Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Tried Chrome.exe removal and Hitman pro went bluescreen
Message
<blockquote data-quote="Lioness" data-source="post: 455077" data-attributes="member: 45674"><p>This is frst scan results</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-12-2015</p><p>Ran by User (administrator) on USER-PC (01-12-2015 13:59:49)</p><p>Running from C:\Users\User\Downloads</p><p>Loaded Profiles: User (Available Profiles: User)</p><p>Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)</p><p>Internet Explorer Version 11 (Default browser not detected!)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe</p><p>(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe</p><p>(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE</p><p>(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE</p><p>(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe</p><p>(alch) C:\Program Files\ClamWin\bin\ClamTray.exe</p><p>(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE</p><p>(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe</p><p>(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe</p><p>(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe</p><p>(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe</p><p>(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ===========================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.)</p><p>HKLM\...\Run: [ClamWin] => C:\Program Files\ClamWin\bin\ClamTray.exe [86016 2015-05-05] (alch)</p><p>HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0</p><p>HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0</p><p>HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0</p><p>HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0</p><p>HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0</p><p>HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0</p><p>HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0</p><p>HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0</p><p>HKU\S-1-5-21-470659228-1914503675-2800085871-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819232 2015-10-24] (SUPERAntiSpyware)</p><p>HKU\S-1-5-21-470659228-1914503675-2800085871-1000\...\Run: [HP ENVY 7640 series (NET) #2] => C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe [2424840 2014-08-22] (Hewlett-Packard Development Company, LP)</p><p>HKU\S-1-5-21-470659228-1914503675-2800085871-1000\...\Policies\Explorer: [NoSaveSettings] 0</p><p>HKU\S-1-5-21-470659228-1914503675-2800085871-1000\Control Panel\Desktop\\SCRNSAVE.EXE -></p><p>HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0</p><p>HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0</p><p>HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0</p><p>HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0</p><p>ShellIconOverlayIdentifiers: [] -> {b5458932-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\User\AppData\Local\MediaFire Desktop\\MFShellIconOverlayError.dll [2015-11-05] ()</p><p>ShellIconOverlayIdentifiers: [] -> {b5458930-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\User\AppData\Local\MediaFire Desktop\\MFShellIconOverlaySynced.dll [2015-11-05] ()</p><p>ShellIconOverlayIdentifiers: [] -> {b5458934-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\User\AppData\Local\MediaFire Desktop\\MFShellIconOverlayReadOnly.dll [2015-11-05] ()</p><p>ShellIconOverlayIdentifiers: [] -> {b5458933-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\User\AppData\Local\MediaFire Desktop\\MFShellIconOverlayLock.dll [2015-11-05] ()</p><p>ShellIconOverlayIdentifiers: [] -> {b5458931-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\User\AppData\Local\MediaFire Desktop\\MFShellIconOverlaySyncing.dll [2015-11-05] ()</p><p>ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)</p><p>Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76</p><p>Tcpip\..\Interfaces\{3E3B9458-94D3-409F-A7ED-4740E26603BD}: [NameServer] 8.8.8.8,8.8.4.4</p><p>Tcpip\..\Interfaces\{3E3B9458-94D3-409F-A7ED-4740E26603BD}: [DhcpNameServer] 75.75.75.75 75.75.76.76</p><p></p><p>Internet Explorer:</p><p>==================</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =</p><p>HKU\S-1-5-21-470659228-1914503675-2800085871-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.com/</p><p>HKU\S-1-5-21-470659228-1914503675-2800085871-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/WOL_WCP</p><p>SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p>SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p>SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p>SearchScopes: HKU\S-1-5-21-470659228-1914503675-2800085871-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://<a href="http://www.google.com/search?q={searchTerms}" target="_blank">www.google.com/search?q={searchTerms}</a></p><p>BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)</p><p>BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)</p><p>BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)</p><p>BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)</p><p>BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)</p><p>Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ulcrnb2b.default-1425351486652</p><p>FF Homepage: about:home</p><p>FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2015-02-05] (Adobe Systems, Inc.)</p><p>FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()</p><p>FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)</p><p>FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)</p><p>FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-26] ()</p><p>FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-26] ()</p><p>FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)</p><p>FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)</p><p>FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-02-26] [not signed]</p><p>FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-26] [not signed]</p><p>FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-26] [not signed]</p><p>FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-26] [not signed]</p><p>FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-26] [not signed]</p><p>FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com</p><p>FF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com</p><p>FF HKLM\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com</p><p></p><p>==================== Services (Whitelisted) ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)</p><p>R2 AVP15.0.2; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-06-23] (Kaspersky Lab ZAO)</p><p>S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-12] (Dropbox, Inc.)</p><p>S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-12] (Dropbox, Inc.)</p><p>R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-11-22] (SurfRight B.V.)</p><p>S4 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)</p><p>S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)</p><p>R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)</p><p></p><p>===================== Drivers (Whitelisted) ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3208496 2015-05-19] (Qualcomm Atheros Communications, Inc.)</p><p>R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [197864 2015-06-23] (Kaspersky Lab UK Ltd)</p><p>R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [153784 2015-06-23] (Kaspersky Lab ZAO)</p><p>R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [54640 2015-06-23] (Kaspersky Lab ZAO)</p><p>R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [128728 2015-06-23] (Kaspersky Lab ZAO)</p><p>R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [44208 2015-06-30] (Kaspersky Lab ZAO)</p><p>R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [692920 2015-10-06] (Kaspersky Lab ZAO)</p><p>R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [34160 2015-06-23] (Kaspersky Lab ZAO)</p><p>R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [36208 2015-06-23] (Kaspersky Lab ZAO)</p><p>R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [35696 2015-06-23] (Kaspersky Lab ZAO)</p><p>R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [23920 2015-06-23] (Kaspersky Lab ZAO)</p><p>R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-23] (Kaspersky Lab ZAO)</p><p>R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [72560 2015-06-23] (Kaspersky Lab ZAO)</p><p>R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [157240 2015-10-06] (Kaspersky Lab ZAO)</p><p>R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [68208 2011-03-23] (Atheros Communications, Inc.)</p><p>R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)</p><p>S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)</p><p>R3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [9472 2009-07-24] (Primax Ltd)</p><p>S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)</p><p>R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)</p><p>R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)</p><p>U3 GrooveAuditService; no ImagePath</p><p>U3 GrooveInstallerService; no ImagePath</p><p>U0 SR; no ImagePath</p><p>U2 srservice; no ImagePath</p><p>S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]</p><p>S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2015-12-01 13:58 - 2015-12-01 13:58 - 00000000 ____D C:\Users\User\Downloads\FRST-OlderVersion</p><p>2015-11-30 23:31 - 2014-08-22 04:25 - 00587272 _____ (Hewlett-Packard Development Company, LP) C:\Windows\system32\HPDiscoPMDC11.dll</p><p>2015-11-30 20:53 - 2015-11-30 20:53 - 00000000 ____D C:\Users\User\Documents\Recipes</p><p>2015-11-30 19:11 - 2015-11-30 19:11 - 00004096 ____H C:\Users\User\AppData\Local\keyfile3.drm</p><p>2015-11-30 13:34 - 2015-11-30 13:34 - 00000000 ____D C:\Users\User\AppData\Local\GWX</p><p>2015-11-29 13:34 - 2015-11-29 13:34 - 00169225 _____ C:\Users\User\Documents\Chrome bookmarks_11_29_15.html</p><p>2015-11-27 16:36 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll</p><p>2015-11-27 16:36 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll</p><p>2015-11-27 16:36 - 2015-10-29 11:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll</p><p>2015-11-27 16:36 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe</p><p>2015-11-27 16:36 - 2015-10-20 11:46 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll</p><p>2015-11-27 16:36 - 2015-10-20 11:46 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll</p><p>2015-11-27 16:36 - 2015-10-20 11:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll</p><p>2015-11-27 16:36 - 2015-10-20 11:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll</p><p>2015-11-27 16:36 - 2015-10-20 11:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll</p><p>2015-11-27 16:36 - 2015-10-20 11:46 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll</p><p>2015-11-27 16:36 - 2015-10-20 11:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll</p><p>2015-11-27 16:36 - 2015-10-20 11:45 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe</p><p>2015-11-27 16:36 - 2015-10-20 11:45 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll</p><p>2015-11-27 16:36 - 2015-10-20 11:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe</p><p>2015-11-27 16:36 - 2015-10-20 11:45 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll</p><p>2015-11-27 15:21 - 2015-08-05 11:40 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll</p><p>2015-11-27 15:21 - 2015-08-05 10:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys</p><p>2015-11-27 15:20 - 2015-11-03 15:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll</p><p>2015-11-27 15:20 - 2015-11-03 11:46 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys</p><p>2015-11-27 15:20 - 2015-10-30 16:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb</p><p>2015-11-27 15:20 - 2015-10-30 16:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec</p><p>2015-11-27 15:20 - 2015-10-30 16:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe</p><p>2015-11-27 15:20 - 2015-10-30 16:36 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe</p><p>2015-11-27 15:20 - 2015-10-30 16:31 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe</p><p>2015-11-27 15:20 - 2015-10-30 16:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl</p><p>2015-11-27 15:20 - 2015-10-30 16:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll</p><p>2015-11-27 15:20 - 2015-10-30 16:09 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe</p><p>2015-11-27 15:20 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll</p><p>2015-11-27 15:20 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll</p><p>2015-11-27 15:20 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll</p><p>2015-11-27 15:20 - 2015-10-19 18:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll</p><p>2015-11-27 15:20 - 2015-10-12 22:50 - 00712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys</p><p>2015-11-27 15:20 - 2015-10-01 11:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll</p><p>2015-11-27 15:20 - 2015-10-01 11:50 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll</p><p>2015-11-27 15:19 - 2015-10-19 18:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe</p><p>2015-11-27 15:19 - 2015-10-19 18:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe</p><p>2015-11-27 15:19 - 2015-10-19 18:52 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys</p><p>2015-11-27 15:19 - 2015-10-19 18:52 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys</p><p>2015-11-27 15:19 - 2015-10-19 18:48 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll</p><p>2015-11-27 15:19 - 2015-10-19 18:45 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll</p><p>2015-11-27 15:19 - 2015-10-19 18:45 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll</p><p>2015-11-27 15:19 - 2015-10-19 18:45 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll</p><p>2015-11-27 15:19 - 2015-10-19 18:45 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe</p><p>2015-11-27 15:19 - 2015-10-19 18:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll</p><p>2015-11-27 15:19 - 2015-10-19 18:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll</p><p>2015-11-27 15:19 - 2015-10-19 18:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll</p><p>2015-11-27 15:19 - 2015-10-19 18:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll</p><p>2015-11-27 15:19 - 2015-10-19 18:45 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll</p><p>2015-11-27 15:19 - 2015-10-19 18:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe</p><p>2015-11-27 15:19 - 2015-10-19 18:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll</p><p>2015-11-27 15:19 - 2015-10-19 18:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll</p><p>2015-11-27 15:19 - 2015-10-19 18:45 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll</p><p>2015-11-27 15:19 - 2015-10-19 18:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll</p><p>2015-11-27 15:19 - 2015-10-19 18:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll</p><p>2015-11-27 15:19 - 2015-10-19 18:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll</p><p>2015-11-27 15:19 - 2015-10-19 18:45 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll</p><p>2015-11-27 15:19 - 2015-10-19 18:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe</p><p>2015-11-27 15:19 - 2015-10-19 18:44 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe</p><p>2015-11-27 15:19 - 2015-10-19 18:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll</p><p>2015-11-27 15:19 - 2015-10-19 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll</p><p>2015-11-27 15:19 - 2015-10-19 18:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll</p><p>2015-11-27 15:19 - 2015-10-19 18:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll</p><p>2015-11-27 15:19 - 2015-10-19 17:29 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys</p><p>2015-11-27 15:19 - 2015-10-19 17:28 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys</p><p>2015-11-27 15:19 - 2015-10-19 17:28 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys</p><p>2015-11-27 15:19 - 2015-10-13 10:31 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys</p><p>2015-11-27 15:19 - 2015-10-13 10:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys</p><p>2015-11-27 15:19 - 2015-09-23 07:09 - 00371920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys</p><p>2015-11-27 15:19 - 2015-09-23 07:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll</p><p>2015-11-26 11:42 - 2015-11-26 11:42 - 00985600 _____ C:\Users\User\Downloads\MicrosoftFixit50123.msi</p><p>2015-11-25 12:56 - 2015-11-25 12:56 - 00000000 ____D C:\Users\User\AppData\Roaming\TeamViewer</p><p>2015-11-25 12:44 - 2015-11-25 12:44 - 00011407 _____ C:\Users\User\Desktop\zoek-results.txt</p><p>2015-11-25 11:55 - 2015-11-25 11:55 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore</p><p>2015-11-25 11:52 - 2015-11-25 10:16 - 00024064 _____ C:\Windows\zoek-delete.exe</p><p>2015-11-25 10:15 - 2015-11-25 11:41 - 00000000 ____D C:\zoek_backup</p><p>2015-11-24 02:13 - 2015-11-24 02:13 - 00043870 _____ C:\Users\User\Downloads\Addition_22-11-2015_18-24-24.txt</p><p>2015-11-24 02:11 - 2015-11-24 02:11 - 00035596 _____ C:\Users\User\Downloads\FRST_22-11-2015_18-24-24.txt</p><p>2015-11-23 17:07 - 2015-11-23 17:07 - 01309184 _____ C:\Users\User\Downloads\zoek.exe</p><p>2015-11-22 18:22 - 2015-11-22 18:24 - 00043870 _____ C:\Users\User\Downloads\Addition.txt</p><p>2015-11-22 18:18 - 2015-12-01 13:59 - 00020402 _____ C:\Users\User\Downloads\FRST.txt</p><p>2015-11-22 18:17 - 2015-12-01 13:59 - 00000000 ____D C:\FRST</p><p>2015-11-22 18:12 - 2015-12-01 13:58 - 01721344 _____ (Farbar) C:\Users\User\Downloads\FRST.exe</p><p>2015-11-22 16:16 - 2015-11-22 16:16 - 00004332 _____ C:\Users\User\Desktop\RogueKiller wanted to delete.txt</p><p>2015-11-22 14:48 - 2015-11-22 18:01 - 00000000 ____D C:\ProgramData\RogueKiller</p><p>2015-11-22 14:48 - 2015-11-22 14:48 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys</p><p>2015-11-22 14:47 - 2015-11-22 14:47 - 19740232 _____ C:\Users\User\Downloads\RogueKiller.exe</p><p>2015-11-22 13:21 - 2015-11-22 13:35 - 00000000 ____D C:\Program Files\HitmanPro</p><p>2015-11-22 13:21 - 2015-11-22 13:21 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk</p><p>2015-11-22 13:21 - 2015-11-22 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>2015-11-22 12:40 - 2015-11-22 13:51 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2015-11-22 12:40 - 2015-11-22 12:40 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2015-11-22 12:40 - 2015-11-22 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2015-11-22 12:40 - 2015-11-22 12:40 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware</p><p>2015-11-22 12:40 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys</p><p>2015-11-22 12:40 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys</p><p>2015-11-22 12:40 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys</p><p>2015-11-22 12:36 - 2015-11-22 12:36 - 22908888 _____ (Malwarebytes ) C:\Users\User\Downloads\mbam-setup-2.2.0.1024.exe</p><p>2015-11-22 12:24 - 2015-11-22 12:24 - 00000022 _____ C:\Users\User\Downloads\ESETPoweliksCleaner.exe_20151122.122446.2508.zip</p><p>2015-11-22 12:22 - 2015-11-22 12:22 - 00224968 _____ (ESET) C:\Users\User\Downloads\ESETPoweliksCleaner.exe</p><p>2015-11-22 12:22 - 2015-11-22 12:22 - 00000022 _____ C:\Users\User\Downloads\ESETPoweliksCleaner.exe_20151122.122240.5444.zip</p><p>2015-11-19 05:33 - 2015-11-19 06:47 - 00000000 ____D C:\Users\User\Downloads\Other</p><p>2015-11-17 02:10 - 2015-11-17 02:10 - 00005376 _____ C:\Users\User\Desktop\clamWin files deleted.txt</p><p>2015-11-16 22:55 - 2015-11-16 22:57 - 00000000 ____D C:\Users\User\AppData\Roaming\.clamwin</p><p>2015-11-16 22:55 - 2015-11-16 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus</p><p>2015-11-16 22:55 - 2015-11-16 22:55 - 00000000 ____D C:\ProgramData\.clamwin</p><p>2015-11-16 22:55 - 2015-11-16 22:55 - 00000000 ____D C:\Program Files\ClamWin</p><p>2015-11-16 22:48 - 2015-11-16 22:49 - 108583716 _____ (alch ) C:\Users\User\Downloads\clamwin-0.98.7-setup.exe</p><p>2015-11-16 16:50 - 2015-11-16 17:35 - 00000000 ____D C:\Users\User\Downloads\Shaun 2</p><p>2015-11-13 11:44 - 2015-11-16 16:12 - 00000000 ___RD C:\Users\User\MediaFire</p><p>2015-11-12 22:04 - 2015-11-16 16:17 - 00000000 ____D C:\Users\User\AppData\Local\MediaFire Desktop</p><p>2015-11-12 20:54 - 2015-11-13 11:41 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\659859C3.sys</p><p>2015-11-12 20:29 - 2015-11-12 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox</p><p>2015-11-12 20:26 - 2015-12-01 13:32 - 00000892 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job</p><p>2015-11-12 20:26 - 2015-12-01 13:27 - 00000888 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job</p><p>2015-11-12 20:25 - 2015-11-12 20:29 - 00000000 ____D C:\Program Files\Dropbox</p><p>2015-11-12 20:25 - 2015-11-12 20:25 - 00660960 _____ (Dropbox, Inc.) C:\Users\User\Downloads\DropboxInstaller (2).exe</p><p>2015-11-06 14:58 - 2015-11-12 21:04 - 00000000 ____D C:\Users\User\AppData\Local\Dropbox</p><p>2015-11-06 14:58 - 2015-11-06 14:58 - 00000000 ____D C:\ProgramData\Dropbox</p><p>2015-11-06 14:57 - 2015-11-12 20:30 - 00001184 _____ C:\Users\User\Desktop\Dropbox (Pandas Box).lnk</p><p>2015-11-06 14:57 - 2015-11-06 14:57 - 00000000 __HDL C:\Users\User\Dropbox</p><p>2015-11-04 21:09 - 2015-11-04 22:32 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\43DB740D.sys</p><p>2015-11-04 13:58 - 2015-11-04 13:59 - 01592568 _____ (LogMeIn, Inc.) C:\Users\User\Downloads\Support-LogMeInRescue (1).exe</p><p>2015-11-04 00:45 - 2015-11-04 00:46 - 00092656 _____ C:\Users\User\Downloads\WinKeyFinder175.zip</p><p>2015-11-03 21:06 - 2015-11-03 21:39 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\13BB232A.sys</p><p>2015-11-02 21:18 - 2015-11-02 21:18 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\1DDA5EC7.sys</p><p>2015-11-01 15:08 - 2015-11-01 15:08 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\68747557.sys</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2015-12-01 13:53 - 2009-07-13 20:37 - 00000000 ___HD C:\Windows\inf</p><p>2015-12-01 13:53 - 2009-07-13 20:37 - 00000000 ____D C:\Windows</p><p>2015-12-01 13:50 - 2015-02-26 18:12 - 00000000 ____D C:\ProgramData\Kaspersky Lab</p><p>2015-12-01 13:42 - 2009-07-13 22:34 - 00017168 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2015-12-01 13:42 - 2009-07-13 22:34 - 00017168 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2015-12-01 13:37 - 2013-09-26 11:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2015-12-01 13:28 - 2015-04-07 21:14 - 00000000 ___RD C:\Users\User\Dropbox (Pandas Box)</p><p>2015-12-01 13:28 - 2015-04-07 19:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox</p><p>2015-12-01 13:27 - 2015-03-14 21:51 - 00000296 _____ C:\Windows\Tasks\Health-Check-auto.job</p><p>2015-12-01 13:26 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT</p><p>2015-12-01 00:00 - 2015-02-22 03:38 - 00001962 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk</p><p>2015-11-30 23:35 - 2015-02-22 03:52 - 00002176 _____ C:\Users\Public\Desktop\HP ENVY 7640 series.lnk</p><p>2015-11-30 23:35 - 2015-02-22 03:52 - 00001138 _____ C:\Users\Public\Desktop\Shop for Supplies - HP ENVY 7640 series.lnk</p><p>2015-11-30 23:18 - 2015-03-14 21:51 - 00000298 _____ C:\Windows\Tasks\Health-Check-deep.job</p><p>2015-11-30 23:18 - 2015-03-14 21:51 - 00000290 _____ C:\Windows\Tasks\Health-Check.job</p><p>2015-11-30 13:38 - 2013-09-25 21:30 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI</p><p>2015-11-29 18:00 - 2013-10-05 11:23 - 00000000 ____D C:\Program Files\Google</p><p>2015-11-27 19:13 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache</p><p>2015-11-27 16:06 - 2013-09-26 10:22 - 00000000 ____D C:\ProgramData\Microsoft Help</p><p>2015-11-27 16:05 - 2013-10-06 15:46 - 00000000 ____D C:\Windows\system32\MRT</p><p>2015-11-27 15:47 - 2013-10-06 15:46 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2015-11-27 15:28 - 2009-07-14 01:50 - 00000000 ____D C:\Program Files\Windows Journal</p><p>2015-11-25 10:15 - 2015-05-13 14:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk</p><p>2015-11-23 12:10 - 2014-04-16 02:08 - 00000000 ____D C:\Windows\Minidump</p><p>2015-11-19 04:57 - 2015-04-25 13:52 - 00000000 ____D C:\Users\User\Downloads\Dynasty gifs</p><p>2015-11-19 04:44 - 2015-10-22 21:17 - 00000000 ____D C:\Users\User\Downloads\Lathan</p><p>2015-11-19 04:44 - 2013-11-06 19:47 - 00000000 ____D C:\Users\User\Downloads\angeles</p><p>2015-11-17 23:14 - 2013-09-26 11:44 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc</p><p>2015-11-07 17:18 - 2014-01-02 19:17 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype</p><p>2015-11-05 19:40 - 2009-07-13 22:53 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2015-03-12 20:49 - 2015-03-14 21:39 - 0000078 _____ () C:\Users\User\AppData\Roaming\mbam.context.scan</p><p>2015-11-30 19:11 - 2015-11-30 19:11 - 0004096 ____H () C:\Users\User\AppData\Local\keyfile3.drm</p><p>2015-02-22 02:12 - 2015-02-22 02:12 - 0000057 _____ () C:\ProgramData\Ament.ini</p><p></p><p>Some files in TEMP:</p><p>====================</p><p>C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpprw_sh.dll</p><p>C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsravv2.dll</p><p></p><p></p><p>==================== Bamital & volsnap =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\system32\winlogon.exe => File is digitally signed</p><p>C:\Windows\system32\wininit.exe => File is digitally signed</p><p>C:\Windows\system32\svchost.exe => File is digitally signed</p><p>C:\Windows\system32\services.exe => File is digitally signed</p><p>C:\Windows\system32\User32.dll => File is digitally signed</p><p>C:\Windows\system32\userinit.exe => File is digitally signed</p><p>C:\Windows\system32\rpcss.dll => File is digitally signed</p><p>C:\Windows\system32\dnsapi.dll => File is digitally signed</p><p>C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2015-11-30 14:25</p><p>==================== End of FRST.txt ============================</p><p></p><p></p><p>This Addition scan results</p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-12-2015</p><p>Ran by User (2015-12-01 14:01:49)</p><p>Running from C:\Users\User\Downloads</p><p>Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2013-09-26 16:05:53)</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Accounts: =============================</p><p></p><p>Administrator (S-1-5-21-470659228-1914503675-2800085871-500 - Administrator - Disabled)</p><p>Guest (S-1-5-21-470659228-1914503675-2800085871-501 - Limited - Disabled)</p><p>User (S-1-5-21-470659228-1914503675-2800085871-1000 - Administrator - Enabled) => C:\Users\User</p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}</p><p>AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}</p><p>AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)</p><p>Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)</p><p>Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.135 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.135 - Adobe Systems Incorporated)</p><p>Adobe Shockwave Player 12.1 (HKLM\...\{3CE0C7DC-ED5B-450E-9C5F-49702C263544}) (Version: 12.1.7.157 - Adobe Systems, Inc)</p><p>Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)</p><p>Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)</p><p>Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)</p><p>Ashampoo Burning Studio 10.0.1 (HKLM\...\Ashampoo Burning Studio 10_is1) (Version: 10.0.1 - ashampoo GmbH & Co. KG)</p><p>Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)</p><p>Auto-Pet-Buy version 1.2.2.2 (HKLM\...\{F6A21126-4EB9-48CF-91DC-63AEF81D7872}_is1) (Version: 1.2.2.2 - Rodolfo U. Batista)</p><p>Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)</p><p>CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)</p><p>ClamWin Free Antivirus 0.98.7 (HKLM\...\ClamWin Free Antivirus_is1) (Version: - alch)</p><p>D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden</p><p>Dropbox (HKLM\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)</p><p>Dropbox Update Helper (Version: 1.3.27.37 - Dropbox, Inc.) Hidden</p><p>Foxit Reader (HKLM\...\{BDDF6AEE-7AD7-4CDA-B57F-5BDF9417AD4F}) (Version: 5.1.3.1201 - Foxit Corporation)</p><p>Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden</p><p>HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.251 - SurfRight B.V.)</p><p>HP ENVY 7640 series Basic Device Software (HKLM\...\{85FF0AA2-49C8-4FEB-8F0F-F9A9303C0B38}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)</p><p>HP ENVY 7640 series Help (HKLM\...\{462AAD1D-9165-4D62-8A3C-EAD926FD3650}) (Version: 34.0.0 - Hewlett Packard)</p><p>HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)</p><p>HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)</p><p>HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)</p><p>HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden</p><p>iTunes (HKLM\...\{E05D82D8-FE70-4228-B073-B0C07FE27595}) (Version: 11.1.1.11 - Apple Inc.)</p><p>Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)</p><p>Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)</p><p>Kaspersky Internet Security (HKLM\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.396 - Kaspersky Lab)</p><p>Kaspersky Internet Security (Version: 15.0.2.396 - Kaspersky Lab) Hidden</p><p>Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)</p><p>Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)</p><p>Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)</p><p>Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)</p><p>Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)</p><p>Microsoft Publisher 2002 (HKLM\...\{90190409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)</p><p>Microsoft SkyDrive (HKU\S-1-5-21-470659228-1914503675-2800085871-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)</p><p>Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden</p><p>Mozilla Firefox 41.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)</p><p>Pale Moon 24.2.2 (x86 en-US) (HKLM\...\Pale Moon 24.2.2 (x86 en-US)) (Version: 24.2.2 - Mozilla)</p><p>Product Improvement Study for HP ENVY 7640 series (HKLM\...\{FA283DED-2C15-4E48-93A2-EF3474FBE8F3}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)</p><p>Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)</p><p>Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)</p><p>SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)</p><p>TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)</p><p>Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)</p><p>USB Optical Mouse (HKLM\...\{EEAE45EB-C1E3-4CCD-930D-D7B40F810063}) (Version: 1.00.0000 - )</p><p>VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)</p><p>Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)</p><p>Пакет обеспечения совместимости для выпуска 2007 системы Microsoft Office (HKLM\...\{90120000-0020-0419-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)</p><p></p><p>==================== Custom CLSID (Whitelisted): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-470659228-1914503675-2800085871-1000_Classes\CLSID\{A10E0335-AFCA-4E7E-975F-CA30235FB29A}\InprocServer32 -> C:\Users\User\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)</p><p></p><p>==================== Restore Points =========================</p><p></p><p>30-11-2015 23:24:23 Removed HP ENVY 7640 series Basic Device Software</p><p>30-11-2015 23:26:52 Removed HP ENVY 7640 series Basic Device Software</p><p></p><p>==================== Hosts content: ===============================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts</p><p></p><p></p><p>==================== Scheduled Tasks (Whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>Task: {06BF9645-7966-4683-BDF6-27AED2D634A5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-11-12] (Dropbox, Inc.)</p><p>Task: {11C63790-3B81-4A69-82A7-CB52F4CDD0B6} - \SmartDefrag_Startup -> No File <==== ATTENTION</p><p>Task: {14624E3B-DC78-4A63-BD02-95B3F3E7FDFB} - \Health-Check-deep -> No File <==== ATTENTION</p><p>Task: {161B295D-FCE3-4338-8507-4C5310BC4AED} - \{CA749DD4-5C0D-4B6F-A8AD-C85D0083D5A4} -> No File <==== ATTENTION</p><p>Task: {29A8F0AB-C99F-4BC8-904F-5DC41B583846} - \HPCustParticipation HP ENVY 7640 series -> No File <==== ATTENTION</p><p>Task: {38F432CF-BA85-4E6E-AE2B-D994EA5B1721} - System32\Tasks\{402BEB33-5D2B-4988-9EBB-BEBB53AA9328} => pcalua.exe -a C:\Users\User\Downloads\air4-0_win.exe -d C:\Users\User\Downloads</p><p>Task: {4ABE44CE-C847-4C60-B1FF-CAFC1085721A} - \{DB6CF461-EA39-4737-9C9F-FA40C4F85448} -> No File <==== ATTENTION</p><p>Task: {58803100-20AE-428D-9B34-C4B8534935C9} - System32\Tasks\Seagate_Install_Launch => C:\Program Files\Seagate\Seagate Dashboard 2.0\Dashboard.exe</p><p>Task: {74C0D1F0-29C2-4216-A242-2A455B2B1C78} - \{9E5D8AB4-FF41-4EAF-9C75-BE1E2DD86F41} -> No File <==== ATTENTION</p><p>Task: {8322AC7A-C2E7-4583-80A7-3012FD08DFD0} - \Health-Check -> No File <==== ATTENTION</p><p>Task: {83CF3CC5-51CB-402D-A89F-3ADC864B0B5B} - \CCleanerSkipUAC -> No File <==== ATTENTION</p><p>Task: {89C17738-60BA-491A-9663-C692B6C11758} - \Driver Booster SkipUAC (User) -> No File <==== ATTENTION</p><p>Task: {AB32E32E-7D4D-4653-8787-E6E31B4EDCAC} - \Adobe Flash Player Updater -> No File <==== ATTENTION</p><p>Task: {BA1FBF2F-32C2-425E-9DF2-3DCE2412BB50} - \HPCustPartic.exe_{E57A5AB6-8202-4C98-AAB7-700B26BF3186} -> No File <==== ATTENTION</p><p>Task: {BCD7E08E-F3AF-448F-9FB9-D41A12FA54FA} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-11-12] (Dropbox, Inc.)</p><p>Task: {D4FB6435-489F-4368-B689-00E0178A80B1} - \SmartDefragUpdate -> No File <==== ATTENTION</p><p>Task: {DDA2D2C9-66E1-45B9-A774-CE787D042BC1} - \Health-Check-auto -> No File <==== ATTENTION</p><p>Task: {FE0610A9-5213-42EE-B0E9-FAD50228489C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)</p><p></p><p>(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)</p><p></p><p>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe</p><p>Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe</p><p>Task: C:\Windows\Tasks\Health-Check-auto.job => C:\Users\User\Desktop\Advanced Uninstaller PRO\healthcheck.exe</p><p>Task: C:\Windows\Tasks\Health-Check-deep.job => C:\Users\User\Desktop\Advanced Uninstaller PRO\healthcheck.exe</p><p>Task: C:\Windows\Tasks\Health-Check.job => C:\Users\User\Desktop\Advanced Uninstaller PRO\healthcheck.exe</p><p></p><p>==================== Shortcuts =============================</p><p></p><p>(The entries could be listed to be restored or removed.)</p><p></p><p>==================== Loaded Modules (Whitelisted) ==============</p><p></p><p>2015-11-12 22:05 - 2015-11-05 11:33 - 00201216 _____ () C:\Users\User\AppData\Local\MediaFire Desktop\MFShellIconOverlayError.dll</p><p>2015-11-12 22:05 - 2015-11-05 11:33 - 00201216 _____ () C:\Users\User\AppData\Local\MediaFire Desktop\MFShellIconOverlaySynced.dll</p><p>2015-11-12 22:05 - 2015-11-05 11:33 - 00201216 _____ () C:\Users\User\AppData\Local\MediaFire Desktop\MFShellIconOverlayReadOnly.dll</p><p>2015-11-12 22:05 - 2015-11-05 11:33 - 00201216 _____ () C:\Users\User\AppData\Local\MediaFire Desktop\MFShellIconOverlayLock.dll</p><p>2015-11-12 22:05 - 2015-11-05 11:33 - 00201216 _____ () C:\Users\User\AppData\Local\MediaFire Desktop\MFShellIconOverlaySyncing.dll</p><p>2015-11-16 22:55 - 2008-04-19 16:35 - 00081920 _____ () C:\Program Files\ClamWin\bin\ExpShell.dll</p><p>2015-12-01 13:27 - 2015-12-01 13:27 - 00071168 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsravv2.dll</p><p>2015-11-12 20:28 - 2015-09-02 18:11 - 00012800 _____ () C:\Program Files\Dropbox\Client\QtQuick.2\qtquick2plugin.dll</p><p>2015-11-12 20:28 - 2015-09-02 18:11 - 00779776 _____ () C:\Program Files\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll</p><p>2015-11-12 20:28 - 2015-09-02 18:11 - 00056320 _____ () C:\Program Files\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll</p><p>2015-11-12 20:28 - 2015-09-02 18:11 - 00012288 _____ () C:\Program Files\Dropbox\Client\QtQuick\Window.2\windowplugin.dll</p><p>2015-11-16 22:55 - 2005-02-08 16:23 - 00979005 _____ () C:\Program Files\ClamWin\bin\python23.dll</p><p>2015-11-16 22:55 - 2004-11-20 02:27 - 00069632 _____ () C:\Program Files\ClamWin\lib\win32api.pyd</p><p>2015-11-16 22:55 - 2004-10-11 19:21 - 00094208 _____ () C:\Program Files\ClamWin\lib\pywintypes23.dll</p><p>2015-11-16 22:55 - 2004-05-25 20:18 - 00057401 _____ () C:\Program Files\ClamWin\lib\_sre.pyd</p><p>2015-11-16 22:55 - 2004-11-20 02:27 - 00086016 _____ () C:\Program Files\ClamWin\lib\win32gui.pyd</p><p>2015-11-16 22:55 - 2004-11-20 02:27 - 00024576 _____ () C:\Program Files\ClamWin\lib\win32event.pyd</p><p>2015-11-16 22:55 - 2004-11-20 02:27 - 00036864 _____ () C:\Program Files\ClamWin\lib\win32process.pyd</p><p>2015-11-16 22:55 - 2004-05-25 20:18 - 00049212 _____ () C:\Program Files\ClamWin\lib\_socket.pyd</p><p>2015-11-16 22:55 - 2004-05-25 20:18 - 00495616 _____ () C:\Program Files\ClamWin\lib\_ssl.pyd</p><p>2015-11-16 22:55 - 2004-05-25 20:20 - 00036864 _____ () C:\Program Files\ClamWin\lib\_winreg.pyd</p><p>2015-11-16 22:55 - 2004-10-11 19:22 - 00315392 _____ () C:\Program Files\ClamWin\lib\pythoncom23.dll</p><p>2015-11-16 22:55 - 2004-11-20 02:27 - 00106496 _____ () C:\Program Files\ClamWin\lib\shell.pyd</p><p>2015-11-16 22:55 - 2004-11-20 02:27 - 00065536 _____ () C:\Program Files\ClamWin\lib\win32security.pyd</p><p>2015-11-16 22:55 - 2004-01-15 13:45 - 00061440 _____ () C:\Program Files\ClamWin\lib\_ctypes.pyd</p><p>2015-11-16 22:55 - 2004-11-20 02:27 - 00077824 _____ () C:\Program Files\ClamWin\lib\win32file.pyd</p><p>2015-11-16 22:55 - 2004-11-20 02:27 - 00024576 _____ () C:\Program Files\ClamWin\lib\win32pipe.pyd</p><p>2015-11-16 22:55 - 2003-10-01 12:40 - 02240512 _____ () C:\Program Files\ClamWin\lib\wxc.pyd</p><p>2015-11-16 22:55 - 2003-10-01 10:43 - 03239936 _____ () C:\Program Files\ClamWin\lib\wxmsw24h.dll</p><p>2015-11-16 22:55 - 2003-08-10 08:14 - 00061440 _____ () C:\Program Files\ClamWin\lib\mxDateTime.pyd</p><p>2015-11-16 22:55 - 2004-05-25 20:17 - 00622651 _____ () C:\Program Files\ClamWin\lib\_bsddb.pyd</p><p>2015-11-16 22:55 - 2004-05-25 20:19 - 00045117 _____ () C:\Program Files\ClamWin\lib\datetime.pyd</p><p>2014-03-16 21:49 - 2014-12-29 11:16 - 03044864 _____ () C:\Program Files\Pale Moon\mozjs.dll</p><p></p><p>==================== Alternate Data Streams (Whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the ADS will be removed.)</p><p></p><p></p><p>==================== Safe Mode (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"</p><p></p><p>==================== EXE Association (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed.)</p><p></p><p>HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION</p><p>HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION</p><p>HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION</p><p>HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION</p><p>HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION</p><p>HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION</p><p></p><p>==================== Internet Explorer trusted/restricted ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry.)</p><p></p><p></p><p>==================== Other Areas ============================</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKU\S-1-5-21-470659228-1914503675-2800085871-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg</p><p>DNS Servers: 8.8.8.8 - 8.8.4.4</p><p>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)</p><p>Windows Firewall is enabled.</p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items ==</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>MSCONFIG\Services: AdobeARMservice => 2</p><p>MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3</p><p>MSCONFIG\Services: AMD External Events Utility => 2</p><p>MSCONFIG\Services: APNMCP => 2</p><p>MSCONFIG\Services: Apple Mobile Device => 2</p><p>MSCONFIG\Services: Bonjour Service => 2</p><p>MSCONFIG\Services: gupdate => 2</p><p>MSCONFIG\Services: gupdatem => 3</p><p>MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2</p><p>MSCONFIG\Services: InnovativeSolutions_monitor => 3</p><p>MSCONFIG\Services: iPod Service => 3</p><p>MSCONFIG\Services: MBAMService => 2</p><p>MSCONFIG\Services: MozillaMaintenance => 3</p><p>MSCONFIG\Services: SkypeUpdate => 2</p><p>MSCONFIG\Services: TeamViewer9 => 2</p><p>MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup</p><p>MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup</p><p>MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk.disabled => C:\Windows\pss\Dropbox.lnk.disabled.Startup</p><p>MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup</p><p>MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"</p><p>MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"</p><p>MSCONFIG\startupreg: HP ENVY 7640 series (NET) => "C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH4AR260D7063T:NW" -scfn "HP ENVY 7640 series (NET)" -AutoStart 1</p><p>MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe</p><p>MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"</p><p>MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun</p><p>MSCONFIG\startupreg: USB Optical Mouse => "C:\Program Files\USB Optical Mouse\USB Optical Mouse\MouseHid.exe"</p><p></p><p>==================== FirewallRules (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>FirewallRules: [{A51A45C5-A508-4011-9D01-9714E924F8E8}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe</p><p>FirewallRules: [{890BC205-BCB5-41E7-A86A-3C860ECE6897}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>FirewallRules: [{D4188F3E-7A91-4D37-95B8-FFEBDAF4BD5E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>FirewallRules: [{B3B35500-536A-46B5-B765-FBB99B5249C8}] => (Allow) C:\Program Files\iTunes\iTunes.exe</p><p>FirewallRules: [{92188323-2E0E-4E93-A800-D5888C93D811}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe</p><p>FirewallRules: [{D3E39FB0-9447-4EA0-9336-6C9F44B78BF4}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe</p><p>FirewallRules: [{FA188D33-5BE7-4639-A585-CCAC1C3648C3}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe</p><p>FirewallRules: [{C246A366-D5B1-4A79-A13C-1C4BBCBF4EE9}] => (Allow) LPort=2869</p><p>FirewallRules: [{3940023B-44C5-470F-AB52-BAE768CF045A}] => (Allow) LPort=1900</p><p>FirewallRules: [{9DA4B37D-E55A-4CDF-94B1-80408CD5C612}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe</p><p>FirewallRules: [{1100985C-263B-456A-BAD1-8DF4A300C156}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe</p><p>FirewallRules: [{71D050A8-0A62-4206-BE57-B6B9007FC048}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe</p><p>FirewallRules: [{FEC8A5A3-BA60-48C5-9EDF-2AD231782828}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe</p><p>FirewallRules: [{5CF6882B-3786-40EB-858C-4DAC18CA9ED5}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe</p><p>FirewallRules: [{3C38653A-5E54-427E-A177-1614588F529A}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe</p><p>FirewallRules: [{9F30E8BA-FAE5-49B5-8A12-7BD9EEB5EBDB}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\FaxApplications.exe</p><p>FirewallRules: [{0443F7B5-7284-4217-98D3-4C10D6EF18B9}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\DigitalWizards.exe</p><p>FirewallRules: [{C9B29048-9679-4E72-A5FD-D468B950CC6F}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\SendAFax.exe</p><p>FirewallRules: [{55BB0685-5AD9-456D-9D76-A2833D761751}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\DeviceSetup.exe</p><p>FirewallRules: [{B8E87125-404E-46CC-ADB3-6D49C32C33AD}] => (Allow) LPort=5357</p><p>FirewallRules: [{309314C2-FA2C-4621-B4A0-71C509DB05AC}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe</p><p>FirewallRules: [{21ABBCD8-664E-4CC9-844F-FD0A67A95015}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe</p><p>FirewallRules: [{C82C385A-CBBA-4840-9D58-1D71A3950BF0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe</p><p>FirewallRules: [{47203054-80EC-4EF5-8334-A59EB539BD1A}] => (Allow) LPort=8888</p><p>FirewallRules: [{77144DA0-5F3E-4C5C-BDEB-0B51D7D37ED0}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS4FF9\HPDiagnosticCoreUI.exe</p><p>FirewallRules: [{693BBB87-5AEA-4FFB-A6F8-378DE66CFE3C}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS4FF9\HPDiagnosticCoreUI.exe</p><p>FirewallRules: [{61FEB400-B920-436F-85FD-9809089BFF58}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS50DE\HPDiagnosticCoreUI.exe</p><p>FirewallRules: [{D5200882-0C6B-44DD-AB9B-7E758C57A3BD}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS50DE\HPDiagnosticCoreUI.exe</p><p>FirewallRules: [{C55FC559-725E-4785-9288-4D2B7F2EABB6}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0097\HPDiagnosticCoreUI.exe</p><p>FirewallRules: [{B4D8ACDE-E119-4E4D-AC52-B0E62DB932F4}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0097\HPDiagnosticCoreUI.exe</p><p>FirewallRules: [{EA1458E6-13A5-474E-996E-159CBDF1B56E}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS01D7\HPDiagnosticCoreUI.exe</p><p>FirewallRules: [{4A4AA079-CB20-4556-977D-3DE200B02A91}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS01D7\HPDiagnosticCoreUI.exe</p><p>FirewallRules: [{899FEE25-1EA4-4E52-BE11-CA4EF4D68E1D}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0989\HPDiagnosticCoreUI.exe</p><p>FirewallRules: [{BA710A6E-FA87-4BD1-B092-BA8F76208CD5}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0989\HPDiagnosticCoreUI.exe</p><p>FirewallRules: [{DC7C5A53-6FBB-4FD3-8A5F-BBA630F9A249}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe</p><p>FirewallRules: [{DF9B6831-AABA-40F2-BF42-9CD67D78E2F5}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS54CF\HPDiagnosticCoreUI.exe</p><p>FirewallRules: [{040CD439-945F-44D4-9F89-4174AA0212FA}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS54CF\HPDiagnosticCoreUI.exe</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>Name: ZAM Helper Driver</p><p>Description: ZAM Helper Driver</p><p>Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}</p><p>Manufacturer:</p><p>Service: ZAM</p><p>Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)</p><p>Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.</p><p>Devices stay in this state if they have been prepared for removal.</p><p>After you remove the device, this error disappears.Remove the device, and this error should be resolved.</p><p></p><p>Name: ZAM Guard Driver</p><p>Description: ZAM Guard Driver</p><p>Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}</p><p>Manufacturer:</p><p>Service: ZAM_Guard</p><p>Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)</p><p>Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.</p><p>Devices stay in this state if they have been prepared for removal.</p><p>After you remove the device, this error disappears.Remove the device, and this error should be resolved.</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p></p><p>System errors:</p><p>=============</p><p></p><p>CodeIntegrity:</p><p>===================================</p><p> Date: 2015-10-26 18:01:21.479</p><p> Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.</p><p></p><p> Date: 2015-10-26 18:01:21.463</p><p> Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.</p><p></p><p> Date: 2015-10-26 18:01:21.245</p><p> Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.</p><p></p><p> Date: 2015-10-26 18:01:21.213</p><p> Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.</p><p></p><p></p><p>==================== Memory info ===========================</p><p></p><p>Processor: AMD C-50 Processor</p><p>Percentage of memory in use: 51%</p><p>Total physical RAM: 2794.9 MB</p><p>Available physical RAM: 1355.66 MB</p><p>Total Virtual: 5693.21 MB</p><p>Available Virtual: 4075.73 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:232.79 GB) (Free:181.37 GB) NTFS</p><p>Drive e: () (Removable) (Total:3.73 GB) (Free:0.92 GB) FAT32</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BB4F8998)</p><p>Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)</p><p></p><p>========================================================</p><p>Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)</p><p></p><p>Partition: GPT.</p><p></p><p>==================== End of Addition.txt ============================</p><p></p><p></p><p>Can you help please I really miss having my chrome browser. The link i went to said it had a worm in the file. And now my printer doesnt work. I am not sure why it is cutting off when im using it either but it is annoying. Please anything you can do? Thanks so much for all your help. I havent forgot about ya.</p></blockquote><p></p>
[QUOTE="Lioness, post: 455077, member: 45674"] This is frst scan results Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-12-2015 Ran by User (administrator) on USER-PC (01-12-2015 13:59:49) Running from C:\Users\User\Downloads Loaded Profiles: User (Available Profiles: User) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser not detected!) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe (alch) C:\Program Files\ClamWin\bin\ClamTray.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe (Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.) HKLM\...\Run: [ClamWin] => C:\Program Files\ClamWin\bin\ClamTray.exe [86016 2015-05-05] (alch) HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-470659228-1914503675-2800085871-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819232 2015-10-24] (SUPERAntiSpyware) HKU\S-1-5-21-470659228-1914503675-2800085871-1000\...\Run: [HP ENVY 7640 series (NET) #2] => C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe [2424840 2014-08-22] (Hewlett-Packard Development Company, LP) HKU\S-1-5-21-470659228-1914503675-2800085871-1000\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-470659228-1914503675-2800085871-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0 ShellIconOverlayIdentifiers: [] -> {b5458932-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\User\AppData\Local\MediaFire Desktop\\MFShellIconOverlayError.dll [2015-11-05] () ShellIconOverlayIdentifiers: [] -> {b5458930-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\User\AppData\Local\MediaFire Desktop\\MFShellIconOverlaySynced.dll [2015-11-05] () ShellIconOverlayIdentifiers: [] -> {b5458934-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\User\AppData\Local\MediaFire Desktop\\MFShellIconOverlayReadOnly.dll [2015-11-05] () ShellIconOverlayIdentifiers: [] -> {b5458933-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\User\AppData\Local\MediaFire Desktop\\MFShellIconOverlayLock.dll [2015-11-05] () ShellIconOverlayIdentifiers: [] -> {b5458931-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\User\AppData\Local\MediaFire Desktop\\MFShellIconOverlaySyncing.dll [2015-11-05] () ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{3E3B9458-94D3-409F-A7ED-4740E26603BD}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{3E3B9458-94D3-409F-A7ED-4740E26603BD}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-470659228-1914503675-2800085871-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.com/ HKU\S-1-5-21-470659228-1914503675-2800085871-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/WOL_WCP SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-470659228-1914503675-2800085871-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://[URL="http://www.google.com/search?q={searchTerms}"]www.google.com/search?q={searchTerms}[/URL] BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation) BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ulcrnb2b.default-1425351486652 FF Homepage: about:home FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2015-02-05] (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] () FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation) FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-26] () FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-26] () FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-02-26] [not signed] FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-26] [not signed] FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-26] [not signed] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-26] [not signed] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-26] [not signed] FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com FF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com FF HKLM\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com) R2 AVP15.0.2; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-06-23] (Kaspersky Lab ZAO) S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-12] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-12] (Dropbox, Inc.) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-11-22] (SurfRight B.V.) S4 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3208496 2015-05-19] (Qualcomm Atheros Communications, Inc.) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [197864 2015-06-23] (Kaspersky Lab UK Ltd) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [153784 2015-06-23] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [54640 2015-06-23] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [128728 2015-06-23] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [44208 2015-06-30] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [692920 2015-10-06] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [34160 2015-06-23] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [36208 2015-06-23] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [35696 2015-06-23] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [23920 2015-06-23] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-23] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [72560 2015-06-23] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [157240 2015-10-06] (Kaspersky Lab ZAO) R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [68208 2011-03-23] (Atheros Communications, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation) R3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [9472 2009-07-24] (Primax Ltd) S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) U3 GrooveAuditService; no ImagePath U3 GrooveInstallerService; no ImagePath U0 SR; no ImagePath U2 srservice; no ImagePath S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X] S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-01 13:58 - 2015-12-01 13:58 - 00000000 ____D C:\Users\User\Downloads\FRST-OlderVersion 2015-11-30 23:31 - 2014-08-22 04:25 - 00587272 _____ (Hewlett-Packard Development Company, LP) C:\Windows\system32\HPDiscoPMDC11.dll 2015-11-30 20:53 - 2015-11-30 20:53 - 00000000 ____D C:\Users\User\Documents\Recipes 2015-11-30 19:11 - 2015-11-30 19:11 - 00004096 ____H C:\Users\User\AppData\Local\keyfile3.drm 2015-11-30 13:34 - 2015-11-30 13:34 - 00000000 ____D C:\Users\User\AppData\Local\GWX 2015-11-29 13:34 - 2015-11-29 13:34 - 00169225 _____ C:\Users\User\Documents\Chrome bookmarks_11_29_15.html 2015-11-27 16:36 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-11-27 16:36 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-11-27 16:36 - 2015-10-29 11:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-11-27 16:36 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-11-27 16:36 - 2015-10-20 11:46 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-27 16:36 - 2015-10-20 11:46 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-27 16:36 - 2015-10-20 11:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-27 16:36 - 2015-10-20 11:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-27 16:36 - 2015-10-20 11:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-27 16:36 - 2015-10-20 11:46 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-11-27 16:36 - 2015-10-20 11:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-11-27 16:36 - 2015-10-20 11:45 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-27 16:36 - 2015-10-20 11:45 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-11-27 16:36 - 2015-10-20 11:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-27 16:36 - 2015-10-20 11:45 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-11-27 15:21 - 2015-08-05 11:40 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll 2015-11-27 15:21 - 2015-08-05 10:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2015-11-27 15:20 - 2015-11-03 15:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-11-27 15:20 - 2015-11-03 11:46 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-27 15:20 - 2015-10-30 16:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-11-27 15:20 - 2015-10-30 16:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-11-27 15:20 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-27 15:20 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-11-27 15:20 - 2015-10-30 16:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-11-27 15:20 - 2015-10-30 16:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-11-27 15:20 - 2015-10-30 16:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-11-27 15:20 - 2015-10-30 16:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-11-27 15:20 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-27 15:20 - 2015-10-30 16:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-11-27 15:20 - 2015-10-30 16:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-11-27 15:20 - 2015-10-30 16:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-11-27 15:20 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-27 15:20 - 2015-10-30 16:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-11-27 15:20 - 2015-10-30 16:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-11-27 15:20 - 2015-10-30 16:36 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-11-27 15:20 - 2015-10-30 16:31 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-11-27 15:20 - 2015-10-30 16:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-11-27 15:20 - 2015-10-30 16:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-11-27 15:20 - 2015-10-30 16:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-11-27 15:20 - 2015-10-30 16:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-11-27 15:20 - 2015-10-30 16:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-11-27 15:20 - 2015-10-30 16:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-11-27 15:20 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-11-27 15:20 - 2015-10-30 16:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-11-27 15:20 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-11-27 15:20 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-27 15:20 - 2015-10-30 16:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-11-27 15:20 - 2015-10-30 16:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-11-27 15:20 - 2015-10-30 16:09 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-11-27 15:20 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-11-27 15:20 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-27 15:20 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-11-27 15:20 - 2015-10-19 18:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-27 15:20 - 2015-10-12 22:50 - 00712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-11-27 15:20 - 2015-10-01 11:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-11-27 15:20 - 2015-10-01 11:50 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-11-27 15:19 - 2015-10-19 18:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-11-27 15:19 - 2015-10-19 18:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-27 15:19 - 2015-10-19 18:52 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-27 15:19 - 2015-10-19 18:52 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-11-27 15:19 - 2015-10-19 18:48 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-27 15:19 - 2015-10-19 18:45 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-27 15:19 - 2015-10-19 18:45 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-11-27 15:19 - 2015-10-19 18:45 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-11-27 15:19 - 2015-10-19 18:45 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-11-27 15:19 - 2015-10-19 18:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-11-27 15:19 - 2015-10-19 18:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-27 15:19 - 2015-10-19 18:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-27 15:19 - 2015-10-19 18:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-11-27 15:19 - 2015-10-19 18:45 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-11-27 15:19 - 2015-10-19 18:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-11-27 15:19 - 2015-10-19 18:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-11-27 15:19 - 2015-10-19 18:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-11-27 15:19 - 2015-10-19 18:45 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-11-27 15:19 - 2015-10-19 18:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-11-27 15:19 - 2015-10-19 18:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-11-27 15:19 - 2015-10-19 18:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-11-27 15:19 - 2015-10-19 18:45 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-11-27 15:19 - 2015-10-19 18:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-11-27 15:19 - 2015-10-19 18:44 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-11-27 15:19 - 2015-10-19 18:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-11-27 15:19 - 2015-10-19 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-11-27 15:19 - 2015-10-19 18:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-11-27 15:19 - 2015-10-19 18:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-11-27 15:19 - 2015-10-19 17:29 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-11-27 15:19 - 2015-10-19 17:28 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-27 15:19 - 2015-10-19 17:28 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-27 15:19 - 2015-10-13 10:31 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-27 15:19 - 2015-10-13 10:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-27 15:19 - 2015-09-23 07:09 - 00371920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-27 15:19 - 2015-09-23 07:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-26 11:42 - 2015-11-26 11:42 - 00985600 _____ C:\Users\User\Downloads\MicrosoftFixit50123.msi 2015-11-25 12:56 - 2015-11-25 12:56 - 00000000 ____D C:\Users\User\AppData\Roaming\TeamViewer 2015-11-25 12:44 - 2015-11-25 12:44 - 00011407 _____ C:\Users\User\Desktop\zoek-results.txt 2015-11-25 11:55 - 2015-11-25 11:55 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore 2015-11-25 11:52 - 2015-11-25 10:16 - 00024064 _____ C:\Windows\zoek-delete.exe 2015-11-25 10:15 - 2015-11-25 11:41 - 00000000 ____D C:\zoek_backup 2015-11-24 02:13 - 2015-11-24 02:13 - 00043870 _____ C:\Users\User\Downloads\Addition_22-11-2015_18-24-24.txt 2015-11-24 02:11 - 2015-11-24 02:11 - 00035596 _____ C:\Users\User\Downloads\FRST_22-11-2015_18-24-24.txt 2015-11-23 17:07 - 2015-11-23 17:07 - 01309184 _____ C:\Users\User\Downloads\zoek.exe 2015-11-22 18:22 - 2015-11-22 18:24 - 00043870 _____ C:\Users\User\Downloads\Addition.txt 2015-11-22 18:18 - 2015-12-01 13:59 - 00020402 _____ C:\Users\User\Downloads\FRST.txt 2015-11-22 18:17 - 2015-12-01 13:59 - 00000000 ____D C:\FRST 2015-11-22 18:12 - 2015-12-01 13:58 - 01721344 _____ (Farbar) C:\Users\User\Downloads\FRST.exe 2015-11-22 16:16 - 2015-11-22 16:16 - 00004332 _____ C:\Users\User\Desktop\RogueKiller wanted to delete.txt 2015-11-22 14:48 - 2015-11-22 18:01 - 00000000 ____D C:\ProgramData\RogueKiller 2015-11-22 14:48 - 2015-11-22 14:48 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys 2015-11-22 14:47 - 2015-11-22 14:47 - 19740232 _____ C:\Users\User\Downloads\RogueKiller.exe 2015-11-22 13:21 - 2015-11-22 13:35 - 00000000 ____D C:\Program Files\HitmanPro 2015-11-22 13:21 - 2015-11-22 13:21 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2015-11-22 13:21 - 2015-11-22 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2015-11-22 12:40 - 2015-11-22 13:51 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-22 12:40 - 2015-11-22 12:40 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-11-22 12:40 - 2015-11-22 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-11-22 12:40 - 2015-11-22 12:40 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-11-22 12:40 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-22 12:40 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-11-22 12:40 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-11-22 12:36 - 2015-11-22 12:36 - 22908888 _____ (Malwarebytes ) C:\Users\User\Downloads\mbam-setup-2.2.0.1024.exe 2015-11-22 12:24 - 2015-11-22 12:24 - 00000022 _____ C:\Users\User\Downloads\ESETPoweliksCleaner.exe_20151122.122446.2508.zip 2015-11-22 12:22 - 2015-11-22 12:22 - 00224968 _____ (ESET) C:\Users\User\Downloads\ESETPoweliksCleaner.exe 2015-11-22 12:22 - 2015-11-22 12:22 - 00000022 _____ C:\Users\User\Downloads\ESETPoweliksCleaner.exe_20151122.122240.5444.zip 2015-11-19 05:33 - 2015-11-19 06:47 - 00000000 ____D C:\Users\User\Downloads\Other 2015-11-17 02:10 - 2015-11-17 02:10 - 00005376 _____ C:\Users\User\Desktop\clamWin files deleted.txt 2015-11-16 22:55 - 2015-11-16 22:57 - 00000000 ____D C:\Users\User\AppData\Roaming\.clamwin 2015-11-16 22:55 - 2015-11-16 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus 2015-11-16 22:55 - 2015-11-16 22:55 - 00000000 ____D C:\ProgramData\.clamwin 2015-11-16 22:55 - 2015-11-16 22:55 - 00000000 ____D C:\Program Files\ClamWin 2015-11-16 22:48 - 2015-11-16 22:49 - 108583716 _____ (alch ) C:\Users\User\Downloads\clamwin-0.98.7-setup.exe 2015-11-16 16:50 - 2015-11-16 17:35 - 00000000 ____D C:\Users\User\Downloads\Shaun 2 2015-11-13 11:44 - 2015-11-16 16:12 - 00000000 ___RD C:\Users\User\MediaFire 2015-11-12 22:04 - 2015-11-16 16:17 - 00000000 ____D C:\Users\User\AppData\Local\MediaFire Desktop 2015-11-12 20:54 - 2015-11-13 11:41 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\659859C3.sys 2015-11-12 20:29 - 2015-11-12 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-11-12 20:26 - 2015-12-01 13:32 - 00000892 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2015-11-12 20:26 - 2015-12-01 13:27 - 00000888 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2015-11-12 20:25 - 2015-11-12 20:29 - 00000000 ____D C:\Program Files\Dropbox 2015-11-12 20:25 - 2015-11-12 20:25 - 00660960 _____ (Dropbox, Inc.) C:\Users\User\Downloads\DropboxInstaller (2).exe 2015-11-06 14:58 - 2015-11-12 21:04 - 00000000 ____D C:\Users\User\AppData\Local\Dropbox 2015-11-06 14:58 - 2015-11-06 14:58 - 00000000 ____D C:\ProgramData\Dropbox 2015-11-06 14:57 - 2015-11-12 20:30 - 00001184 _____ C:\Users\User\Desktop\Dropbox (Pandas Box).lnk 2015-11-06 14:57 - 2015-11-06 14:57 - 00000000 __HDL C:\Users\User\Dropbox 2015-11-04 21:09 - 2015-11-04 22:32 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\43DB740D.sys 2015-11-04 13:58 - 2015-11-04 13:59 - 01592568 _____ (LogMeIn, Inc.) C:\Users\User\Downloads\Support-LogMeInRescue (1).exe 2015-11-04 00:45 - 2015-11-04 00:46 - 00092656 _____ C:\Users\User\Downloads\WinKeyFinder175.zip 2015-11-03 21:06 - 2015-11-03 21:39 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\13BB232A.sys 2015-11-02 21:18 - 2015-11-02 21:18 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\1DDA5EC7.sys 2015-11-01 15:08 - 2015-11-01 15:08 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\68747557.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-01 13:53 - 2009-07-13 20:37 - 00000000 ___HD C:\Windows\inf 2015-12-01 13:53 - 2009-07-13 20:37 - 00000000 ____D C:\Windows 2015-12-01 13:50 - 2015-02-26 18:12 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-12-01 13:42 - 2009-07-13 22:34 - 00017168 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-01 13:42 - 2009-07-13 22:34 - 00017168 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-01 13:37 - 2013-09-26 11:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-01 13:28 - 2015-04-07 21:14 - 00000000 ___RD C:\Users\User\Dropbox (Pandas Box) 2015-12-01 13:28 - 2015-04-07 19:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox 2015-12-01 13:27 - 2015-03-14 21:51 - 00000296 _____ C:\Windows\Tasks\Health-Check-auto.job 2015-12-01 13:26 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-01 00:00 - 2015-02-22 03:38 - 00001962 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk 2015-11-30 23:35 - 2015-02-22 03:52 - 00002176 _____ C:\Users\Public\Desktop\HP ENVY 7640 series.lnk 2015-11-30 23:35 - 2015-02-22 03:52 - 00001138 _____ C:\Users\Public\Desktop\Shop for Supplies - HP ENVY 7640 series.lnk 2015-11-30 23:18 - 2015-03-14 21:51 - 00000298 _____ C:\Windows\Tasks\Health-Check-deep.job 2015-11-30 23:18 - 2015-03-14 21:51 - 00000290 _____ C:\Windows\Tasks\Health-Check.job 2015-11-30 13:38 - 2013-09-25 21:30 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-29 18:00 - 2013-10-05 11:23 - 00000000 ____D C:\Program Files\Google 2015-11-27 19:13 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache 2015-11-27 16:06 - 2013-09-26 10:22 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-11-27 16:05 - 2013-10-06 15:46 - 00000000 ____D C:\Windows\system32\MRT 2015-11-27 15:47 - 2013-10-06 15:46 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-11-27 15:28 - 2009-07-14 01:50 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-25 10:15 - 2015-05-13 14:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-23 12:10 - 2014-04-16 02:08 - 00000000 ____D C:\Windows\Minidump 2015-11-19 04:57 - 2015-04-25 13:52 - 00000000 ____D C:\Users\User\Downloads\Dynasty gifs 2015-11-19 04:44 - 2015-10-22 21:17 - 00000000 ____D C:\Users\User\Downloads\Lathan 2015-11-19 04:44 - 2013-11-06 19:47 - 00000000 ____D C:\Users\User\Downloads\angeles 2015-11-17 23:14 - 2013-09-26 11:44 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc 2015-11-07 17:18 - 2014-01-02 19:17 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype 2015-11-05 19:40 - 2009-07-13 22:53 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2015-03-12 20:49 - 2015-03-14 21:39 - 0000078 _____ () C:\Users\User\AppData\Roaming\mbam.context.scan 2015-11-30 19:11 - 2015-11-30 19:11 - 0004096 ____H () C:\Users\User\AppData\Local\keyfile3.drm 2015-02-22 02:12 - 2015-02-22 02:12 - 0000057 _____ () C:\ProgramData\Ament.ini Some files in TEMP: ==================== C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpprw_sh.dll C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsravv2.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-11-30 14:25 ==================== End of FRST.txt ============================ This Addition scan results Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-12-2015 Ran by User (2015-12-01 14:01:49) Running from C:\Users\User\Downloads Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2013-09-26 16:05:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-470659228-1914503675-2800085871-500 - Administrator - Disabled) Guest (S-1-5-21-470659228-1914503675-2800085871-501 - Limited - Disabled) User (S-1-5-21-470659228-1914503675-2800085871-1000 - Administrator - Enabled) => C:\Users\User ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B} AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.135 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.135 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM\...\{3CE0C7DC-ED5B-450E-9C5F-49702C263544}) (Version: 12.1.7.157 - Adobe Systems, Inc) Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ashampoo Burning Studio 10.0.1 (HKLM\...\Ashampoo Burning Studio 10_is1) (Version: 10.0.1 - ashampoo GmbH & Co. KG) Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) Auto-Pet-Buy version 1.2.2.2 (HKLM\...\{F6A21126-4EB9-48CF-91DC-63AEF81D7872}_is1) (Version: 1.2.2.2 - Rodolfo U. Batista) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform) ClamWin Free Antivirus 0.98.7 (HKLM\...\ClamWin Free Antivirus_is1) (Version: - alch) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKLM\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.) Dropbox Update Helper (Version: 1.3.27.37 - Dropbox, Inc.) Hidden Foxit Reader (HKLM\...\{BDDF6AEE-7AD7-4CDA-B57F-5BDF9417AD4F}) (Version: 5.1.3.1201 - Foxit Corporation) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.251 - SurfRight B.V.) HP ENVY 7640 series Basic Device Software (HKLM\...\{85FF0AA2-49C8-4FEB-8F0F-F9A9303C0B38}) (Version: 34.2.117.50647 - Hewlett-Packard Co.) HP ENVY 7640 series Help (HKLM\...\{462AAD1D-9165-4D62-8A3C-EAD926FD3650}) (Version: 34.0.0 - Hewlett Packard) HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company) HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden iTunes (HKLM\...\{E05D82D8-FE70-4228-B073-B0C07FE27595}) (Version: 11.1.1.11 - Apple Inc.) Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle) Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Kaspersky Internet Security (HKLM\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.396 - Kaspersky Lab) Kaspersky Internet Security (Version: 15.0.2.396 - Kaspersky Lab) Hidden Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Publisher 2002 (HKLM\...\{90190409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-470659228-1914503675-2800085871-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 41.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla) Pale Moon 24.2.2 (x86 en-US) (HKLM\...\Pale Moon 24.2.2 (x86 en-US)) (Version: 24.2.2 - Mozilla) Product Improvement Study for HP ENVY 7640 series (HKLM\...\{FA283DED-2C15-4E48-93A2-EF3474FBE8F3}) (Version: 34.2.117.50647 - Hewlett-Packard Co.) Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.) Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com) TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) USB Optical Mouse (HKLM\...\{EEAE45EB-C1E3-4CCD-930D-D7B40F810063}) (Version: 1.00.0000 - ) VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Пакет обеспечения совместимости для выпуска 2007 системы Microsoft Office (HKLM\...\{90120000-0020-0419-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-470659228-1914503675-2800085871-1000_Classes\CLSID\{A10E0335-AFCA-4E7E-975F-CA30235FB29A}\InprocServer32 -> C:\Users\User\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) ==================== Restore Points ========================= 30-11-2015 23:24:23 Removed HP ENVY 7640 series Basic Device Software 30-11-2015 23:26:52 Removed HP ENVY 7640 series Basic Device Software ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06BF9645-7966-4683-BDF6-27AED2D634A5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-11-12] (Dropbox, Inc.) Task: {11C63790-3B81-4A69-82A7-CB52F4CDD0B6} - \SmartDefrag_Startup -> No File <==== ATTENTION Task: {14624E3B-DC78-4A63-BD02-95B3F3E7FDFB} - \Health-Check-deep -> No File <==== ATTENTION Task: {161B295D-FCE3-4338-8507-4C5310BC4AED} - \{CA749DD4-5C0D-4B6F-A8AD-C85D0083D5A4} -> No File <==== ATTENTION Task: {29A8F0AB-C99F-4BC8-904F-5DC41B583846} - \HPCustParticipation HP ENVY 7640 series -> No File <==== ATTENTION Task: {38F432CF-BA85-4E6E-AE2B-D994EA5B1721} - System32\Tasks\{402BEB33-5D2B-4988-9EBB-BEBB53AA9328} => pcalua.exe -a C:\Users\User\Downloads\air4-0_win.exe -d C:\Users\User\Downloads Task: {4ABE44CE-C847-4C60-B1FF-CAFC1085721A} - \{DB6CF461-EA39-4737-9C9F-FA40C4F85448} -> No File <==== ATTENTION Task: {58803100-20AE-428D-9B34-C4B8534935C9} - System32\Tasks\Seagate_Install_Launch => C:\Program Files\Seagate\Seagate Dashboard 2.0\Dashboard.exe Task: {74C0D1F0-29C2-4216-A242-2A455B2B1C78} - \{9E5D8AB4-FF41-4EAF-9C75-BE1E2DD86F41} -> No File <==== ATTENTION Task: {8322AC7A-C2E7-4583-80A7-3012FD08DFD0} - \Health-Check -> No File <==== ATTENTION Task: {83CF3CC5-51CB-402D-A89F-3ADC864B0B5B} - \CCleanerSkipUAC -> No File <==== ATTENTION Task: {89C17738-60BA-491A-9663-C692B6C11758} - \Driver Booster SkipUAC (User) -> No File <==== ATTENTION Task: {AB32E32E-7D4D-4653-8787-E6E31B4EDCAC} - \Adobe Flash Player Updater -> No File <==== ATTENTION Task: {BA1FBF2F-32C2-425E-9DF2-3DCE2412BB50} - \HPCustPartic.exe_{E57A5AB6-8202-4C98-AAB7-700B26BF3186} -> No File <==== ATTENTION Task: {BCD7E08E-F3AF-448F-9FB9-D41A12FA54FA} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-11-12] (Dropbox, Inc.) Task: {D4FB6435-489F-4368-B689-00E0178A80B1} - \SmartDefragUpdate -> No File <==== ATTENTION Task: {DDA2D2C9-66E1-45B9-A774-CE787D042BC1} - \Health-Check-auto -> No File <==== ATTENTION Task: {FE0610A9-5213-42EE-B0E9-FAD50228489C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\Health-Check-auto.job => C:\Users\User\Desktop\Advanced Uninstaller PRO\healthcheck.exe Task: C:\Windows\Tasks\Health-Check-deep.job => C:\Users\User\Desktop\Advanced Uninstaller PRO\healthcheck.exe Task: C:\Windows\Tasks\Health-Check.job => C:\Users\User\Desktop\Advanced Uninstaller PRO\healthcheck.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-11-12 22:05 - 2015-11-05 11:33 - 00201216 _____ () C:\Users\User\AppData\Local\MediaFire Desktop\MFShellIconOverlayError.dll 2015-11-12 22:05 - 2015-11-05 11:33 - 00201216 _____ () C:\Users\User\AppData\Local\MediaFire Desktop\MFShellIconOverlaySynced.dll 2015-11-12 22:05 - 2015-11-05 11:33 - 00201216 _____ () C:\Users\User\AppData\Local\MediaFire Desktop\MFShellIconOverlayReadOnly.dll 2015-11-12 22:05 - 2015-11-05 11:33 - 00201216 _____ () C:\Users\User\AppData\Local\MediaFire Desktop\MFShellIconOverlayLock.dll 2015-11-12 22:05 - 2015-11-05 11:33 - 00201216 _____ () C:\Users\User\AppData\Local\MediaFire Desktop\MFShellIconOverlaySyncing.dll 2015-11-16 22:55 - 2008-04-19 16:35 - 00081920 _____ () C:\Program Files\ClamWin\bin\ExpShell.dll 2015-12-01 13:27 - 2015-12-01 13:27 - 00071168 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsravv2.dll 2015-11-12 20:28 - 2015-09-02 18:11 - 00012800 _____ () C:\Program Files\Dropbox\Client\QtQuick.2\qtquick2plugin.dll 2015-11-12 20:28 - 2015-09-02 18:11 - 00779776 _____ () C:\Program Files\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-11-12 20:28 - 2015-09-02 18:11 - 00056320 _____ () C:\Program Files\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-11-12 20:28 - 2015-09-02 18:11 - 00012288 _____ () C:\Program Files\Dropbox\Client\QtQuick\Window.2\windowplugin.dll 2015-11-16 22:55 - 2005-02-08 16:23 - 00979005 _____ () C:\Program Files\ClamWin\bin\python23.dll 2015-11-16 22:55 - 2004-11-20 02:27 - 00069632 _____ () C:\Program Files\ClamWin\lib\win32api.pyd 2015-11-16 22:55 - 2004-10-11 19:21 - 00094208 _____ () C:\Program Files\ClamWin\lib\pywintypes23.dll 2015-11-16 22:55 - 2004-05-25 20:18 - 00057401 _____ () C:\Program Files\ClamWin\lib\_sre.pyd 2015-11-16 22:55 - 2004-11-20 02:27 - 00086016 _____ () C:\Program Files\ClamWin\lib\win32gui.pyd 2015-11-16 22:55 - 2004-11-20 02:27 - 00024576 _____ () C:\Program Files\ClamWin\lib\win32event.pyd 2015-11-16 22:55 - 2004-11-20 02:27 - 00036864 _____ () C:\Program Files\ClamWin\lib\win32process.pyd 2015-11-16 22:55 - 2004-05-25 20:18 - 00049212 _____ () C:\Program Files\ClamWin\lib\_socket.pyd 2015-11-16 22:55 - 2004-05-25 20:18 - 00495616 _____ () C:\Program Files\ClamWin\lib\_ssl.pyd 2015-11-16 22:55 - 2004-05-25 20:20 - 00036864 _____ () C:\Program Files\ClamWin\lib\_winreg.pyd 2015-11-16 22:55 - 2004-10-11 19:22 - 00315392 _____ () C:\Program Files\ClamWin\lib\pythoncom23.dll 2015-11-16 22:55 - 2004-11-20 02:27 - 00106496 _____ () C:\Program Files\ClamWin\lib\shell.pyd 2015-11-16 22:55 - 2004-11-20 02:27 - 00065536 _____ () C:\Program Files\ClamWin\lib\win32security.pyd 2015-11-16 22:55 - 2004-01-15 13:45 - 00061440 _____ () C:\Program Files\ClamWin\lib\_ctypes.pyd 2015-11-16 22:55 - 2004-11-20 02:27 - 00077824 _____ () C:\Program Files\ClamWin\lib\win32file.pyd 2015-11-16 22:55 - 2004-11-20 02:27 - 00024576 _____ () C:\Program Files\ClamWin\lib\win32pipe.pyd 2015-11-16 22:55 - 2003-10-01 12:40 - 02240512 _____ () C:\Program Files\ClamWin\lib\wxc.pyd 2015-11-16 22:55 - 2003-10-01 10:43 - 03239936 _____ () C:\Program Files\ClamWin\lib\wxmsw24h.dll 2015-11-16 22:55 - 2003-08-10 08:14 - 00061440 _____ () C:\Program Files\ClamWin\lib\mxDateTime.pyd 2015-11-16 22:55 - 2004-05-25 20:17 - 00622651 _____ () C:\Program Files\ClamWin\lib\_bsddb.pyd 2015-11-16 22:55 - 2004-05-25 20:19 - 00045117 _____ () C:\Program Files\ClamWin\lib\datetime.pyd 2014-03-16 21:49 - 2014-12-29 11:16 - 03044864 _____ () C:\Program Files\Pale Moon\mozjs.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-470659228-1914503675-2800085871-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: APNMCP => 2 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2 MSCONFIG\Services: InnovativeSolutions_monitor => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: TeamViewer9 => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk.disabled => C:\Windows\pss\Dropbox.lnk.disabled.Startup MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: HP ENVY 7640 series (NET) => "C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH4AR260D7063T:NW" -scfn "HP ENVY 7640 series (NET)" -AutoStart 1 MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: USB Optical Mouse => "C:\Program Files\USB Optical Mouse\USB Optical Mouse\MouseHid.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{A51A45C5-A508-4011-9D01-9714E924F8E8}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{890BC205-BCB5-41E7-A86A-3C860ECE6897}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D4188F3E-7A91-4D37-95B8-FFEBDAF4BD5E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{B3B35500-536A-46B5-B765-FBB99B5249C8}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{92188323-2E0E-4E93-A800-D5888C93D811}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{D3E39FB0-9447-4EA0-9336-6C9F44B78BF4}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{FA188D33-5BE7-4639-A585-CCAC1C3648C3}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe FirewallRules: [{C246A366-D5B1-4A79-A13C-1C4BBCBF4EE9}] => (Allow) LPort=2869 FirewallRules: [{3940023B-44C5-470F-AB52-BAE768CF045A}] => (Allow) LPort=1900 FirewallRules: [{9DA4B37D-E55A-4CDF-94B1-80408CD5C612}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{1100985C-263B-456A-BAD1-8DF4A300C156}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{71D050A8-0A62-4206-BE57-B6B9007FC048}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{FEC8A5A3-BA60-48C5-9EDF-2AD231782828}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{5CF6882B-3786-40EB-858C-4DAC18CA9ED5}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{3C38653A-5E54-427E-A177-1614588F529A}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{9F30E8BA-FAE5-49B5-8A12-7BD9EEB5EBDB}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\FaxApplications.exe FirewallRules: [{0443F7B5-7284-4217-98D3-4C10D6EF18B9}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\DigitalWizards.exe FirewallRules: [{C9B29048-9679-4E72-A5FD-D468B950CC6F}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\SendAFax.exe FirewallRules: [{55BB0685-5AD9-456D-9D76-A2833D761751}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\DeviceSetup.exe FirewallRules: [{B8E87125-404E-46CC-ADB3-6D49C32C33AD}] => (Allow) LPort=5357 FirewallRules: [{309314C2-FA2C-4621-B4A0-71C509DB05AC}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{21ABBCD8-664E-4CC9-844F-FD0A67A95015}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{C82C385A-CBBA-4840-9D58-1D71A3950BF0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{47203054-80EC-4EF5-8334-A59EB539BD1A}] => (Allow) LPort=8888 FirewallRules: [{77144DA0-5F3E-4C5C-BDEB-0B51D7D37ED0}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS4FF9\HPDiagnosticCoreUI.exe FirewallRules: [{693BBB87-5AEA-4FFB-A6F8-378DE66CFE3C}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS4FF9\HPDiagnosticCoreUI.exe FirewallRules: [{61FEB400-B920-436F-85FD-9809089BFF58}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS50DE\HPDiagnosticCoreUI.exe FirewallRules: [{D5200882-0C6B-44DD-AB9B-7E758C57A3BD}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS50DE\HPDiagnosticCoreUI.exe FirewallRules: [{C55FC559-725E-4785-9288-4D2B7F2EABB6}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0097\HPDiagnosticCoreUI.exe FirewallRules: [{B4D8ACDE-E119-4E4D-AC52-B0E62DB932F4}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0097\HPDiagnosticCoreUI.exe FirewallRules: [{EA1458E6-13A5-474E-996E-159CBDF1B56E}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS01D7\HPDiagnosticCoreUI.exe FirewallRules: [{4A4AA079-CB20-4556-977D-3DE200B02A91}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS01D7\HPDiagnosticCoreUI.exe FirewallRules: [{899FEE25-1EA4-4E52-BE11-CA4EF4D68E1D}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0989\HPDiagnosticCoreUI.exe FirewallRules: [{BA710A6E-FA87-4BD1-B092-BA8F76208CD5}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS0989\HPDiagnosticCoreUI.exe FirewallRules: [{DC7C5A53-6FBB-4FD3-8A5F-BBA630F9A249}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe FirewallRules: [{DF9B6831-AABA-40F2-BF42-9CD67D78E2F5}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS54CF\HPDiagnosticCoreUI.exe FirewallRules: [{040CD439-945F-44D4-9F89-4174AA0212FA}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS54CF\HPDiagnosticCoreUI.exe ==================== Faulty Device Manager Devices ============= Name: ZAM Helper Driver Description: ZAM Helper Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ZAM Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: ZAM Guard Driver Description: ZAM Guard Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ZAM_Guard Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= CodeIntegrity: =================================== Date: 2015-10-26 18:01:21.479 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-10-26 18:01:21.463 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-10-26 18:01:21.245 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2015-10-26 18:01:21.213 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. ==================== Memory info =========================== Processor: AMD C-50 Processor Percentage of memory in use: 51% Total physical RAM: 2794.9 MB Available physical RAM: 1355.66 MB Total Virtual: 5693.21 MB Available Virtual: 4075.73 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.79 GB) (Free:181.37 GB) NTFS Drive e: () (Removable) (Total:3.73 GB) (Free:0.92 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BB4F8998) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ Can you help please I really miss having my chrome browser. The link i went to said it had a worm in the file. And now my printer doesnt work. I am not sure why it is cutting off when im using it either but it is annoying. Please anything you can do? Thanks so much for all your help. I havent forgot about ya. [/QUOTE]
Insert quotes…
Verification
Post reply
Top