Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Various Ad Network Popups and Browser Redirects in Chrome, Windows 8 [

ad network browser redirect virus adware rootkit

  • This topic is locked This topic is locked

#1
sonicskilz

sonicskilz

    Member

  • Member
  • PipPip
  • 31 posts

I've been getting hover ads, popup ads, randomly placed ads and browser redirects to virus removal sites from an ad serving service that I have not requestsed in my browser. It's currently called "ActiveDeals." I can remove it from my browser extensions at chrome://extensions. However, there is a more deeply seeded issue at play.

 

I removed another ad network that did the same types of things a few weeks ago. It had a different name that I don't recall. So I have something in my system that keeps installing these malicious and annoying ad networks. I can remove them from Chrome directly, but then they just get regenerated fairly quickly.

 

I installed good ole Malwarebytes, which has detected things to quaranteen and resolve, but doesn't seem to permanently resolve the issue anymore than deleting the extensions.

 

If it helps to know where I'm redirected, I just got sent to reimageplus.com with a heading of "Windows PC Repair." Help is greatly appreciated!

 

-Sam


  • 0

Advertisements


#2
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
Hi sonicskilz,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


- Save ALL Tools to your Desktop-


All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab. Thank you.


Let's get started....

Since you only state Win8 for a OS, please download both versions below (unless you know if the system is 32 or 64 bit).

Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

I would try the 64 bit version first; if it runs then delete the 32 bit version.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • Once the tool shows "The tool is ready to use." message, please press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
sonicskilz

sonicskilz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Hello dbreeze,

 

Thank you for your thorough instructions! Here are the two logs you requested. I appreciate your ongoing assistance with my issue!       -Sam

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2015
Ran by Sam (administrator) on AFFLUENTNERD on 24-04-2015 16:28:13
Running from C:\Users\Sam\Desktop
Loaded Profiles: Sam (Available profiles: Sam & Affluent Nerd & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Windows\SysWOW64\SMITSC.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
() C:\Program Files\Toshiba\Hotkey\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Spotify Ltd) C:\Users\Sam\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Toshiba) C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-unity-helper.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\x64\vmware-vmx.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vprintproxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Sam\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Sam\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Sam\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Sam\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-11] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-28] (Wondershare)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Run: [GoogleChromeAutoLaunch_FD70E4195A4DE5E83920BD6414A71B17] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Run: [Spotify Web Helper] => C:\Users\Sam\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-02] (Spotify Ltd)
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [840784 2012-09-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\MountPoints2: {bf00f889-270c-11e4-825d-806e6f6e6963} - "E:\Startup.exe" 
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-04-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-04-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-08-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-11-10]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T I   Where They At Doe.mp3.lnk [2015-02-06]
ShortcutTarget: T I   Where They At Doe.mp3.lnk -> C:\ProgramData\{cc8cf799-5171-16e2-cc8c-cf799517de65}\T I   Where They At Doe.mp3.exe (No File)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....oshiba.com&OSP=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002 -> DefaultScope {00A8C085-5EC1-4F91-9F57-10ABED20521E} URL = 
SearchScopes: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002 -> {00A8C085-5EC1-4F91-9F57-10ABED20521E} URL = 
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.250.0.51 10.250.0.50
 
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-03] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-03] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-3276751746-3587298695-1269677053-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Sam\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-12] (Citrix Online)
FF Plugin HKU\S-1-5-21-3276751746-3587298695-1269677053-1002: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-04-15]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Sam\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Profile: C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06]
CHR Extension: (YouTube) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-18]
CHR Extension: (Pushbullet) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-03-14]
CHR Extension: (Google Search) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-18]
CHR Extension: (Bookmark Manager) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-06]
CHR Extension: (Norton Identity Safe) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-07]
CHR Extension: (Norton Security Toolbar) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-02-06]
CHR Extension: (Google Wallet) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-06]
CHR Extension: (Gmail) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-18]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]
CHR HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Sam\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-02-06]
CHR HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-07] (DisplayLink Corp.)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-27] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-03-06] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [619776 2015-01-15] (Lenovo)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-07-29] ()
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-06] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-27] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()
R2 SMITS; C:\Windows\SysWOW64\SMITSC.exe [13312 2014-03-06] () [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-15] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671000 2014-11-04] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3668208 2013-07-29] (Intel® Corporation)
S2 891e9dd5; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\TampaModule\TampaModule.dll",serv
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
S3 DisplayLinkUsbIo_x64; C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.4.51572.0.sys [46384 2013-10-08] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140916.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-03-06] (Intel Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140917.004\ENG64.SYS [129752 2014-08-20] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140917.004\EX64.SYS [2137304 2014-08-20] (Symantec Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-22] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-07-22] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1507000.00B\SymELAM.sys [23568 2013-07-31] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-07-22] (Symantec Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
R1 vrvd5; C:\Windows\system32\DRIVERS\vrvd5.sys [13344 2015-01-03] (Rsupport Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WsAudioDevice_383; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2014-07-31] (Wondershare)
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]
S3 rssasnt; \??\C:\Users\Public\Documents\RSupport\rcc50\rssas64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-24 16:28 - 2015-04-24 16:28 - 00035451 _____ () C:\Users\Sam\Desktop\FRST.txt
2015-04-24 16:27 - 2015-04-24 16:28 - 00000000 ____D () C:\FRST
2015-04-24 16:26 - 2015-04-24 16:26 - 02099712 _____ (Farbar) C:\Users\Sam\Desktop\FRST64.exe
2015-04-17 23:19 - 2015-04-17 23:19 - 07169712 _____ () C:\Users\Sam\Downloads\carousel.zip
2015-04-15 11:39 - 2015-04-15 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-04-15 11:39 - 2015-04-15 11:39 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-04-15 11:25 - 2015-04-15 11:39 - 00001958 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-04-15 11:25 - 2015-04-15 11:39 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-04-15 11:25 - 2015-04-15 11:25 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-04-15 11:25 - 2015-04-15 11:25 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-15 11:25 - 2015-04-15 11:25 - 00002038 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-04-15 11:25 - 2015-04-15 11:25 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-14 17:21 - 2015-03-23 14:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 17:21 - 2015-03-23 14:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 17:21 - 2015-03-23 14:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-14 17:21 - 2015-03-23 14:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 17:21 - 2015-03-23 14:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-14 17:21 - 2015-03-22 15:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 17:21 - 2015-03-22 15:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 17:21 - 2015-03-22 15:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 17:21 - 2015-03-22 15:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 17:21 - 2015-03-22 15:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 17:21 - 2015-03-22 15:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 17:21 - 2015-03-22 15:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 17:21 - 2015-03-19 21:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-14 17:21 - 2015-03-19 21:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 17:21 - 2015-03-19 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 17:21 - 2015-03-19 20:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-14 17:21 - 2015-03-19 19:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-14 17:21 - 2015-03-19 19:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-14 17:21 - 2015-03-19 19:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-14 17:21 - 2015-03-14 01:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 17:21 - 2015-03-14 01:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-14 17:21 - 2015-03-14 01:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-14 17:21 - 2015-03-13 18:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 17:21 - 2015-03-13 18:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 17:21 - 2015-03-13 18:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 17:21 - 2015-03-13 18:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 17:21 - 2015-03-13 18:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 17:21 - 2015-03-13 17:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 17:21 - 2015-03-13 17:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 17:21 - 2015-03-13 17:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 17:21 - 2015-03-13 17:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-14 17:21 - 2015-03-13 17:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-14 17:21 - 2015-03-13 17:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 17:21 - 2015-03-13 17:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 17:21 - 2015-03-13 17:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 17:21 - 2015-03-13 17:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 17:21 - 2015-03-13 17:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 17:21 - 2015-03-13 16:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 17:21 - 2015-03-13 16:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 17:21 - 2015-03-12 21:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 17:21 - 2015-03-12 21:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 17:21 - 2015-03-12 21:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 17:21 - 2015-03-12 20:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-14 17:21 - 2015-03-12 20:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 17:21 - 2015-03-12 20:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 17:21 - 2015-03-12 20:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 17:21 - 2015-03-12 20:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 17:21 - 2015-03-12 20:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 17:21 - 2015-03-12 20:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-14 17:21 - 2015-03-12 20:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-14 17:21 - 2015-03-12 20:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 17:21 - 2015-03-12 20:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 17:21 - 2015-03-12 20:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 17:21 - 2015-03-12 19:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-14 17:21 - 2015-03-12 19:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-14 17:21 - 2015-03-12 19:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 17:21 - 2015-03-12 19:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 17:21 - 2015-03-12 19:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 17:21 - 2015-03-12 19:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-14 17:21 - 2015-03-12 19:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 17:21 - 2015-03-12 19:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 17:21 - 2015-03-12 19:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 17:21 - 2015-03-12 19:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 17:21 - 2015-03-12 19:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 17:21 - 2015-03-12 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 17:21 - 2015-03-04 03:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-14 17:21 - 2015-03-03 20:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 17:21 - 2015-03-03 19:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 17:21 - 2015-02-24 01:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 17:21 - 2015-02-20 16:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-14 13:25 - 2015-04-14 13:25 - 00007368 _____ () C:\Users\Sam\Downloads\Shark.Tank.S01.PDTV.XviD-TD.torrent
2015-04-13 22:36 - 2015-04-13 22:36 - 06420600 _____ (Tim Kosse) C:\Users\Sam\Downloads\FileZilla_3.10.3_win64-setup.exe
2015-04-13 22:21 - 2015-04-13 22:21 - 00019872 _____ () C:\Users\Sam\Downloads\Better.Call.Saul.S01.720p.WEB-DL.DD5.1.H.264-CtrlHD.torrent
2015-04-13 19:42 - 2015-04-13 19:42 - 00027899 _____ () C:\Users\Sam\Downloads\Game.of.Thrones.S05E04.HDTV.x264-Xclusive4iPT.torrent
2015-04-13 19:41 - 2015-04-13 19:41 - 00030213 _____ () C:\Users\Sam\Downloads\Game.of.Thrones.S05E02.HDTV.x264-Xclusive4iPT.torrent
2015-04-13 19:41 - 2015-04-13 19:41 - 00027159 _____ () C:\Users\Sam\Downloads\Game.of.Thrones.S05E03.HDTV.x264-Xclusive4iPT.torrent
2015-04-13 19:41 - 2015-04-13 19:41 - 00024369 _____ () C:\Users\Sam\Downloads\Game.of.Thrones.S05E01.HDTV.x264-Xclusive4iPT.torrent
2015-04-13 19:41 - 2015-04-13 19:41 - 00005575 _____ () C:\Users\Sam\Downloads\Silicon.Valley.S01.HDTV.XviD-AFG.torrent
2015-04-13 19:17 - 2015-04-13 19:17 - 00000000 ____D () C:\Windows\SysWOW64\NV
2015-04-13 19:17 - 2015-04-13 19:17 - 00000000 ____D () C:\Windows\system32\NV
2015-04-13 19:16 - 2015-04-08 17:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-13 19:16 - 2015-04-08 17:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-13 19:16 - 2015-04-08 17:58 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-04-13 19:13 - 2015-04-13 19:13 - 00020141 _____ () C:\Users\Sam\Downloads\Better.Call.Saul.S01E09.Pimento.1080p.WEB-DL.DD5.1.H.264-CtrlHD [NO RAR].torrent
2015-04-09 18:08 - 2015-04-09 18:08 - 00000070 _____ () C:\Users\Sam\Desktop\learn rails tutorial.txt
2015-04-09 17:56 - 2015-04-16 12:46 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-09 17:55 - 2015-04-09 17:55 - 00001089 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-09 17:55 - 2015-04-09 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-09 17:55 - 2015-04-09 17:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-09 17:55 - 2015-04-09 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-09 17:55 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-09 17:55 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-09 17:55 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-09 17:17 - 2015-04-09 17:17 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Sam\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-09 16:18 - 2015-04-09 18:09 - 00000000 ____D () C:\Program Files (x86)\TampaModule
2015-04-09 16:17 - 2015-04-09 18:07 - 00000000 ____D () C:\Program Files (x86)\Clear Cache Shortcut
2015-04-09 16:17 - 2015-04-09 18:07 - 00000000 ____D () C:\Program Files (x86)\BrowssingCleaarrly
2015-04-09 16:16 - 2015-04-22 16:23 - 00000020 _____ () C:\Users\Sam\AppData\Roaming\appdataFr3.bin
2015-04-09 16:16 - 2015-04-09 18:07 - 00000000 ____D () C:\Program Files (x86)\WhiteCoeupon
2015-04-09 16:16 - 2015-04-09 16:16 - 00000000 ____D () C:\Program Files (x86)\ActiveCoupon
2015-04-03 16:55 - 2015-04-03 16:55 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-03 16:55 - 2015-04-03 16:55 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-26 23:47 - 2015-03-26 23:47 - 00000000 ____D () C:\Users\Sam\AppData\Local\Steam
2015-03-26 10:57 - 2015-03-26 10:57 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2015-03-25 04:09 - 2015-03-25 04:09 - 00000000 ____D () C:\Users\Sam\Desktop\Ex_Files_Node.js_FL
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-24 16:15 - 2015-01-12 15:41 - 00000576 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3276751746-3587298695-1269677053-1002.job
2015-04-24 16:14 - 2014-10-26 22:35 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Spotify
2015-04-24 16:09 - 2014-10-26 22:38 - 00000000 ____D () C:\Users\Sam\AppData\Local\Spotify
2015-04-24 16:02 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-24 15:59 - 2014-07-25 22:53 - 01069592 _____ () C:\Windows\WindowsUpdate.log
2015-04-24 15:58 - 2014-08-18 12:37 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A42C50A9-1542-44DB-B557-1C6352BFE7A8}
2015-04-24 15:50 - 2015-01-17 18:53 - 00000000 ____D () C:\ProgramData\VMware
2015-04-24 15:47 - 2014-07-25 23:11 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-24 15:42 - 2014-08-18 12:33 - 00000000 ____D () C:\Users\Sam\AppData\Local\Adobe
2015-04-24 15:41 - 2015-01-17 18:55 - 00000000 ____D () C:\Users\Sam\AppData\Local\VMware
2015-04-24 15:41 - 2015-01-17 18:54 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\VMware
2015-04-23 13:47 - 2014-08-18 12:38 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3276751746-3587298695-1269677053-1002
2015-04-23 13:30 - 2014-08-24 15:33 - 00001077 _____ () C:\Users\Sam\Desktop\Dropbox.lnk
2015-04-23 13:30 - 2014-08-24 15:33 - 00000000 ___RD () C:\Users\Sam\Dropbox
2015-04-23 13:30 - 2014-08-24 15:32 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-23 13:30 - 2014-08-24 15:28 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Dropbox
2015-04-22 17:20 - 2014-08-21 00:03 - 00000000 ____D () C:\Users\Sam\AppData\Local\CrashDumps
2015-04-22 16:00 - 2013-08-22 07:46 - 00207548 _____ () C:\Windows\setupact.log
2015-04-22 15:16 - 2014-08-18 12:35 - 00000000 ___DO () C:\Users\Sam\SkyDrive
2015-04-22 15:14 - 2014-08-18 13:00 - 00000000 ___RD () C:\Users\Sam\Google Drive
2015-04-22 15:13 - 2013-11-13 23:40 - 00867740 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-22 15:12 - 2014-07-25 23:11 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-20 18:42 - 2014-07-25 23:08 - 20882300 _____ () C:\Users\Public\CAFADEBUG.log
2015-04-19 13:13 - 2014-08-25 19:19 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Skype
2015-04-19 12:29 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-18 09:06 - 2014-10-04 20:58 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\vlc
2015-04-17 23:23 - 2014-09-19 15:11 - 02261504 ___SH () C:\Users\Sam\Desktop\Thumbs.db
2015-04-17 22:24 - 2015-01-12 15:41 - 00003580 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3276751746-3587298695-1269677053-1002
2015-04-17 14:12 - 2014-09-11 01:40 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Azureus
2015-04-16 01:48 - 2014-08-18 12:40 - 00002174 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 21:36 - 2013-08-22 08:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-15 11:47 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-04-15 11:45 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-15 11:44 - 2013-11-13 23:33 - 00053340 _____ () C:\Windows\PFRO.log
2015-04-15 11:44 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\MediaViewer
2015-04-15 11:44 - 2013-08-22 06:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-04-15 11:25 - 2013-11-14 00:11 - 00000000 ___HD () C:\ProgramData\Adobe
2015-04-15 11:25 - 2013-11-14 00:11 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-15 10:47 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 10:32 - 2014-11-26 01:00 - 00000000 ____D () C:\ProgramData\rgt
2015-04-14 20:42 - 2014-08-20 22:26 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-14 20:39 - 2014-12-10 21:00 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-14 20:39 - 2014-08-24 15:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-14 20:39 - 2014-08-20 22:26 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 17:20 - 2014-11-11 19:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-04-13 22:42 - 2014-08-24 15:41 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\FileZilla
2015-04-13 22:37 - 2014-09-18 17:33 - 00475136 ___SH () C:\Users\Sam\Downloads\Thumbs.db
2015-04-13 19:17 - 2014-07-25 22:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-13 16:24 - 2013-08-22 08:38 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-13 16:24 - 2013-08-22 08:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-11 22:59 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-09 18:09 - 2015-02-06 02:41 - 00000000 ____D () C:\ProgramData\{cc8cf799-5171-16e2-cc8c-cf799517de65}
2015-04-09 18:09 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\PLA
2015-04-09 18:07 - 2015-02-06 02:42 - 00000000 ____D () C:\Program Files (x86)\Uneisales
2015-04-09 18:07 - 2015-02-06 02:42 - 00000000 ____D () C:\Program Files (x86)\History Calendar
2015-04-09 18:07 - 2015-02-06 02:41 - 00000000 ____D () C:\Program Files (x86)\uniesaeles
2015-04-09 18:07 - 2015-02-06 02:37 - 00000000 ____D () C:\ProgramData\{9d7e11af-620c-2e26-9d7e-e11af62046bd}
2015-04-09 16:18 - 2015-02-06 02:42 - 00000000 ____D () C:\Program Files (x86)\TampaSystem
2015-04-09 16:17 - 2015-02-06 02:41 - 00000000 ____D () C:\ProgramData\17357270300497257782
2015-04-08 17:58 - 2015-03-17 22:37 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-08 17:58 - 2014-07-25 22:53 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-08 17:58 - 2014-07-25 22:53 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-08 17:58 - 2014-07-25 22:53 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-08 17:58 - 2014-07-25 22:53 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-08 17:58 - 2014-07-25 22:53 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-08 17:58 - 2014-07-25 22:53 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-08 17:58 - 2014-07-25 22:53 - 00029329 _____ () C:\Windows\system32\nvinfo.pb
2015-04-08 14:30 - 2014-07-25 22:53 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-08 14:30 - 2014-07-25 22:53 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-08 14:30 - 2014-07-25 22:53 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-08 14:30 - 2014-07-25 22:53 - 01047696 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-04-08 14:30 - 2014-07-25 22:53 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-08 14:30 - 2014-07-25 22:53 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-08 14:30 - 2014-07-25 22:53 - 00075080 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-04-08 14:30 - 2014-07-25 22:53 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-08 10:52 - 2014-07-25 22:53 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-07 00:36 - 2015-01-06 18:38 - 00001456 _____ () C:\Users\Sam\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-04-06 12:05 - 2013-08-22 08:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-04-06 12:05 - 2013-08-22 07:44 - 05111064 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-06 12:04 - 2014-12-27 13:36 - 00000000 ____D () C:\Users\Sam\Desktop\Resume
2015-04-03 19:24 - 2014-08-21 00:19 - 00002477 _____ () C:\Users\Sam\Desktop\Razer Synapse Config.lnk
2015-04-02 14:15 - 2015-03-24 12:05 - 00001857 _____ () C:\Users\Sam\Desktop\Spotify.lnk
2015-04-02 14:15 - 2014-10-26 22:38 - 00001843 _____ () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-01 00:45 - 2014-11-26 00:58 - 00000000 ____D () C:\ProgramData\Red Giant
2015-03-27 20:44 - 2014-08-20 19:15 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-27 20:44 - 2014-08-20 19:15 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-27 20:43 - 2014-08-20 19:15 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-27 20:43 - 2014-08-20 19:15 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-26 23:47 - 2014-10-14 15:18 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-26 10:52 - 2014-07-25 23:12 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2015-03-26 10:52 - 2014-07-25 23:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-03-26 10:52 - 2014-07-25 23:12 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
 
==================== Files in the root of some directories =======
 
2014-10-09 18:32 - 2014-10-09 18:32 - 0000132 _____ () C:\Users\Sam\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-02-18 05:40 - 2015-03-16 00:25 - 0000132 _____ () C:\Users\Sam\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-04-09 16:16 - 2015-04-22 16:23 - 0000020 _____ () C:\Users\Sam\AppData\Roaming\appdataFr3.bin
2015-01-06 18:38 - 2015-04-07 00:36 - 0001456 _____ () C:\Users\Sam\AppData\Local\Adobe Save for Web 13.0 Prefs
 
Some content of TEMP:
====================
C:\Users\Sam\AppData\Local\Temp\divx50f0.exe
C:\Users\Sam\AppData\Local\Temp\DivXSetup.exe
C:\Users\Sam\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvklhsm.dll
C:\Users\Sam\AppData\Local\Temp\i4jdel0.exe
C:\Users\Sam\AppData\Local\Temp\i4jdel1.exe
C:\Users\Sam\AppData\Local\Temp\pyl3274.tmp.exe
C:\Users\Sam\AppData\Local\Temp\pylA001.tmp.exe
C:\Users\Sam\AppData\Local\Temp\readSTILog.dll
C:\Users\Sam\AppData\Local\Temp\rscagent.exe
C:\Users\Sam\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite10154.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite10212.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite10714.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite11053.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite11056.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite11093.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite11577.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite11704.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite12261.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite12606.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite12949.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite13123.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite13205.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite13240.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite13717.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite14025.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite14927.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite15009.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite15134.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite15465.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite15923.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite16008.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite16064.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite16533.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite16791.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite16880.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite16918.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite17003.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite17086.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite17101.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite17388.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite17643.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite18182.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite18350.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite18462.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite18970.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite18999.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite19127.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite19468.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite19471.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite19617.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite19826.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite19861.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite20080.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite20348.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite20518.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite20719.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite20869.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite20950.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite21056.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite21204.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite21429.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite21438.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite21569.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite21688.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite21910.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite22597.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite22738.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite22766.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite23053.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite23054.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite23557.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite23601.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite23790.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite23907.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite24036.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite24197.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite24626.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite24942.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite25042.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite25078.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite25229.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite25440.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite25460.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite25492.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite25629.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite25783.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite25919.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite26009.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite26101.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite26129.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite26482.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite26506.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite26777.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite26794.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite26821.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite27194.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite27498.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite27788.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite27876.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite28414.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite28571.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite28786.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite29013.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite29145.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite29181.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite29341.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite29500.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite29710.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite29815.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite29868.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite30426.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite30467.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite30500.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite30593.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite30617.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite30737.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite30813.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite30892.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite30954.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite30966.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite31443.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite31692.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite32086.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite32168.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite32178.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite32421.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite32961.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite33165.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite33374.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite33392.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite34068.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite34093.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite34143.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite34329.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite34645.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite34700.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite34825.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite34946.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite35510.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite35688.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite35840.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite35942.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite36118.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite36158.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite36219.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite36390.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite36452.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite36513.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite36632.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite36791.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite36932.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite37092.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite37913.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite37922.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite38205.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite38709.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite39144.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite39682.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite39727.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite39897.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite40050.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite40067.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite40115.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite40367.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite40898.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite41266.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite41544.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite41786.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite41920.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite42048.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite42120.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite42221.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite42500.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite42627.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite42969.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite43253.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite43595.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite43842.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite43854.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite44003.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite44095.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite44149.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite44200.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite44232.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite44308.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite44768.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite44944.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite45279.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite45415.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite45849.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite45915.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite46037.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite46460.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite46486.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite47313.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite47545.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite47609.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite47693.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite48017.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite48230.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite48361.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite48445.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite48632.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite48661.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite48897.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite49080.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite49106.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite49126.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite49156.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite49202.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite49407.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite49584.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite49716.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite50046.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite50252.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite50370.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite50837.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite50919.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite51172.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite51295.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite51451.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite51785.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite52133.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite52269.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite52580.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite52726.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite52772.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite53130.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite53171.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite53359.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite54407.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite54961.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite55047.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite55429.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite55464.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite55641.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite55713.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite55880.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite55983.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite57000.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite57091.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite57145.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite57347.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite57426.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite57662.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite57753.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite57960.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite58311.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite58360.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite58672.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite58758.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite58814.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite59815.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite60132.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite60188.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite60560.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite60757.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite61011.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite61076.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite61123.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite61762.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite62243.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite62469.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite62542.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite62807.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite62850.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite62890.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite62965.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite63058.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite63122.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite63167.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite63443.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite63900.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite64199.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite64283.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite64908.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite65232.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite65288.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite65613.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite65929.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite66838.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite66909.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite67040.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite67074.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite67091.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite67092.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite67249.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite67520.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite67677.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68085.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68171.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68194.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68219.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68289.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68763.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68773.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68814.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68829.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68873.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68966.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite69184.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite69195.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite69439.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite69864.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite70077.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite70559.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite70658.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite70659.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite70676.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite70952.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite71014.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite71393.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite71925.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite72235.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite72299.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite72344.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite72416.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite72475.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite72575.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite73052.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite73078.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite73364.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite73623.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite74120.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite74285.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite74562.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite74645.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite74729.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite74796.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite74943.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite75141.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite75364.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite75408.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite75583.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite75650.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite75843.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite76291.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite76476.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite76563.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite76674.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite76910.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite77024.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite77051.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite77808.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite77930.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite77944.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite78200.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite78373.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite78485.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite78608.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite78620.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite78632.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite79183.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite79218.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite79416.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite79421.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite79795.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite80095.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite80340.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite80498.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite80861.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite81068.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite81218.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite81281.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite81758.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite82066.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite82663.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite82703.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite82740.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite82811.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite83108.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite83376.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite83437.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite83521.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite83572.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite83658.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite83662.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite83906.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite83987.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite84469.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite84569.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite84576.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite84790.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite84861.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite85026.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite85709.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite86268.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite86527.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite86582.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite86609.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite87344.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite87749.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite88016.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite88129.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite88148.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite88343.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite88427.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite88934.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite89341.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite89739.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite89928.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite90322.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite90609.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite90985.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite91970.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite92294.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite92501.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite93759.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite94347.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite94357.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite94667.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite94747.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite94917.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite94931.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite95026.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite95385.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite95409.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite95421.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite95598.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite95622.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite95779.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite96013.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite96185.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite96782.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite96784.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite96984.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite97102.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite97106.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite97168.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite97493.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite97575.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite97604.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite98271.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite98434.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite98657.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite98748.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite98916.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite99125.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite99229.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite99323.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite99394.dll
C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite99685.dll
C:\Users\Sam\AppData\Local\Temp\vstor_redist.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-17 12:25
 
==================== End Of Log ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2015
Ran by Sam at 2015-04-24 16:28:53
Running from C:\Users\Sam\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3276751746-3587298695-1269677053-500 - Administrator - Disabled)
Affluent Nerd (S-1-5-21-3276751746-3587298695-1269677053-1006 - Limited - Enabled) => C:\Users\Affluent Nerd
Guest (S-1-5-21-3276751746-3587298695-1269677053-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3276751746-3587298695-1269677053-1004 - Limited - Enabled)
Sam (S-1-5-21-3276751746-3587298695-1269677053-1002 - Administrator - Enabled) => C:\Users\Sam
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ActiveCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}) (Version:  - ActiveCoupon) <==== ATTENTION
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe After Effects CS5.5 (HKLM-x32\...\{E82097B9-A3B8-404A-9A92-AC16A8AC9576}) (Version: 10.5 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Altap Salamander 3.04 (x64) (HKLM\...\Altap Salamander 3.04 (x64)) (Version: 3.04 - ALTAP)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CableTerm (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{891e9dd5}) (Version:  - CableTerm) <==== ATTENTION
Citrix Online Launcher (HKLM-x32\...\{A08A6B7D-1F21-4843-85A3-77B8D15FAE0E}) (Version: 1.0.244 - Citrix)
Color Suite v11.1.4 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.1.4 - Red Giant, LLC)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.2.0 - Conexant)
CyberLink MediaShow 6 (HKLM-x32\...\InstallShield_{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}) (Version: 6.0.5617 - CyberLink Corp.)
DisplayLink Core Software (HKLM\...\{61A641A9-9CC7-421F-85CD-A8CDDEE4E3F2}) (Version: 7.4.51572.0 - DisplayLink Corp.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
Dropbox (HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Evernote v. 5.8.4 (HKLM-x32\...\{C15841A6-C20A-11E4-977D-00163E98E7D6}) (Version: 5.8.4.6870 - Evernote Corp.)
FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
Git version 1.9.5-preview20141217 (HKLM-x32\...\Git_is1) (Version: 1.9.5-preview20141217 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 7.1.8.2553 (HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\GoToMeeting) (Version: 7.1.8.2553 - CitrixOnline)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Wireless Bluetooth® 4.0 (HKLM-x32\...\{38561F82-2984-4C99-ADD7-D1166BC3D552}) (Version: 3.0.1335.05 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{5586ea81-c047-4609-b47a-4bad18347b44}) (Version: 16.5.0 - Intel Corporation)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Node.js (HKLM\...\{A4B476B6-6807-4F68-8731-5AC4DD55AE6E}) (Version: 0.10.35 - Joyent, Inc. and other Node contributors)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PRE11 STI 64Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Python 2.5.4 (HKLM-x32\...\{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}) (Version: 2.5.4150 - Python Software Foundation)
Quake Live (HKLM-x32\...\Quake Live) (Version:  - id Software)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.24735 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.8.100.5 - Red Giant, LLC)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.19.0 - Lenovo Group Limited)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.1 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
TOSHIBA Blu-ray Disc Player (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 1.0.5.207  - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.0003.64001 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 5.0.1.0 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.5 - VMware, Inc)
VMware Player (Version: 6.0.5 - VMware, Inc.) Hidden
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.10w2 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Wondershare Streaming Audio Recorder(Build 2.2.2) (HKLM-x32\...\Wondershare Streaming Audio Recorder_is1) (Version: 2.2.2.0 - Wondershare Software)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-5 - Bitnami)
XBMC (HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\XBMC) (Version:  - Team XBMC)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Sam\AppData\Local\Citrix\GoToMeeting\2128\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sam\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sam\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{C78B614A-F3EA-11D2-94A1-00E0292A01E3}\InprocServer32 -> C:\Program Files\Altap Salamander\utils\salextx64.dll (ALTAP)
CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sam\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sam\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
01-04-2015 05:24:18 Scheduled Checkpoint
10-04-2015 12:38:42 Scheduled Checkpoint
13-04-2015 19:17:17 Removed NVIDIA PhysX
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-11-03 11:43 - 2014-11-03 13:06 - 00001959 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {03223EA0-035C-4BD9-8B02-5C208EEFDAEE} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe [2015-03-11] ()
Task: {05397BE2-115C-406C-89DC-BFFAF3E23465} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {0D8DA163-D207-42E7-BDE3-7EEC53062151} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-11-07] (TOSHIBA Corporation)
Task: {12E90940-CB52-4996-BC59-F25F9A63381D} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {17B18E5A-1934-43AB-BD86-34C3F37515B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-25] (Google Inc.)
Task: {3702EECE-040F-41A3-B793-FA995E19C5B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {40D5837A-125C-47D0-968D-2588A575EFE7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {53D9F154-E6D7-4214-A1D5-C5BF7D6F777B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {54FB6E0A-4FE6-4729-A701-6BF517A16965} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {55785C5A-17FE-42F7-AA4C-2E90BE9E3B61} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {62CC649D-FCD0-4C53-9FE0-007730EF6C8E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {94653BA0-37E8-45F9-9339-F2A879AD308A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {9F2749F6-78B0-4F74-89FC-CB1F28E7E3D0} - System32\Tasks\G2MUpdateTask-S-1-5-21-3276751746-3587298695-1269677053-1002 => C:\Users\Sam\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-04-17] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A0FA02B8-8590-4E5C-A3C0-013A513FBF81} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-22] (Synaptics Incorporated)
Task: {B04AFB39-186B-45EA-B757-89FE0D1285BE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {B82EC614-9A02-4E58-A2CB-A10CD121DD9C} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {C1389674-DD93-4BEA-A324-59C750602D30} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {D6C3BDA6-F03A-46A6-BE47-E658A54E05CD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-06] (Symantec Corporation)
Task: {E16DCCE7-C226-4898-922F-14DF867C2088} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation)
Task: {E8AA9738-244B-4023-88AA-0B7FCDF71EB3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-14] (Microsoft Corporation)
Task: {EAE12518-324F-4652-BBD8-344B9FD4C068} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {EAEAC711-82C4-49B1-A2F4-DCDB19402769} - System32\Tasks\{69306D15-8F0C-4EFF-A983-9EB184B97A01} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {F036638D-7FF9-4A39-891C-D10119C45CB2} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {F94C63CB-D37B-4EDD-ADF1-1B178D08D855} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-25] (Google Inc.)
Task: {FCFFFA80-7197-4ADF-8FBA-80500B8E949A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3276751746-3587298695-1269677053-1002.job => C:\Users\Sam\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-09-21 13:53 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-10 12:54 - 2013-09-10 12:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2015-02-04 16:24 - 2015-02-04 16:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-08-26 22:39 - 2014-03-06 12:37 - 00013312 _____ () C:\Windows\SysWOW64\SMITSC.exe
2014-07-25 22:53 - 2015-04-08 17:58 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-07-25 22:53 - 2015-04-08 14:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-20 04:22 - 2015-01-27 08:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-27 22:10 - 2014-12-17 22:23 - 00736962 _____ () C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll
2014-12-25 03:17 - 2014-11-04 11:49 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-08-01 14:24 - 2013-08-01 14:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2014-09-18 00:23 - 2014-09-18 00:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 11:51 - 2014-10-14 11:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 00:23 - 2014-09-18 00:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 11:51 - 2014-10-14 11:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-03-02 07:43 - 2015-03-02 07:43 - 00099288 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-01-09 22:26 - 2014-01-09 22:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2015-01-16 19:15 - 2015-01-16 19:15 - 01301720 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2014-07-25 22:48 - 2014-03-06 13:15 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-03-02 13:30 - 2015-03-02 13:30 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-04-13 19:13 - 2015-03-27 20:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-04-22 15:12 - 2015-04-22 15:12 - 00098816 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32api.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00110080 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\pywintypes27.dll
2015-04-22 15:12 - 2015-04-22 15:12 - 00364544 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\pythoncom27.dll
2015-04-22 15:12 - 2015-04-22 15:12 - 00045568 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\_socket.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 01161216 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\_ssl.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00320512 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32com.shell.shell.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00713216 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\_hashlib.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 01175040 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\wx._core_.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00805888 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\wx._gdi_.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00811008 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\wx._windows_.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 01062400 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\wx._controls_.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00735232 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\wx._misc_.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00682496 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\pysqlite2._sqlite.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00128512 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\_elementtree.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00127488 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\pyexpat.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00087552 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\_ctypes.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00119808 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32file.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00108544 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32security.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00007168 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\hashobjs_ext.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00167936 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32gui.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00018432 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32event.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00038912 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32inet.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00011264 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32crypt.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00070656 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\wx._html2.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00027136 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\_multiprocessing.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00020480 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\_yappi.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00035840 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32process.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00686080 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\unicodedata.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00122368 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\wx._wizard.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00024064 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32pipe.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00010240 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\select.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00025600 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32pdh.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00525640 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\windows._lib_cacheinvalidation.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00017408 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32profile.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00022528 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32ts.pyd
2015-04-22 15:12 - 2015-04-22 15:12 - 00078336 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\wx._animate.pyd
2014-07-25 22:53 - 2015-04-08 17:58 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-02-05 02:20 - 2015-02-05 02:20 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-03-03 18:29 - 2015-03-03 18:29 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-03-03 18:29 - 2015-03-03 18:29 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-01-09 22:28 - 2014-01-09 22:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-04-16 01:48 - 2015-04-13 14:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-16 01:48 - 2015-04-13 14:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2015-04-23 13:30 - 2015-04-23 13:30 - 00043008 _____ () c:\users\sam\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvklhsm.dll
2015-03-04 14:45 - 2015-03-04 14:45 - 00750080 _____ () C:\Users\Sam\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 14:45 - 2015-03-04 14:45 - 00047616 _____ () C:\Users\Sam\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 14:45 - 2015-03-04 14:45 - 00865280 _____ () C:\Users\Sam\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 14:45 - 2015-03-04 14:45 - 00200704 _____ () C:\Users\Sam\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-16 19:15 - 2015-01-16 19:15 - 00330456 _____ () C:\Program Files (x86)\VMware\VMware Player\libcurl.dll
2015-01-16 19:15 - 2015-01-16 19:15 - 00319704 _____ () C:\Program Files (x86)\VMware\VMware Player\libldap_r.dll
2015-01-16 19:16 - 2015-01-16 19:16 - 00146648 _____ () C:\Program Files (x86)\VMware\VMware Player\liblber.dll
2015-01-16 19:15 - 2015-01-16 19:15 - 00070360 _____ () C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
2015-03-06 04:43 - 2015-04-02 14:15 - 40506936 _____ () C:\Users\Sam\AppData\Roaming\Spotify\libcef.dll
2015-03-06 04:43 - 2015-04-02 14:15 - 01365560 _____ () C:\Users\Sam\AppData\Roaming\Spotify\libglesv2.dll
2015-03-06 04:43 - 2015-04-02 14:15 - 00219192 _____ () C:\Users\Sam\AppData\Roaming\Spotify\libegl.dll
2015-03-06 04:43 - 2015-03-24 12:05 - 09305656 _____ () C:\Users\Sam\AppData\Roaming\Spotify\pdf.dll
2015-03-06 04:43 - 2015-04-02 14:15 - 00990776 _____ () C:\Users\Sam\AppData\Roaming\Spotify\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Sam\Local Settings:sER6g7YQjWEON9kuKn4oqVl
AlternateDataStreams: C:\Users\Sam\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Sam\AppData\Local:sER6g7YQjWEON9kuKn4oqVl
AlternateDataStreams: C:\Users\Sam\AppData\Local\Application Data:sER6g7YQjWEON9kuKn4oqVl
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Sam\Desktop\latest-toshiba-wallpaper-background.jpg
DNS Servers: 10.250.0.51 - 10.250.0.50
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: IWD Bus Enumerator
Description: IWD Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: iwdbus
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/24/2015 04:22:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (04/24/2015 04:12:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (04/24/2015 04:02:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (04/24/2015 03:52:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (04/24/2015 03:42:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (04/23/2015 05:02:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3610
 
Error: (04/23/2015 05:02:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3610
 
Error: (04/23/2015 05:02:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/23/2015 05:02:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2407
 
Error: (04/23/2015 05:02:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2407
 
 
System errors:
=============
Error: (04/24/2015 03:42:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
 
Error: (04/16/2015 07:12:13 PM) (Source: Schannel) (EventID: 4114) (User: AFFLUENTNERD)
Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.
 
Error: (04/16/2015 07:12:13 PM) (Source: Schannel) (EventID: 4120) (User: AFFLUENTNERD)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 48. The Windows SChannel error state is 552.
 
Error: (04/15/2015 11:45:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TampaModule service to connect.
 
Error: (04/09/2015 06:09:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TampaModule service to connect.
 
Error: (04/09/2015 06:09:05 PM) (Source: DCOM) (EventID: 10010) (User: AFFLUENTNERD)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (04/09/2015 06:09:05 PM) (Source: DCOM) (EventID: 10010) (User: AFFLUENTNERD)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (04/09/2015 04:15:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util SmarterPower service failed to start due to the following error: 
%%2
 
Error: (04/09/2015 04:15:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update SmarterPower service failed to start due to the following error: 
%%2
 
Error: (04/07/2015 07:59:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util SmarterPower service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (04/24/2015 04:22:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (04/24/2015 04:12:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (04/24/2015 04:02:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (04/24/2015 03:52:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (04/24/2015 03:42:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (04/23/2015 05:02:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3610
 
Error: (04/23/2015 05:02:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3610
 
Error: (04/23/2015 05:02:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/23/2015 05:02:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2407
 
Error: (04/23/2015 05:02:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2407
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-24 16:26:21.434
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-24 16:26:21.302
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 35%
Total physical RAM: 16308.09 MB
Available physical RAM: 10532.43 MB
Total Pagefile: 18740.09 MB
Available Pagefile: 13483.3 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
 
==================== Drives ================================
 
Drive c: (TI1068550PA) (Fixed) (Total:226.32 GB) (Free:105.13 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:750.49 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 28FB916D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

  • 0

#4
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
First, some Uninstalls please >>>>

Please download a fresh copy of Google Chrome from here to your desktop.

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

ActiveCoupon
CableTerm
Google Chrome
Google Drive
Norton Internet Security


To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

Notes: Google applications have been modified by malware and should be reinstalled to repair them. We will handle that after a FRST script run (used to break the active malware). The Norton product is not regestered in the system properly; either it is expired or damaged. If Norton is supposed to be your prinary security software (your license is not expired) you will need to save your license key before you uninstall Norton. This will allow you to install and activate the product later.


Second, run a FRST script >>>>

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt



Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Run: [GoogleChromeAutoLaunch_FD70E4195A4DE5E83920BD6414A71B17] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\MountPoints2: {bf00f889-270c-11e4-825d-806e6f6e6963} - "E:\Startup.exe"
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T I Where They At Doe.mp3.lnk [2015-02-06]
ShortcutTarget: T I Where They At Doe.mp3.lnk -> C:\ProgramData\{cc8cf799-5171-16e2-cc8c-cf799517de65}\T I Where They At Doe.mp3.exe (No File)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002 -> DefaultScope {00A8C085-5EC1-4F91-9F57-10ABED20521E} URL =
SearchScopes: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002 -> {00A8C085-5EC1-4F91-9F57-10ABED20521E} URL =
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-04-15]
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
CHR Extension: (Norton Identity Safe) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-02-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-06] (Symantec Corporation)
S2 891e9dd5; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\TampaModule\TampaModule.dll",serv
c:\Program Files (x86)\TampaModule
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]
S3 rssasnt; \??\C:\Users\Public\Documents\RSupport\rcc50\rssas64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
2015-04-09 16:18 - 2015-04-09 18:09 - 00000000 ____D () C:\Program Files (x86)\TampaModule
2015-04-09 16:17 - 2015-04-09 18:07 - 00000000 ____D () C:\Program Files (x86)\Clear Cache Shortcut
2015-04-09 16:17 - 2015-04-09 18:07 - 00000000 ____D () C:\Program Files (x86)\BrowssingCleaarrly
2015-04-09 16:16 - 2015-04-22 16:23 - 00000020 _____ () C:\Users\Sam\AppData\Roaming\appdataFr3.bin
2015-04-09 16:16 - 2015-04-09 18:07 - 00000000 ____D () C:\Program Files (x86)\WhiteCoeupon
2015-04-09 16:16 - 2015-04-09 16:16 - 00000000 ____D () C:\Program Files (x86)\ActiveCoupon
2015-04-09 18:09 - 2015-02-06 02:41 - 00000000 ____D () C:\ProgramData\{cc8cf799-5171-16e2-cc8c-cf799517de65}
2015-04-09 18:09 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\PLA
2015-04-09 18:07 - 2015-02-06 02:42 - 00000000 ____D () C:\Program Files (x86)\Uneisales
2015-04-09 18:07 - 2015-02-06 02:42 - 00000000 ____D () C:\Program Files (x86)\History Calendar
2015-04-09 18:07 - 2015-02-06 02:41 - 00000000 ____D () C:\Program Files (x86)\uniesaeles
2015-04-09 18:07 - 2015-02-06 02:37 - 00000000 ____D () C:\ProgramData\{9d7e11af-620c-2e26-9d7e-e11af62046bd}
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
Hosts:
Task: {53D9F154-E6D7-4214-A1D5-C5BF7D6F777B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {54FB6E0A-4FE6-4729-A701-6BF517A16965} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D6C3BDA6-F03A-46A6-BE47-E658A54E05CD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-06] (Symantec Corporation)
Task: {EAEAC711-82C4-49B1-A2F4-DCDB19402769} - System32\Tasks\{69306D15-8F0C-4EFF-A983-9EB184B97A01} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
AlternateDataStreams: C:\Users\Sam\Local Settings:sER6g7YQjWEON9kuKn4oqVl
AlternateDataStreams: C:\Users\Sam\AppData\Local:sER6g7YQjWEON9kuKn4oqVl
AlternateDataStreams: C:\Users\Sam\AppData\Local\Application Data:sER6g7YQjWEON9kuKn4oqVl
RemoveProxy:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Last, reinstall Chrome >>>>

After the system is restarted from the FRST script run, please double click on the Google Chrome install file on your desktop (saved from Step 1) and follow the prompts to install Chrome.


Information to Reply with >>>>
  • How did the uninstalls go?
  • The Fixlog.txt log file text.
  • How is your system running now?

  • 0

#5
sonicskilz

sonicskilz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
ActiveCoupon would not uninstall. It pops up with a window entitled "xyz Uninstall" and another Window on top of that, which is titled "Uninstall" and contains the text "Plese close your browser and try again". The only option is to click "OK". No browser Window is actually open, and the message is really spelled "Plese."
 
Uninstalling CableTerm procs an error titled "RunDLL" with the following text:
"There was a problem starting
C:\PROGRA~2\TAMPAM~1\tampam~1.DLL
 
The specified module could not be found."
 
Again, the only option is to click "OK". I'm assuming that these items failing to properly uninstall invalidates the rest of the procedure that you have outlined for me. If I should still proceed with everything else you posted above, please let me know and I'll just do everything else. Otherwise, please advise on another course of action.
 
Much appreciated,
-Sam

Edited by sonicskilz, 25 April 2015 - 05:40 PM.

  • 0

#6
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Please proceed with the steps outlined.  The uninstalls of some malware will try and block their removal but we will succeed manually anyway.


  • 0

#7
sonicskilz

sonicskilz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

I like your attitude!  :D

 

The uninstalls went without a hitch, besides the CableTerm and ActiveCoupon of course. I restarted once for Norton Internet Security to complete it's uninstall, then restarted once again to apply the FRST fixlist, and finally downloaded Chrome for 64bit Windows 8. System seems to be running well, although Shockwave flash has already crashed once in the brief time I've been running this fresh install of Chrome.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-04-2015
Ran by Sam at 2015-04-26 14:00:13 Run:1
Running from C:\Users\Sam\Desktop
Loaded Profiles: Sam (Available profiles: Sam & Affluent Nerd & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Run: [GoogleChromeAutoLaunch_FD70E4195A4DE5E83920BD6414A71B17] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\MountPoints2: {bf00f889-270c-11e4-825d-806e6f6e6963} - "E:\Startup.exe"
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T I Where They At Doe.mp3.lnk [2015-02-06]
ShortcutTarget: T I Where They At Doe.mp3.lnk -> C:\ProgramData\{cc8cf799-5171-16e2-cc8c-cf799517de65}\T I Where They At Doe.mp3.exe (No File)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002 -> DefaultScope {00A8C085-5EC1-4F91-9F57-10ABED20521E} URL =
SearchScopes: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002 -> {00A8C085-5EC1-4F91-9F57-10ABED20521E} URL =
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-04-15]
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
CHR Extension: (Norton Identity Safe) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-02-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-06] (Symantec Corporation)
S2 891e9dd5; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\TampaModule\TampaModule.dll",serv
c:\Program Files (x86)\TampaModule
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]
S3 rssasnt; \??\C:\Users\Public\Documents\RSupport\rcc50\rssas64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
2015-04-09 16:18 - 2015-04-09 18:09 - 00000000 ____D () C:\Program Files (x86)\TampaModule
2015-04-09 16:17 - 2015-04-09 18:07 - 00000000 ____D () C:\Program Files (x86)\Clear Cache Shortcut
2015-04-09 16:17 - 2015-04-09 18:07 - 00000000 ____D () C:\Program Files (x86)\BrowssingCleaarrly
2015-04-09 16:16 - 2015-04-22 16:23 - 00000020 _____ () C:\Users\Sam\AppData\Roaming\appdataFr3.bin
2015-04-09 16:16 - 2015-04-09 18:07 - 00000000 ____D () C:\Program Files (x86)\WhiteCoeupon
2015-04-09 16:16 - 2015-04-09 16:16 - 00000000 ____D () C:\Program Files (x86)\ActiveCoupon
2015-04-09 18:09 - 2015-02-06 02:41 - 00000000 ____D () C:\ProgramData\{cc8cf799-5171-16e2-cc8c-cf799517de65}
2015-04-09 18:09 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\PLA
2015-04-09 18:07 - 2015-02-06 02:42 - 00000000 ____D () C:\Program Files (x86)\Uneisales
2015-04-09 18:07 - 2015-02-06 02:42 - 00000000 ____D () C:\Program Files (x86)\History Calendar
2015-04-09 18:07 - 2015-02-06 02:41 - 00000000 ____D () C:\Program Files (x86)\uniesaeles
2015-04-09 18:07 - 2015-02-06 02:37 - 00000000 ____D () C:\ProgramData\{9d7e11af-620c-2e26-9d7e-e11af62046bd}
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
Hosts:
Task: {53D9F154-E6D7-4214-A1D5-C5BF7D6F777B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {54FB6E0A-4FE6-4729-A701-6BF517A16965} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D6C3BDA6-F03A-46A6-BE47-E658A54E05CD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-06] (Symantec Corporation)
Task: {EAEAC711-82C4-49B1-A2F4-DCDB19402769} - System32\Tasks\{69306D15-8F0C-4EFF-A983-9EB184B97A01} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
AlternateDataStreams: C:\Users\Sam\Local Settings:sER6g7YQjWEON9kuKn4oqVl
AlternateDataStreams: C:\Users\Sam\AppData\Local:sER6g7YQjWEON9kuKn4oqVl
AlternateDataStreams: C:\Users\Sam\AppData\Local\Application Data:sER6g7YQjWEON9kuKn4oqVl
RemoveProxy:
Reboot:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_FD70E4195A4DE5E83920BD6414A71B17 => Value not found.
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf00f889-270c-11e4-825d-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{bf00f889-270c-11e4-825d-806e6f6e6963} => Key not found. 
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully.
C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T I Where They At Doe.mp3.lnk not found.
C:\ProgramData\{cc8cf799-5171-16e2-cc8c-cf799517de65}\T I Where They At Doe.mp3.exe not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{00A8C085-5EC1-4F91-9F57-10ABED20521E}" => Key deleted successfully.
HKCR\CLSID\{00A8C085-5EC1-4F91-9F57-10ABED20521E} => Key not found. 
C:\Users\Sam\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll not found.
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\internal-nacl-plugin No File not found.
C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\pdf.dll not found.
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} => Value not found.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn not found.
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll not found.
C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif directory not found.
C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => Key not found. 
HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk => Key not found. 
"C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk => Key not found. 
"C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx" => File/Directory not found.
NIS => Service not found.
891e9dd5 => Service deleted successfully.
c:\Program Files (x86)\TampaModule => Moved successfully.
intaud_WaveExtensible => Service deleted successfully.
iwdbus => Service deleted successfully.
rssasnt => Service deleted successfully.
VBoxNetFlt => Service deleted successfully.
"C:\Program Files (x86)\TampaModule" => File/Directory not found.
C:\Program Files (x86)\Clear Cache Shortcut => Moved successfully.
C:\Program Files (x86)\BrowssingCleaarrly => Moved successfully.
C:\Users\Sam\AppData\Roaming\appdataFr3.bin => Moved successfully.
C:\Program Files (x86)\WhiteCoeupon => Moved successfully.
C:\Program Files (x86)\ActiveCoupon => Moved successfully.
C:\ProgramData\{cc8cf799-5171-16e2-cc8c-cf799517de65} => Moved successfully.
C:\Windows\PLA => Moved successfully.
C:\Program Files (x86)\Uneisales => Moved successfully.
C:\Program Files (x86)\History Calendar => Moved successfully.
C:\Program Files (x86)\uniesaeles => Moved successfully.
C:\ProgramData\{9d7e11af-620c-2e26-9d7e-e11af62046bd} => Moved successfully.
C:\Windows\SysWOW64\dlumd10.dll => Moved successfully.
C:\Windows\SysWOW64\dlumd11.dll => Moved successfully.
C:\Windows\SysWOW64\dlumd9.dll => Moved successfully.
C:\Windows\System32\dlumd10.dll => Moved successfully.
C:\Windows\System32\dlumd11.dll => Moved successfully.
C:\Windows\System32\dlumd9.dll => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53D9F154-E6D7-4214-A1D5-C5BF7D6F777B} => Key not found. 
C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Analyzer not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Analyzer => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54FB6E0A-4FE6-4729-A701-6BF517A16965} => Key not found. 
C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Processor not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Processor => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6C3BDA6-F03A-46A6-BE47-E658A54E05CD} => Key not found. 
C:\Windows\System32\Tasks\Norton WSC Integration not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAEAC711-82C4-49B1-A2F4-DCDB19402769}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAEAC711-82C4-49B1-A2F4-DCDB19402769}" => Key deleted successfully.
C:\Windows\System32\Tasks\{69306D15-8F0C-4EFF-A983-9EB184B97A01} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{69306D15-8F0C-4EFF-A983-9EB184B97A01}" => Key deleted successfully.
"C:\Users\Sam\Local Settings" => ":sER6g7YQjWEON9kuKn4oqVl" ADS not found.
C:\Users\Sam\AppData\Local => ":sER6g7YQjWEON9kuKn4oqVl" ADS removed successfully.
"C:\Users\Sam\AppData\Local\Application Data" => ":sER6g7YQjWEON9kuKn4oqVl" ADS not found.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
 
 
========= End of RemoveProxy: =========
 
 
 
The system needed a reboot. 
 

==== End of Fixlog 14:00:24 ==== 


  • 0

#8
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

First, a Junkware Removal Tool scan >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


Second, a AdwCleaner cleaning >>>>


AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwCleaner_v4111_zpsn56hzjza.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.



Information to Reply with >>>>

  • The JRT.txt log text.
  • The AdwCleaner[S#].txt log text.

  • 0

#9
sonicskilz

sonicskilz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Both very easy to use programs. Thank you for your instructions!  :prop:

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.5 (04.27.2015:1)
OS: Windows 8.1 x64
Ran by Sam on Mon 04/27/2015 at  0:31:35.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3276751746-3587298695-1269677053-1002
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3276751746-3587298695-1269677053-500
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3948165036-3373961967-2585386888-500
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update SmarterPower
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util SmarterPower
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/27/2015 at  0:32:48.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
# AdwCleaner v4.202 - Logfile created 27/04/2015 at 00:42:00
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.1 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Sam - AFFLUENTNERD
# Running from : C:\Users\Sam\Desktop\adwcleaner_4.202.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\BoostSoftware
Folder Deleted : C:\Users\Sam\AppData\Roaming\RHEng
Folder Deleted : C:\Users\Affluent Nerd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Folder Deleted : C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Folder Deleted : C:\Users\Affluent Nerd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Deleted : C:\ProgramData\ffdfbgfdmdnedooofolgleppgeklbjhg
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\abacbd63-0b90-075b-6913-0710a0e229d4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{891e9dd5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6137A08F-29B1-4E48-B6A1-70CC3ABF50F7}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\BoostSoftware
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v42.0.2311.90
 
[C:\Users\Affluent Nerd\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Affluent Nerd\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Affluent Nerd\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : nmmhkkegccagdldgiimedpiccmgmieda
[C:\Users\Affluent Nerd\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk
[C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : nmmhkkegccagdldgiimedpiccmgmieda
 
*************************
 
AdwCleaner[R0].txt - [2959 bytes] - [27/04/2015 00:35:30]
AdwCleaner[S0].txt - [2819 bytes] - [27/04/2015 00:42:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2878  bytes] ##########

  • 0

#10
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Your version of Malwarebytes' Antimalware is not the most current.  Let's update it and see what it finds ....
 
Malwarebytes' Anti-Malware
Please download the latest version of Malwarebytes' Anti-Malware from here .

Double Click on the mbam-setup.exe file to install the application.  It should just update the current installation, keeping your current settings.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
Main%20Screen_zpsnnwza0ky.png

Once updated, please select Settings > Detection and Protection.  Please ensure that "Scan for Rootkits" is selected along with Non-Malware Protection PUP and PUM are set to "Treat detections as malware"
Detection%20Settings_zpsaviydqil.png

Once the program has loaded and updated, select "Scan Now >>" to start the scan.
Main%20Screen_zpsnnwza0ky.png

The scan may take some time to finish, so please be patient.
mbam21-scaninprogress_zps38w26yvt.jpg

If any malware is found, you will be presented with a screen like the one below.
mbam21-removeselected_zpsg83p7wis.jpg

Make sure that everything is checked, and click Remove Selected.  when the removal is completed, a summary screen will be presented.
mbam21-saveresults_zpszocfy4qr.jpg

At the bottom of this screen, click on Save Results and then on Text file (*.txt).  Save the file to your desktop and click OK.  Click Finish to return to the main screen and then close Malwarebytes.
mbam21-finish_zpshfl56bcn.jpg

Double click on log file you saved to your desktop; the log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


  • 0

Advertisements


#11
sonicskilz

sonicskilz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Hi dbreeze,

 

The Malwarebytes scan returned clean. I did update the version first.  :yes:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/27/2015
Scan Time: 3:33:01 PM
Logfile: malfixlog.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.04.27.05
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sam
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 465345
Time Elapsed: 11 min, 11 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#12
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

This next step may take a while (just to warn you) .....

ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead.  ESET Online does work with IE 10 and earlier.

You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

-------------------------------------------------------------------------------------------------------------------

Hold down Control key and click on the following link to open ESET OnlineScan in a new window.

Link =>> ESET Online Scanner  <<

Click the Run ESET Online Scanner located on the left side of the page (not the free trial).

abfacb96-0c99-4b59-b9e9-9298aa0ee3ec_zps

For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step)
Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop.

Getinstallerpopup2_zps65f446a6.png

Double click on the icon on your desktop.

desktopfile_zps98a1ee89.png

Check (accept) the Terms of Use.

TOU_zps4ecd3406.png

Click the START button.
Accept any security warnings from your browser.

Now in the Computer scan settings window that appears:-
Make sure that the option Enable detection of potentially unwanted applications is selected.
Now click on Advanced Settings and configure the options as follows:

Remove found threats is Not checked
Scan archives is checked
Scan for potentially unsafe applications is checked
Enable Anti-Stealth Technology is checked


Now click on: Start
Loadsettings_2014-08-23_zps3f2d0c88.png



ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

Downloadingsignatures_zps36c38587.png


Scanningdisplay_zpsec3aac14.png

When the scan is finished, if any threats are found you will see the screen below.  Click to view the found threats.

Threatsfound_zpsfe95fb4e.png

At the bottom of the listed threats, there is an option to save the results to a text file.  Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).

Exporttotextfile_zps16cb487f.png

Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.

UninstallcheckedandFinish_zps6fb26ad8.pn

Attach the saved log file in your next reply please.  Thanks.


  • 0

#13
sonicskilz

sonicskilz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Whew! You were right - that took awhile! Here is what the scan produced:

 

C:\AdwCleaner\Quarantine\C\ProgramData\ffdfbgfdmdnedooofolgleppgeklbjhg\OP5n0f.js.vir JS/Kryptik.ATB trojan
C:\Users\Sam\AppData\Local\Microsoft\Windows\INetCache\IE\M5YXS5KZ\OCSetupHlp[1].dll a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\Sam\AppData\Local\Temp\1800\temp\CableTerm.xyz.exe a variant of Win32/Adware.MultiPlug.ER application
C:\Users\Sam\AppData\Local\Temp\D5D6BD\temp\putfu.xyz a variant of Win32/Adware.MultiPlug.ER application
C:\Users\Sam\AppData\Local\Temp\is386526232\6AC3B58C_stp\icc.dll a variant of Win32/InstallCore.YX potentially unwanted application

  • 0

#14
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Start
CreateRestorePoint:
CloseProcesses:
C:\Users\Sam\AppData\Local\Microsoft\Windows\INetCache\IE\M5YXS5KZ\OCSetupHlp[1].dll
C:\Users\Sam\AppData\Local\Temp\1800\temp\CableTerm.xyz.exe
C:\Users\Sam\AppData\Local\Temp\D5D6BD\temp\putfu.xyz
C:\Users\Sam\AppData\Local\Temp\is386526232\6AC3B58C_stp\icc.dll
RemoveProxy:
EmptyTemp:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


  • 0

#15
sonicskilz

sonicskilz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Thanks for the help so far, dbreeze! Am I correct in assuming that we're closing in on a final resolution? I noticed CableTermand ActiveCoupon are gone from the application list in add or remove programs.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-04-2015
Ran by Sam at 2015-05-02 12:33:49 Run:2
Running from C:\Users\Sam\Desktop
Loaded Profiles: Sam (Available profiles: Sam & Affluent Nerd & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
C:\Users\Sam\AppData\Local\Microsoft\Windows\INetCache\IE\M5YXS5KZ\OCSetupHlp[1].dll
C:\Users\Sam\AppData\Local\Temp\1800\temp\CableTerm.xyz.exe
C:\Users\Sam\AppData\Local\Temp\D5D6BD\temp\putfu.xyz
C:\Users\Sam\AppData\Local\Temp\is386526232\6AC3B58C_stp\icc.dll
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Sam\AppData\Local\Microsoft\Windows\INetCache\IE\M5YXS5KZ\OCSetupHlp[1].dll => Moved successfully.
C:\Users\Sam\AppData\Local\Temp\1800\temp\CableTerm.xyz.exe => Moved successfully.
C:\Users\Sam\AppData\Local\Temp\D5D6BD\temp\putfu.xyz => Moved successfully.
C:\Users\Sam\AppData\Local\Temp\is386526232\6AC3B58C_stp\icc.dll => Moved successfully.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
 
 
========= End of RemoveProxy: =========
 
EmptyTemp: => Removed 6.2 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 12:34:46 ====

  • 0






Similar Topics


Also tagged with one or more of these keywords: ad network, browser redirect, virus, adware, rootkit

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP