# 127.0.0.1:8080 Proxy Malware? Help.



## techz

Hello,

I can't seem to change my internet proxy settings. Whenever i untick the proxy box, it always ticks itself back. The proxy settings are : 127.0.0.1:8080

I've been reading around and see that there are other users that have the same issue and have tried to follow some of the steps without success. I am using avast and have uninstalled it for the time being.

I suspect that the malware might had come from someone plugging in a usb device the other day. It looked weird as they couldn't delete certain files. That is where i suspect the malware came from. I could be wrong though but oh well. 

I can't access the internet from IE or chrome as they use the computer's internet settings. I can access the net from firefox though as there is an option to override the computer's internet settings.

Here are my computer's details :-

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1 Pro with Media Center, 64 bit
Processor: Intel(R) Core(TM) i5-2467M CPU @ 1.60GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 4041 Mb
Graphics Card: Intel(R) HD Graphics 3000, 1796 Mb
Hard Drives: C: Total - 115300 MB, Free - 10359 MB; D: Total - 2040 MB, Free - 2025 MB;
Motherboard: Hewlett-Packard, 17F8
Antivirus: Windows Defender, Disabled

And logs for FRST, FSS and RogueKiller in the following posts:-


----------



## techz

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by Zeb (administrator) on ZEBULTRABOOK on 03-03-2015 15:50:30
Running from C:\Users\Zeb\Desktop
Loaded Profiles: Zeb (Available profiles: Zeb)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(SMSC) C:\Program Files\SGFX\sgfxmgr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics, Inc.) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Dropbox, Inc.) C:\Users\Zeb\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Tech Support Guy System) C:\Users\Zeb\Desktop\SysInfo.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [48128 2012-04-12] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [SgfxConfig] => C:\Program Files\SGFX\sgfxconfig.exe [2230848 2012-04-30] ()
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2257544 2013-09-15] (Microsoft Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-03] (AVAST Software)
HKLM-x32\...\Run: [HPWUTOOLBOX] => C:\Program Files (x86)\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe [356352 2007-01-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-11] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2479626215-2380851284-86128853-1001\...\Run: [OpenDNS Updater] => C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-17] ()
HKU\S-1-5-21-2479626215-2380851284-86128853-1001\...\Run: [067867E7C21A4D3521B8688D49E93C6DC8111202._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-2479626215-2380851284-86128853-1001\...\Run: [BitTorrent Sync] => C:\Program Files (x86)\BitTorrent Sync\BTSync.exe [4173664 2015-03-03] (BitTorrent, Inc.)
HKU\S-1-5-21-2479626215-2380851284-86128853-1001\...\Run: [Spotify Web Helper] => C:\Users\Zeb\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-22] (Spotify Ltd)
HKU\S-1-5-21-2479626215-2380851284-86128853-1001\...\Run: [GoodSync] => C:\Program Files\Siber Systems\GoodSync\GoodSync.exe [12102152 2015-01-07] ()
HKU\S-1-5-21-2479626215-2380851284-86128853-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5127304 2014-11-20] (Plex, Inc.)
HKU\S-1-5-21-2479626215-2380851284-86128853-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-03-03] (Siber Systems)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
ShortcutTarget: Scrybe.lnk -> C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe (Acresso Software Inc.)
Startup: C:\Users\Zeb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autochartist MT4 plugin - Auto Update.lnk
ShortcutTarget: Autochartist MT4 plugin - Auto Update.lnk -> C:\Program Files (x86)\OANDA - MetaTrader\AutochartistPlugin_AutoUpdaterOanda.exe (No File)
Startup: C:\Users\Zeb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Zeb\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Zeb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet Ink Adv 2060 K110.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet Ink Adv 2060 K110.lnk -> C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zeb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zeb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zeb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zeb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zeb\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zeb\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zeb\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
BootExecute: PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
HKU\S-1-5-21-2479626215-2380851284-86128853-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-2479626215-2380851284-86128853-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/?rd=1&ucc=MY&dcc=MY&opt=0
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\OFFICE15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\OFFICE15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2479626215-2380851284-86128853-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Zeb\AppData\Roaming\Mozilla\Firefox\Profiles\eafhu83q.default
FF Homepage: about:newtab
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: FireShot - C:\Users\Zeb\AppData\Roaming\Mozilla\Firefox\Profiles\eafhu83q.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-02-03]
FF Extension: SeoQuake - C:\Users\Zeb\AppData\Roaming\Mozilla\Firefox\Profiles\eafhu83q.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2014-09-04]
FF Extension: DownloadHelper - C:\Users\Zeb\AppData\Roaming\Mozilla\Firefox\Profiles\eafhu83q.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF Extension: Flash and Video Download - C:\Users\Zeb\AppData\Roaming\Mozilla\Firefox\Profiles\eafhu83q.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-01-28]
FF Extension: Restartless Restart - C:\Users\Zeb\AppData\Roaming\Mozilla\Firefox\Profiles\eafhu83q.default\Extensions\[email protected] [2014-01-18]
FF Extension: Yet Another Smooth Scrolling - C:\Users\Zeb\AppData\Roaming\Mozilla\Firefox\Profiles\eafhu83q.default\Extensions\[email protected] [2014-01-11]
FF Extension: Qute 4++ (custom mod) - C:\Users\Zeb\AppData\Roaming\Mozilla\Firefox\Profiles\eafhu83q.default\Extensions\{69d0119c-32f1-4766-82d7-617f04d5643b}.xpi [2014-05-01]
FF Extension: NoScript - C:\Users\Zeb\AppData\Roaming\Mozilla\Firefox\Profiles\eafhu83q.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-11]
FF Extension: NoDoFollow - C:\Users\Zeb\AppData\Roaming\Mozilla\Firefox\Profiles\eafhu83q.default\Extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}.xpi [2014-01-11]
FF Extension: DownThemAll! - C:\Users\Zeb\AppData\Roaming\Mozilla\Firefox\Profiles\eafhu83q.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-01-19]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-29]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012-10-28]
FF HKU\S-1-5-21-2479626215-2380851284-86128853-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\Zeb\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Zeb\AppData\Roaming\IDM\idmmzcc5 [2014-07-13]
FF HKU\S-1-5-21-2479626215-2380851284-86128853-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF HKU\S-1-5-21-2479626215-2380851284-86128853-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Zeb\AppData\Roaming\IDM\idmmzcc5

Chrome: 
=======
CHR Profile: C:\Users\Zeb\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Zeb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-16]
CHR Extension: (Google Drive) - C:\Users\Zeb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-16]
CHR Extension: (No Name) - C:\Users\Zeb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (YouTube) - C:\Users\Zeb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-16]
CHR Extension: (Google Search) - C:\Users\Zeb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-16]
CHR Extension: (No Name) - C:\Users\Zeb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-07-13]
CHR Extension: (No Name) - C:\Users\Zeb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-16]
CHR Extension: (Gmail) - C:\Users\Zeb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-16]
CHR Extension: (No Name) - C:\Users\Zeb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-02-21]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-06]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-06]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-06]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-09-15] (Microsoft Corp.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [8258056 2015-01-07] ()
R2 irstrtsv; C:\WINDOWS\SysWOW64\irstrtsv.exe [184320 2011-07-06] (Intel Corporation) [File not signed]
R2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [149032 2012-08-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
R2 SGFXMgr; C:\Program Files\SGFX\sgfxmgr.exe [5715968 2012-04-27] (SMSC) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-24] (IDT, Inc.) [File not signed]
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-19] (Stardock Software, Inc)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [X]
S2 HPSLPSVC; C:\Users\Zeb\AppData\Local\Temp\7zS0447\hpslpsvc64.dll [X]
S2 Update Fact Fire; "C:\Program Files (x86)\Fact Fire\updateFactFire.exe" [X]
S2 Util Fact Fire; "C:\Program Files (x86)\Fact Fire\bin\utilFactFire.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2013-01-31] (Motorola Solutions, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [242688 2013-04-24] (QUALCOMM Incorporated)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R4 sgfxk; C:\Windows\System32\drivers\sgfxk64.sys [141888 2012-05-01] (SMSC)
R0 sgfxl; C:\Windows\System32\drivers\sgfxl64.sys [14912 2012-05-01] (SMSC)
S3 ssudeadb; C:\Windows\System32\Drivers\ssudeadb.sys [40704 2014-01-22] (Google Inc)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2015-01-07] (Splashtop Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-03-03] ()
S1 Capsax64Drv0; System32\Drivers\Capsax64Drv0.sys [X]
S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [X]
S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys [X]
S1 CsNdisLWF; System32\Drivers\CsNdisLWF.sys [X]
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 15:48 - 2015-03-03 15:49 - 00509440 _____ (Tech Support Guy System) C:\Users\Zeb\Desktop\SysInfo.exe
2015-03-03 15:29 - 2015-03-03 15:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-03 15:29 - 2015-03-03 15:29 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-03 15:29 - 2015-03-03 15:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-03 15:25 - 2015-03-03 15:25 - 00005636 _____ () C:\Users\Zeb\Desktop\AdwCleaner[S0].txt
2015-03-03 15:24 - 2015-03-03 15:24 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2015-03-03 15:19 - 2015-03-03 15:44 - 00000000 ____D () C:\Users\Zeb\Desktop\mbar
2015-03-03 15:19 - 2015-03-03 15:27 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-03 15:16 - 2015-03-03 15:23 - 00000000 ____D () C:\AdwCleaner
2015-03-03 15:16 - 2015-03-03 15:16 - 02126848 _____ () C:\Users\Zeb\Desktop\AdwCleaner.exe
2015-03-03 15:13 - 2015-03-03 15:14 - 00040530 _____ () C:\Users\Zeb\Desktop\Addition.txt
2015-03-03 15:12 - 2015-03-03 15:50 - 00028858 _____ () C:\Users\Zeb\Desktop\FRST.txt
2015-03-03 15:11 - 2015-03-03 15:50 - 00000000 ____D () C:\FRST
2015-03-03 15:11 - 2015-03-03 15:11 - 02092544 _____ (Farbar) C:\Users\Zeb\Desktop\FRST64.exe
2015-03-03 15:02 - 2015-03-03 15:02 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-03 13:23 - 2015-03-03 13:23 - 00000000 ____D () C:\_OTL
2015-03-03 10:47 - 2015-03-03 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-03 10:47 - 2014-11-22 12:07 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-03-03 10:16 - 2015-03-03 10:16 - 00130222 _____ () C:\Users\Zeb\Desktop\Extras.Txt
2015-03-03 10:14 - 2015-03-03 10:14 - 00176156 _____ () C:\Users\Zeb\Desktop\OTL.Txt
2015-03-03 09:43 - 2015-03-03 09:44 - 00000000 ____D () C:\ProgramData\Sophos
2015-03-03 09:43 - 2015-03-03 09:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-03-03 09:43 - 2015-03-03 09:43 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-03-02 20:07 - 2015-03-02 20:07 - 00000000 ____D () C:\SUPERDelete
2015-03-02 19:57 - 2015-03-03 10:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-03-02 19:57 - 2015-03-02 19:57 - 00000000 ____D () C:\Users\Zeb\AppData\Roaming\SUPERAntiSpyware.com
2015-03-02 19:57 - 2015-03-02 19:57 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-03-02 17:20 - 2015-03-02 17:20 - 00000000 _____ () C:\autoexec.bat
2015-03-02 16:49 - 2015-03-03 10:45 - 00000000 ____D () C:\WINDOWS\pss
2015-03-02 16:16 - 2015-03-02 16:16 - 00000000 __SHD () C:\Users\Zeb\AppData\Local\EmieBrowserModeList
2015-03-02 16:06 - 2015-03-02 16:16 - 00000000 ____D () C:\Users\Zeb\Documents\Market Samurai
2015-03-02 16:05 - 2015-03-03 10:46 - 00000000 ____D () C:\Program Files (x86)\Market Samurai
2015-03-02 16:05 - 2015-03-02 16:05 - 00000000 ____D () C:\Users\Zeb\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2015-03-02 16:04 - 2015-03-02 16:04 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-03-02 16:04 - 2015-03-02 16:04 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-03-02 13:40 - 2015-03-03 10:46 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2015-03-02 13:40 - 2015-03-02 15:09 - 00000000 ____D () C:\Users\Zeb\AppData\Roaming\FileZilla
2015-03-02 13:38 - 2015-03-02 13:45 - 00000000 ____D () C:\Program Files (x86)\Fact Fire
2015-02-26 15:46 - 2014-05-08 17:32 - 01098143 _____ () C:\Users\Zeb\Desktop\Tongkat ali(arabic)852014.ai
2015-02-25 14:34 - 2014-12-14 05:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 14:34 - 2014-12-14 05:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-23 13:16 - 2015-02-23 13:17 - 00000000 ____D () C:\Users\Zeb\AppData\Roaming\Colasoft Capsa 7 - Free Edition
2015-02-23 13:16 - 2015-02-23 13:17 - 00000000 ____D () C:\ProgramData\Colasoft Capsa 7 Free
2015-02-23 13:16 - 2015-02-23 13:16 - 00000000 ____D () C:\Users\Zeb\AppData\Roaming\Colasoft Ping Tool
2015-02-23 13:16 - 2015-02-23 13:16 - 00000000 ____D () C:\Users\Zeb\AppData\Roaming\Colasoft Packet Player
2015-02-23 13:16 - 2015-02-23 13:16 - 00000000 ____D () C:\Users\Zeb\AppData\Roaming\Colasoft MAC Scanner
2015-02-23 13:14 - 2015-03-03 10:46 - 00000000 ____D () C:\Program Files (x86)\Colasoft Capsa 7 Free Edition
2015-02-18 11:41 - 2015-02-17 20:35 - 734472836 _____ () C:\Users\Zeb\Desktop\The.Woman.in.Black.2.Angel.of.Death.2014.720p.HDRiP.700MB.ShAaNiG.mkv
2015-02-17 11:31 - 2015-02-17 13:15 - 523941393 _____ () C:\Users\Zeb\Desktop\Blackhat.2015.CAM.500MB.Ganool.com.mkv
2015-02-15 00:50 - 2014-12-19 16:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-15 00:50 - 2014-12-19 16:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-13 16:25 - 2015-03-03 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-02-13 15:58 - 2015-03-03 11:17 - 00002776 _____ () C:\WINDOWS\System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2479626215-2380851284-86128853-1001
2015-02-12 11:03 - 2015-01-16 06:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-12 11:03 - 2015-01-16 06:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-12 11:03 - 2015-01-14 12:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-12 11:03 - 2015-01-14 11:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-12 11:03 - 2015-01-14 06:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-12 11:03 - 2015-01-14 06:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-12 11:03 - 2015-01-10 16:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-12 11:03 - 2014-12-09 11:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-12 11:03 - 2014-12-09 09:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-12 10:29 - 2015-01-10 17:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-12 10:29 - 2015-01-10 17:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-12 10:29 - 2015-01-10 16:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-12 10:28 - 2015-01-12 11:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-12 10:28 - 2015-01-12 10:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-12 10:28 - 2015-01-12 10:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-12 10:28 - 2015-01-12 10:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-12 10:28 - 2015-01-12 10:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-12 10:28 - 2015-01-12 10:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 10:28 - 2015-01-12 10:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-12 10:28 - 2015-01-12 10:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-12 10:28 - 2015-01-12 10:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-12 10:28 - 2015-01-12 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-12 10:28 - 2015-01-12 10:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-12 10:28 - 2015-01-12 10:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-12 10:28 - 2015-01-12 09:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-12 10:28 - 2015-01-12 09:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-12 10:28 - 2015-01-12 09:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-12 10:28 - 2015-01-12 09:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-12 10:28 - 2015-01-12 09:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-12 10:28 - 2015-01-12 09:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-12 10:28 - 2015-01-12 09:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-12 10:28 - 2015-01-12 09:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-12 10:28 - 2015-01-12 09:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-12 10:28 - 2015-01-12 09:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-12 10:28 - 2015-01-12 09:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-12 10:28 - 2015-01-12 09:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 10:28 - 2015-01-12 09:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-12 10:28 - 2015-01-12 09:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-12 10:28 - 2015-01-12 09:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-12 10:28 - 2015-01-12 09:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-12 10:28 - 2015-01-12 09:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-12 10:28 - 2015-01-12 09:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-12 10:28 - 2015-01-12 09:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-12 10:28 - 2015-01-12 09:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-12 10:28 - 2015-01-12 09:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-12 10:28 - 2015-01-12 09:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-12 10:28 - 2015-01-12 08:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-12 10:28 - 2015-01-12 08:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-12 10:28 - 2015-01-10 15:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-12 10:28 - 2015-01-10 14:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-06 20:06 - 2014-11-29 08:37 - 00180648 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2015-02-06 16:49 - 2014-04-16 07:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-02-06 16:49 - 2014-04-16 07:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 15:48 - 2012-10-29 13:55 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-03-03 15:45 - 2012-10-28 18:57 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-03 15:45 - 2012-10-28 17:42 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2479626215-2380851284-86128853-1001
2015-03-03 15:43 - 2012-11-17 00:36 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-03 15:43 - 2012-10-28 23:02 - 00004112 _____ () C:\WINDOWS\System32\Tasks\Open URL by RoboForm
2015-03-03 15:43 - 2012-10-28 23:02 - 00003496 _____ () C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
2015-03-03 15:40 - 2012-10-28 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2015-03-03 15:25 - 2012-12-19 16:08 - 00000000 ___RD () C:\Users\Zeb\Dropbox
2015-03-03 15:25 - 2012-12-19 15:58 - 00000000 ____D () C:\Users\Zeb\AppData\Roaming\Dropbox
2015-03-03 15:24 - 2014-03-17 10:20 - 00027723 _____ () C:\WINDOWS\setupact.log
2015-03-03 15:24 - 2014-03-15 22:25 - 00150870 _____ () C:\WINDOWS\PFRO.log
2015-03-03 15:24 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-03 15:24 - 2013-04-25 14:03 - 00000000 ____D () C:\Users\Zeb\AppData\Roaming\BitTorrent Sync
2015-03-03 15:24 - 2013-04-25 14:03 - 00000000 ____D () C:\Program Files (x86)\BitTorrent Sync
2015-03-03 15:24 - 2012-12-20 14:11 - 00000000 __RDO () C:\Users\Zeb\SkyDrive
2015-03-03 15:24 - 2012-12-02 02:18 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2015-03-03 15:24 - 2012-11-17 00:36 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-03 15:24 - 2012-10-28 23:39 - 00000000 ____D () C:\Users\Zeb\AppData\Roaming\GoodSync
2015-03-03 15:24 - 2012-10-28 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-03 15:07 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-03 15:02 - 2015-01-27 15:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-03 15:02 - 2014-01-11 08:50 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-03 15:01 - 2012-11-22 16:35 - 00000000 ___RD () C:\Users\Zeb\Desktop\Coffee Omega Network
2015-03-03 15:00 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-03 14:18 - 2014-03-15 22:21 - 01909917 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-03 13:28 - 2015-01-30 15:19 - 00000502 _____ () C:\WINDOWS\Tasks\InstallShield Update Task.job
2015-03-03 13:28 - 2013-08-22 21:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-03 12:45 - 2013-10-23 22:15 - 00003790 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{63653089-1A56-4195-9612-D45988CDC474}
2015-03-03 12:00 - 2015-01-30 15:19 - 00003236 _____ () C:\WINDOWS\System32\Tasks\InstallShield Update Task
2015-03-03 11:42 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-03 11:17 - 2014-03-27 10:23 - 00003104 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ZEBULTRABOOK-Zeb ZebUltrabook
2015-03-03 11:17 - 2014-03-12 23:08 - 00002468 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2479626215-2380851284-86128853-1001
2015-03-03 10:47 - 2013-10-18 13:18 - 00000000 ____D () C:\Users\Zeb
2015-03-03 10:46 - 2015-01-30 15:19 - 00000000 ____D () C:\Program Files (x86)\InstallShield
2015-03-03 10:46 - 2015-01-18 15:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-03-03 10:46 - 2014-12-15 13:48 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-03-03 10:46 - 2014-07-12 10:38 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-03-03 10:46 - 2014-07-05 12:53 - 00000000 ____D () C:\adb
2015-03-03 10:46 - 2014-04-19 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodSync
2015-03-03 10:46 - 2014-03-27 10:21 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-03 10:46 - 2014-01-16 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-03 10:46 - 2013-08-22 23:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-03-03 10:46 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\WinMetadata
2015-03-03 10:46 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2015-03-03 10:46 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2015-03-03 10:46 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-03 10:46 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-03 10:46 - 2013-08-22 21:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-03-03 10:46 - 2013-08-22 21:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-03-03 10:46 - 2012-12-11 02:26 - 00000000 ____D () C:\Users\Zeb\AppData\Roaming\IDM
2015-03-03 10:46 - 2012-12-11 02:25 - 00000000 ____D () C:\Users\Zeb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-03-03 10:46 - 2012-12-11 02:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-03-03 10:46 - 2012-12-11 02:25 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-03-03 10:46 - 2012-10-29 13:35 - 00000000 ____D () C:\Users\Zeb\AppData\Roaming\vlc
2015-03-03 10:46 - 2012-10-29 02:51 - 00000000 ____D () C:\Users\Zeb\AppData\Roaming\IrfanView
2015-03-03 10:46 - 2012-10-29 02:44 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-03 10:46 - 2012-10-29 02:39 - 00000000 ____D () C:\Users\Zeb\AppData\Roaming\uTorrent
2015-03-03 10:45 - 2013-09-30 12:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-03-03 10:39 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\registration
2015-03-03 10:39 - 2012-10-28 17:35 - 00000000 ____D () C:\Users\Zeb\AppData\Roaming\Adobe
2015-03-03 10:38 - 2012-10-29 03:32 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-03 10:38 - 2012-10-28 17:34 - 00000000 ____D () C:\Users\Zeb\AppData\Local\Packages
2015-03-03 10:37 - 2012-10-29 03:11 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-03 10:26 - 2012-12-11 02:26 - 00000000 ____D () C:\Users\Zeb\AppData\Roaming\DMCache
2015-03-02 14:15 - 2012-10-29 02:12 - 04299264 ___SH () C:\Users\Zeb\Desktop\Thumbs.db
2015-03-02 13:52 - 2012-11-01 22:15 - 00000000 ____D () C:\Users\Zeb\AppData\Local\Adobe
2015-02-25 15:51 - 2012-11-11 17:23 - 00000000 ____D () C:\Users\Zeb\Desktop\Movies
2015-02-25 15:41 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-17 14:19 - 2012-10-29 03:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-15 00:58 - 2013-07-14 22:52 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-15 00:20 - 2013-08-22 22:44 - 05147032 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-15 00:19 - 2013-09-30 12:20 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-15 00:19 - 2013-08-22 21:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI(253)
2015-02-12 11:59 - 2012-07-26 13:26 - 00000167 _____ () C:\WINDOWS\win.ini
2015-02-12 11:26 - 2012-12-19 15:58 - 00000000 ____D () C:\Users\Zeb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-07 21:38 - 2012-11-17 00:36 - 00003904 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 21:38 - 2012-11-17 00:36 - 00003668 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 12:45 - 2012-10-28 18:57 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-04 03:31 - 2013-08-22 23:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-04 03:31 - 2013-08-22 23:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-09-17 16:15 - 2013-09-17 16:15 - 0000000 _____ () C:\Users\Zeb\AppData\Roaming\pdfperformer
2014-01-25 10:56 - 2014-11-01 16:01 - 0005120 _____ () C:\Users\Zeb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-29 12:31 - 2012-10-29 12:31 - 0001696 _____ () C:\Users\Zeb\AppData\Local\FastClean.20121029.123109.txt
2012-10-29 12:32 - 2012-10-29 12:33 - 0008529 _____ () C:\Users\Zeb\AppData\Local\IWDAudHelper.20121029.123240.txt
2012-10-29 12:31 - 2012-10-29 12:31 - 0001704 _____ () C:\Users\Zeb\AppData\Local\PDLSetup.20121029.123125.txt
2012-10-29 12:32 - 2012-10-29 12:32 - 0000661 _____ () C:\Users\Zeb\AppData\Local\PDLSetup.20121029.123226.txt
2012-10-29 12:32 - 2012-10-29 12:32 - 0001679 _____ () C:\Users\Zeb\AppData\Local\PDLSetup.20121029.123228.txt
2012-10-29 12:32 - 2012-10-29 12:32 - 0001227 _____ () C:\Users\Zeb\AppData\Local\PDLSetup.20121029.123231.txt
2012-10-29 12:33 - 2012-10-29 12:33 - 0001227 _____ () C:\Users\Zeb\AppData\Local\PDLSetup.20121029.123301.txt
2013-05-04 01:08 - 2013-05-04 01:08 - 0001630 _____ () C:\Users\Zeb\AppData\Local\PDLSetup.20130504.010809.txt
2013-11-01 19:18 - 2013-11-01 19:18 - 0001476 _____ () C:\Users\Zeb\AppData\Local\recently-used.xbel
2012-11-10 18:40 - 2013-05-26 00:28 - 0007602 _____ () C:\Users\Zeb\AppData\Local\resmon.resmoncfg
2013-07-25 15:40 - 2013-07-25 15:40 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-01-06 15:06 - 2013-01-06 15:06 - 0000095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-01-06 15:06 - 2013-01-06 15:06 - 0000089 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Some content of TEMP:
====================
C:\Users\Zeb\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpohwrhq.dll
C:\Users\Zeb\AppData\Local\Temp\Quarantine.exe
C:\Users\Zeb\AppData\Local\Temp\RoboForm-Setup.exe
C:\Users\Zeb\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-02 15:04

==================== End Of Log ============================


----------



## techz

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2015
Ran by Zeb at 2015-03-03 15:51:21
Running from C:\Users\Zeb\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2479626215-2380851284-86128853-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.4.1.351 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.309.0 - Microsoft Corporation)
BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 1.0.116 - )
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Core Graphics Software (Version: 3.1.46.2657 - SMSC) Hidden
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Dropbox (HKU\S-1-5-21-2479626215-2380851284-86128853-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EPSON L210 Series Printer Uninstall (HKLM\...\EPSON L210 Series) (Version: - SEIKO EPSON Corporation)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{B18BEB15-A9DA-43D7-BAE1-C6C67484C2C0}) (Version: 5.1.1 - Hewlett-Packard)
FileZilla Client 3.10.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse)
Free Stopwatch 2.7.0 (HKLM-x32\...\{A1FAC1AF-5615-47FE-B5C8-5E981EC8522B}_is1) (Version: 2.7 - Comfort Software Group)
Fresco Logic USB3.0 Host Controller (HKLM\...\{36D8E05D-1287-4F40-BEEF-A64F88E5EE47}) (Version: 3.5.46.0 - Fresco Logic Inc.)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.9.15.5 - Siber Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP CoolSense (HKLM-x32\...\{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02}) (Version: 2.20.11 - Hewlett-Packard Company)
HP Deskjet Ink Adv 2060 K110 Basic Device Software (HKLM\...\{8A3C3FD1-25E6-45D5-B1A6-6A5174A2D012}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Officejet Pro K550 Series Toolbox (HKLM-x32\...\{2DE5FFD5-6130-4B89-803E-A49986220D55}) (Version: 1.00.0000 - Hewlett-Packard)
HP Port Replicator Software Installer (HKLM-x32\...\{75BF632E-4761-4CF4-A368-E158B8A1BB1C}) (Version: 0.2.5 - HP)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{42D10994-A566-495D-A5E7-D0C6B5C6B35C}) (Version: 11.14.0006 - HP)
IBFX Australia (HKLM-x32\...\IBFX Australia) (Version: 4.00 - MetaQuotes Software Corp.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6433.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1008 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.9.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Smart Connect Technology 3.0 x64 (HKLM\...\{DE788AD4-F7CE-4995-ADF8-56174A7B613C}) (Version: 3.0.41.1571 - Intel)
Intel(R) WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{8e41467d-297e-496d-8b0f-e771b6c87c06}) (Version: 16.11.0 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.47 - Alliance Software Pty Ltd)
Market Samurai (x32 Version: 0.93.47 - Alliance Software Pty Ltd) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Bahasa Melayu (HKLM\...\{90150000-001F-043E-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Bahasa Melayu (HKLM-x32\...\{90150000-001F-043E-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2479626215-2380851284-86128853-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MKVToolNix 7.4.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.4.0 - Moritz Bunkus)
Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 en-US)) (Version: 31.5.0 - Mozilla)
OpenDNS Updater 2.2.1 (HKLM-x32\...\OpenDNS Updater) (Version: 2.2.1 - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 10.0 - PlotSoft LLC)
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.842 - Raxco Software Inc.)
Plex Media Server (HKLM-x32\...\{16eca963-68c5-4756-80f9-db9094a4d6f0}) (Version: 0.9.1104 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1104 - Plex, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.28130 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoboForm 7-9-12-2 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-12-2 - Siber Systems)
ScummVM 1.6.0 (HKLM-x32\...\ScummVM_is1) (Version: - The ScummVM Team)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SMSC Core Graphics Software (HKLM-x32\...\Core Graphics Software) (Version: 3.1.46.2657 - SMSC)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Sound Lock (HKLM-x32\...\Sound Lock 1.3.2) (Version: 1.3.2 - 3 APPES)
Sound Lock (x32 Version: 1.3.2 - 3 APPES) Hidden
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.5.2 - Splashtop Inc.)
Spotify (HKU\S-1-5-21-2479626215-2380851284-86128853-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Stardock Start8 (HKLM-x32\...\Stardock Start8) (Version: 1.45 - Stardock Software, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM-x32\...\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}) (Version: 1.6.5.17120 - Synaptics Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.15.1 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}) (Version: 4.5.11.0 - Husdawg, LLC)
ViewSpan (HKLM\...\{6285D158-D528-4ED8-A935-BB2A402E21F2}) (Version: 2.8.1.0 - SMSC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2479626215-2380851284-86128853-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2479626215-2380851284-86128853-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1F37C67D-9468-D082-2B56-46EE85889A47} No File
CustomCLSID: HKU\S-1-5-21-2479626215-2380851284-86128853-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Zeb\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2479626215-2380851284-86128853-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5CB25D7A-9468-D082-2CCD-C3AD85889A47} No File
CustomCLSID: HKU\S-1-5-21-2479626215-2380851284-86128853-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Zeb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2479626215-2380851284-86128853-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Zeb\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2479626215-2380851284-86128853-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zeb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2479626215-2380851284-86128853-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zeb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2479626215-2380851284-86128853-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zeb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2479626215-2380851284-86128853-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zeb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2479626215-2380851284-86128853-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zeb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2479626215-2380851284-86128853-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zeb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2479626215-2380851284-86128853-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zeb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2479626215-2380851284-86128853-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zeb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 21:25 - 2015-03-03 14:24 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0819F3E8-F4C2-4C03-BBC7-BAF923C54FA6} - System32\Tasks\{419FF1D2-F518-41C1-88D2-F9B645B37C7B} => pcalua.exe -a C:\Users\Zeb\Desktop\sp61629.exe -d C:\Users\Zeb\AppData\Roaming\IDM
Task: {0E1CBF21-7750-47CA-ADB6-529AB84803CB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {16CA41EE-F444-4985-B5AD-527D8274DFC0} - System32\Tasks\{D16AAF5A-60C5-485D-8E01-04B0998A6358} => pcalua.exe -a C:\Users\Zeb\Desktop\ComboFix.exe -d C:\Users\Zeb\AppData\Roaming\IDM
Task: {2746E4DD-E8F3-404B-8154-862B00C3B0B9} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-02-25] (Synaptics Incorporated)
Task: {2D02FEF9-78BE-4B19-A461-C9BA0E4AC2E3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-22] (AVAST Software)
Task: {348D90FB-88AA-4100-B5E7-90408867FA3B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-18] (Microsoft Corporation)
Task: {3FB8C249-E573-4FE9-BA30-D6453D4DB278} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-21] (Piriform Ltd)
Task: {4D6DCC37-DEF2-4716-AA28-DBF09AF42C34} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ZEBULTRABOOK-Zeb ZebUltrabook => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-01-21] (Microsoft Corporation)
Task: {53DC2720-F13B-44B1-A24A-DFBB9EE88E15} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {542FE231-A360-4F41-A7AB-C300F29DC441} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {54B50964-675B-4834-88CB-CD86C13ABA03} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2479626215-2380851284-86128853-1001
Task: {63CD2D6A-B108-4C3F-B8E8-9010DFEF4510} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-08-19] (Hewlett-Packard Development Company, L.P.)
Task: {7A1FAAB8-A20A-4100-92FD-58A75E6BC038} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {7ADE33F1-374B-46C2-B651-AEFE842C111B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {97F7F936-35DB-4921-A528-EB53AFAA34AD} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2479626215-2380851284-86128853-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {9AE48DA5-6EEE-4A2D-9E55-9A2830A94B48} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {BA8AAAA8-2F80-471C-A626-71457FABA778} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {BE3091CF-E145-468B-BC41-3F30C7C0AAD4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {CE0DB288-C1E7-43ED-A5EC-CCD4F343F048} - System32\Tasks\{AA5F8165-3D18-4239-87D1-D1ED3C46103D} => pcalua.exe -a C:\Users\Zeb\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveSetup.exe -c /uninstall
Task: {D31CD221-ED1B-4E34-A62E-8EFF7CBA2419} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-03-03] (Siber Systems)
Task: {D3DE1739-D028-46CC-966A-1F363F79204D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-17] (Google Inc.)
Task: {E27CF4E2-1BE9-45EC-8C46-31526EAC4A09} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMIMIMKJMMIMOJHMJMCNNMKJJMOMCNLMLMIMMJCNGMMJOMOMCNOMJMJJKJOJKMKMOJHMGMOMPMJNJICMIMCNGMCNOMNMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMOMFMEKMICNJJCKFMOMOMMMPMJNHICMMJBJKJLIMJJNBJCMFKKJNJJNKJCMJNNICMJNDJCMKJBJJNMJCMNMFMKMOMOMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {E2A40F0E-6FE2-4A27-B1E2-C9742D46E0BC} - System32\Tasks\InstallShield Update Task => Wscript.exe //nologo //E:jscript //B "C:\Program Files (x86)\InstallShield\isupdate.ini"
Task: {EF5740BB-AF92-42FB-B547-DFA192E02A3E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-17] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\InstallShield Update Task.job => Wscript.exeM//nologo //E:jscript //B C:\Program Files (x86)\InstallShield\isupdate.ini

==================== Loaded Modules (whitelisted) ==============

2013-09-17 15:45 - 2011-03-01 06:37 - 00095008 _____ () C:\WINDOWS\System32\Primomonnt.dll
2014-02-11 03:21 - 2014-02-11 03:21 - 00644464 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2015-01-21 15:01 - 2015-01-21 15:01 - 08898728 _____ () C:\Program Files\Microsoft Office\OFFICE15\1033\GrooveIntlResource.dll
2015-01-07 01:39 - 2015-01-07 01:39 - 08258056 _____ () C:\Program Files\Siber Systems\GoodSync\gs-server.exe
2014-11-25 16:30 - 2014-11-25 16:31 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2012-08-16 20:36 - 2012-08-16 20:36 - 00149032 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2012-08-16 20:36 - 2012-08-16 20:36 - 00058920 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-06-17 05:42 - 2010-06-17 05:42 - 00839680 _____ () C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
2015-01-07 01:39 - 2015-01-07 01:39 - 12102152 _____ () C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
2015-03-03 10:49 - 2015-03-03 10:49 - 02913792 _____ () C:\Program Files\AVAST Software\Avast\defs\15030202\algo.dll
2014-11-20 12:55 - 2014-11-20 12:55 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2014-11-20 12:55 - 2014-11-20 12:55 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2014-11-20 12:55 - 2014-11-20 12:55 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2014-11-20 12:55 - 2014-11-20 12:55 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2014-11-20 12:55 - 2014-11-20 12:55 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2014-11-20 12:55 - 2014-11-20 12:55 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2014-11-20 12:55 - 2014-11-20 12:55 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2014-11-20 12:55 - 2014-11-20 12:55 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2014-11-20 12:55 - 2014-11-20 12:55 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2014-11-20 12:55 - 2014-11-20 12:55 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2014-11-20 12:55 - 2014-11-20 12:55 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2014-11-20 12:56 - 2014-11-20 12:56 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2014-11-20 12:55 - 2014-11-20 12:55 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2014-11-20 12:55 - 2014-11-20 12:55 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2014-11-20 12:55 - 2014-11-20 12:55 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2014-11-20 12:55 - 2014-11-20 12:55 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2014-11-20 12:55 - 2014-11-20 12:55 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2014-11-20 12:55 - 2014-11-20 12:55 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2014-11-20 12:55 - 2014-11-20 12:55 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2014-11-20 12:56 - 2014-11-20 12:56 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2014-11-20 12:55 - 2014-11-20 12:55 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2014-11-20 12:55 - 2014-11-20 12:55 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2014-11-20 12:55 - 2014-11-20 12:55 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2015-02-11 05:00 - 2015-02-11 05:00 - 00750080 _____ () C:\Users\Zeb\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-03 15:25 - 2015-03-03 15:25 - 00043008 _____ () c:\users\zeb\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpohwrhq.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00047616 _____ () C:\Users\Zeb\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00865280 _____ () C:\Users\Zeb\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00200704 _____ () C:\Users\Zeb\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-11-22 12:07 - 2014-11-22 12:07 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-08 03:04 - 2015-02-08 03:04 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\792c83fb2203c6d38076bb854dea9861\PSIClient.ni.dll
2012-12-03 14:25 - 2012-06-24 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-01-18 15:16 - 2015-01-18 15:16 - 03347056 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-01-18 15:16 - 2015-01-18 15:16 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-18 15:16 - 2015-01-18 15:16 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\Users\Zeb\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2479626215-2380851284-86128853-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Zeb\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Scrybe.lnk"
HKLM\...\StartupApproved\StartupFolder: => "iSCTsysTray.lnk"
HKLM\...\StartupApproved\Run32: => "SgfxConfig"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "HPWUTOOLBOX"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "AdobeCEPServiceManager"
HKU\S-1-5-21-2479626215-2380851284-86128853-1001\...\StartupApproved\StartupFolder: => "Autochartist MT4 plugin - Auto Update.lnk"
HKU\S-1-5-21-2479626215-2380851284-86128853-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== Accounts: =============================

Administrator (S-1-5-21-2479626215-2380851284-86128853-500 - Administrator - Disabled)
Guest (S-1-5-21-2479626215-2380851284-86128853-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2479626215-2380851284-86128853-1183 - Limited - Enabled)
Zeb (S-1-5-21-2479626215-2380851284-86128853-1001 - Administrator - Enabled) => C:\Users\Zeb

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/03/2015 11:12:42 AM) (Source: System Restore) (EventID: 8206) (User: )
Description: The restore point selected was damaged or deleted during the restore (Scheduled Checkpoint).

Error: (03/03/2015 11:02:32 AM) (Source: System Restore) (EventID: 8206) (User: )
Description: The restore point selected was damaged or deleted during the restore (Windows Update).

Error: (03/03/2015 11:00:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1792) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU02BA4.log.

Error: (03/03/2015 10:48:54 AM) (Source: System Restore) (EventID: 8200) (User: )
Description: Failed to initiate System Restore (Windows Update).

Error: (03/03/2015 10:47:22 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/03/2015 10:47:16 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.

Error: (03/03/2015 09:56:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9e4

Start Time: 01d054f00294ed60

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: c209bf75-c147-11e4-80df-ac7289b7d98b

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/02/2015 10:11:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (03/02/2015 04:46:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZEBULTRABOOK)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/02/2015 04:15:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_winethc.dll, version: 6.3.9600.17415, time stamp: 0x54504eb8
Faulting module name: USER32.dll, version: 6.3.9600.17630, time stamp: 0x54b0e17a
Exception code: 0xc0000142
Fault offset: 0x00000000000ec4a0
Faulting process id: 0xa90
Faulting application start time: 0xrundll32.exe_winethc.dll0
Faulting application path: rundll32.exe_winethc.dll1
Faulting module path: rundll32.exe_winethc.dll2
Report Id: rundll32.exe_winethc.dll3
Faulting package full name: rundll32.exe_winethc.dll4
Faulting package-relative application ID: rundll32.exe_winethc.dll5

System errors:
=============
Error: (03/03/2015 03:26:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126

Error: (03/03/2015 03:24:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Fact Fire service failed to start due to the following error: 
%%2

Error: (03/03/2015 03:24:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Fact Fire service failed to start due to the following error: 
%%2

Error: (03/03/2015 03:24:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Bing Desktop Update service service to connect.

Error: (03/03/2015 03:24:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAS Core Service service failed to start due to the following error: 
%%2

Error: (03/03/2015 03:23:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
%%1062

Error: (03/03/2015 03:23:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/03/2015 03:23:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/03/2015 03:23:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/03/2015 03:23:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Microsoft Office Sessions:
=========================
Error: (03/03/2015 11:12:42 AM) (Source: System Restore) (EventID: 8206) (User: )
Description: Scheduled Checkpoint

Error: (03/03/2015 11:02:32 AM) (Source: System Restore) (EventID: 8206) (User: )
Description: Windows Update

Error: (03/03/2015 11:00:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost1792SRUJet: C:\WINDOWS\system32\SRU\SRU02BA4.log-1811 (0xfffff8ed)

Error: (03/03/2015 10:48:54 AM) (Source: System Restore) (EventID: 8200) (User: )
Description: Windows Update0x81000201

Error: (03/03/2015 10:47:22 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/03/2015 10:47:16 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows Update0x80070005

Error: (03/03/2015 09:56:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206899e401d054f00294ed604294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exec209bf75-c147-11e4-80df-ac7289b7d98bmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (03/02/2015 10:11:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (03/02/2015 04:46:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZEBULTRABOOK)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (03/02/2015 04:15:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_winethc.dll6.3.9600.1741554504eb8USER32.dll6.3.9600.1763054b0e17ac000014200000000000ec4a0a9001d054c0ff169461C:\WINDOWS\System32\rundll32.exeUSER32.dll3cc7e4e7-c0b4-11e4-80d7-ac7289b7d98b

CodeIntegrity Errors:
===================================
Date: 2014-11-22 15:54:13.372
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-22 15:54:12.533
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-22 15:54:12.223
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-22 15:54:11.917
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-22 15:54:11.409
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-22 15:54:10.896
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-22 15:54:09.351
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-22 15:54:09.053
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-22 15:47:22.101
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-22 15:47:21.776
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2467M CPU @ 1.60GHz
Percentage of memory in use: 51%
Total physical RAM: 4041.43 MB
Available physical RAM: 1954.95 MB
Total Pagefile: 5065.43 MB
Available Pagefile: 2961.04 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:112.6 GB) (Free:10.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 782B1BF2)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=2 GB) - (Type=0C)
Partition 4: (Not Active) - (Size=4.1 GB) - (Type=OF Extended)

==================== End Of Log ============================


----------



## techz

Farbar Service Scanner Version: 17-01-2015
Ran by Zeb (administrator) on 03-03-2015 at 15:58:20
Running from "C:\Users\Zeb\Desktop"
Microsoft Windows 8.1 Pro with Media Center (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


----------



## techz

RogueKiller V10.5.0.0 (x64) [Mar 2 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Zeb [Administrator]
Mode : Delete -- Date : 03/03/2015 16:12:19

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 13 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2479626215-2380851284-86128853-1001\Software\Microsoft\Windows\CurrentVersion\Run | Spotify Web Helper : "C:\Users\Zeb\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [7] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2479626215-2380851284-86128853-1001\Software\Microsoft\Windows\CurrentVersion\Run | Spotify Web Helper : "C:\Users\Zeb\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" -> ERROR [2]
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VerifierExt -> Deleted
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080 -> Not selected
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080 -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2479626215-2380851284-86128853-1001\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2479626215-2380851284-86128853-1001\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] GoogleUpdateTaskMachineUA.job -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> Deleted
[Suspicious.Path] \\GoogleUpdateTaskMachineUA -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> Deleted

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 2 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\WINDOWS\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] eafhu83q.default : user_pref("browser.startup.homepage", "about:newtab"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZMPA128HMFU-000H1 +++++
--- User ---
[MBR] fa15cfdc3b74e79a6875342aee2f62c3
[BSP] a86dff68ecdb426e9f1103ba54080d40 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 115301 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 236546048 | Size: 2048 MB
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 241473473 | Size: 4196 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_03032015_160931.log


----------



## JSntgRvr

Hi, and sorry for the delay.

How is the computer doing at this point?


----------



## techz

Hi there. 

No worries. Glad that you're able to help.  

Computer's still the same. Not able to untick the proxy box, thus only able to surf the net via firefox only. IE and chrome no go, and other programs that use the computer's Internet settings.


----------



## JSntgRvr

Try this fix:

Please download the enclosed file and save it in the same directory as *FRST*.

Start *FRST* with Administrator privileges. (Right Click on FRST and select "Run as administrator").
Press the *Fix* button.
When finished, a log file (*Fixlog.txt*) pops up and is saved to the same location the tool was run from.
The computer will restart. Please copy and paste its contents in your next reply.

Test the computer and let me know the outcome.


----------



## techz

Thanks for the help again JSntgRvr. The proxy box is now unticked but still can't connect to the net. There's this new box that is getting the tick now which is "automatically detect settings" and it ticks itself back :-










Here's the fixlog :-

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2015
Ran by Zeb at 2015-03-05 13:34:41 Run:1
Running from C:\Users\Zeb\Desktop
Loaded Profiles: Zeb (Available profiles: Zeb)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
EmptyTemp:
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Reboot:
End

*****************

Processes closed successfully.

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========

The operation completed successfully.

========= End of Reg: =========

EmptyTemp: => Removed 431.6 MB temporary data.

The system needed a reboot.

==== End of Fixlog 13:34:46 ====


----------



## JSntgRvr

Lets try that again.

Please download the enclosed file and save it in the same directory as *FRST*.

Start *FRST* with Administrator privileges. (Right Click on FRST and select "Run as administrator").
Press the *Fix* button.
When finished, a log file (*Fixlog.txt*) pops up and is saved to the same location the tool was run from.
The computer will restart. Please copy and paste its contents in your next reply.

Test the computer and let me know the outcome.


----------



## techz

Awesome. I can access the internet now and the proxy settings are gone. Cool.

Here's the fixlog :-

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2015
Ran by Zeb at 2015-03-06 12:35:43 Run:2
Running from C:\Users\Zeb\Desktop
Loaded Profiles: Zeb (Available profiles: Zeb)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Disable Service: isupdate.exe
C:\WINDOWS\Tasks\InstallShield Update Task.job
C:\WINDOWS\System32\Tasks\InstallShield Update Task
Task: C:\WINDOWS\Tasks\InstallShield Update Task.job => Wscript.exeM//nologo //E:jscript //B C:\Program Files (x86)\InstallShield\isupdate.ini
Task: {E2A40F0E-6FE2-4A27-B1E2-C9742D46E0BC} - System32\Tasks\InstallShield Update Task => Wscript.exe //nologo //E:jscript //B "C:\Program Files (x86)\InstallShield\isupdate.ini"
Reg: Reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxySettingsPerUser /t REG_DWORD /d 1 /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Hosts:
Emptytemp:
CMD: Dir /a /b C:\WINDOWS\System32\Tasks
End

*****************

Disable Service: isupdate.exe => Error: No automatic fix found for this entry.
C:\WINDOWS\Tasks\InstallShield Update Task.job => Moved successfully.
C:\WINDOWS\System32\Tasks\InstallShield Update Task => Moved successfully.
C:\WINDOWS\Tasks\InstallShield Update Task.job not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2A40F0E-6FE2-4A27-B1E2-C9742D46E0BC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2A40F0E-6FE2-4A27-B1E2-C9742D46E0BC}" => Key deleted successfully.
C:\Windows\System32\Tasks\InstallShield Update Task not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\InstallShield Update Task" => Key deleted successfully.

========= Reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxySettingsPerUser /t REG_DWORD /d 1 /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========

The operation completed successfully.

========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= Dir /a /b C:\WINDOWS\System32\Tasks =========

Adobe Acrobat Update Task
Adobe Flash Player Updater
[email protected]
CCleanerSkipUAC
GoogleUpdateTaskMachineCore
Hewlett-Packard
Microsoft
Microsoft Office 15 Sync Maintenance for ZEBULTRABOOK-Zeb ZebUltrabook
Microsoft OneDrive Auto Update Task-S-1-5-21-2479626215-2380851284-86128853-1001
OfficeSoftwareProtectionPlatform
Open URL by RoboForm
Optimize Push Notification Data File-S-1-5-21-2479626215-2380851284-86128853-1001
Optimize Start Menu Cache Files-S-1-5-21-2479626215-2380851284-86128853-1001
Run RoboForm TaskBar Icon
Synaptics TouchPad Enhancements
User_Feed_Synchronization-{63653089-1A56-4195-9612-D45988CDC474}
WPD
{419FF1D2-F518-41C1-88D2-F9B645B37C7B}
{AA5F8165-3D18-4239-87D1-D1ED3C46103D}
{D16AAF5A-60C5-485D-8E01-04B0998A6358}

========= End of CMD: =========

EmptyTemp: => Removed 57.1 MB temporary data.

The system needed a reboot.

==== End of Fixlog 12:35:49 ====


----------



## JSntgRvr

How is the computer doing after a while?


----------



## techz

The computer is doing great now. Proxy settings are gone, which is good. Excellent job mate, thanks. 

Will keep an eye out for abit and see how it goes. Hope that the proxy malware won't come back.


----------



## JSntgRvr

Congratulations. I believe the Install Shield program is fake. Remove it from your computer.

We need to remove the tools we've used during cleaning your machine


Download Delfix from *here*
Ensure *Remove disinfection tools* is ticked
*Also tick:
*
Create registry backup
Purge system restore










Click *Run*
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

Here are some suggestions.


Always keep your *JAVA* updated. Older versions will make your computer vulnerable.

*Windows Updates* - It is *very important* to make sure that both Internet Explorer and Windows are kept current with *the latest critical security patches* from Microsoft. To do this just start *Internet Explorer* and select *Tools > Windows Update*, and follow the online instructions from there.

*ERUNT* (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
For more information and guidelines to follow to prevent future infections you can read * this article * by *Miekiemoes*.

Best wishes!


----------



## techz

Thanks again mate. You're gold. 

I can't seem to find install shield from the uninstall programs list.


----------



## JSntgRvr

Remove the following folder:

C:\Program Files (x86)\*InstallShield*


----------



## techz

Ok removed installshield and "installshield installation information". Not sure if the 2nd one i should remove but it's in the trashcan just in case you say that it shouldn't be uninstalled.

Anyways, here's the delfix log :-

# DelFix v10.8 - Logfile created 07/03/2015 at 09:49:46
# Updated 29/07/2014 by Xplode
# Username : Zeb - ZEBULTRABOOK
# Operating System : Windows 8.1 Pro with Media Center (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #94 [Windows Update | 03/06/2015 04:34:51]

New restore point created !

########## - EOF - ##########


----------



## JSntgRvr

Do not remove the installshield installation information folder.


----------



## techz

JSntgRvr said:


> Do not remove the installshield installation information folder.


Darn. I think i might had already emptied the recycle bin with that particular folder.  Is it crucial?

Edit : just googled and read that the folder stores information to uninstall programs that use the installshield installation. I reckon that i could use another uninstaller such as revo or something for programs that might have issues uninstalling. No biggie i think.


----------



## JSntgRvr

As you edited the post. The fact is that I haven't seen that program since VISTA, until now that is hijacking the proxy settings.

I will mark this thread as Solved.


----------

