This is frst scan results
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-12-2015
Ran by User (administrator) on USER-PC (01-12-2015 13:59:49)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(alch) C:\Program Files\ClamWin\bin\ClamTray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe
(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.)
HKLM\...\Run: [ClamWin] => C:\Program Files\ClamWin\bin\ClamTray.exe [86016 2015-05-05] (alch)
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-470659228-1914503675-2800085871-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819232 2015-10-24] (SUPERAntiSpyware)
HKU\S-1-5-21-470659228-1914503675-2800085871-1000\...\Run: [HP ENVY 7640 series (NET) #2] => C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe [2424840 2014-08-22] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-470659228-1914503675-2800085871-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-470659228-1914503675-2800085871-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [] -> {b5458932-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\User\AppData\Local\MediaFire Desktop\\MFShellIconOverlayError.dll [2015-11-05] ()
ShellIconOverlayIdentifiers: [] -> {b5458930-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\User\AppData\Local\MediaFire Desktop\\MFShellIconOverlaySynced.dll [2015-11-05] ()
ShellIconOverlayIdentifiers: [] -> {b5458934-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\User\AppData\Local\MediaFire Desktop\\MFShellIconOverlayReadOnly.dll [2015-11-05] ()
ShellIconOverlayIdentifiers: [] -> {b5458933-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\User\AppData\Local\MediaFire Desktop\\MFShellIconOverlayLock.dll [2015-11-05] ()
ShellIconOverlayIdentifiers: [] -> {b5458931-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\User\AppData\Local\MediaFire Desktop\\MFShellIconOverlaySyncing.dll [2015-11-05] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{3E3B9458-94D3-409F-A7ED-4740E26603BD}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3E3B9458-94D3-409F-A7ED-4740E26603BD}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-470659228-1914503675-2800085871-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.com/
HKU\S-1-5-21-470659228-1914503675-2800085871-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/WOL_WCP
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-470659228-1914503675-2800085871-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://
www.google.com/search?q={searchTerms}
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ulcrnb2b.default-1425351486652
FF Homepage: about:home
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-26] ()
FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-26] ()
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-02-26] [not signed]
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-26] [not signed]
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-26] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-26] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-26] [not signed]
FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 AVP15.0.2; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-06-23] (Kaspersky Lab ZAO)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-12] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-12] (Dropbox, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-11-22] (SurfRight B.V.)
S4 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3208496 2015-05-19] (Qualcomm Atheros Communications, Inc.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [197864 2015-06-23] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [153784 2015-06-23] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [54640 2015-06-23] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [128728 2015-06-23] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [44208 2015-06-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [692920 2015-10-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [34160 2015-06-23] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [36208 2015-06-23] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [35696 2015-06-23] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [23920 2015-06-23] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-23] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [72560 2015-06-23] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [157240 2015-10-06] (Kaspersky Lab ZAO)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [68208 2011-03-23] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [9472 2009-07-24] (Primax Ltd)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 GrooveAuditService; no ImagePath
U3 GrooveInstallerService; no ImagePath
U0 SR; no ImagePath
U2 srservice; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-01 13:58 - 2015-12-01 13:58 - 00000000 ____D C:\Users\User\Downloads\FRST-OlderVersion
2015-11-30 23:31 - 2014-08-22 04:25 - 00587272 _____ (Hewlett-Packard Development Company, LP) C:\Windows\system32\HPDiscoPMDC11.dll
2015-11-30 20:53 - 2015-11-30 20:53 - 00000000 ____D C:\Users\User\Documents\Recipes
2015-11-30 19:11 - 2015-11-30 19:11 - 00004096 ____H C:\Users\User\AppData\Local\keyfile3.drm
2015-11-30 13:34 - 2015-11-30 13:34 - 00000000 ____D C:\Users\User\AppData\Local\GWX
2015-11-29 13:34 - 2015-11-29 13:34 - 00169225 _____ C:\Users\User\Documents\Chrome bookmarks_11_29_15.html
2015-11-27 16:36 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-27 16:36 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-27 16:36 - 2015-10-29 11:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-27 16:36 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-27 16:36 - 2015-10-20 11:46 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-27 16:36 - 2015-10-20 11:46 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-27 16:36 - 2015-10-20 11:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-27 16:36 - 2015-10-20 11:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-27 16:36 - 2015-10-20 11:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-27 16:36 - 2015-10-20 11:46 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-27 16:36 - 2015-10-20 11:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-27 16:36 - 2015-10-20 11:45 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-27 16:36 - 2015-10-20 11:45 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-27 16:36 - 2015-10-20 11:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-27 16:36 - 2015-10-20 11:45 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-27 15:21 - 2015-08-05 11:40 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2015-11-27 15:21 - 2015-08-05 10:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-11-27 15:20 - 2015-11-03 15:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-27 15:20 - 2015-11-03 11:46 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-27 15:20 - 2015-10-30 16:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-27 15:20 - 2015-10-30 16:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-27 15:20 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-27 15:20 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-27 15:20 - 2015-10-30 16:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-27 15:20 - 2015-10-30 16:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-27 15:20 - 2015-10-30 16:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-27 15:20 - 2015-10-30 16:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-27 15:20 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-27 15:20 - 2015-10-30 16:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-27 15:20 - 2015-10-30 16:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-27 15:20 - 2015-10-30 16:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-27 15:20 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-27 15:20 - 2015-10-30 16:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-27 15:20 - 2015-10-30 16:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-27 15:20 - 2015-10-30 16:36 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-27 15:20 - 2015-10-30 16:31 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-27 15:20 - 2015-10-30 16:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-27 15:20 - 2015-10-30 16:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-27 15:20 - 2015-10-30 16:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-27 15:20 - 2015-10-30 16:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-27 15:20 - 2015-10-30 16:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-27 15:20 - 2015-10-30 16:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-27 15:20 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-27 15:20 - 2015-10-30 16:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-27 15:20 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-27 15:20 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-27 15:20 - 2015-10-30 16:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-27 15:20 - 2015-10-30 16:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-27 15:20 - 2015-10-30 16:09 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-27 15:20 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-27 15:20 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-27 15:20 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-27 15:20 - 2015-10-19 18:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-27 15:20 - 2015-10-12 22:50 - 00712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-27 15:20 - 2015-10-01 11:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-27 15:20 - 2015-10-01 11:50 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-27 15:19 - 2015-10-19 18:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-11-27 15:19 - 2015-10-19 18:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-27 15:19 - 2015-10-19 18:52 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-27 15:19 - 2015-10-19 18:52 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-27 15:19 - 2015-10-19 18:48 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-27 15:19 - 2015-10-19 18:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-27 15:19 - 2015-10-19 18:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-27 15:19 - 2015-10-19 18:45 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-27 15:19 - 2015-10-19 18:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-27 15:19 - 2015-10-19 18:44 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-27 15:19 - 2015-10-19 18:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-27 15:19 - 2015-10-19 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-27 15:19 - 2015-10-19 18:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-27 15:19 - 2015-10-19 18:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-27 15:19 - 2015-10-19 17:29 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-27 15:19 - 2015-10-19 17:28 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-27 15:19 - 2015-10-19 17:28 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-27 15:19 - 2015-10-13 10:31 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-27 15:19 - 2015-10-13 10:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-27 15:19 - 2015-09-23 07:09 - 00371920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-27 15:19 - 2015-09-23 07:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-26 11:42 - 2015-11-26 11:42 - 00985600 _____ C:\Users\User\Downloads\MicrosoftFixit50123.msi
2015-11-25 12:56 - 2015-11-25 12:56 - 00000000 ____D C:\Users\User\AppData\Roaming\TeamViewer
2015-11-25 12:44 - 2015-11-25 12:44 - 00011407 _____ C:\Users\User\Desktop\zoek-results.txt
2015-11-25 11:55 - 2015-11-25 11:55 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore
2015-11-25 11:52 - 2015-11-25 10:16 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-11-25 10:15 - 2015-11-25 11:41 - 00000000 ____D C:\zoek_backup
2015-11-24 02:13 - 2015-11-24 02:13 - 00043870 _____ C:\Users\User\Downloads\Addition_22-11-2015_18-24-24.txt
2015-11-24 02:11 - 2015-11-24 02:11 - 00035596 _____ C:\Users\User\Downloads\FRST_22-11-2015_18-24-24.txt
2015-11-23 17:07 - 2015-11-23 17:07 - 01309184 _____ C:\Users\User\Downloads\zoek.exe
2015-11-22 18:22 - 2015-11-22 18:24 - 00043870 _____ C:\Users\User\Downloads\Addition.txt
2015-11-22 18:18 - 2015-12-01 13:59 - 00020402 _____ C:\Users\User\Downloads\FRST.txt
2015-11-22 18:17 - 2015-12-01 13:59 - 00000000 ____D C:\FRST
2015-11-22 18:12 - 2015-12-01 13:58 - 01721344 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-11-22 16:16 - 2015-11-22 16:16 - 00004332 _____ C:\Users\User\Desktop\RogueKiller wanted to delete.txt
2015-11-22 14:48 - 2015-11-22 18:01 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-22 14:48 - 2015-11-22 14:48 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-11-22 14:47 - 2015-11-22 14:47 - 19740232 _____ C:\Users\User\Downloads\RogueKiller.exe
2015-11-22 13:21 - 2015-11-22 13:35 - 00000000 ____D C:\Program Files\HitmanPro
2015-11-22 13:21 - 2015-11-22 13:21 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-11-22 13:21 - 2015-11-22 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-11-22 12:40 - 2015-11-22 13:51 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-22 12:40 - 2015-11-22 12:40 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-22 12:40 - 2015-11-22 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-22 12:40 - 2015-11-22 12:40 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-11-22 12:40 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-22 12:40 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-22 12:40 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-22 12:36 - 2015-11-22 12:36 - 22908888 _____ (Malwarebytes ) C:\Users\User\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-22 12:24 - 2015-11-22 12:24 - 00000022 _____ C:\Users\User\Downloads\ESETPoweliksCleaner.exe_20151122.122446.2508.zip
2015-11-22 12:22 - 2015-11-22 12:22 - 00224968 _____ (ESET) C:\Users\User\Downloads\ESETPoweliksCleaner.exe
2015-11-22 12:22 - 2015-11-22 12:22 - 00000022 _____ C:\Users\User\Downloads\ESETPoweliksCleaner.exe_20151122.122240.5444.zip
2015-11-19 05:33 - 2015-11-19 06:47 - 00000000 ____D C:\Users\User\Downloads\Other
2015-11-17 02:10 - 2015-11-17 02:10 - 00005376 _____ C:\Users\User\Desktop\clamWin files deleted.txt
2015-11-16 22:55 - 2015-11-16 22:57 - 00000000 ____D C:\Users\User\AppData\Roaming\.clamwin
2015-11-16 22:55 - 2015-11-16 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
2015-11-16 22:55 - 2015-11-16 22:55 - 00000000 ____D C:\ProgramData\.clamwin
2015-11-16 22:55 - 2015-11-16 22:55 - 00000000 ____D C:\Program Files\ClamWin
2015-11-16 22:48 - 2015-11-16 22:49 - 108583716 _____ (alch ) C:\Users\User\Downloads\clamwin-0.98.7-setup.exe
2015-11-16 16:50 - 2015-11-16 17:35 - 00000000 ____D C:\Users\User\Downloads\Shaun 2
2015-11-13 11:44 - 2015-11-16 16:12 - 00000000 ___RD C:\Users\User\MediaFire
2015-11-12 22:04 - 2015-11-16 16:17 - 00000000 ____D C:\Users\User\AppData\Local\MediaFire Desktop
2015-11-12 20:54 - 2015-11-13 11:41 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\659859C3.sys
2015-11-12 20:29 - 2015-11-12 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-12 20:26 - 2015-12-01 13:32 - 00000892 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-12 20:26 - 2015-12-01 13:27 - 00000888 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-12 20:25 - 2015-11-12 20:29 - 00000000 ____D C:\Program Files\Dropbox
2015-11-12 20:25 - 2015-11-12 20:25 - 00660960 _____ (Dropbox, Inc.) C:\Users\User\Downloads\DropboxInstaller (2).exe
2015-11-06 14:58 - 2015-11-12 21:04 - 00000000 ____D C:\Users\User\AppData\Local\Dropbox
2015-11-06 14:58 - 2015-11-06 14:58 - 00000000 ____D C:\ProgramData\Dropbox
2015-11-06 14:57 - 2015-11-12 20:30 - 00001184 _____ C:\Users\User\Desktop\Dropbox (Pandas Box).lnk
2015-11-06 14:57 - 2015-11-06 14:57 - 00000000 __HDL C:\Users\User\Dropbox
2015-11-04 21:09 - 2015-11-04 22:32 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\43DB740D.sys
2015-11-04 13:58 - 2015-11-04 13:59 - 01592568 _____ (LogMeIn, Inc.) C:\Users\User\Downloads\Support-LogMeInRescue (1).exe
2015-11-04 00:45 - 2015-11-04 00:46 - 00092656 _____ C:\Users\User\Downloads\WinKeyFinder175.zip
2015-11-03 21:06 - 2015-11-03 21:39 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\13BB232A.sys
2015-11-02 21:18 - 2015-11-02 21:18 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\1DDA5EC7.sys
2015-11-01 15:08 - 2015-11-01 15:08 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\68747557.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-01 13:53 - 2009-07-13 20:37 - 00000000 ___HD C:\Windows\inf
2015-12-01 13:53 - 2009-07-13 20:37 - 00000000 ____D C:\Windows
2015-12-01 13:50 - 2015-02-26 18:12 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-12-01 13:42 - 2009-07-13 22:34 - 00017168 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-01 13:42 - 2009-07-13 22:34 - 00017168 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-01 13:37 - 2013-09-26 11:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-01 13:28 - 2015-04-07 21:14 - 00000000 ___RD C:\Users\User\Dropbox (Pandas Box)
2015-12-01 13:28 - 2015-04-07 19:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2015-12-01 13:27 - 2015-03-14 21:51 - 00000296 _____ C:\Windows\Tasks\Health-Check-auto.job
2015-12-01 13:26 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-01 00:00 - 2015-02-22 03:38 - 00001962 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2015-11-30 23:35 - 2015-02-22 03:52 - 00002176 _____ C:\Users\Public\Desktop\HP ENVY 7640 series.lnk
2015-11-30 23:35 - 2015-02-22 03:52 - 00001138 _____ C:\Users\Public\Desktop\Shop for Supplies - HP ENVY 7640 series.lnk
2015-11-30 23:18 - 2015-03-14 21:51 - 00000298 _____ C:\Windows\Tasks\Health-Check-deep.job
2015-11-30 23:18 - 2015-03-14 21:51 - 00000290 _____ C:\Windows\Tasks\Health-Check.job
2015-11-30 13:38 - 2013-09-25 21:30 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-29 18:00 - 2013-10-05 11:23 - 00000000 ____D C:\Program Files\Google
2015-11-27 19:13 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache
2015-11-27 16:06 - 2013-09-26 10:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-27 16:05 - 2013-10-06 15:46 - 00000000 ____D C:\Windows\system32\MRT
2015-11-27 15:47 - 2013-10-06 15:46 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-27 15:28 - 2009-07-14 01:50 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-25 10:15 - 2015-05-13 14:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-23 12:10 - 2014-04-16 02:08 - 00000000 ____D C:\Windows\Minidump
2015-11-19 04:57 - 2015-04-25 13:52 - 00000000 ____D C:\Users\User\Downloads\Dynasty gifs
2015-11-19 04:44 - 2015-10-22 21:17 - 00000000 ____D C:\Users\User\Downloads\Lathan
2015-11-19 04:44 - 2013-11-06 19:47 - 00000000 ____D C:\Users\User\Downloads\angeles
2015-11-17 23:14 - 2013-09-26 11:44 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2015-11-07 17:18 - 2014-01-02 19:17 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2015-11-05 19:40 - 2009-07-13 22:53 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2015-03-12 20:49 - 2015-03-14 21:39 - 0000078 _____ () C:\Users\User\AppData\Roaming\mbam.context.scan
2015-11-30 19:11 - 2015-11-30 19:11 - 0004096 ____H () C:\Users\User\AppData\Local\keyfile3.drm
2015-02-22 02:12 - 2015-02-22 02:12 - 0000057 _____ () C:\ProgramData\Ament.ini
Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpprw_sh.dll
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsravv2.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-30 14:25
==================== End of FRST.txt ============================
This Addition scan results
Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-12-2015
Ran by User (2015-12-01 14:01:49)
Running from C:\Users\User\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2013-09-26 16:05:53)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-470659228-1914503675-2800085871-500 - Administrator - Disabled)
Guest (S-1-5-21-470659228-1914503675-2800085871-501 - Limited - Disabled)
User (S-1-5-21-470659228-1914503675-2800085871-1000 - Administrator - Enabled) => C:\Users\User
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.135 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.135 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\{3CE0C7DC-ED5B-450E-9C5F-49702C263544}) (Version: 12.1.7.157 - Adobe Systems, Inc)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 10.0.1 (HKLM\...\Ashampoo Burning Studio 10_is1) (Version: 10.0.1 - ashampoo GmbH & Co. KG)
Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Auto-Pet-Buy version 1.2.2.2 (HKLM\...\{F6A21126-4EB9-48CF-91DC-63AEF81D7872}_is1) (Version: 1.2.2.2 - Rodolfo U. Batista)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
ClamWin Free Antivirus 0.98.7 (HKLM\...\ClamWin Free Antivirus_is1) (Version: - alch)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Foxit Reader (HKLM\...\{BDDF6AEE-7AD7-4CDA-B57F-5BDF9417AD4F}) (Version: 5.1.3.1201 - Foxit Corporation)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.251 - SurfRight B.V.)
HP ENVY 7640 series Basic Device Software (HKLM\...\{85FF0AA2-49C8-4FEB-8F0F-F9A9303C0B38}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
HP ENVY 7640 series Help (HKLM\...\{462AAD1D-9165-4D62-8A3C-EAD926FD3650}) (Version: 34.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
iTunes (HKLM\...\{E05D82D8-FE70-4228-B073-B0C07FE27595}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Kaspersky Internet Security (HKLM\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.396 - Kaspersky Lab)
Kaspersky Internet Security (Version: 15.0.2.396 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Publisher 2002 (HKLM\...\{90190409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-470659228-1914503675-2800085871-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Pale Moon 24.2.2 (x86 en-US) (HKLM\...\Pale Moon 24.2.2 (x86 en-US)) (Version: 24.2.2 - Mozilla)
Product Improvement Study for HP ENVY 7640 series (HKLM\...\{FA283DED-2C15-4E48-93A2-EF3474FBE8F3}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
USB Optical Mouse (HKLM\...\{EEAE45EB-C1E3-4CCD-930D-D7B40F810063}) (Version: 1.00.0000 - )
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Пакет обеспечения совместимости для выпуска 2007 системы Microsoft Office (HKLM\...\{90120000-0020-0419-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-470659228-1914503675-2800085871-1000_Classes\CLSID\{A10E0335-AFCA-4E7E-975F-CA30235FB29A}\InprocServer32 -> C:\Users\User\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
==================== Restore Points =========================
30-11-2015 23:24:23 Removed HP ENVY 7640 series Basic Device Software
30-11-2015 23:26:52 Removed HP ENVY 7640 series Basic Device Software
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {06BF9645-7966-4683-BDF6-27AED2D634A5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-11-12] (Dropbox, Inc.)
Task: {11C63790-3B81-4A69-82A7-CB52F4CDD0B6} - \SmartDefrag_Startup -> No File <==== ATTENTION
Task: {14624E3B-DC78-4A63-BD02-95B3F3E7FDFB} - \Health-Check-deep -> No File <==== ATTENTION
Task: {161B295D-FCE3-4338-8507-4C5310BC4AED} - \{CA749DD4-5C0D-4B6F-A8AD-C85D0083D5A4} -> No File <==== ATTENTION
Task: {29A8F0AB-C99F-4BC8-904F-5DC41B583846} - \HPCustParticipation HP ENVY 7640 series -> No File <==== ATTENTION
Task: {38F432CF-BA85-4E6E-AE2B-D994EA5B1721} - System32\Tasks\{402BEB33-5D2B-4988-9EBB-BEBB53AA9328} => pcalua.exe -a C:\Users\User\Downloads\air4-0_win.exe -d C:\Users\User\Downloads
Task: {4ABE44CE-C847-4C60-B1FF-CAFC1085721A} - \{DB6CF461-EA39-4737-9C9F-FA40C4F85448} -> No File <==== ATTENTION
Task: {58803100-20AE-428D-9B34-C4B8534935C9} - System32\Tasks\Seagate_Install_Launch => C:\Program Files\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {74C0D1F0-29C2-4216-A242-2A455B2B1C78} - \{9E5D8AB4-FF41-4EAF-9C75-BE1E2DD86F41} -> No File <==== ATTENTION
Task: {8322AC7A-C2E7-4583-80A7-3012FD08DFD0} - \Health-Check -> No File <==== ATTENTION
Task: {83CF3CC5-51CB-402D-A89F-3ADC864B0B5B} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {89C17738-60BA-491A-9663-C692B6C11758} - \Driver Booster SkipUAC (User) -> No File <==== ATTENTION
Task: {AB32E32E-7D4D-4653-8787-E6E31B4EDCAC} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {BA1FBF2F-32C2-425E-9DF2-3DCE2412BB50} - \HPCustPartic.exe_{E57A5AB6-8202-4C98-AAB7-700B26BF3186} -> No File <==== ATTENTION
Task: {BCD7E08E-F3AF-448F-9FB9-D41A12FA54FA} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-11-12] (Dropbox, Inc.)
Task: {D4FB6435-489F-4368-B689-00E0178A80B1} - \SmartDefragUpdate -> No File <==== ATTENTION
Task: {DDA2D2C9-66E1-45B9-A774-CE787D042BC1} - \Health-Check-auto -> No File <==== ATTENTION
Task: {FE0610A9-5213-42EE-B0E9-FAD50228489C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\Health-Check-auto.job => C:\Users\User\Desktop\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\Windows\Tasks\Health-Check-deep.job => C:\Users\User\Desktop\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\Windows\Tasks\Health-Check.job => C:\Users\User\Desktop\Advanced Uninstaller PRO\healthcheck.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-11-12 22:05 - 2015-11-05 11:33 - 00201216 _____ () C:\Users\User\AppData\Local\MediaFire Desktop\MFShellIconOverlayError.dll
2015-11-12 22:05 - 2015-11-05 11:33 - 00201216 _____ () C:\Users\User\AppData\Local\MediaFire Desktop\MFShellIconOverlaySynced.dll
2015-11-12 22:05 - 2015-11-05 11:33 - 00201216 _____ () C:\Users\User\AppData\Local\MediaFire Desktop\MFShellIconOverlayReadOnly.dll
2015-11-12 22:05 - 2015-11-05 11:33 - 00201216 _____ () C:\Users\User\AppData\Local\MediaFire Desktop\MFShellIconOverlayLock.dll
2015-11-12 22:05 - 2015-11-05 11:33 - 00201216 _____ () C:\Users\User\AppData\Local\MediaFire Desktop\MFShellIconOverlaySyncing.dll
2015-11-16 22:55 - 2008-04-19 16:35 - 00081920 _____ () C:\Program Files\ClamWin\bin\ExpShell.dll
2015-12-01 13:27 - 2015-12-01 13:27 - 00071168 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsravv2.dll
2015-11-12 20:28 - 2015-09-02 18:11 - 00012800 _____ () C:\Program Files\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-11-12 20:28 - 2015-09-02 18:11 - 00779776 _____ () C:\Program Files\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-11-12 20:28 - 2015-09-02 18:11 - 00056320 _____ () C:\Program Files\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-11-12 20:28 - 2015-09-02 18:11 - 00012288 _____ () C:\Program Files\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2015-11-16 22:55 - 2005-02-08 16:23 - 00979005 _____ () C:\Program Files\ClamWin\bin\python23.dll
2015-11-16 22:55 - 2004-11-20 02:27 - 00069632 _____ () C:\Program Files\ClamWin\lib\win32api.pyd
2015-11-16 22:55 - 2004-10-11 19:21 - 00094208 _____ () C:\Program Files\ClamWin\lib\pywintypes23.dll
2015-11-16 22:55 - 2004-05-25 20:18 - 00057401 _____ () C:\Program Files\ClamWin\lib\_sre.pyd
2015-11-16 22:55 - 2004-11-20 02:27 - 00086016 _____ () C:\Program Files\ClamWin\lib\win32gui.pyd
2015-11-16 22:55 - 2004-11-20 02:27 - 00024576 _____ () C:\Program Files\ClamWin\lib\win32event.pyd
2015-11-16 22:55 - 2004-11-20 02:27 - 00036864 _____ () C:\Program Files\ClamWin\lib\win32process.pyd
2015-11-16 22:55 - 2004-05-25 20:18 - 00049212 _____ () C:\Program Files\ClamWin\lib\_socket.pyd
2015-11-16 22:55 - 2004-05-25 20:18 - 00495616 _____ () C:\Program Files\ClamWin\lib\_ssl.pyd
2015-11-16 22:55 - 2004-05-25 20:20 - 00036864 _____ () C:\Program Files\ClamWin\lib\_winreg.pyd
2015-11-16 22:55 - 2004-10-11 19:22 - 00315392 _____ () C:\Program Files\ClamWin\lib\pythoncom23.dll
2015-11-16 22:55 - 2004-11-20 02:27 - 00106496 _____ () C:\Program Files\ClamWin\lib\shell.pyd
2015-11-16 22:55 - 2004-11-20 02:27 - 00065536 _____ () C:\Program Files\ClamWin\lib\win32security.pyd
2015-11-16 22:55 - 2004-01-15 13:45 - 00061440 _____ () C:\Program Files\ClamWin\lib\_ctypes.pyd
2015-11-16 22:55 - 2004-11-20 02:27 - 00077824 _____ () C:\Program Files\ClamWin\lib\win32file.pyd
2015-11-16 22:55 - 2004-11-20 02:27 - 00024576 _____ () C:\Program Files\ClamWin\lib\win32pipe.pyd
2015-11-16 22:55 - 2003-10-01 12:40 - 02240512 _____ () C:\Program Files\ClamWin\lib\wxc.pyd
2015-11-16 22:55 - 2003-10-01 10:43 - 03239936 _____ () C:\Program Files\ClamWin\lib\wxmsw24h.dll
2015-11-16 22:55 - 2003-08-10 08:14 - 00061440 _____ () C:\Program Files\ClamWin\lib\mxDateTime.pyd
2015-11-16 22:55 - 2004-05-25 20:17 - 00622651 _____ () C:\Program Files\ClamWin\lib\_bsddb.pyd
2015-11-16 22:55 - 2004-05-25 20:19 - 00045117 _____ () C:\Program Files\ClamWin\lib\datetime.pyd
2014-03-16 21:49 - 2014-12-29 11:16 - 03044864 _____ () C:\Program Files\Pale Moon\mozjs.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-470659228-1914503675-2800085871-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: InnovativeSolutions_monitor => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk.disabled => C:\Windows\pss\Dropbox.lnk.disabled.Startup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP ENVY 7640 series (NET) => "C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH4AR260D7063T:NW" -scfn "HP ENVY 7640 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: USB Optical Mouse => "C:\Program Files\USB Optical Mouse\USB Optical Mouse\MouseHid.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{A51A45C5-A508-4011-9D01-9714E924F8E8}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{890BC205-BCB5-41E7-A86A-3C860ECE6897}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D4188F3E-7A91-4D37-95B8-FFEBDAF4BD5E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B3B35500-536A-46B5-B765-FBB99B5249C8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{92188323-2E0E-4E93-A800-D5888C93D811}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{D3E39FB0-9447-4EA0-9336-6C9F44B78BF4}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{FA188D33-5BE7-4639-A585-CCAC1C3648C3}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C246A366-D5B1-4A79-A13C-1C4BBCBF4EE9}] => (Allow) LPort=2869
FirewallRules: [{3940023B-44C5-470F-AB52-BAE768CF045A}] => (Allow) LPort=1900
FirewallRules: [{9DA4B37D-E55A-4CDF-94B1-80408CD5C612}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1100985C-263B-456A-BAD1-8DF4A300C156}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{71D050A8-0A62-4206-BE57-B6B9007FC048}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{FEC8A5A3-BA60-48C5-9EDF-2AD231782828}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{5CF6882B-3786-40EB-858C-4DAC18CA9ED5}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{3C38653A-5E54-427E-A177-1614588F529A}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{9F30E8BA-FAE5-49B5-8A12-7BD9EEB5EBDB}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\FaxApplications.exe
FirewallRules: [{0443F7B5-7284-4217-98D3-4C10D6EF18B9}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\DigitalWizards.exe
FirewallRules: [{C9B29048-9679-4E72-A5FD-D468B950CC6F}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\SendAFax.exe
FirewallRules: [{55BB0685-5AD9-456D-9D76-A2833D761751}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\DeviceSetup.exe
FirewallRules: [{B8E87125-404E-46CC-ADB3-6D49C32C33AD}] => (Allow) LPort=5357
FirewallRules: [{309314C2-FA2C-4621-B4A0-71C509DB05AC}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{21ABBCD8-664E-4CC9-844F-FD0A67A95015}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C82C385A-CBBA-4840-9D58-1D71A3950BF0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{47203054-80EC-4EF5-8334-A59EB539BD1A}] => (Allow) LPort=8888
FirewallRules: [{77144DA0-5F3E-4C5C-BDEB-0B51D7D37ED0}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS4FF9\HPDiagnosticCoreUI.exe
FirewallRules: [{693BBB87-5AEA-4FFB-A6F8-378DE66CFE3C}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS4FF9\HPDiagnosticCoreUI.exe
FirewallRules: [{61FEB400-B920-436F-85FD-9809089BFF58}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS50DE\HPDiagnosticCoreUI.exe
FirewallRules: [{D5200882-0C6B-44DD-AB9B-7E758C57A3BD}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS50DE\HPDiagnosticCoreUI.exe
FirewallRules: [{C55FC559-725E-4785-9288-4D2B7F2EABB6}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0097\HPDiagnosticCoreUI.exe
FirewallRules: [{B4D8ACDE-E119-4E4D-AC52-B0E62DB932F4}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0097\HPDiagnosticCoreUI.exe
FirewallRules: [{EA1458E6-13A5-474E-996E-159CBDF1B56E}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS01D7\HPDiagnosticCoreUI.exe
FirewallRules: [{4A4AA079-CB20-4556-977D-3DE200B02A91}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS01D7\HPDiagnosticCoreUI.exe
FirewallRules: [{899FEE25-1EA4-4E52-BE11-CA4EF4D68E1D}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0989\HPDiagnosticCoreUI.exe
FirewallRules: [{BA710A6E-FA87-4BD1-B092-BA8F76208CD5}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0989\HPDiagnosticCoreUI.exe
FirewallRules: [{DC7C5A53-6FBB-4FD3-8A5F-BBA630F9A249}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{DF9B6831-AABA-40F2-BF42-9CD67D78E2F5}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS54CF\HPDiagnosticCoreUI.exe
FirewallRules: [{040CD439-945F-44D4-9F89-4174AA0212FA}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS54CF\HPDiagnosticCoreUI.exe
==================== Faulty Device Manager Devices =============
Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
CodeIntegrity:
===================================
Date: 2015-10-26 18:01:21.479
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
Date: 2015-10-26 18:01:21.463
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
Date: 2015-10-26 18:01:21.245
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
Date: 2015-10-26 18:01:21.213
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
==================== Memory info ===========================
Processor: AMD C-50 Processor
Percentage of memory in use: 51%
Total physical RAM: 2794.9 MB
Available physical RAM: 1355.66 MB
Total Virtual: 5693.21 MB
Available Virtual: 4075.73 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:181.37 GB) NTFS
Drive e: () (Removable) (Total:3.73 GB) (Free:0.92 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BB4F8998)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
Can you help please I really miss having my chrome browser. The link i went to said it had a worm in the file. And now my printer doesnt work. I am not sure why it is cutting off when im using it either but it is annoying. Please anything you can do? Thanks so much for all your help. I havent forgot about ya.