[sonicskilz]

I've been getting hover ads, popup ads, randomly placed ads and browser redirects to virus removal sites from an ad serving service that I have not requestsed in my browser. It's currently called "ActiveDeals." I can remove it from my browser extensions at chrome://extensions. However, there is a more deeply seeded issue at play.

 

I removed another ad network that did the same types of things a few weeks ago. It had a different name that I don't recall. So I have something in my system that keeps installing these malicious and annoying ad networks. I can remove them from Chrome directly, but then they just get regenerated fairly quickly.

 

I installed good ole Malwarebytes, which has detected things to quaranteen and resolve, but doesn't seem to permanently resolve the issue anymore than deleting the extensions.

 

If it helps to know where I'm redirected, I just got sent to reimageplus.com with a heading of "Windows PC Repair." Help is greatly appreciated!

 

-Sam

[Advertisements]

Hi sonicskilz,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

• Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
• All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
• Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
• Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
• If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
• While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
• Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
• Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

- Save ALL Tools to your Desktop-

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab. Thank you.

Let's get started....

Since you only state Win8 for a OS, please download both versions below (unless you know if the system is 32 or 64 bit).

Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

I would try the 64 bit version first; if it runs then delete the 32 bit version.

• Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• If an update is available, the program will inform you and download the update. Allow it do this please.
• Once the tool shows "The tool is ready to use." message, please press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[dbreeze]

Hi sonicskilz,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

• Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
• All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
• Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
• Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
• If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
• While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
• Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
• Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

- Save ALL Tools to your Desktop-

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab. Thank you.

Let's get started....

Since you only state Win8 for a OS, please download both versions below (unless you know if the system is 32 or 64 bit).

Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

I would try the 64 bit version first; if it runs then delete the 32 bit version.

• Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• If an update is available, the program will inform you and download the update. Allow it do this please.
• Once the tool shows "The tool is ready to use." message, please press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[sonicskilz]

Hello dbreeze,

 

Thank you for your thorough instructions! Here are the two logs you requested. I appreciate your ongoing assistance with my issue!       -Sam

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2015

Ran by Sam (administrator) on AFFLUENTNERD on 24-04-2015 16:28:13

Running from C:\Users\Sam\Desktop

Loaded Profiles: Sam (Available profiles: Sam & Affluent Nerd & Guest)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Windows\SysWOW64\SMITSC.exe

(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe

(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe

() C:\Program Files\Toshiba\Hotkey\Hotkey\TCrdKBB.exe

(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe

(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Spotify Ltd) C:\Users\Sam\AppData\Roaming\Spotify\SpotifyWebHelper.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Toshiba) C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Dropbox, Inc.) C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-unity-helper.exe

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\x64\vmware-vmx.exe

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vprintproxy.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Spotify Ltd) C:\Users\Sam\AppData\Roaming\Spotify\Spotify.exe

(Spotify Ltd) C:\Users\Sam\AppData\Roaming\Spotify\SpotifyCrashService.exe

(Spotify Ltd) C:\Users\Sam\AppData\Roaming\Spotify\Spotify.exe

(Spotify Ltd) C:\Users\Sam\AppData\Roaming\Spotify\Spotify.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [] => [X]

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-11] (Conexant Systems, Inc.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)

HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)

HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon

HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-27] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)

HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.)

HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-28] (Wondershare)

HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)

HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Run: [GoogleChromeAutoLaunch_FD70E4195A4DE5E83920BD6414A71B17] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Run: [Spotify Web Helper] => C:\Users\Sam\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-02] (Spotify Ltd)

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [840784 2012-09-17] (Adobe Systems Incorporated)

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\MountPoints2: {bf00f889-270c-11e4-825d-806e6f6e6963} - "E:\Startup.exe" 

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> 

AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-04-08] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-04-08] (NVIDIA Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-04-15]

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-08-24]

ShortcutTarget: Dropbox.lnk -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-11-10]

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T I   Where They At Doe.mp3.lnk [2015-02-06]

ShortcutTarget: T I   Where They At Doe.mp3.lnk -> C:\ProgramData\{cc8cf799-5171-16e2-cc8c-cf799517de65}\T I   Where They At Doe.mp3.exe (No File)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....oshiba.com&OSP=

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002 -> DefaultScope {00A8C085-5EC1-4F91-9F57-10ABED20521E} URL = 

SearchScopes: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002 -> {00A8C085-5EC1-4F91-9F57-10ABED20521E} URL = 

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 10.250.0.51 10.250.0.50

 

FireFox:

========

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)

FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)

FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-03] (Adobe Systems)

FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)

FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-06] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-06] (Intel Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-21] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)

FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)

FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-03] (Adobe Systems)

FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

FF Plugin HKU\S-1-5-21-3276751746-3587298695-1269677053-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Sam\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-12] (Citrix Online)

FF Plugin HKU\S-1-5-21-3276751746-3587298695-1269677053-1002: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-04-15]

 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll No File

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\internal-nacl-plugin No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\pdf.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File

CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Sam\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

CHR Profile: C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06]

CHR Extension: (YouTube) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-18]

CHR Extension: (Pushbullet) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-03-14]

CHR Extension: (Google Search) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-18]

CHR Extension: (Bookmark Manager) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-06]

CHR Extension: (Norton Identity Safe) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-06]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-23]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-07]

CHR Extension: (Norton Security Toolbar) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-02-06]

CHR Extension: (Google Wallet) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-06]

CHR Extension: (Gmail) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-18]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]

CHR HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Sam\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-02-06]

CHR HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)

R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-07] (DisplayLink Corp.)

R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-27] (NVIDIA Corporation)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-06] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-03-06] (Intel Corporation)

S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [619776 2015-01-15] (Lenovo)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-07-29] ()

R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-06] (Symantec Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-27] (NVIDIA Corporation)

R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()

R2 SMITS; C:\Windows\SysWOW64\SMITSC.exe [13312 2014-03-06] () [File not signed]

R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-15] (DEVGURU Co., LTD.)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671000 2014-11-04] (Wacom Technology, Corp.)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3668208 2013-07-29] (Intel® Corporation)

S2 891e9dd5; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\TampaModule\TampaModule.dll",serv

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)

S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation)

S3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)

R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)

R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)

S3 DisplayLinkUsbIo_x64; C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.4.51572.0.sys [46384 2013-10-08] ()

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)

R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140916.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-03-06] (Intel Corporation)

S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140917.004\ENG64.SYS [129752 2014-08-20] (Symantec Corporation)

S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140917.004\EX64.SYS [2137304 2014-08-20] (Symantec Corporation)

R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)

S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)

R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)

R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)

R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.)

R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-22] (Synaptics Incorporated)

S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-07-22] (Symantec Corporation)

S4 SymELAM; C:\Windows\system32\drivers\NISx64\1507000.00B\SymELAM.sys [23568 2013-07-31] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-25] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-07-22] (Symantec Corporation)

R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)

R1 vrvd5; C:\Windows\system32\DRIVERS\vrvd5.sys [13344 2015-01-03] (Rsupport Corporation)

R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

R3 WsAudioDevice_383; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2014-07-31] (Wondershare)

S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]

S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]

S3 rssasnt; \??\C:\Users\Public\Documents\RSupport\rcc50\rssas64.sys [X]

S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-04-24 16:28 - 2015-04-24 16:28 - 00035451 _____ () C:\Users\Sam\Desktop\FRST.txt

2015-04-24 16:27 - 2015-04-24 16:28 - 00000000 ____D () C:\FRST

2015-04-24 16:26 - 2015-04-24 16:26 - 02099712 _____ (Farbar) C:\Users\Sam\Desktop\FRST64.exe

2015-04-17 23:19 - 2015-04-17 23:19 - 07169712 _____ () C:\Users\Sam\Downloads\carousel.zip

2015-04-15 11:39 - 2015-04-15 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

2015-04-15 11:39 - 2015-04-15 11:39 - 00000000 ____D () C:\Program Files\McAfee Security Scan

2015-04-15 11:25 - 2015-04-15 11:39 - 00001958 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2015-04-15 11:25 - 2015-04-15 11:39 - 00000000 ____D () C:\ProgramData\McAfee Security Scan

2015-04-15 11:25 - 2015-04-15 11:25 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2015-04-15 11:25 - 2015-04-15 11:25 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2015-04-15 11:25 - 2015-04-15 11:25 - 00002038 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk

2015-04-15 11:25 - 2015-04-15 11:25 - 00000000 ____D () C:\ProgramData\McAfee

2015-04-14 17:21 - 2015-03-23 14:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-04-14 17:21 - 2015-03-23 14:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-04-14 17:21 - 2015-03-23 14:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll

2015-04-14 17:21 - 2015-03-23 14:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-04-14 17:21 - 2015-03-23 14:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll

2015-04-14 17:21 - 2015-03-22 15:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-04-14 17:21 - 2015-03-22 15:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-04-14 17:21 - 2015-03-22 15:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-04-14 17:21 - 2015-03-22 15:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-04-14 17:21 - 2015-03-22 15:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-04-14 17:21 - 2015-03-22 15:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-04-14 17:21 - 2015-03-22 15:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-04-14 17:21 - 2015-03-19 21:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll

2015-04-14 17:21 - 2015-03-19 21:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-04-14 17:21 - 2015-03-19 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-04-14 17:21 - 2015-03-19 20:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe

2015-04-14 17:21 - 2015-03-19 19:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe

2015-04-14 17:21 - 2015-03-19 19:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2015-04-14 17:21 - 2015-03-19 19:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2015-04-14 17:21 - 2015-03-14 01:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-04-14 17:21 - 2015-03-14 01:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2015-04-14 17:21 - 2015-03-14 01:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

2015-04-14 17:21 - 2015-03-13 18:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-04-14 17:21 - 2015-03-13 18:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-04-14 17:21 - 2015-03-13 18:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-04-14 17:21 - 2015-03-13 18:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-04-14 17:21 - 2015-03-13 18:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-04-14 17:21 - 2015-03-13 17:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-04-14 17:21 - 2015-03-13 17:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-04-14 17:21 - 2015-03-13 17:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-04-14 17:21 - 2015-03-13 17:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll

2015-04-14 17:21 - 2015-03-13 17:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll

2015-04-14 17:21 - 2015-03-13 17:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-04-14 17:21 - 2015-03-13 17:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-04-14 17:21 - 2015-03-13 17:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-04-14 17:21 - 2015-03-13 17:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-04-14 17:21 - 2015-03-13 17:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-04-14 17:21 - 2015-03-13 16:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-04-14 17:21 - 2015-03-13 16:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-04-14 17:21 - 2015-03-12 21:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-04-14 17:21 - 2015-03-12 21:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-04-14 17:21 - 2015-03-12 21:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-04-14 17:21 - 2015-03-12 20:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-04-14 17:21 - 2015-03-12 20:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-04-14 17:21 - 2015-03-12 20:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-04-14 17:21 - 2015-03-12 20:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-04-14 17:21 - 2015-03-12 20:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-04-14 17:21 - 2015-03-12 20:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-04-14 17:21 - 2015-03-12 20:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2015-04-14 17:21 - 2015-03-12 20:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-04-14 17:21 - 2015-03-12 20:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-04-14 17:21 - 2015-03-12 20:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-04-14 17:21 - 2015-03-12 20:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-04-14 17:21 - 2015-03-12 19:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2015-04-14 17:21 - 2015-03-12 19:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2015-04-14 17:21 - 2015-03-12 19:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-04-14 17:21 - 2015-03-12 19:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-04-14 17:21 - 2015-03-12 19:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-04-14 17:21 - 2015-03-12 19:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

2015-04-14 17:21 - 2015-03-12 19:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-04-14 17:21 - 2015-03-12 19:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-04-14 17:21 - 2015-03-12 19:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-04-14 17:21 - 2015-03-12 19:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-04-14 17:21 - 2015-03-12 19:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-04-14 17:21 - 2015-03-12 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-04-14 17:21 - 2015-03-04 03:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys

2015-04-14 17:21 - 2015-03-03 20:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll

2015-04-14 17:21 - 2015-03-03 19:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll

2015-04-14 17:21 - 2015-02-24 01:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys

2015-04-14 17:21 - 2015-02-20 16:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll

2015-04-14 13:25 - 2015-04-14 13:25 - 00007368 _____ () C:\Users\Sam\Downloads\Shark.Tank.S01.PDTV.XviD-TD.torrent

2015-04-13 22:36 - 2015-04-13 22:36 - 06420600 _____ (Tim Kosse) C:\Users\Sam\Downloads\FileZilla_3.10.3_win64-setup.exe

2015-04-13 22:21 - 2015-04-13 22:21 - 00019872 _____ () C:\Users\Sam\Downloads\Better.Call.Saul.S01.720p.WEB-DL.DD5.1.H.264-CtrlHD.torrent

2015-04-13 19:42 - 2015-04-13 19:42 - 00027899 _____ () C:\Users\Sam\Downloads\Game.of.Thrones.S05E04.HDTV.x264-Xclusive4iPT.torrent

2015-04-13 19:41 - 2015-04-13 19:41 - 00030213 _____ () C:\Users\Sam\Downloads\Game.of.Thrones.S05E02.HDTV.x264-Xclusive4iPT.torrent

2015-04-13 19:41 - 2015-04-13 19:41 - 00027159 _____ () C:\Users\Sam\Downloads\Game.of.Thrones.S05E03.HDTV.x264-Xclusive4iPT.torrent

2015-04-13 19:41 - 2015-04-13 19:41 - 00024369 _____ () C:\Users\Sam\Downloads\Game.of.Thrones.S05E01.HDTV.x264-Xclusive4iPT.torrent

2015-04-13 19:41 - 2015-04-13 19:41 - 00005575 _____ () C:\Users\Sam\Downloads\Silicon.Valley.S01.HDTV.XviD-AFG.torrent

2015-04-13 19:17 - 2015-04-13 19:17 - 00000000 ____D () C:\Windows\SysWOW64\NV

2015-04-13 19:17 - 2015-04-13 19:17 - 00000000 ____D () C:\Windows\system32\NV

2015-04-13 19:16 - 2015-04-08 17:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2015-04-13 19:16 - 2015-04-08 17:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2015-04-13 19:16 - 2015-04-08 17:58 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys

2015-04-13 19:13 - 2015-04-13 19:13 - 00020141 _____ () C:\Users\Sam\Downloads\Better.Call.Saul.S01E09.Pimento.1080p.WEB-DL.DD5.1.H.264-CtrlHD [NO RAR].torrent

2015-04-09 18:08 - 2015-04-09 18:08 - 00000070 _____ () C:\Users\Sam\Desktop\learn rails tutorial.txt

2015-04-09 17:56 - 2015-04-16 12:46 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-04-09 17:55 - 2015-04-09 17:55 - 00001089 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-04-09 17:55 - 2015-04-09 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-04-09 17:55 - 2015-04-09 17:55 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-04-09 17:55 - 2015-04-09 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-04-09 17:55 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-04-09 17:55 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-04-09 17:55 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-04-09 17:17 - 2015-04-09 17:17 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Sam\Downloads\mbam-setup-2.1.4.1018.exe

2015-04-09 16:18 - 2015-04-09 18:09 - 00000000 ____D () C:\Program Files (x86)\TampaModule

2015-04-09 16:17 - 2015-04-09 18:07 - 00000000 ____D () C:\Program Files (x86)\Clear Cache Shortcut

2015-04-09 16:17 - 2015-04-09 18:07 - 00000000 ____D () C:\Program Files (x86)\BrowssingCleaarrly

2015-04-09 16:16 - 2015-04-22 16:23 - 00000020 _____ () C:\Users\Sam\AppData\Roaming\appdataFr3.bin

2015-04-09 16:16 - 2015-04-09 18:07 - 00000000 ____D () C:\Program Files (x86)\WhiteCoeupon

2015-04-09 16:16 - 2015-04-09 16:16 - 00000000 ____D () C:\Program Files (x86)\ActiveCoupon

2015-04-03 16:55 - 2015-04-03 16:55 - 00000000 ___SD () C:\Windows\SysWOW64\GWX

2015-04-03 16:55 - 2015-04-03 16:55 - 00000000 ___SD () C:\Windows\system32\GWX

2015-03-26 23:47 - 2015-03-26 23:47 - 00000000 ____D () C:\Users\Sam\AppData\Local\Steam

2015-03-26 10:57 - 2015-03-26 10:57 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security

2015-03-25 04:09 - 2015-03-25 04:09 - 00000000 ____D () C:\Users\Sam\Desktop\Ex_Files_Node.js_FL

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-04-24 16:15 - 2015-01-12 15:41 - 00000576 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3276751746-3587298695-1269677053-1002.job

2015-04-24 16:14 - 2014-10-26 22:35 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Spotify

2015-04-24 16:09 - 2014-10-26 22:38 - 00000000 ____D () C:\Users\Sam\AppData\Local\Spotify

2015-04-24 16:02 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru

2015-04-24 15:59 - 2014-07-25 22:53 - 01069592 _____ () C:\Windows\WindowsUpdate.log

2015-04-24 15:58 - 2014-08-18 12:37 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A42C50A9-1542-44DB-B557-1C6352BFE7A8}

2015-04-24 15:50 - 2015-01-17 18:53 - 00000000 ____D () C:\ProgramData\VMware

2015-04-24 15:47 - 2014-07-25 23:11 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-04-24 15:42 - 2014-08-18 12:33 - 00000000 ____D () C:\Users\Sam\AppData\Local\Adobe

2015-04-24 15:41 - 2015-01-17 18:55 - 00000000 ____D () C:\Users\Sam\AppData\Local\VMware

2015-04-24 15:41 - 2015-01-17 18:54 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\VMware

2015-04-23 13:47 - 2014-08-18 12:38 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3276751746-3587298695-1269677053-1002

2015-04-23 13:30 - 2014-08-24 15:33 - 00001077 _____ () C:\Users\Sam\Desktop\Dropbox.lnk

2015-04-23 13:30 - 2014-08-24 15:33 - 00000000 ___RD () C:\Users\Sam\Dropbox

2015-04-23 13:30 - 2014-08-24 15:32 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-04-23 13:30 - 2014-08-24 15:28 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Dropbox

2015-04-22 17:20 - 2014-08-21 00:03 - 00000000 ____D () C:\Users\Sam\AppData\Local\CrashDumps

2015-04-22 16:00 - 2013-08-22 07:46 - 00207548 _____ () C:\Windows\setupact.log

2015-04-22 15:16 - 2014-08-18 12:35 - 00000000 ___DO () C:\Users\Sam\SkyDrive

2015-04-22 15:14 - 2014-08-18 13:00 - 00000000 ___RD () C:\Users\Sam\Google Drive

2015-04-22 15:13 - 2013-11-13 23:40 - 00867740 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-04-22 15:12 - 2014-07-25 23:11 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-04-20 18:42 - 2014-07-25 23:08 - 20882300 _____ () C:\Users\Public\CAFADEBUG.log

2015-04-19 13:13 - 2014-08-25 19:19 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Skype

2015-04-19 12:29 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness

2015-04-18 09:06 - 2014-10-04 20:58 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\vlc

2015-04-17 23:23 - 2014-09-19 15:11 - 02261504 ___SH () C:\Users\Sam\Desktop\Thumbs.db

2015-04-17 22:24 - 2015-01-12 15:41 - 00003580 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3276751746-3587298695-1269677053-1002

2015-04-17 14:12 - 2014-09-11 01:40 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Azureus

2015-04-16 01:48 - 2014-08-18 12:40 - 00002174 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-04-15 21:36 - 2013-08-22 08:20 - 00000000 ____D () C:\Windows\CbsTemp

2015-04-15 11:47 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2015-04-15 11:45 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-04-15 11:44 - 2013-11-13 23:33 - 00053340 _____ () C:\Windows\PFRO.log

2015-04-15 11:44 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\MediaViewer

2015-04-15 11:44 - 2013-08-22 06:25 - 00524288 ___SH () C:\Windows\system32\config\BBI

2015-04-15 11:25 - 2013-11-14 00:11 - 00000000 ___HD () C:\ProgramData\Adobe

2015-04-15 11:25 - 2013-11-14 00:11 - 00000000 ____D () C:\Program Files (x86)\Adobe

2015-04-15 10:47 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppCompat

2015-04-15 10:32 - 2014-11-26 01:00 - 00000000 ____D () C:\ProgramData\rgt

2015-04-14 20:42 - 2014-08-20 22:26 - 00000000 ____D () C:\Windows\system32\MRT

2015-04-14 20:39 - 2014-12-10 21:00 - 00000000 ____D () C:\Windows\system32\appraiser

2015-04-14 20:39 - 2014-08-24 15:20 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-04-14 20:39 - 2014-08-20 22:26 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-04-14 17:20 - 2014-11-11 19:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll

2015-04-13 22:42 - 2014-08-24 15:41 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\FileZilla

2015-04-13 22:37 - 2014-09-18 17:33 - 00475136 ___SH () C:\Users\Sam\Downloads\Thumbs.db

2015-04-13 19:17 - 2014-07-25 22:53 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-04-13 16:24 - 2013-08-22 08:38 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-04-13 16:24 - 2013-08-22 08:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-04-11 22:59 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\NDF

2015-04-09 18:09 - 2015-02-06 02:41 - 00000000 ____D () C:\ProgramData\{cc8cf799-5171-16e2-cc8c-cf799517de65}

2015-04-09 18:09 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\PLA

2015-04-09 18:07 - 2015-02-06 02:42 - 00000000 ____D () C:\Program Files (x86)\Uneisales

2015-04-09 18:07 - 2015-02-06 02:42 - 00000000 ____D () C:\Program Files (x86)\History Calendar

2015-04-09 18:07 - 2015-02-06 02:41 - 00000000 ____D () C:\Program Files (x86)\uniesaeles

2015-04-09 18:07 - 2015-02-06 02:37 - 00000000 ____D () C:\ProgramData\{9d7e11af-620c-2e26-9d7e-e11af62046bd}

2015-04-09 16:18 - 2015-02-06 02:42 - 00000000 ____D () C:\Program Files (x86)\TampaSystem

2015-04-09 16:17 - 2015-02-06 02:41 - 00000000 ____D () C:\ProgramData\17357270300497257782

2015-04-08 17:58 - 2015-03-17 22:37 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2015-04-08 17:58 - 2014-07-25 22:53 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2015-04-08 17:58 - 2014-07-25 22:53 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

2015-04-08 17:58 - 2014-07-25 22:53 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll

2015-04-08 17:58 - 2014-07-25 22:53 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2015-04-08 17:58 - 2014-07-25 22:53 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2015-04-08 17:58 - 2014-07-25 22:53 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2015-04-08 17:58 - 2014-07-25 22:53 - 00029329 _____ () C:\Windows\system32\nvinfo.pb

2015-04-08 14:30 - 2014-07-25 22:53 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2015-04-08 14:30 - 2014-07-25 22:53 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2015-04-08 14:30 - 2014-07-25 22:53 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2015-04-08 14:30 - 2014-07-25 22:53 - 01047696 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll

2015-04-08 14:30 - 2014-07-25 22:53 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

2015-04-08 14:30 - 2014-07-25 22:53 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2015-04-08 14:30 - 2014-07-25 22:53 - 00075080 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll

2015-04-08 14:30 - 2014-07-25 22:53 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2015-04-08 10:52 - 2014-07-25 22:53 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin

2015-04-07 00:36 - 2015-01-06 18:38 - 00001456 _____ () C:\Users\Sam\AppData\Local\Adobe Save for Web 13.0 Prefs

2015-04-06 12:05 - 2013-08-22 08:36 - 00000000 ___HD () C:\Windows\ELAMBKUP

2015-04-06 12:05 - 2013-08-22 07:44 - 05111064 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-04-06 12:04 - 2014-12-27 13:36 - 00000000 ____D () C:\Users\Sam\Desktop\Resume

2015-04-03 19:24 - 2014-08-21 00:19 - 00002477 _____ () C:\Users\Sam\Desktop\Razer Synapse Config.lnk

2015-04-02 14:15 - 2015-03-24 12:05 - 00001857 _____ () C:\Users\Sam\Desktop\Spotify.lnk

2015-04-02 14:15 - 2014-10-26 22:38 - 00001843 _____ () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2015-04-01 00:45 - 2014-11-26 00:58 - 00000000 ____D () C:\ProgramData\Red Giant

2015-03-27 20:44 - 2014-08-20 19:15 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

2015-03-27 20:44 - 2014-08-20 19:15 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll

2015-03-27 20:43 - 2014-08-20 19:15 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll

2015-03-27 20:43 - 2014-08-20 19:15 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

2015-03-26 23:47 - 2014-10-14 15:18 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-03-26 10:52 - 2014-07-25 23:12 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration

2015-03-26 10:52 - 2014-07-25 23:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

2015-03-26 10:52 - 2014-07-25 23:12 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64

 

==================== Files in the root of some directories =======

 

2014-10-09 18:32 - 2014-10-09 18:32 - 0000132 _____ () C:\Users\Sam\AppData\Roaming\Adobe PNG Format CS5 Prefs

2015-02-18 05:40 - 2015-03-16 00:25 - 0000132 _____ () C:\Users\Sam\AppData\Roaming\Adobe PNG Format CS6 Prefs

2015-04-09 16:16 - 2015-04-22 16:23 - 0000020 _____ () C:\Users\Sam\AppData\Roaming\appdataFr3.bin

2015-01-06 18:38 - 2015-04-07 00:36 - 0001456 _____ () C:\Users\Sam\AppData\Local\Adobe Save for Web 13.0 Prefs

 

Some content of TEMP:

====================

C:\Users\Sam\AppData\Local\Temp\divx50f0.exe

C:\Users\Sam\AppData\Local\Temp\DivXSetup.exe

C:\Users\Sam\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvklhsm.dll

C:\Users\Sam\AppData\Local\Temp\i4jdel0.exe

C:\Users\Sam\AppData\Local\Temp\i4jdel1.exe

C:\Users\Sam\AppData\Local\Temp\pyl3274.tmp.exe

C:\Users\Sam\AppData\Local\Temp\pylA001.tmp.exe

C:\Users\Sam\AppData\Local\Temp\readSTILog.dll

C:\Users\Sam\AppData\Local\Temp\rscagent.exe

C:\Users\Sam\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite10154.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite10212.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite10714.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite11053.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite11056.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite11093.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite11577.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite11704.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite12261.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite12606.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite12949.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite13123.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite13205.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite13240.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite13717.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite14025.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite14927.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite15009.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite15134.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite15465.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite15923.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite16008.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite16064.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite16533.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite16791.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite16880.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite16918.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite17003.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite17086.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite17101.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite17388.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite17643.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite18182.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite18350.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite18462.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite18970.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite18999.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite19127.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite19468.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite19471.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite19617.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite19826.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite19861.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite20080.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite20348.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite20518.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite20719.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite20869.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite20950.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite21056.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite21204.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite21429.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite21438.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite21569.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite21688.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite21910.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite22597.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite22738.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite22766.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite23053.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite23054.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite23557.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite23601.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite23790.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite23907.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite24036.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite24197.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite24626.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite24942.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite25042.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite25078.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite25229.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite25440.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite25460.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite25492.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite25629.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite25783.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite25919.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite26009.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite26101.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite26129.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite26482.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite26506.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite26777.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite26794.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite26821.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite27194.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite27498.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite27788.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite27876.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite28414.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite28571.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite28786.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite29013.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite29145.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite29181.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite29341.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite29500.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite29710.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite29815.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite29868.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite30426.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite30467.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite30500.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite30593.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite30617.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite30737.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite30813.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite30892.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite30954.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite30966.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite31443.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite31692.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite32086.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite32168.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite32178.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite32421.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite32961.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite33165.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite33374.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite33392.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite34068.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite34093.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite34143.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite34329.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite34645.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite34700.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite34825.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite34946.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite35510.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite35688.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite35840.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite35942.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite36118.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite36158.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite36219.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite36390.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite36452.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite36513.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite36632.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite36791.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite36932.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite37092.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite37913.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite37922.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite38205.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite38709.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite39144.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite39682.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite39727.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite39897.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite40050.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite40067.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite40115.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite40367.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite40898.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite41266.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite41544.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite41786.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite41920.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite42048.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite42120.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite42221.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite42500.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite42627.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite42969.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite43253.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite43595.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite43842.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite43854.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite44003.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite44095.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite44149.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite44200.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite44232.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite44308.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite44768.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite44944.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite45279.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite45415.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite45849.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite45915.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite46037.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite46460.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite46486.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite47313.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite47545.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite47609.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite47693.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite48017.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite48230.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite48361.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite48445.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite48632.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite48661.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite48897.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite49080.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite49106.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite49126.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite49156.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite49202.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite49407.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite49584.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite49716.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite50046.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite50252.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite50370.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite50837.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite50919.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite51172.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite51295.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite51451.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite51785.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite52133.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite52269.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite52580.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite52726.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite52772.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite53130.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite53171.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite53359.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite54407.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite54961.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite55047.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite55429.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite55464.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite55641.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite55713.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite55880.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite55983.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite57000.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite57091.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite57145.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite57347.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite57426.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite57662.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite57753.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite57960.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite58311.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite58360.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite58672.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite58758.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite58814.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite59815.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite60132.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite60188.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite60560.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite60757.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite61011.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite61076.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite61123.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite61762.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite62243.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite62469.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite62542.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite62807.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite62850.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite62890.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite62965.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite63058.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite63122.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite63167.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite63443.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite63900.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite64199.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite64283.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite64908.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite65232.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite65288.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite65613.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite65929.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite66838.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite66909.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite67040.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite67074.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite67091.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite67092.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite67249.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite67520.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite67677.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68085.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68171.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68194.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68219.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68289.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68763.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68773.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68814.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68829.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68873.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite68966.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite69184.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite69195.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite69439.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite69864.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite70077.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite70559.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite70658.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite70659.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite70676.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite70952.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite71014.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite71393.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite71925.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite72235.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite72299.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite72344.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite72416.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite72475.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite72575.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite73052.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite73078.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite73364.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite73623.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite74120.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite74285.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite74562.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite74645.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite74729.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite74796.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite74943.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite75141.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite75364.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite75408.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite75583.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite75650.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite75843.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite76291.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite76476.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite76563.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite76674.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite76910.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite77024.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite77051.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite77808.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite77930.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite77944.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite78200.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite78373.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite78485.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite78608.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite78620.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite78632.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite79183.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite79218.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite79416.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite79421.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite79795.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite80095.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite80340.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite80498.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite80861.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite81068.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite81218.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite81281.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite81758.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite82066.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite82663.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite82703.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite82740.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite82811.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite83108.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite83376.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite83437.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite83521.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite83572.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite83658.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite83662.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite83906.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite83987.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite84469.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite84569.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite84576.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite84790.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite84861.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite85026.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite85709.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite86268.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite86527.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite86582.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite86609.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite87344.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite87749.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite88016.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite88129.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite88148.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite88343.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite88427.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite88934.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite89341.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite89739.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite89928.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite90322.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite90609.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite90985.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite91970.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite92294.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite92501.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite93759.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite94347.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite94357.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite94667.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite94747.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite94917.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite94931.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite95026.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite95385.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite95409.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite95421.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite95598.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite95622.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite95779.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite96013.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite96185.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite96782.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite96784.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite96984.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite97102.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite97106.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite97168.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite97493.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite97575.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite97604.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite98271.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite98434.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite98657.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite98748.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite98916.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite99125.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite99229.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite99323.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite99394.dll

C:\Users\Sam\AppData\Local\Temp\System.Data.SQLite99685.dll

C:\Users\Sam\AppData\Local\Temp\vstor_redist.exe

 

 

Some zero byte size files/folders:

==========================

C:\Windows\SysWOW64\dlumd10.dll

C:\Windows\SysWOW64\dlumd11.dll

C:\Windows\SysWOW64\dlumd9.dll

C:\Windows\System32\dlumd10.dll

C:\Windows\System32\dlumd11.dll

C:\Windows\System32\dlumd9.dll

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-04-17 12:25

 

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2015

Ran by Sam at 2015-04-24 16:28:53

Running from C:\Users\Sam\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3276751746-3587298695-1269677053-500 - Administrator - Disabled)

Affluent Nerd (S-1-5-21-3276751746-3587298695-1269677053-1006 - Limited - Enabled) => C:\Users\Affluent Nerd

Guest (S-1-5-21-3276751746-3587298695-1269677053-501 - Limited - Enabled) => C:\Users\Guest

HomeGroupUser$ (S-1-5-21-3276751746-3587298695-1269677053-1004 - Limited - Enabled)

Sam (S-1-5-21-3276751746-3587298695-1269677053-1002 - Administrator - Enabled) => C:\Users\Sam

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

ActiveCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}) (Version:  - ActiveCoupon) <==== ATTENTION

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)

Adobe After Effects CS5.5 (HKLM-x32\...\{E82097B9-A3B8-404A-9A92-AC16A8AC9576}) (Version: 10.5 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)

Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated)

Adobe Premiere Elements 11 (Version: 11.0 - Adobe Systems Incorporated) Hidden

Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)

Altap Salamander 3.04 (x64) (HKLM\...\Altap Salamander 3.04 (x64)) (Version: 3.04 - ALTAP)

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CableTerm (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{891e9dd5}) (Version:  - CableTerm) <==== ATTENTION

Citrix Online Launcher (HKLM-x32\...\{A08A6B7D-1F21-4843-85A3-77B8D15FAE0E}) (Version: 1.0.244 - Citrix)

Color Suite v11.1.4 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.1.4 - Red Giant, LLC)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.2.0 - Conexant)

CyberLink MediaShow 6 (HKLM-x32\...\InstallShield_{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}) (Version: 6.0.5617 - CyberLink Corp.)

DisplayLink Core Software (HKLM\...\{61A641A9-9CC7-421F-85CD-A8CDDEE4E3F2}) (Version: 7.4.51572.0 - DisplayLink Corp.)

DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)

Dropbox (HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)

DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)

Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

Evernote v. 5.8.4 (HKLM-x32\...\{C15841A6-C20A-11E4-977D-00163E98E7D6}) (Version: 5.8.4.6870 - Evernote Corp.)

FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)

Git version 1.9.5-preview20141217 (HKLM-x32\...\Git_is1) (Version: 1.9.5-preview20141217 - The Git Development Community)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)

Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

GoToMeeting 7.1.8.2553 (HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\GoToMeeting) (Version: 7.1.8.2553 - CitrixOnline)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)

Intel® Wireless Bluetooth® 4.0 (HKLM-x32\...\{38561F82-2984-4C99-ADD7-D1166BC3D552}) (Version: 3.0.1335.05 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{5586ea81-c047-4609-b47a-4bad18347b44}) (Version: 16.5.0 - Intel Corporation)

Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)

Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)

Microsoft SkyDrive (HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

Node.js (HKLM\...\{A4B476B6-6807-4F68-8731-5AC4DD55AE6E}) (Version: 0.10.35 - Joyent, Inc. and other Node contributors)

Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)

Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)

NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)

NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

PRE11 STI 64Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

Python 2.5.4 (HKLM-x32\...\{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}) (Version: 2.5.4150 - Python Software Foundation)

Quake Live (HKLM-x32\...\Quake Live) (Version:  - id Software)

Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.24735 - Razer Inc.)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)

Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.8.100.5 - Red Giant, LLC)

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)

SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.19.0 - Lenovo Group Limited)

SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden

Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)

Spotify (HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.1 - Synaptics Incorporated)

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)

Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)

TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)

TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)

TOSHIBA Blu-ray Disc Player (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 1.0.5.207  - Toshiba Corporation)

Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)

TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation)

TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)

TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)

TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.0003.64001 - Toshiba Corporation)

TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 5.0.1.0 - Toshiba Corporation)

TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)

TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)

TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)

TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)

TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)

TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)

TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)

TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)

VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.5 - VMware, Inc)

VMware Player (Version: 6.0.5 - VMware, Inc.) Hidden

Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)

Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.10w2 - Wacom Technology Corp.)

WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)

WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)

Wondershare Streaming Audio Recorder(Build 2.2.2) (HKLM-x32\...\Wondershare Streaming Audio Recorder_is1) (Version: 2.2.2.0 - Wondershare Software)

XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-5 - Bitnami)

XBMC (HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\XBMC) (Version:  - Team XBMC)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Sam\AppData\Local\Citrix\GoToMeeting\2128\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sam\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sam\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{C78B614A-F3EA-11D2-94A1-00E0292A01E3}\InprocServer32 -> C:\Program Files\Altap Salamander\utils\salextx64.dll (ALTAP)

CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()

CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sam\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sam\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

01-04-2015 05:24:18 Scheduled Checkpoint

10-04-2015 12:38:42 Scheduled Checkpoint

13-04-2015 19:17:17 Removed NVIDIA PhysX

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2014-11-03 11:43 - 2014-11-03 13:06 - 00001959 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com

127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com

127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com

127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com

127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com

127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

 

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {03223EA0-035C-4BD9-8B02-5C208EEFDAEE} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe [2015-03-11] ()

Task: {05397BE2-115C-406C-89DC-BFFAF3E23465} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)

Task: {0D8DA163-D207-42E7-BDE3-7EEC53062151} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-11-07] (TOSHIBA Corporation)

Task: {12E90940-CB52-4996-BC59-F25F9A63381D} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)

Task: {17B18E5A-1934-43AB-BD86-34C3F37515B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-25] (Google Inc.)

Task: {3702EECE-040F-41A3-B793-FA995E19C5B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)

Task: {40D5837A-125C-47D0-968D-2588A575EFE7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)

Task: {53D9F154-E6D7-4214-A1D5-C5BF7D6F777B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {54FB6E0A-4FE6-4729-A701-6BF517A16965} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {55785C5A-17FE-42F7-AA4C-2E90BE9E3B61} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)

Task: {62CC649D-FCD0-4C53-9FE0-007730EF6C8E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)

Task: {94653BA0-37E8-45F9-9339-F2A879AD308A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)

Task: {9F2749F6-78B0-4F74-89FC-CB1F28E7E3D0} - System32\Tasks\G2MUpdateTask-S-1-5-21-3276751746-3587298695-1269677053-1002 => C:\Users\Sam\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-04-17] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {A0FA02B8-8590-4E5C-A3C0-013A513FBF81} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-22] (Synaptics Incorporated)

Task: {B04AFB39-186B-45EA-B757-89FE0D1285BE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)

Task: {B82EC614-9A02-4E58-A2CB-A10CD121DD9C} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)

Task: {C1389674-DD93-4BEA-A324-59C750602D30} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)

Task: {D6C3BDA6-F03A-46A6-BE47-E658A54E05CD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-06] (Symantec Corporation)

Task: {E16DCCE7-C226-4898-922F-14DF867C2088} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation)

Task: {E8AA9738-244B-4023-88AA-0B7FCDF71EB3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-14] (Microsoft Corporation)

Task: {EAE12518-324F-4652-BBD8-344B9FD4C068} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)

Task: {EAEAC711-82C4-49B1-A2F4-DCDB19402769} - System32\Tasks\{69306D15-8F0C-4EFF-A983-9EB184B97A01} => Chrome.exe http://ui.skype.com/...e=tsProgressBar

Task: {F036638D-7FF9-4A39-891C-D10119C45CB2} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)

Task: {F94C63CB-D37B-4EDD-ADF1-1B178D08D855} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-25] (Google Inc.)

Task: {FCFFFA80-7197-4ADF-8FBA-80500B8E949A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3276751746-3587298695-1269677053-1002.job => C:\Users\Sam\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2014-09-21 13:53 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2013-09-10 12:54 - 2013-09-10 12:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe

2015-02-04 16:24 - 2015-02-04 16:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe

2014-08-26 22:39 - 2014-03-06 12:37 - 00013312 _____ () C:\Windows\SysWOW64\SMITSC.exe

2014-07-25 22:53 - 2015-04-08 17:58 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll

2014-07-25 22:53 - 2015-04-08 14:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2015-03-20 04:22 - 2015-01-27 08:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2014-12-27 22:10 - 2014-12-17 22:23 - 00736962 _____ () C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll

2014-12-25 03:17 - 2014-11-04 11:49 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll

2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll

2013-08-01 14:24 - 2013-08-01 14:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe

2014-09-18 00:23 - 2014-09-18 00:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll

2014-10-14 11:51 - 2014-10-14 11:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll

2014-09-18 00:23 - 2014-09-18 00:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll

2014-10-14 11:51 - 2014-10-14 11:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll

2015-03-02 07:43 - 2015-03-02 07:43 - 00099288 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2014-01-09 22:26 - 2014-01-09 22:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

2015-01-16 19:15 - 2015-01-16 19:15 - 01301720 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll

2014-07-25 22:48 - 2014-03-06 13:15 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2015-03-02 13:30 - 2015-03-02 13:30 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

2015-04-13 19:13 - 2015-03-27 20:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2015-04-22 15:12 - 2015-04-22 15:12 - 00098816 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32api.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00110080 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\pywintypes27.dll

2015-04-22 15:12 - 2015-04-22 15:12 - 00364544 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\pythoncom27.dll

2015-04-22 15:12 - 2015-04-22 15:12 - 00045568 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\_socket.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 01161216 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\_ssl.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00320512 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32com.shell.shell.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00713216 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\_hashlib.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 01175040 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\wx._core_.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00805888 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\wx._gdi_.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00811008 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\wx._windows_.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 01062400 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\wx._controls_.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00735232 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\wx._misc_.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00682496 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\pysqlite2._sqlite.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00128512 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\_elementtree.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00127488 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\pyexpat.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00087552 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\_ctypes.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00119808 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32file.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00108544 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32security.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00007168 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\hashobjs_ext.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00167936 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32gui.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00018432 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32event.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00038912 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32inet.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00011264 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32crypt.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00070656 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\wx._html2.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00027136 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\_multiprocessing.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00020480 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\_yappi.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00035840 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32process.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00686080 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\unicodedata.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00122368 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\wx._wizard.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00024064 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32pipe.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00010240 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\select.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00025600 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32pdh.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00525640 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\windows._lib_cacheinvalidation.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00017408 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32profile.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00022528 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\win32ts.pyd

2015-04-22 15:12 - 2015-04-22 15:12 - 00078336 _____ () C:\Users\Sam\AppData\Local\Temp\_MEI340442\wx._animate.pyd

2014-07-25 22:53 - 2015-04-08 17:58 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll

2015-02-05 02:20 - 2015-02-05 02:20 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll

2015-03-03 18:29 - 2015-03-03 18:29 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll

2015-03-03 18:29 - 2015-03-03 18:29 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll

2014-01-09 22:28 - 2014-01-09 22:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

2015-04-16 01:48 - 2015-04-13 14:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll

2015-04-16 01:48 - 2015-04-13 14:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll

2015-04-23 13:30 - 2015-04-23 13:30 - 00043008 _____ () c:\users\sam\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvklhsm.dll

2015-03-04 14:45 - 2015-03-04 14:45 - 00750080 _____ () C:\Users\Sam\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-03-04 14:45 - 2015-03-04 14:45 - 00047616 _____ () C:\Users\Sam\AppData\Roaming\Dropbox\bin\libEGL.dll

2015-03-04 14:45 - 2015-03-04 14:45 - 00865280 _____ () C:\Users\Sam\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2015-03-04 14:45 - 2015-03-04 14:45 - 00200704 _____ () C:\Users\Sam\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2015-01-16 19:15 - 2015-01-16 19:15 - 00330456 _____ () C:\Program Files (x86)\VMware\VMware Player\libcurl.dll

2015-01-16 19:15 - 2015-01-16 19:15 - 00319704 _____ () C:\Program Files (x86)\VMware\VMware Player\libldap_r.dll

2015-01-16 19:16 - 2015-01-16 19:16 - 00146648 _____ () C:\Program Files (x86)\VMware\VMware Player\liblber.dll

2015-01-16 19:15 - 2015-01-16 19:15 - 00070360 _____ () C:\Program Files (x86)\VMware\VMware Player\zlib1.dll

2015-03-06 04:43 - 2015-04-02 14:15 - 40506936 _____ () C:\Users\Sam\AppData\Roaming\Spotify\libcef.dll

2015-03-06 04:43 - 2015-04-02 14:15 - 01365560 _____ () C:\Users\Sam\AppData\Roaming\Spotify\libglesv2.dll

2015-03-06 04:43 - 2015-04-02 14:15 - 00219192 _____ () C:\Users\Sam\AppData\Roaming\Spotify\libegl.dll

2015-03-06 04:43 - 2015-03-24 12:05 - 09305656 _____ () C:\Users\Sam\AppData\Roaming\Spotify\pdf.dll

2015-03-06 04:43 - 2015-04-02 14:15 - 00990776 _____ () C:\Users\Sam\AppData\Roaming\Spotify\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\Sam\Local Settings:sER6g7YQjWEON9kuKn4oqVl

AlternateDataStreams: C:\Users\Sam\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\Sam\AppData\Local:sER6g7YQjWEON9kuKn4oqVl

AlternateDataStreams: C:\Users\Sam\AppData\Local\Application Data:sER6g7YQjWEON9kuKn4oqVl

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Sam\Desktop\latest-toshiba-wallpaper-background.jpg

DNS Servers: 10.250.0.51 - 10.250.0.50

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== Faulty Device Manager Devices =============

 

Name: IWD Bus Enumerator

Description: IWD Bus Enumerator

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: iwdbus

Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)

Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.

Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (04/24/2015 04:22:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

Error: (04/24/2015 04:12:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

Error: (04/24/2015 04:02:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

Error: (04/24/2015 03:52:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

Error: (04/24/2015 03:42:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

Error: (04/23/2015 05:02:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 3610

 

Error: (04/23/2015 05:02:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 3610

 

Error: (04/23/2015 05:02:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/23/2015 05:02:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2407

 

Error: (04/23/2015 05:02:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2407

 

 

System errors:

=============

Error: (04/24/2015 03:42:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

 

Error: (04/16/2015 07:12:13 PM) (Source: Schannel) (EventID: 4114) (User: AFFLUENTNERD)

Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.

 

Error: (04/16/2015 07:12:13 PM) (Source: Schannel) (EventID: 4120) (User: AFFLUENTNERD)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 48. The Windows SChannel error state is 552.

 

Error: (04/15/2015 11:45:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the TampaModule service to connect.

 

Error: (04/09/2015 06:09:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the TampaModule service to connect.

 

Error: (04/09/2015 06:09:05 PM) (Source: DCOM) (EventID: 10010) (User: AFFLUENTNERD)

Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

 

Error: (04/09/2015 06:09:05 PM) (Source: DCOM) (EventID: 10010) (User: AFFLUENTNERD)

Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

 

Error: (04/09/2015 04:15:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Util SmarterPower service failed to start due to the following error: 

%%2

 

Error: (04/09/2015 04:15:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Update SmarterPower service failed to start due to the following error: 

%%2

 

Error: (04/07/2015 07:59:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Util SmarterPower service failed to start due to the following error: 

%%2

 

 

Microsoft Office Sessions:

=========================

Error: (04/24/2015 04:22:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

Error: (04/24/2015 04:12:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

Error: (04/24/2015 04:02:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

Error: (04/24/2015 03:52:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

Error: (04/24/2015 03:42:03 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

Error: (04/23/2015 05:02:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 3610

 

Error: (04/23/2015 05:02:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 3610

 

Error: (04/23/2015 05:02:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/23/2015 05:02:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2407

 

Error: (04/23/2015 05:02:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2407

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-04-24 16:26:21.434

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-04-24 16:26:21.302

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz

Percentage of memory in use: 35%

Total physical RAM: 16308.09 MB

Available physical RAM: 10532.43 MB

Total Pagefile: 18740.09 MB

Available Pagefile: 13483.3 MB

Total Virtual: 131072 MB

Available Virtual: 131071.78 MB

 

==================== Drives ================================

 

Drive c: (TI1068550PA) (Fixed) (Total:226.32 GB) (Free:105.13 GB) NTFS

Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:750.49 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 28FB916D)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 238.5 GB) (Disk ID: 00000000)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

[dbreeze]

First, some Uninstalls please >>>>

Please download a fresh copy of Google Chrome from here to your desktop.

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

ActiveCoupon
CableTerm
Google Chrome
Google Drive
Norton Internet Security

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

Notes: Google applications have been modified by malware and should be reinstalled to repair them. We will handle that after a FRST script run (used to break the active malware). The Norton product is not regestered in the system properly; either it is expired or damaged. If Norton is supposed to be your prinary security software (your license is not expired) you will need to save your license key before you uninstall Norton. This will allow you to install and activate the product later.


Second, run a FRST script >>>>

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Run: [GoogleChromeAutoLaunch_FD70E4195A4DE5E83920BD6414A71B17] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\MountPoints2: {bf00f889-270c-11e4-825d-806e6f6e6963} - "E:\Startup.exe"
HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T I Where They At Doe.mp3.lnk [2015-02-06]
ShortcutTarget: T I Where They At Doe.mp3.lnk -> C:\ProgramData\{cc8cf799-5171-16e2-cc8c-cf799517de65}\T I Where They At Doe.mp3.exe (No File)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002 -> DefaultScope {00A8C085-5EC1-4F91-9F57-10ABED20521E} URL =
SearchScopes: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002 -> {00A8C085-5EC1-4F91-9F57-10ABED20521E} URL =
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-04-15]
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
CHR Extension: (Norton Identity Safe) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-02-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-06] (Symantec Corporation)
S2 891e9dd5; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\TampaModule\TampaModule.dll",serv
c:\Program Files (x86)\TampaModule
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]
S3 rssasnt; \??\C:\Users\Public\Documents\RSupport\rcc50\rssas64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
2015-04-09 16:18 - 2015-04-09 18:09 - 00000000 ____D () C:\Program Files (x86)\TampaModule
2015-04-09 16:17 - 2015-04-09 18:07 - 00000000 ____D () C:\Program Files (x86)\Clear Cache Shortcut
2015-04-09 16:17 - 2015-04-09 18:07 - 00000000 ____D () C:\Program Files (x86)\BrowssingCleaarrly
2015-04-09 16:16 - 2015-04-22 16:23 - 00000020 _____ () C:\Users\Sam\AppData\Roaming\appdataFr3.bin
2015-04-09 16:16 - 2015-04-09 18:07 - 00000000 ____D () C:\Program Files (x86)\WhiteCoeupon
2015-04-09 16:16 - 2015-04-09 16:16 - 00000000 ____D () C:\Program Files (x86)\ActiveCoupon
2015-04-09 18:09 - 2015-02-06 02:41 - 00000000 ____D () C:\ProgramData\{cc8cf799-5171-16e2-cc8c-cf799517de65}
2015-04-09 18:09 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\PLA
2015-04-09 18:07 - 2015-02-06 02:42 - 00000000 ____D () C:\Program Files (x86)\Uneisales
2015-04-09 18:07 - 2015-02-06 02:42 - 00000000 ____D () C:\Program Files (x86)\History Calendar
2015-04-09 18:07 - 2015-02-06 02:41 - 00000000 ____D () C:\Program Files (x86)\uniesaeles
2015-04-09 18:07 - 2015-02-06 02:37 - 00000000 ____D () C:\ProgramData\{9d7e11af-620c-2e26-9d7e-e11af62046bd}
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
Hosts:
Task: {53D9F154-E6D7-4214-A1D5-C5BF7D6F777B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {54FB6E0A-4FE6-4729-A701-6BF517A16965} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D6C3BDA6-F03A-46A6-BE47-E658A54E05CD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-06] (Symantec Corporation)
Task: {EAEAC711-82C4-49B1-A2F4-DCDB19402769} - System32\Tasks\{69306D15-8F0C-4EFF-A983-9EB184B97A01} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
AlternateDataStreams: C:\Users\Sam\Local Settings:sER6g7YQjWEON9kuKn4oqVl
AlternateDataStreams: C:\Users\Sam\AppData\Local:sER6g7YQjWEON9kuKn4oqVl
AlternateDataStreams: C:\Users\Sam\AppData\Local\Application Data:sER6g7YQjWEON9kuKn4oqVl
RemoveProxy:
Reboot:
end

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.



If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Last, reinstall Chrome >>>>

After the system is restarted from the FRST script run, please double click on the Google Chrome install file on your desktop (saved from Step 1) and follow the prompts to install Chrome.


Information to Reply with >>>>

• How did the uninstalls go?
• The Fixlog.txt log file text.
• How is your system running now?

[sonicskilz]

ActiveCoupon would not uninstall. It pops up with a window entitled "xyz Uninstall" and another Window on top of that, which is titled "Uninstall" and contains the text "Plese close your browser and try again". The only option is to click "OK". No browser Window is actually open, and the message is really spelled "Plese."

 

Uninstalling CableTerm procs an error titled "RunDLL" with the following text:

"There was a problem starting

C:\PROGRA~2\TAMPAM~1\tampam~1.DLL

 

The specified module could not be found."

 

Again, the only option is to click "OK". I'm assuming that these items failing to properly uninstall invalidates the rest of the procedure that you have outlined for me. If I should still proceed with everything else you posted above, please let me know and I'll just do everything else. Otherwise, please advise on another course of action.

 

Much appreciated,

-Sam

Edited by sonicskilz, 25 April 2015 - 05:40 PM.

[dbreeze]

Please proceed with the steps outlined.  The uninstalls of some malware will try and block their removal but we will succeed manually anyway.

[sonicskilz]

I like your attitude! 

 

The uninstalls went without a hitch, besides the CableTerm and ActiveCoupon of course. I restarted once for Norton Internet Security to complete it's uninstall, then restarted once again to apply the FRST fixlist, and finally downloaded Chrome for 64bit Windows 8. System seems to be running well, although Shockwave flash has already crashed once in the brief time I've been running this fresh install of Chrome.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-04-2015

Ran by Sam at 2015-04-26 14:00:13 Run:1

Running from C:\Users\Sam\Desktop

Loaded Profiles: Sam (Available profiles: Sam & Affluent Nerd & Guest)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

CreateRestorePoint:

CloseProcesses:

HKLM\...\Run: [] => [X]

HKLM\...\Run: [] => [X]

HKLM-x32\...\Run: [] => [X]

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Run: [GoogleChromeAutoLaunch_FD70E4195A4DE5E83920BD6414A71B17] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\...\MountPoints2: {bf00f889-270c-11e4-825d-806e6f6e6963} - "E:\Startup.exe"

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Control Panel\Desktop\\SCRNSAVE.EXE ->

Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T I Where They At Doe.mp3.lnk [2015-02-06]

ShortcutTarget: T I Where They At Doe.mp3.lnk -> C:\ProgramData\{cc8cf799-5171-16e2-cc8c-cf799517de65}\T I Where They At Doe.mp3.exe (No File)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002 -> DefaultScope {00A8C085-5EC1-4F91-9F57-10ABED20521E} URL =

SearchScopes: HKU\S-1-5-21-3276751746-3587298695-1269677053-1002 -> {00A8C085-5EC1-4F91-9F57-10ABED20521E} URL =

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll No File

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\internal-nacl-plugin No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\pdf.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-04-15]

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File

CHR Extension: (Norton Identity Safe) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-06]

CHR Extension: (Norton Security Toolbar) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-02-06]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]

CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-06] (Symantec Corporation)

S2 891e9dd5; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\TampaModule\TampaModule.dll",serv

c:\Program Files (x86)\TampaModule

S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]

S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]

S3 rssasnt; \??\C:\Users\Public\Documents\RSupport\rcc50\rssas64.sys [X]

S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

2015-04-09 16:18 - 2015-04-09 18:09 - 00000000 ____D () C:\Program Files (x86)\TampaModule

2015-04-09 16:17 - 2015-04-09 18:07 - 00000000 ____D () C:\Program Files (x86)\Clear Cache Shortcut

2015-04-09 16:17 - 2015-04-09 18:07 - 00000000 ____D () C:\Program Files (x86)\BrowssingCleaarrly

2015-04-09 16:16 - 2015-04-22 16:23 - 00000020 _____ () C:\Users\Sam\AppData\Roaming\appdataFr3.bin

2015-04-09 16:16 - 2015-04-09 18:07 - 00000000 ____D () C:\Program Files (x86)\WhiteCoeupon

2015-04-09 16:16 - 2015-04-09 16:16 - 00000000 ____D () C:\Program Files (x86)\ActiveCoupon

2015-04-09 18:09 - 2015-02-06 02:41 - 00000000 ____D () C:\ProgramData\{cc8cf799-5171-16e2-cc8c-cf799517de65}

2015-04-09 18:09 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\PLA

2015-04-09 18:07 - 2015-02-06 02:42 - 00000000 ____D () C:\Program Files (x86)\Uneisales

2015-04-09 18:07 - 2015-02-06 02:42 - 00000000 ____D () C:\Program Files (x86)\History Calendar

2015-04-09 18:07 - 2015-02-06 02:41 - 00000000 ____D () C:\Program Files (x86)\uniesaeles

2015-04-09 18:07 - 2015-02-06 02:37 - 00000000 ____D () C:\ProgramData\{9d7e11af-620c-2e26-9d7e-e11af62046bd}

C:\Windows\SysWOW64\dlumd10.dll

C:\Windows\SysWOW64\dlumd11.dll

C:\Windows\SysWOW64\dlumd9.dll

C:\Windows\System32\dlumd10.dll

C:\Windows\System32\dlumd11.dll

C:\Windows\System32\dlumd9.dll

Hosts:

Task: {53D9F154-E6D7-4214-A1D5-C5BF7D6F777B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {54FB6E0A-4FE6-4729-A701-6BF517A16965} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {D6C3BDA6-F03A-46A6-BE47-E658A54E05CD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-06] (Symantec Corporation)

Task: {EAEAC711-82C4-49B1-A2F4-DCDB19402769} - System32\Tasks\{69306D15-8F0C-4EFF-A983-9EB184B97A01} => Chrome.exe http://ui.skype.com/...e=tsProgressBar

AlternateDataStreams: C:\Users\Sam\Local Settings:sER6g7YQjWEON9kuKn4oqVl

AlternateDataStreams: C:\Users\Sam\AppData\Local:sER6g7YQjWEON9kuKn4oqVl

AlternateDataStreams: C:\Users\Sam\AppData\Local\Application Data:sER6g7YQjWEON9kuKn4oqVl

RemoveProxy:

Reboot:

end

*****************

 

Restore point was successfully created.

Processes closed successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_FD70E4195A4DE5E83920BD6414A71B17 => Value not found.

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.

"HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf00f889-270c-11e4-825d-806e6f6e6963}" => Key deleted successfully.

HKCR\CLSID\{bf00f889-270c-11e4-825d-806e6f6e6963} => Key not found. 

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully.

C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T I Where They At Doe.mp3.lnk not found.

C:\ProgramData\{cc8cf799-5171-16e2-cc8c-cf799517de65}\T I Where They At Doe.mp3.exe not found.

"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}" => Key deleted successfully.

"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" => Key deleted successfully.

"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" => Key deleted successfully.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

"HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{00A8C085-5EC1-4F91-9F57-10ABED20521E}" => Key deleted successfully.

HKCR\CLSID\{00A8C085-5EC1-4F91-9F57-10ABED20521E} => Key not found. 

C:\Users\Sam\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll not found.

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\internal-nacl-plugin No File not found.

C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\pdf.dll not found.

C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll not found.

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} => Value not found.

C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn not found.

C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll not found.

C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif directory not found.

C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk directory not found.

HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => Key not found. 

HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk => Key not found. 

"C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx" => File/Directory not found.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh" => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => Key not found. 

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk => Key not found. 

"C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx" => File/Directory not found.

NIS => Service not found.

891e9dd5 => Service deleted successfully.

c:\Program Files (x86)\TampaModule => Moved successfully.

intaud_WaveExtensible => Service deleted successfully.

iwdbus => Service deleted successfully.

rssasnt => Service deleted successfully.

VBoxNetFlt => Service deleted successfully.

"C:\Program Files (x86)\TampaModule" => File/Directory not found.

C:\Program Files (x86)\Clear Cache Shortcut => Moved successfully.

C:\Program Files (x86)\BrowssingCleaarrly => Moved successfully.

C:\Users\Sam\AppData\Roaming\appdataFr3.bin => Moved successfully.

C:\Program Files (x86)\WhiteCoeupon => Moved successfully.

C:\Program Files (x86)\ActiveCoupon => Moved successfully.

C:\ProgramData\{cc8cf799-5171-16e2-cc8c-cf799517de65} => Moved successfully.

C:\Windows\PLA => Moved successfully.

C:\Program Files (x86)\Uneisales => Moved successfully.

C:\Program Files (x86)\History Calendar => Moved successfully.

C:\Program Files (x86)\uniesaeles => Moved successfully.

C:\ProgramData\{9d7e11af-620c-2e26-9d7e-e11af62046bd} => Moved successfully.

C:\Windows\SysWOW64\dlumd10.dll => Moved successfully.

C:\Windows\SysWOW64\dlumd11.dll => Moved successfully.

C:\Windows\SysWOW64\dlumd9.dll => Moved successfully.

C:\Windows\System32\dlumd10.dll => Moved successfully.

C:\Windows\System32\dlumd11.dll => Moved successfully.

C:\Windows\System32\dlumd9.dll => Moved successfully.

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53D9F154-E6D7-4214-A1D5-C5BF7D6F777B} => Key not found. 

C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Analyzer not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Analyzer => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54FB6E0A-4FE6-4729-A701-6BF517A16965} => Key not found. 

C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Processor not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Processor => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6C3BDA6-F03A-46A6-BE47-E658A54E05CD} => Key not found. 

C:\Windows\System32\Tasks\Norton WSC Integration not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration => Key not found. 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAEAC711-82C4-49B1-A2F4-DCDB19402769}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAEAC711-82C4-49B1-A2F4-DCDB19402769}" => Key deleted successfully.

C:\Windows\System32\Tasks\{69306D15-8F0C-4EFF-A983-9EB184B97A01} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{69306D15-8F0C-4EFF-A983-9EB184B97A01}" => Key deleted successfully.

"C:\Users\Sam\Local Settings" => ":sER6g7YQjWEON9kuKn4oqVl" ADS not found.

C:\Users\Sam\AppData\Local => ":sER6g7YQjWEON9kuKn4oqVl" ADS removed successfully.

"C:\Users\Sam\AppData\Local\Application Data" => ":sER6g7YQjWEON9kuKn4oqVl" ADS not found.

 

========= RemoveProxy: =========

 

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

 

 

========= End of RemoveProxy: =========

 

 

 

The system needed a reboot. 

 

==== End of Fixlog 14:00:24 ==== 

[dbreeze]

First, a Junkware Removal Tool scan >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


Second, a AdwCleaner cleaning >>>>


AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:
  
  
• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
• Click the Clean button.
• Everything checked will be deleted.
• When the program has finished cleaning a report appears.
• Once done it will ask to reboot, allow this
  
  
• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.



Information to Reply with >>>>

• The JRT.txt log text.
• The AdwCleaner[S#].txt log text.

[sonicskilz]

Both very easy to use programs. Thank you for your instructions! 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.6.5 (04.27.2015:1)

OS: Windows 8.1 x64

Ran by Sam on Mon 04/27/2015 at  0:31:35.26

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Tasks

 

Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3276751746-3587298695-1269677053-1002

Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3276751746-3587298695-1269677053-500

Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3948165036-3373961967-2585386888-500

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update SmarterPower

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util SmarterPower

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 04/27/2015 at  0:32:48.57

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

# AdwCleaner v4.202 - Logfile created 27/04/2015 at 00:42:00

# Updated 23/04/2015 by Xplode

# Database : 2015-04-23.1 [Local]

# Operating system : Windows 8.1  (x64)

# Username : Sam - AFFLUENTNERD

# Running from : C:\Users\Sam\Desktop\adwcleaner_4.202.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\BoostSoftware

Folder Deleted : C:\Users\Sam\AppData\Roaming\RHEng

Folder Deleted : C:\Users\Affluent Nerd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Folder Deleted : C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Folder Deleted : C:\Users\Affluent Nerd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

Folder Deleted : C:\ProgramData\ffdfbgfdmdnedooofolgleppgeklbjhg

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\abacbd63-0b90-075b-6913-0710a0e229d4

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{891e9dd5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6137A08F-29B1-4E48-B6A1-70CC3ABF50F7}

Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

Key Deleted : HKLM\SOFTWARE\BoostSoftware

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

 

-\\ Google Chrome v42.0.2311.90

 

[C:\Users\Affluent Nerd\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Affluent Nerd\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[C:\Users\Affluent Nerd\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : nmmhkkegccagdldgiimedpiccmgmieda

[C:\Users\Affluent Nerd\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk

[C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : nmmhkkegccagdldgiimedpiccmgmieda

 

*************************

 

AdwCleaner[R0].txt - [2959 bytes] - [27/04/2015 00:35:30]

AdwCleaner[S0].txt - [2819 bytes] - [27/04/2015 00:42:00]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2878  bytes] ##########

[dbreeze]

Your version of Malwarebytes' Antimalware is not the most current.  Let's update it and see what it finds ....
 
Malwarebytes' Anti-Malware
Please download the latest version of Malwarebytes' Anti-Malware from here .

Double Click on the mbam-setup.exe file to install the application.  It should just update the current installation, keeping your current settings.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link


Once updated, please select Settings > Detection and Protection.  Please ensure that "Scan for Rootkits" is selected along with Non-Malware Protection PUP and PUM are set to "Treat detections as malware"


Once the program has loaded and updated, select "Scan Now >>" to start the scan.


The scan may take some time to finish, so please be patient.


If any malware is found, you will be presented with a screen like the one below.


Make sure that everything is checked, and click Remove Selected.  when the removal is completed, a summary screen will be presented.


At the bottom of this screen, click on Save Results and then on Text file (*.txt).  Save the file to your desktop and click OK.  Click Finish to return to the main screen and then close Malwarebytes.


Double click on log file you saved to your desktop; the log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[sonicskilz]

Hi dbreeze,

 

The Malwarebytes scan returned clean. I did update the version first. 

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 4/27/2015

Scan Time: 3:33:01 PM

Logfile: malfixlog.txt

Administrator: Yes

 

Version: 2.01.6.1022

Malware Database: v2015.04.27.05

Rootkit Database: v2015.04.21.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Sam

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 465345

Time Elapsed: 11 min, 11 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[dbreeze]

This next step may take a while (just to warn you) .....

ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead.  ESET Online does work with IE 10 and earlier.

You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

-------------------------------------------------------------------------------------------------------------------

Hold down Control key and click on the following link to open ESET OnlineScan in a new window.

Link =>> ESET Online Scanner  <<

Click the Run ESET Online Scanner located on the left side of the page (not the free trial).



For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step)
Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop.



Double click on the icon on your desktop.



Check (accept) the Terms of Use.



Click the START button.
Accept any security warnings from your browser.

Now in the Computer scan settings window that appears:-
Make sure that the option Enable detection of potentially unwanted applications is selected.
Now click on Advanced Settings and configure the options as follows:

Remove found threats is Not checked
Scan archives is checked
Scan for potentially unsafe applications is checked
Enable Anti-Stealth Technology is checked


Now click on: Start




ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.






When the scan is finished, if any threats are found you will see the screen below.  Click to view the found threats.



At the bottom of the listed threats, there is an option to save the results to a text file.  Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).



Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.



Attach the saved log file in your next reply please.  Thanks.

[sonicskilz]

Whew! You were right - that took awhile! Here is what the scan produced:

 

C:\AdwCleaner\Quarantine\C\ProgramData\ffdfbgfdmdnedooofolgleppgeklbjhg\OP5n0f.js.vir JS/Kryptik.ATB trojan

C:\Users\Sam\AppData\Local\Microsoft\Windows\INetCache\IE\M5YXS5KZ\OCSetupHlp[1].dll a variant of Win32/OpenCandy.C potentially unsafe application

C:\Users\Sam\AppData\Local\Temp\1800\temp\CableTerm.xyz.exe a variant of Win32/Adware.MultiPlug.ER application

C:\Users\Sam\AppData\Local\Temp\D5D6BD\temp\putfu.xyz a variant of Win32/Adware.MultiPlug.ER application

C:\Users\Sam\AppData\Local\Temp\is386526232\6AC3B58C_stp\icc.dll a variant of Win32/InstallCore.YX potentially unwanted application

[dbreeze]

Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Start
CreateRestorePoint:
CloseProcesses:
C:\Users\Sam\AppData\Local\Microsoft\Windows\INetCache\IE\M5YXS5KZ\OCSetupHlp[1].dll
C:\Users\Sam\AppData\Local\Temp\1800\temp\CableTerm.xyz.exe
C:\Users\Sam\AppData\Local\Temp\D5D6BD\temp\putfu.xyz
C:\Users\Sam\AppData\Local\Temp\is386526232\6AC3B58C_stp\icc.dll
RemoveProxy:
EmptyTemp:
Reboot:
end

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.



If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

[sonicskilz]

Thanks for the help so far, dbreeze! Am I correct in assuming that we're closing in on a final resolution? I noticed CableTermand ActiveCoupon are gone from the application list in add or remove programs.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-04-2015

Ran by Sam at 2015-05-02 12:33:49 Run:2

Running from C:\Users\Sam\Desktop

Loaded Profiles: Sam (Available profiles: Sam & Affluent Nerd & Guest)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

CreateRestorePoint:

CloseProcesses:

C:\Users\Sam\AppData\Local\Microsoft\Windows\INetCache\IE\M5YXS5KZ\OCSetupHlp[1].dll

C:\Users\Sam\AppData\Local\Temp\1800\temp\CableTerm.xyz.exe

C:\Users\Sam\AppData\Local\Temp\D5D6BD\temp\putfu.xyz

C:\Users\Sam\AppData\Local\Temp\is386526232\6AC3B58C_stp\icc.dll

RemoveProxy:

EmptyTemp:

Reboot:

end

*****************

 

Restore point was successfully created.

Processes closed successfully.

C:\Users\Sam\AppData\Local\Microsoft\Windows\INetCache\IE\M5YXS5KZ\OCSetupHlp[1].dll => Moved successfully.

C:\Users\Sam\AppData\Local\Temp\1800\temp\CableTerm.xyz.exe => Moved successfully.

C:\Users\Sam\AppData\Local\Temp\D5D6BD\temp\putfu.xyz => Moved successfully.

C:\Users\Sam\AppData\Local\Temp\is386526232\6AC3B58C_stp\icc.dll => Moved successfully.

 

========= RemoveProxy: =========

 

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.

HKU\S-1-5-21-3276751746-3587298695-1269677053-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

 

 

========= End of RemoveProxy: =========

 

EmptyTemp: => Removed 6.2 GB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 12:34:46 ====