moon 24.2.2 (x86 en-US)) (Version: 24.2.2 - Mozilla)
Product Improvement Study for HP ENVY 7640 series (HKLM\...\{FA283DED-2C15-4E48-93A2-EF3474FBE8F3}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
USB Optical Mouse (HKLM\...\{EEAE45EB-C1E3-4CCD-930D-D7B40F810063}) (Version: 1.00.0000 - )
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Пакет обеспечения совместимости для выпуска 2007 системы Microsoft Office (HKLM\...\{90120000-0020-0419-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-470659228-1914503675-2800085871-1000_Classes\CLSID\{A10E0335-AFCA-4E7E-975F-CA30235FB29A}\InprocServer32 -> C:\Users\User\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)

==================== Restore Points =========================

30-11-2015 23:24:23 Removed HP ENVY 7640 series Basic Device Software
30-11-2015 23:26:52 Removed HP ENVY 7640 series Basic Device Software

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06BF9645-7966-4683-BDF6-27AED2D634A5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-11-12] (Dropbox, Inc.)
Task: {11C63790-3B81-4A69-82A7-CB52F4CDD0B6} - \SmartDefrag_Startup -> No File <==== ATTENTION
Task: {14624E3B-DC78-4A63-BD02-95B3F3E7FDFB} - \Health-Check-deep -> No File <==== ATTENTION
Task: {161B295D-FCE3-4338-8507-4C5310BC4AED} - \{CA749DD4-5C0D-4B6F-A8AD-C85D0083D5A4} -> No File <==== ATTENTION
Task: {29A8F0AB-C99F-4BC8-904F-5DC41B583846} - \HPCustParticipation HP ENVY 7640 series -> No File <==== ATTENTION
Task: {38F432CF-BA85-4E6E-AE2B-D994EA5B1721} - System32\Tasks\{402BEB33-5D2B-4988-9EBB-BEBB53AA9328} => pcalua.exe -a C:\Users\User\Downloads\air4-0_win.exe -d C:\Users\User\Downloads
Task: {4ABE44CE-C847-4C60-B1FF-CAFC1085721A} - \{DB6CF461-EA39-4737-9C9F-FA40C4F85448} -> No File <==== ATTENTION
Task: {58803100-20AE-428D-9B34-C4B8534935C9} - System32\Tasks\Seagate_Install_Launch => C:\Program Files\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {74C0D1F0-29C2-4216-A242-2A455B2B1C78} - \{9E5D8AB4-FF41-4EAF-9C75-BE1E2DD86F41} -> No File <==== ATTENTION
Task: {8322AC7A-C2E7-4583-80A7-3012FD08DFD0} - \Health-Check -> No File <==== ATTENTION
Task: {83CF3CC5-51CB-402D-A89F-3ADC864B0B5B} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {89C17738-60BA-491A-9663-C692B6C11758} - \Driver Booster SkipUAC (User) -> No File <==== ATTENTION
Task: {AB32E32E-7D4D-4653-8787-E6E31B4EDCAC} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {BA1FBF2F-32C2-425E-9DF2-3DCE2412BB50} - \HPCustPartic.exe_{E57A5AB6-8202-4C98-AAB7-700B26BF3186} -> No File <==== ATTENTION
Task: {BCD7E08E-F3AF-448F-9FB9-D41A12FA54FA} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-11-12] (Dropbox, Inc.)
Task: {D4FB6435-489F-4368-B689-00E0178A80B1} - \SmartDefragUpdate -> No File <==== ATTENTION
Task: {DDA2D2C9-66E1-45B9-A774-CE787D042BC1} - \Health-Check-auto -> No File <==== ATTENTION
Task: {FE0610A9-5213-42EE-B0E9-FAD50228489C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\Health-Check-auto.job => C:\Users\User\Desktop\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\Windows\Tasks\Health-Check-deep.job => C:\Users\User\Desktop\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\Windows\Tasks\Health-Check.job => C:\Users\User\Desktop\Advanced Uninstaller PRO\healthcheck.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-12 22:05 - 2015-11-05 11:33 - 00201216 _____ () C:\Users\User\AppData\Local\MediaFire Desktop\MFShellIconOverlayError.dll
2015-11-12 22:05 - 2015-11-05 11:33 - 00201216 _____ () C:\Users\User\AppData\Local\MediaFire Desktop\MFShellIconOverlaySynced.dll
2015-11-12 22:05 - 2015-11-05 11:33 - 00201216 _____ () C:\Users\User\AppData\Local\MediaFire Desktop\MFShellIconOverlayReadOnly.dll
2015-11-12 22:05 - 2015-11-05 11:33 - 00201216 _____ () C:\Users\User\AppData\Local\MediaFire Desktop\MFShellIconOverlayLock.dll
2015-11-12 22:05 - 2015-11-05 11:33 - 00201216 _____ () C:\Users\User\AppData\Local\MediaFire Desktop\MFShellIconOverlaySyncing.dll
2015-11-16 22:55 - 2008-04-19 16:35 - 00081920 _____ () C:\Program Files\ClamWin\bin\ExpShell.dll
2015-12-01 13:27 - 2015-12-01 13:27 - 00071168 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsravv2.dll
2015-11-12 20:28 - 2015-09-02 18:11 - 00012800 _____ () C:\Program Files\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-11-12 20:28 - 2015-09-02 18:11 - 00779776 _____ () C:\Program Files\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-11-12 20:28 - 2015-09-02 18:11 - 00056320 _____ () C:\Program Files\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-11-12 20:28 - 2015-09-02 18:11 - 00012288 _____ () C:\Program Files\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2015-11-16 22:55 - 2005-02-08 16:23 - 00979005 _____ () C:\Program Files\ClamWin\bin\python23.dll
2015-11-16 22:55 - 2004-11-20 02:27 - 00069632 _____ () C:\Program Files\ClamWin\lib\win32api.pyd
2015-11-16 22:55 - 2004-10-11 19:21 - 00094208 _____ () C:\Program Files\ClamWin\lib\pywintypes23.dll
2015-11-16 22:55 - 2004-05-25 20:18 - 00057401 _____ () C:\Program Files\ClamWin\lib\_sre.pyd
2015-11-16 22:55 - 2004-11-20 02:27 - 00086016 _____ () C:\Program Files\ClamWin\lib\win32gui.pyd
2015-11-16 22:55 - 2004-11-20 02:27 - 00024576 _____ () C:\Program Files\ClamWin\lib\win32event.pyd
2015-11-16 22:55 - 2004-11-20 02:27 - 00036864 _____ () C:\Program Files\ClamWin\lib\win32process.pyd
2015-11-16 22:55 - 2004-05-25 20:18 - 00049212 _____ () C:\Program Files\ClamWin\lib\_socket.pyd
2015-11-16 22:55 - 2004-05-25 20:18 - 00495616 _____ () C:\Program Files\ClamWin\lib\_ssl.pyd
2015-11-16 22:55 - 2004-05-25 20:20 - 00036864 _____ () C:\Program Files\ClamWin\lib\_winreg.pyd
2015-11-16 22:55 - 2004-10-11 19:22 - 00315392 _____ () C:\Program Files\ClamWin\lib\pythoncom23.dll
2015-11-16 22:55 - 2004-11-20 02:27 - 00106496 _____ () C:\Program Files\ClamWin\lib\shell.pyd
2015-11-16 22:55 - 2004-11-20 02:27 - 00065536 _____ () C:\Program Files\ClamWin\lib\win32security.pyd
2015-11-16 22:55 - 2004-01-15 13:45 - 00061440 _____ () C:\Program Files\ClamWin\lib\_ctypes.pyd
2015-11-16 22:55 - 2004-11-20 02:27 - 00077824 _____ () C:\Program Files\ClamWin\lib\win32file.pyd
2015-11-16 22:55 - 2004-11-20 02:27 - 00024576 _____ () C:\Program Files\ClamWin\lib\win32pipe.pyd
2015-11-16 22:55 - 2003-10-01 12:40 - 02240512 _____ () C:\Program Files\ClamWin\lib\wxc.pyd
2015-11-16 22:55 - 2003-10-01 10:43 - 03239936 _____ () C:\Program Files\ClamWin\lib\wxmsw24h.dll
2015-11-16 22:55 - 2003-08-10 08:14 - 00061440 _____ () C:\Program Files\ClamWin\lib\mxDateTime.pyd
2015-11-16 22:55 - 2004-05-25 20:17 - 00622651 _____ () C:\Program Files\ClamWin\lib\_bsddb.pyd
2015-11-16 22:55 - 2004-05-25 20:19 - 00045117 _____ () C:\Program Files\ClamWin\lib\datetime.pyd
2014-03-16 21:49 - 2014-12-29 11:16 - 03044864 _____ () C:\Program Files\Pale Moon\mozjs.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-470659228-1914503675-2800085871-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: InnovativeSolutions_monitor => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk.disabled => C:\Windows\pss\Dropbox.lnk.disabled.Startup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP ENVY 7640 series (NET) => "C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH4AR260D7063T:NW" -scfn "HP ENVY 7640 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: USB Optical Mouse => "C:\Program Files\USB Optical Mouse\USB Optical Mouse\MouseHid.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A51A45C5-A508-4011-9D01-9714E924F8E8}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{890BC205-BCB5-41E7-A86A-3C860ECE6897}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D4188F3E-7A91-4D37-95B8-FFEBDAF4BD5E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B3B35500-536A-46B5-B765-FBB99B5249C8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{92188323-2E0E-4E93-A800-D5888C93D811}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{D3E39FB0-9447-4EA0-9336-6C9F44B78BF4}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{FA188D33-5BE7-4639-A585-CCAC1C3648C3}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C246A366-D5B1-4A79-A13C-1C4BBCBF4EE9}] => (Allow) LPort=2869
FirewallRules: [{3940023B-44C5-470F-AB52-BAE768CF045A}] => (Allow) LPort=1900
FirewallRules: [{9DA4B37D-E55A-4CDF-94B1-80408CD5C612}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1100985C-263B-456A-BAD1-8DF4A300C156}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{71D050A8-0A62-4206-BE57-B6B9007FC048}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{FEC8A5A3-BA60-48C5-9EDF-2AD231782828}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{5CF6882B-3786-40EB-858C-4DAC18CA9ED5}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{3C38653A-5E54-427E-A177-1614588F529A}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{9F30E8BA-FAE5-49B5-8A12-7BD9EEB5EBDB}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\FaxApplications.exe
FirewallRules: [{0443F7B5-7284-4217-98D3-4C10D6EF18B9}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\DigitalWizards.exe
FirewallRules: [{C9B29048-9679-4E72-A5FD-D468B950CC6F}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\SendAFax.exe
FirewallRules: [{55BB0685-5AD9-456D-9D76-A2833D761751}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\DeviceSetup.exe
FirewallRules: [{B8E87125-404E-46CC-ADB3-6D49C32C33AD}] => (Allow) LPort=5357
FirewallRules: [{309314C2-FA2C-4621-B4A0-71C509DB05AC}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{21ABBCD8-664E-4CC9-844F-FD0A67A95015}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C82C385A-CBBA-4840-9D58-1D71A3950BF0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{47203054-80EC-4EF5-8334-A59EB539BD1A}] => (Allow) LPort=8888
FirewallRules: [{77144DA0-5F3E-4C5C-BDEB-0B51D7D37ED0}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS4FF9\HPDiagnosticCoreUI.exe
FirewallRules: [{693BBB87-5AEA-4FFB-A6F8-378DE66CFE3C}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS4FF9\HPDiagnosticCoreUI.exe
FirewallRules: [{61FEB400-B920-436F-85FD-9809089BFF58}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS50DE\HPDiagnosticCoreUI.exe
FirewallRules: [{D5200882-0C6B-44DD-AB9B-7E758C57A3BD}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS50DE\HPDiagnosticCoreUI.exe
FirewallRules: [{C55FC559-725E-4785-9288-4D2B7F2EABB6}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0097\HPDiagnosticCoreUI.exe
FirewallRules: [{B4D8ACDE-E119-4E4D-AC52-B0E62DB932F4}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0097\HPDiagnosticCoreUI.exe
FirewallRules: [{EA1458E6-13A5-474E-996E-159CBDF1B56E}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS01D7\HPDiagnosticCoreUI.exe
FirewallRules: [{4A4AA079-CB20-4556-977D-3DE200B02A91}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS01D7\HPDiagnosticCoreUI.exe
FirewallRules: [{899FEE25-1EA4-4E52-BE11-CA4EF4D68E1D}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0989\HPDiagnosticCoreUI.exe
FirewallRules: [{BA710A6E-FA87-4BD1-B092-BA8F76208CD5}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0989\HPDiagnosticCoreUI.exe
FirewallRules: [{DC7C5A53-6FBB-4FD3-8A5F-BBA630F9A249}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{DF9B6831-AABA-40F2-BF42-9CD67D78E2F5}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS54CF\HPDiagnosticCoreUI.exe
FirewallRules: [{040CD439-945F-44D4-9F89-4174AA0212FA}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS54CF\HPDiagnosticCoreUI.exe

==================== Faulty Device Manager Devices =============

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

CodeIntegrity:
===================================
Date: 2015-10-26 18:01:21.479
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-10-26 18:01:21.463
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-10-26 18:01:21.245
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-10-26 18:01:21.213
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


==================== Memory info ===========================

Processor: AMD C-50 Processor
Percentage of memory in use: 51%
Total physical RAM: 2794.9 MB
Available physical RAM: 1355.66 MB
Total Virtual: 5693.21 MB
Available Virtual: 4075.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:181.37 GB) NTFS
Drive e: () (Removable) (Total:3.73 GB) (Free:0.92 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BB4F8998)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================


Can you help please I really miss having my chrome browser. The link i went to said it had a worm in the file. And now my printer doesnt work. I am not sure why it is cutting off when im using it either but it is annoying. Please anything you can do? Thanks so much for all your help. I havent forgot about ya.

 

[TwinHeadedEagle]

Please upload reports.

 

[Lioness]

Sorry these are the reports

 

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[Lioness]

Here is the log. What should I do about installing Chrome and my printer not working now? Please let me know. Does the log give info on how my computer is doing now?

 

[TwinHeadedEagle]

Can you reinstall Google Chrome and your printer software?