TechSpot

Connected to the network but internet based programs won't work

By Joshua Davidson
Jun 10, 2015
  1. All internet based programs don't work. I tried to find a solution and there seems to be a very subtle virus that is keeping me from connecting to the internet, even though my computer says I'm connected to the wifi.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

  3. Joshua Davidson

    Joshua Davidson TS Rookie Topic Starter

    Yes, the second computer I was using to respond and download programs had a breakdown. I had to replace the hard drive for the second computer. I didn't have regular access to the Internet while that computer was down. Everything is working good now so I'm trying to get my primary laptop working again.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    OK.

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  5. Joshua Davidson

    Joshua Davidson TS Rookie Topic Starter

    I'm scanning my laptop with Farbar now. I should have the log posted later this afternoon.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,904   +344

  7. Joshua Davidson

    Joshua Davidson TS Rookie Topic Starter

    Here is the FRST log (1 of 2)

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 (ATTENTION: ====> FRST version is 97 days old and could be outdated)
    Ran by patrick (administrator) on PATRICK-PC on 16-06-2015 10:52:36
    Running from F:\
    Loaded Profiles: patrick (Available profiles: patrick)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe
    (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkDMS.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Samsung Electronics) C:\Program Files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
    (Google Inc.) C:\Users\patrick\AppData\Local\Google\Update\GoogleUpdate.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
    (Dropbox, Inc.) C:\Users\patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-08-24] (Realtek Semiconductor)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
    HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe [407384 2013-05-09] (Samsung Electronics)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [4114264 2014-01-23] ()
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
    HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-02] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [362432 2011-12-22] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
    HKLM-x32\...\Run: [Sendori Tray] => "C:\Program Files (x86)\Sendori\SendoriTray.exe"
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
    HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
    HKU\S-1-5-21-660230534-9386771-3986129850-1000\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [27112568 2012-10-04] (ooVoo LLC)
    HKU\S-1-5-21-660230534-9386771-3986129850-1000\...\Run: [Google Update] => C:\Users\patrick\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-26] (Google Inc.)
    HKU\S-1-5-21-660230534-9386771-3986129850-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    HKU\S-1-5-21-660230534-9386771-3986129850-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
    HKU\S-1-5-21-660230534-9386771-3986129850-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
    HKU\S-1-5-21-660230534-9386771-3986129850-1000\...\Run: [Speech Recognition] => C:\windows\Speech\Common\sapisvr.exe [44544 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-660230534-9386771-3986129850-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-03-02] (Glarysoft Ltd)
    HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
    Startup: C:\Users\patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    BootExecute: autocheck autochk *
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
     
  8. Joshua Davidson

    Joshua Davidson TS Rookie Topic Starter

    FRST log (2 of 2)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyServer: [S-1-5-21-660230534-9386771-3986129850-1000] => http=127.0.0.1:50255;https=127.0.0.1:50255
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    HKU\S-1-5-21-660230534-9386771-3986129850-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://samsung.msn.com
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 -> DefaultScope value is missing.
    SearchScopes: HKLM-x32 -> {858971B9-B4DC-4D52-936D-4F77A419B0D6} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> DefaultScope 0554F78DB8C9438E83BEE96C3671E8BB URL = http://search.benefitbar.com/benefitbar/search/www.php?tid=a1133&sch={searchTerms}
    SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> 0554F78DB8C9438E83BEE96C3671E8BB URL = http://search.benefitbar.com/benefitbar/search/www.php?tid=a1133&sch={searchTerms}
    SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchab.com/?aff=7&uid=3390b2f8-6414-11e2-afcb-e81132cd0c3e&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> {25EB4B57-AEBF-4948-A441-9C6D20C2651C} URL = http://www.bing.com/search?FORM=U001DF&PC=U001&dt=061213&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> {88DC3AFE-FAF0-4808-8C7B-B74319B5C9DC} URL = http://us.yhs4.search.yahoo.com/yhs...tPage,20120102,18482,0,0,6434&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> {B45E1180-07B2-4BDA-BB5E-FE78BBACE658} URL = http://websearch.ask.com/redirect?c...pn_sauid=AA03DC7C-0768-44E2-BF13-BC40CFAE70A3
    SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> {D2C0F1A9-014F-408C-8657-B0BEC7E9CCA9} URL = http://www.mysearchresults.com/search?&c=2640&t=03&q={searchTerms}
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO-x32: Somoto Toolbar -> {652853ad-5592-4231-88c6-706613a52e61} -> C:\Program Files (x86)\somototoolbar\vmntemplateX.dll No File
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: getsav-in 5.0 -> {A55A74F3-7602-43C9-92EC-ECE61ADE1086} -> C:\Users\patrick\AppData\Local\getsav-in\ie\getsav-in_1371059101.dll No File
    BHO-x32: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-08-23] ()
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
    BHO-x32: BenefitBar -> {E155F23C-9931-47c6-A619-20E6FCA86D75} -> No File
    Toolbar: HKLM-x32 - Somoto Toolbar - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll No File
    Toolbar: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
    Winsock: Catalog9 01 C:\windows\system32\Sendori.dll File Not found ()
    Winsock: Catalog9 02 C:\windows\system32\Sendori.dll File Not found ()
    Winsock: Catalog9 03 C:\windows\system32\Sendori.dll File Not found ()
    Winsock: Catalog9 04 C:\windows\system32\Sendori.dll File Not found ()
    Winsock: Catalog9 16 C:\windows\system32\Sendori.dll File Not found ()
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2011-12-22] (Citrix Systems, Inc.)
    FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
    FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
    FF Plugin HKU\S-1-5-21-660230534-9386771-3986129850-1000: @fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1 -> C:\Users\patrick\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll [2014-01-03] ( )
    FF Plugin HKU\S-1-5-21-660230534-9386771-3986129850-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\patrick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
    FF Plugin HKU\S-1-5-21-660230534-9386771-3986129850-1000: @talk.google.com/O1DPlugin -> C:\Users\patrick\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
    FF Plugin HKU\S-1-5-21-660230534-9386771-3986129850-1000: @tools.google.com/Google Update;version=3 -> C:\Users\patrick\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
    FF Plugin HKU\S-1-5-21-660230534-9386771-3986129850-1000: @tools.google.com/Google Update;version=9 -> C:\Users\patrick\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
    FF Plugin HKU\S-1-5-21-660230534-9386771-3986129850-1000: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll [2013-05-09] (Samsung)
    FF Plugin ProgramFiles/Appdata: C:\Users\patrick\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\patrick\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR Profile: C:\Users\patrick\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-27]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-18]
    CHR Extension: (Adblock Plus) - C:\Users\patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-12-01]
    CHR Extension: (No Name) - C:\Users\patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\loaalbhdjmjgdckmmeflpmbacffgnmme [2012-10-16]
    CHR Extension: (Amazing Coupons) - C:\Users\patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl [2013-06-12]
    CHR Extension: (Google Wallet) - C:\Users\patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]
    CHR HKU\S-1-5-21-660230534-9386771-3986129850-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\patrick\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-27]
    CHR HKLM-x32\...\Chrome\Extension: [ippkomaaonokjnfjoikaemidanojkfmm] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
    CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\patrick\AppData\Local\Temp\ccex.crx [Not Found]
    StartMenuInternet: Google Chrome.O2JHYUFJYXUUN2DDSNOWJV3QR4 - C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe http://do-search.com/?type=sc&ts=1384814673&from=smt&uid=WDCXWD3200BPVT-35ZEST0_WD-WXD1A81D4496D4496

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe [405896 2013-05-03] (Samsung) [File not signed]
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] ()
    R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [X] <==== ATTENTION
    S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [X]
    S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [X] <==== ATTENTION

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2013-07-17] (BitDefender LLC)
    R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2013-07-17] (BitDefender LLC)
    S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
    R1 GUBootStartup; C:\windows\System32\drivers\GUBootStartup.sys [20160 2015-03-12] (Glarysoft Ltd)
    R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [138232 2013-07-17] (BitDefender LLC)
    S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-09-27] (Windows (R) 2003 DDK 3790 provider)
    R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
    S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-06-16 10:49 - 2015-06-16 10:54 - 00000000 ____D () C:\FRST
    2015-06-09 04:59 - 2015-06-09 15:39 - 00001771 _____ () C:\Users\patrick\Desktop\MIGOSBULLY.txt
    2015-06-07 08:24 - 2015-06-08 13:47 - 00001615 _____ () C:\Users\patrick\Desktop\if I could tell you.txt
    2015-06-02 08:24 - 2015-06-08 13:50 - 00001936 _____ () C:\Users\patrick\Desktop\REPO.txt
    2015-06-02 07:20 - 2015-06-02 07:45 - 00000101 _____ () C:\Users\patrick\Desktop\2Pac.txt
    2015-06-02 00:11 - 2015-06-02 08:36 - 00002270 _____ () C:\Users\patrick\Desktop\DMX TYPE.txt
    2015-05-29 01:51 - 2015-06-05 02:01 - 00002973 _____ () C:\Users\patrick\Desktop\Dealings.txt
    2015-05-27 21:39 - 2015-05-27 23:52 - 00002587 _____ () C:\Users\patrick\Desktop\WORSHIP PRACTICE.txt
    2015-05-27 02:24 - 2015-06-11 07:00 - 00002317 _____ () C:\Users\patrick\Desktop\Lil Wayne Sorry.txt
    2015-05-21 16:47 - 2015-05-26 22:20 - 00002442 _____ () C:\Users\patrick\Desktop\ZEAF- Rae Sremmurd, ASAP Ferg Type Beat [Prod. Yosef].txt
    2015-05-21 14:34 - 2015-05-29 00:18 - 00002991 _____ () C:\Users\patrick\Desktop\hardact yosef.txt
    2015-05-18 01:18 - 2015-06-10 21:32 - 00002291 _____ () C:\Users\patrick\Desktop\yosef beat.txt

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-06-16 10:47 - 2015-04-24 01:08 - 00001671 _____ () C:\Users\patrick\Desktop\lonley.txt
    2015-06-16 10:47 - 2014-01-27 13:43 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-06-16 10:47 - 2012-08-28 16:48 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-06-16 10:47 - 2012-08-26 13:51 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660230534-9386771-3986129850-1000UA.job
    2015-06-16 10:46 - 2013-02-07 04:04 - 01909871 _____ () C:\windows\WindowsUpdate.log
    2015-06-11 15:15 - 2013-06-12 12:52 - 00000456 ____H () C:\windows\Tasks\Norton Security Scan for patrick.job
    2015-06-11 02:31 - 2012-08-26 13:51 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660230534-9386771-3986129850-1000Core.job
    2015-06-11 01:43 - 2014-01-27 13:43 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-06-10 13:07 - 2015-04-30 03:45 - 00001916 _____ () C:\Users\patrick\Desktop\dawaythathelooves me.txt
    2015-06-09 15:39 - 2009-07-14 00:13 - 00800860 _____ () C:\windows\system32\PerfStringBackup.INI
    2015-06-09 03:40 - 2015-05-05 21:33 - 00001086 _____ () C:\Users\patrick\Desktop\God says.txt
    2015-06-07 05:07 - 2015-04-16 10:42 - 00001893 _____ () C:\Users\patrick\Desktop\must be illumnati meek mill beat.txt
    2015-06-05 02:58 - 2015-05-11 07:01 - 00002501 _____ () C:\Users\patrick\Desktop\T2.txt
    2015-06-01 21:31 - 2014-11-19 15:49 - 00010865 _____ () C:\windows\setupact.log
    2015-05-31 04:05 - 2009-07-13 23:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-05-31 04:05 - 2009-07-13 23:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-05-31 03:59 - 2013-02-27 01:51 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    2015-05-31 03:58 - 2015-03-12 13:26 - 00000336 _____ () C:\windows\Tasks\GlaryInitialize 5.job
    2015-05-31 03:58 - 2013-06-12 13:00 - 00000000 ____D () C:\Samsung Link
    2015-05-31 03:57 - 2011-11-25 02:46 - 00000000 ____D () C:\Users\patrick\AppData\Roaming\Skype
    2015-05-31 03:55 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-05-29 00:22 - 2015-03-28 00:08 - 00001465 _____ () C:\Users\patrick\Desktop\pray for me beat.txt

    ==================== Files in the root of some directories =======

    2014-05-08 19:05 - 2014-05-08 19:05 - 6103040 _____ () C:\Program Files (x86)\GUT69F4.tmp
    2012-12-05 20:00 - 2012-12-05 20:00 - 0017408 _____ () C:\Users\patrick\AppData\Local\WebpageIcons.db
    2011-11-25 02:47 - 2011-11-25 02:47 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

    Some content of TEMP:
    ====================
    C:\Users\patrick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpos40mo.dll
    C:\Users\patrick\AppData\Local\Temp\pc_optimizer.exe
    C:\Users\patrick\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
    C:\Users\patrick\AppData\Local\Temp\System.Data.SQLite94543.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-04 10:11

    ==================== End Of Log ============================
     
  9. Joshua Davidson

    Joshua Davidson TS Rookie Topic Starter

    Here is the Addition log (1 of 2)

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
    Ran by patrick at 2015-06-16 10:56:13
    Running from F:\
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Ad-Aware Antivirus (Enabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
    AS: Ad-Aware Antivirus (Enabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    „Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    „Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
    „Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
    „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Ad-Aware Antivirus (HKLM\...\{6A16ADA5-0B30-4893-84AB-961B1340D14A}_AdAwareUpdater) (Version: 11.1.5354.0 - Lavasoft)
    AdAwareInstaller (Version: 11.1.5354.0 - Lavasoft) Hidden
    AdAwareUpdater (Version: 11.1.5354.0 - Lavasoft) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
    Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
    Adobe Photoshop Lightroom 5.2 64-bit (HKLM\...\{54E6C675-3AD4-42E4-957F-31666ABF1603}) (Version: 5.2.1 - Adobe)
    Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
    AllShare Framework DMS (HKLM\...\{FC655E43-0E90-4FAC-AF88-7CF8635C6ADC}) (Version: 1.3.09 - Samsung)
    AntimalwareEngine (Version: 2.6.0.0 - Lavasoft) Hidden
    AntispamEngine (Version: 2.3.29.0 - Lavasoft) Hidden
    Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASPCA Reminder by We-Care.com v4.1.18.1 (HKLM-x32\...\{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}) (Version: 4.1.18.1 - We-Care.com)
    Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
    BatteryLifeExtender (HKLM-x32\...\{E308B555-8434-4AF8-B66F-729897C75F93}) (Version: 1.0.6 - Samsung)
    Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.0.89 - Citrix Systems, Inc.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dropbox (HKU\S-1-5-21-660230534-9386771-3986129850-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
    Easy Network Manager (HKLM-x32\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung)
    Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.15 - Samsung Electronics Co.,Ltd.)
    EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
    ETDWare PS/2-X64 8.0.7.0_WHQL (HKLM\...\Elantech) (Version: 8.0.7.0 - ELAN Microelectronic Corp.)
    FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
    Forex Broker Inc MT4 Client Terminal (HKLM-x32\...\Forex Broker Inc MT4 Client Terminal) (Version: 4.00 - MetaQuotes Software Corp.)
    Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Fuze Meeting (HKLM-x32\...\{88F800EE-C2E3-49F1-9A61-DB1EE6DD4245}) (Version: 14.1.3326 - Fuze Box, Inc.)
    Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    getsav-in (HKLM-x32\...\getsav-in) (Version: 1.1371059117 - Adpeak, Inc.) <==== ATTENTION!
    Glary Utilities 5.20 (HKLM-x32\...\Glary Utilities 5) (Version: 5.20.0.35 - Glarysoft Ltd)
    GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.62.5207 - Gretech Corporation)
    Google Chrome (HKU\S-1-5-21-660230534-9386771-3986129850-1000\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
    Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
    Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
    iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
    IZArc 4.1.8 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.8 - Ivan Zahariev)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.710 - Oracle)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.24.27.3 - Marvell)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
    Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.0.1.16 - Symantec Corporation)
    Online Plug-in (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden
    OnlineThreatsEngine (Version: 2.2.2.0 - Lavasoft) Hidden
    ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.3023 - ooVoo LLC.)
    PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
    Roads of Rome (HKLM-x32\...\exent_706250) (Version: - )
    Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
    Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
    Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.19.0 - Samsung Electronics Co., Ltd.)
    Samsung AnyWeb Print (x32 Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (x32 Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Link 1.5.0.1305092012 (HKLM\...\8474-7877-9059-0204) (Version: 1.5.0.1305092012 - Copyright 2013 SAMSUNG)
    Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.6 - Samsung)
    Samsung Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung)
    Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.01.06.00:16 - Samsung Electronics Co., Ltd.)
    Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.1.17 - Samsung Electronics Co., Ltd.)
    Self-service Plug-in (x32 Version: 3.1.0.21744 - Citrix Systems, Inc.) Hidden
    Sendori (HKLM-x32\...\Sendori) (Version: 2.0.17 - Sendori, Inc.) <==== ATTENTION
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    StartMeeting (HKU\S-1-5-21-660230534-9386771-3986129850-1000\...\StartMeeting) (Version: 1.3.1559.1001 - Start Meeting LLC)
    The Treasures of Montezuma (HKLM-x32\...\exent_466550) (Version: - )
    Unlikely Suspects (HKLM-x32\...\exent_708650) (Version: - )
    User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.4 - )
    Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
    Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.)
    WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden
    Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    WinRAR 4.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
    WizTree v1.06 (HKLM-x32\...\WizTree_is1) (Version: - Antibody Software)
    Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
    Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\patrick\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\patrick\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\patrick\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\patrick\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\patrick\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\patrick\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\patrick\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    ==================== Restore Points =========================

    11-06-2015 01:53:35 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2014-12-15 13:48 - 00000826 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0135B265-098B-400F-B8B9-44B63DAF3D06} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-07-27] (SEC)
    Task: {06A45F69-747D-4078-BE2D-A11BD84354DE} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-19] (SAMSUNG Electronics co., LTD.)
    Task: {15A140AD-5CD6-4BF1-B6FE-4BE717F16179} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-03-02] (Glarysoft Ltd)
    Task: {18264689-3AB0-4576-853C-C62D9D4F5BC6} - System32\Tasks\Updater4637.exe => C:\Users\patrick\AppData\Local\Updater4637\Updater4637.exe <==== ATTENTION
    Task: {3AEF3C42-3969-4EA9-8B77-CAEA6DFDC631} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {452879AD-361C-4B9E-9DDA-E1A193127EB3} - System32\Tasks\Norton Security Scan for patrick => C:\Program Files (x86)\Norton Security Scan\Engine\4.0.1.16\Nss.exe [2013-05-07] (Symantec Corporation)
    Task: {4B03C5F4-8EFD-4BDC-8E36-F287CE3C199C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-660230534-9386771-3986129850-1000Core => C:\Users\patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26] (Google Inc.)
    Task: {4C51280C-6FC0-4392-8B88-4653C528694B} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-08-05] (Samsung Electronics)
    Task: {55056138-46D5-4295-B81C-3543424E6148} - System32\Tasks\AdobeAAMUpdater-1.0-patrick-PC-patrick => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
    Task: {57CA2B67-0578-470A-8E30-B17A4676873A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {58375216-4DCF-4F6C-8180-10F361274AB3} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
    Task: {5A7A7BF2-06E7-414A-92DA-65CA6CB12C59} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
    Task: {5C5619C4-69BD-4A71-B815-2196396CDBBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
    Task: {62223D07-65B4-478B-B093-2BEC563D13FE} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\patrick\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
    Task: {68E21AC2-A9E0-4B54-AB31-2E21FCA2C725} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2011-12-20] (Samsung Electronics)
    Task: {6E53FA94-BCA8-4C09-9CE4-2A88D851AFC9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {77F3AC52-9CB4-46C0-92FC-9A128CE6B394} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
    Task: {8836AA6F-BB8F-45E3-B5C4-F20205FCC1AF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {8B1DD491-879D-4E48-AE4B-3FAF2A6A70B6} - System32\Tasks\{574D0459-F1CB-4EC0-A4CD-CFDC506632B4} => Chrome.exe
    Task: {8E0FD80E-7A22-41EF-ABF8-6751A43DE6F8} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-08-11] (Samsung Electronics. Co. Ltd.)
    Task: {92A13C3E-26EB-4B77-897F-649445DE6F49} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-660230534-9386771-3986129850-1000UA => C:\Users\patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26] (Google Inc.)
    Task: {94C199F9-C033-4249-B2F4-DCDD2B6ECBE6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
    Task: {965DCEEE-44CF-4C1B-AA53-8072E00606D0} - System32\Tasks\{97AEA3A5-64DB-48A8-AB19-2B76E8EB9CCC} => Chrome.exe
    Task: {9C332AE8-1447-491D-9AE6-35F498C46567} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
    Task: {A9561581-14A7-4CA8-8BAB-F1EF2A19F514} - System32\Tasks\{6BC46841-0865-4327-BD36-2B56719AD40E} => Chrome.exe
    Task: {AAE9C2A5-7264-4A4A-A759-5D0F14C95242} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {B79CDB02-1CFB-4F9C-82EC-03BDFADC0D57} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-03-02] (Glarysoft Ltd)
    Task: {B7CE4FD9-F533-4EEF-AA21-25E43C52B087} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
    Task: {C43686F9-3051-48AA-8411-F2A0862BE569} - System32\Tasks\{38DBB8D6-1B80-467C-8CE4-E4EB0B0F2D4B} => Chrome.exe
    Task: {D097BDA6-A29D-468D-B5FB-FF3692C0E67E} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-08-09] (Samsung Electronics Co., Ltd.)
    Task: {D701C70C-F956-45E6-A7DA-CBBAAE285CC4} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
    Task: {DF13380F-2DBA-4D0F-B430-3CF574945456} - System32\Tasks\DTReg => C:\Users\patrick\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660230534-9386771-3986129850-1000Core.job => C:\Users\patrick\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660230534-9386771-3986129850-1000UA.job => C:\Users\patrick\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\Norton Security Scan for patrick.job => C:\PROGRA~2\NORTON~2\Engine\401~1.16\Nss.exe

    ==================== Loaded Modules (whitelisted) ==============

    2011-11-25 13:38 - 2008-06-04 18:53 - 00027648 _____ () C:\windows\System32\spd__l.dll
    2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2014-01-23 17:09 - 2014-01-23 17:09 - 00702744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
    2014-01-23 17:30 - 2014-01-23 17:30 - 00103800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_thread-vc100-mt-1_55.dll
    2014-01-23 17:30 - 2014-01-23 17:30 - 00024440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_system-vc100-mt-1_55.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00033656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_chrono-vc100-mt-1_55.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00055680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_date_time-vc100-mt-1_55.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00123776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_filesystem-vc100-mt-1_55.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 03720040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareServiceKernel.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00685904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SQLite.dll
    2014-01-23 17:30 - 2014-01-23 17:30 - 00158032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\pugixml.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 02595144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\RCF.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00788856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_regex-vc100-mt-1_55.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00602984 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareActivation.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00291192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareApplicationUpdater.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00142696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareGamingMode.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00098648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareReset.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00120152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTime.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00268152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdater.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00198024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdaterScheduler.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00417128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIgnoreList.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00253800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareQuarantine.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00293744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiMalwareEngine.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00212336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiRootkitEngine.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00509808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScannerHistory.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00607584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScanner.dll
    2014-01-23 17:30 - 2014-01-23 17:30 - 00035192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_timer-vc100-mt-1_55.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00325488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareScannerScheduler.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00333688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareRealTimeProtection.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00227688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIncompatibles.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00219488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiSpam.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00129896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareAntiPhishing.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00599920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareParentalControl.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 01926504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareWebProtection.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00263536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareEmailProtection.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00650608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareNetworkProtection.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00490848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareInstaller.dll
    2014-01-23 17:30 - 2014-01-23 17:30 - 00106824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\zlib.dll
    2014-01-23 17:30 - 2014-01-23 17:30 - 00149840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\libssh2.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00358744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwarePromo.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00291680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareFeedback.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00154464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SecurityCenter.dll
    2013-10-31 01:25 - 2013-07-17 18:09 - 00156936 _____ () C:\windows\system32\bdfwcore.dll
    2013-07-17 18:10 - 2013-07-17 18:10 - 00777296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\BDSmartDB.dll
    2013-08-21 15:32 - 2013-08-21 15:32 - 00824864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.2.0\ashttpbr.mdl
    2013-08-21 15:32 - 2013-08-21 15:32 - 00558136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.2.0\ashttpdsp.mdl
    2013-08-21 15:32 - 2013-08-21 15:32 - 02656752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.2.0\ashttpph.mdl
    2013-08-21 15:32 - 2013-08-21 15:32 - 01234816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.2.0\ashttprbl.mdl
    2013-08-21 15:32 - 2013-08-21 15:32 - 00824864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\WebFiltering Engine\2.2.1.0\ashttpbr.mdl
    2013-08-21 15:32 - 2013-08-21 15:32 - 00558136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\WebFiltering Engine\2.2.1.0\ashttpdsp.mdl
    2013-08-21 15:32 - 2013-08-21 15:32 - 03112000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\WebFiltering Engine\2.2.1.0\ashttpf.mdl
    2013-08-21 15:32 - 2013-08-21 15:32 - 01234816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\WebFiltering Engine\2.2.1.0\ashttprbl.mdl
    2014-01-23 17:29 - 2014-01-23 17:29 - 04114264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
    2014-01-23 17:29 - 2014-01-23 17:29 - 00500088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_locale-vc100-mt-1_55.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00361824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\HtmlFramework.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00066904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\DllStorage.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00788848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTrayDefaultSkin.dll
    2014-01-23 17:29 - 2014-01-23 17:29 - 00139608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\Localization.dll
    2013-06-12 12:58 - 2013-05-09 20:12 - 01226752 _____ () C:\Program Files\Samsung\Samsung Link\SecLibJNI.dll
    2014-11-20 18:14 - 2014-11-20 18:14 - 00515584 ____N () C:\Users\patrick\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
    2013-06-12 12:58 - 2013-05-09 20:12 - 00011264 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
    2013-05-03 14:20 - 2013-05-03 14:20 - 00036864 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\64bit\JNIInterface.dll
    2013-05-03 14:21 - 2013-05-03 14:21 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\64bit\ASFAPI.dll
    2013-05-03 14:22 - 2013-05-03 14:22 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\64bit\MediaDB_Manager.dll
    2013-02-14 19:41 - 2013-02-14 19:41 - 00030720 _____ () C:\windows\system32\MediaDB64.dll
    2013-02-14 19:41 - 2013-02-14 19:41 - 00905216 _____ () C:\windows\system32\ContentDirectoryPresenter64.dll
    2013-05-03 14:22 - 2013-05-03 14:22 - 00521728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\64bit\DMS_Manager.dll
    2013-04-15 18:52 - 2013-04-15 18:52 - 00049152 _____ () C:\windows\system32\boost_date_time-vc90-mt-1_47.dll
    2013-04-15 18:52 - 2013-04-15 18:52 - 00016896 _____ () C:\windows\system32\boost_system-vc90-mt-1_47.dll
    2013-04-15 18:52 - 2013-04-15 18:52 - 00058880 _____ () C:\windows\system32\boost_thread-vc90-mt-1_47.dll
    2013-04-15 18:52 - 2013-04-15 18:52 - 00299520 _____ () C:\windows\system32\boost_serialization-vc90-mt-1_47.dll
    2013-04-19 17:29 - 2013-04-19 17:29 - 01113600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\DMSManager.dll
    2013-04-19 16:37 - 2013-04-19 16:37 - 00704000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\ContentDirectoryPresenter.dll
    2013-04-19 16:39 - 2013-04-19 16:39 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\DCMCDP.dll
    2013-04-19 16:38 - 2013-04-19 16:38 - 00101376 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\FolderCDP.dll
    2013-04-19 17:29 - 2013-04-19 17:29 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\MetadataFramework.dll
    2013-02-14 19:42 - 2013-02-14 19:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\sqlite3.dll
    2013-02-14 19:42 - 2013-02-14 19:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\MoodExtractor.dll
    2013-02-14 19:42 - 2013-02-14 19:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\DCMImgExtractor.dll
    2013-04-12 08:58 - 2013-04-12 08:58 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AutoChaptering.dll
    2013-02-14 19:42 - 2013-02-14 19:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\libexpat.dll
    2013-04-12 08:58 - 2013-04-12 08:58 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\VideoThumb.dll
    2013-02-14 19:42 - 2013-02-14 19:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\avcodec-52.dll
    2013-02-14 19:42 - 2013-02-14 19:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\avutil-50.dll
    2013-02-14 19:42 - 2013-02-14 19:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\avformat-52.dll
    2013-02-14 19:42 - 2013-02-14 19:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\swscale-0.dll
    2013-04-19 17:29 - 2013-04-19 17:29 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AudioExtractor.dll
    2013-04-19 17:29 - 2013-04-19 17:29 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\ID3Driver.dll
    2013-02-14 19:42 - 2013-02-14 19:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\tag.dll
    2013-04-12 08:58 - 2013-04-12 08:58 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\libThumbnail.dll
    2013-04-19 16:58 - 2013-04-19 16:58 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\RichInfoDriver.dll
    2013-04-19 16:58 - 2013-04-19 16:58 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\VideoExtractor.dll
    2013-04-19 16:58 - 2013-04-19 16:58 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\ThumbnailMaker.dll
    2013-04-12 08:59 - 2013-04-12 08:59 - 01033216 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\ImageMagickWrapper.dll
    2013-04-19 16:58 - 2013-04-19 16:58 - 00133632 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\VideoMetadataDriver.dll
    2013-04-19 16:58 - 2013-04-19 16:58 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\libKeyFrame.dll
    2013-04-19 16:58 - 2013-04-19 16:58 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\SECMetaDriver.dll
    2013-04-19 16:58 - 2013-04-19 16:58 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\ImageExtractor.dll
    2013-04-12 08:58 - 2013-04-12 08:58 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\photoDriver.dll
    2013-02-14 19:42 - 2013-02-14 19:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\libexif-12.dll.dll
    2013-04-19 16:58 - 2013-04-19 16:58 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\TextExtractor.dll
    2013-04-19 16:39 - 2013-04-19 16:39 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\Autobackup.dll
    2013-04-19 16:38 - 2013-04-19 16:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\RosettaAllShare.dll
    2013-04-15 18:52 - 2013-04-15 18:52 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\boost_serialization-vc90-mt-1_47.dll
    2013-04-15 18:53 - 2013-04-15 18:53 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\boost_date_time-vc90-mt-1_47.dll
    2013-04-15 18:52 - 2013-04-15 18:52 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\boost_system-vc90-mt-1_47.dll
    2013-04-15 18:53 - 2013-04-15 18:53 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\boost_thread-vc90-mt-1_47.dll
    2013-02-14 19:42 - 2013-02-14 19:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\us.dll
    2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-05-31 03:56 - 2015-05-31 03:56 - 00098816 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\win32api.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00110080 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\pywintypes27.dll
    2015-05-31 03:56 - 2015-05-31 03:56 - 00364544 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\pythoncom27.dll
    2015-05-31 03:56 - 2015-05-31 03:56 - 00045568 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\_socket.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 01160704 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\_ssl.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00320512 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\win32com.shell.shell.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00713216 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\_hashlib.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 01175040 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\wx._core_.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00805888 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\wx._gdi_.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00811008 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\wx._windows_.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 01062400 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\wx._controls_.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00735232 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\wx._misc_.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00557056 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\pysqlite2._sqlite.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00128512 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\_elementtree.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00127488 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\pyexpat.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00087552 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\_ctypes.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00119808 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\win32file.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00108544 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\win32security.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00007168 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\hashobjs_ext.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00167936 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\win32gui.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00018432 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\win32event.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00038912 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\win32inet.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00011264 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\win32crypt.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00070656 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\wx._html2.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00027136 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\_multiprocessing.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00035840 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\win32process.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00686080 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\unicodedata.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00122368 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\wx._wizard.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00024064 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\win32pipe.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00025600 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\win32pdh.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00525640 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\windows._lib_cacheinvalidation.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00010240 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\select.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00017408 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\win32profile.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00022528 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\win32ts.pyd
    2015-05-31 03:56 - 2015-05-31 03:56 - 00078336 _____ () C:\Users\patrick\AppData\Local\Temp\_MEI28882\wx._animate.pyd
    2011-04-18 18:14 - 2006-08-11 22:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
    2015-03-02 00:39 - 2015-03-02 00:39 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
    2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\patrick\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-05-31 03:58 - 2015-05-31 03:58 - 00043008 _____ () c:\users\patrick\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpos40mo.dll
    2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\patrick\AppData\Roaming\Dropbox\bin\libEGL.dll
    2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\patrick\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\patrick\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2011-04-18 18:16 - 2010-05-07 09:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
    2011-12-19 12:27 - 2011-12-19 12:27 - 00011704 _____ () C:\Program Files (x86)\Citrix\SelfServicePlugin\ExtensionSDK.dll
     
  10. Joshua Davidson

    Joshua Davidson TS Rookie Topic Starter

    Addition log (2 of 2)


    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:43AAB821
    AlternateDataStreams: C:\Users\patrick\Documents\Traders_Dynamic_Index (1).mq4:CursorPos
    AlternateDataStreams: C:\Users\patrick\Documents\Traders_Dynamic_Index (1).mq4:LineFlags

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-660230534-9386771-3986129850-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\patrick\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: Media is not connected to internet.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-660230534-9386771-3986129850-500 - Administrator - Disabled)
    Guest (S-1-5-21-660230534-9386771-3986129850-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-660230534-9386771-3986129850-1002 - Limited - Enabled)
    patrick (S-1-5-21-660230534-9386771-3986129850-1000 - Administrator - Enabled) => C:\Users\patrick

    ==================== Faulty Device Manager Devices =============

    Name: X5XSEx_Pr143
    Description: X5XSEx_Pr143
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: X5XSEx_Pr143
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/16/2015 10:46:57 AM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

    Error: (06/10/2015 08:08:42 PM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

    Error: (06/09/2015 03:23:17 AM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

    Error: (06/07/2015 03:35:47 PM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

    Error: (06/06/2015 02:50:44 PM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

    Error: (06/04/2015 09:51:40 AM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

    Error: (06/02/2015 00:01:17 AM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

    Error: (05/31/2015 06:01:52 AM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
    Description: AllShare Framework DMSSvcCtrlHandler received failed with 0

    Error: (05/31/2015 06:01:52 AM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
    Description: AllShare Framework DMSSvcCtrlHandler received failed with 0

    Error: (05/31/2015 04:07:06 AM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.


    System errors:
    =============
    Error: (06/10/2015 00:51:33 PM) (Source: volsnap) (EventID: 35) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.

    Error: (06/04/2015 10:57:14 AM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 172.24.48.186.
    The computer with the IP address 172.24.48.253 did not allow the name to be claimed by
    this computer.

    Error: (06/04/2015 10:29:13 AM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer MYCOMPUTER
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E6DB299D-E8AE-4036-9B42-8ABA13850820}.
    The master browser is stopping or an election is being forced.

    Error: (06/04/2015 09:53:58 AM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer ZACH-LAPTOP
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E6DB299D-E8AE-4036-9B42-8ABA13850820}.
    The master browser is stopping or an election is being forced.

    Error: (06/04/2015 09:52:20 AM) (Source: volsnap) (EventID: 35) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.

    Error: (06/02/2015 08:31:12 AM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer MYCOMPUTER
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E6DB299D-E8AE-4036-9B42-8ABA13850820}.
    The master browser is stopping or an election is being forced.

    Error: (06/02/2015 07:58:29 AM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer CHESCA
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E6DB299D-E8AE-4036-9B42-8ABA13850820}.
    The master browser is stopping or an election is being forced.

    Error: (06/02/2015 07:30:35 AM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer CHESCA
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E6DB299D-E8AE-4036-9B42-8ABA13850820}.
    The master browser is stopping or an election is being forced.

    Error: (06/02/2015 07:16:48 AM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 172.24.48.21.
    The computer with the IP address 172.24.48.27 did not allow the name to be claimed by
    this computer.

    Error: (06/02/2015 04:59:38 AM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer RR167566IP01
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E6DB299D-E8AE-4036-9B42-8ABA13850820}.
    The master browser is stopping or an election is being forced.


    Microsoft Office Sessions:
    =========================
    Error: (06/16/2015 10:46:57 AM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

    Error: (06/10/2015 08:08:42 PM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

    Error: (06/09/2015 03:23:17 AM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

    Error: (06/07/2015 03:35:47 PM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

    Error: (06/06/2015 02:50:44 PM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

    Error: (06/04/2015 09:51:40 AM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

    Error: (06/02/2015 00:01:17 AM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

    Error: (05/31/2015 06:01:52 AM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
    Description: AllShare Framework DMSSvcCtrlHandler received failed with 0

    Error: (05/31/2015 06:01:52 AM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
    Description: AllShare Framework DMSSvcCtrlHandler received failed with 0

    Error: (05/31/2015 04:07:06 AM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.


    CodeIntegrity Errors:
    ===================================
    Date: 2014-01-08 22:03:07.442
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-08 22:03:07.439
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-08 22:03:07.434
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-08 22:03:07.380
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-08 22:03:07.377
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-08 22:03:07.372
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 21:13:03.642
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 21:13:03.642
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 21:13:03.632
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 21:13:03.582
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
    Percentage of memory in use: 78%
    Total physical RAM: 4028.61 MB
    Available physical RAM: 864.02 MB
    Total Pagefile: 8055.41 MB
    Available Pagefile: 3125.63 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:113 GB) (Free:0.12 GB) NTFS
    Drive d: () (Fixed) (Total:166.5 GB) (Free:51.53 GB) NTFS
    Drive f: (JOSHUA) (Removable) (Total:7.34 GB) (Free:6.23 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 298.1 GB) (Disk ID: 80CD1684)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=113 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=166.5 GB) - (Type=OF Extended)
    Partition 4: (Not Active) - (Size=18.5 GB) - (Type=27)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7.4 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    [​IMG] Uninstall following unwanted programs:

    getsav-in
    Sendori


    [​IMG]

    Delete your FRST file and download fresh one

    [​IMG]
    Move FRST to correct location - Desktop.

    [​IMG] Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  12. Joshua Davidson

    Joshua Davidson TS Rookie Topic Starter

    Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
    Ran by patrick at 2015-06-21 01:39:35 Run:1
    Running from C:\Users\patrick\Desktop
    Loaded Profiles: patrick (Available Profiles: patrick)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [] => [X]
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    ProxyServer: [S-1-5-21-660230534-9386771-3986129850-1000] => http=127.0.0.1:50255;https=127.0.0.1:50255
    RemoveProxy:
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 -> DefaultScope value is missing.
    SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> {B45E1180-07B2-4BDA-BB5E-FE78BBACE658} URL = http://websearch.ask.com/redirect?c...pn_sauid=AA03DC7C-0768-44E2-BF13-BC40CFAE70A3
    SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> {D2C0F1A9-014F-408C-8657-B0BEC7E9CCA9} URL = http://www.mysearchresults.com/search?&c=2640&t=03&q={searchTerms}
    BHO-x32: Somoto Toolbar -> {652853ad-5592-4231-88c6-706613a52e61} -> C:\Program Files (x86)\somototoolbar\vmntemplateX.dll No File
    BHO-x32: getsav-in 5.0 -> {A55A74F3-7602-43C9-92EC-ECE61ADE1086} -> C:\Users\patrick\AppData\Local\getsav-in\ie\getsav-in_1371059101.dll No File
    BHO-x32: BenefitBar -> {E155F23C-9931-47c6-A619-20E6FCA86D75} -> No File
    Toolbar: HKLM-x32 - Somoto Toolbar - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll No File
    Toolbar: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Winsock: Catalog9 01 C:\windows\system32\Sendori.dll File Not found ()
    Winsock: Catalog9 02 C:\windows\system32\Sendori.dll File Not found ()
    Winsock: Catalog9 03 C:\windows\system32\Sendori.dll File Not found ()
    Winsock: Catalog9 04 C:\windows\system32\Sendori.dll File Not found ()
    Winsock: Catalog9 16 C:\windows\system32\Sendori.dll File Not found ()
    FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
    FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
    CHR HKLM-x32\...\Chrome\Extension: [ippkomaaonokjnfjoikaemidanojkfmm] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\patrick\AppData\Local\Temp\ccex.crx [Not Found]
    StartMenuInternet: Google Chrome.O2JHYUFJYXUUN2DDSNOWJV3QR4 - C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe http://do-search.com/?type=sc&ts=1384814673&from=smt&uid=WDCXWD3200BPVT-35ZEST0_WD-WXD1A81D4496D4496
    S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [X] <==== ATTENTION
    S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [X]
    S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [X] <==== ATTENTION
    S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
    2014-05-08 19:05 - 2014-05-08 19:05 - 6103040 _____ () C:\Program Files (x86)\GUT69F4.tmp
    2012-12-05 20:00 - 2012-12-05 20:00 - 0017408 _____ () C:\Users\patrick\AppData\Local\WebpageIcons.db
    2011-11-25 02:47 - 2011-11-25 02:47 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    C:\Users\patrick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpos40mo.dll
    C:\Users\patrick\AppData\Local\Temp\pc_optimizer.exe
    C:\Users\patrick\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
    C:\Users\patrick\AppData\Local\Temp\System.Data.SQLite94543.dll
    CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\patrick\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\patrick\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\patrick\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\patrick\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\patrick\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    Task: {18264689-3AB0-4576-853C-C62D9D4F5BC6} - System32\Tasks\Updater4637.exe => C:\Users\patrick\AppData\Local\Updater4637\Updater4637.exe <==== ATTENTION
    C:\Users\patrick\AppData\Local\Updater4637\Updater4637.exe
    Task: {58375216-4DCF-4F6C-8180-10F361274AB3} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
    Task: {5A7A7BF2-06E7-414A-92DA-65CA6CB12C59} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
    C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe
    Task: {62223D07-65B4-478B-B093-2BEC563D13FE} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\patrick\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
    C:\Users\patrick\AppData\Local\FilesFrog Update Checker\update_checker.exe
    Task: {D701C70C-F956-45E6-A7DA-CBBAAE285CC4} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
    Task: {DF13380F-2DBA-4D0F-B430-3CF574945456} - System32\Tasks\DTReg => C:\Users\patrick\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
    C:\Users\patrick\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe
    AlternateDataStreams: C:\ProgramData\Temp:43AAB821
    AlternateDataStreams: C:\Users\patrick\Documents\Traders_Dynamic_Index (1).mq4:CursorPos
    AlternateDataStreams: C:\Users\patrick\Documents\Traders_Dynamic_Index (1).mq4:LineFlags






    *****************

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    C:\windows\system32\GroupPolicy\Machine => moved successfully.
    C:\windows\system32\GroupPolicy\GPT.ini => moved successfully.
    C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
    HKU\S-1-5-21-660230534-9386771-3986129850-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully

    ========= RemoveProxy: =========

    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKU\S-1-5-21-660230534-9386771-3986129850-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\S-1-5-21-660230534-9386771-3986129850-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


    ========= End of RemoveProxy: =========

    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKU\S-1-5-21-660230534-9386771-3986129850-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B45E1180-07B2-4BDA-BB5E-FE78BBACE658}" => key removed successfully
    HKCR\CLSID\{B45E1180-07B2-4BDA-BB5E-FE78BBACE658} => key not found.
    "HKU\S-1-5-21-660230534-9386771-3986129850-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D2C0F1A9-014F-408C-8657-B0BEC7E9CCA9}" => key removed successfully
    HKCR\CLSID\{D2C0F1A9-014F-408C-8657-B0BEC7E9CCA9} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{652853ad-5592-4231-88c6-706613a52e61}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{652853ad-5592-4231-88c6-706613a52e61}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55A74F3-7602-43C9-92EC-ECE61ADE1086}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{A55A74F3-7602-43C9-92EC-ECE61ADE1086}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E155F23C-9931-47c6-A619-20E6FCA86D75}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{E155F23C-9931-47c6-A619-20E6FCA86D75}" => key removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{652853ad-5592-4231-88c6-706613a52e61} => value removed successfully
    HKCR\Wow6432Node\CLSID\{652853ad-5592-4231-88c6-706613a52e61} => key not found.
    HKU\S-1-5-21-660230534-9386771-3986129850-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
    HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
    Winsock: Catalog entry 000000000001 => removed successfully
    Winsock: Catalog entry 000000000002 => removed successfully
    Winsock: Catalog entry 000000000003 => removed successfully
    Winsock: Catalog entry 000000000004 => removed successfully
    Winsock: Catalog entry 000000000016 => removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0" => key removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\www.exent.com/GameTreatWidget" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc" => key removed successfully
    HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => value restored successfully
    Application Sendori => Service removed successfully
    Service Sendori => Service removed successfully
    sndappv2 => Service removed successfully
    X5XSEx_Pr143 => Service removed successfully
    C:\Program Files (x86)\GUT69F4.tmp => moved successfully.
    C:\Users\patrick\AppData\Local\WebpageIcons.db => moved successfully.
    C:\ProgramData\ezsidmv.dat => moved successfully.
    C:\Users\patrick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpos40mo.dll => moved successfully.
    C:\Users\patrick\AppData\Local\Temp\pc_optimizer.exe => moved successfully.
    C:\Users\patrick\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll => moved successfully.
    C:\Users\patrick\AppData\Local\Temp\System.Data.SQLite94543.dll => moved successfully.
    "HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
    "HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
    "HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
    "HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
    "HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18264689-3AB0-4576-853C-C62D9D4F5BC6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18264689-3AB0-4576-853C-C62D9D4F5BC6}" => key removed successfully
    C:\Windows\System32\Tasks\Updater4637.exe => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater4637.exe" => key removed successfully
    "C:\Users\patrick\AppData\Local\Updater4637\Updater4637.exe" => File/Folder not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58375216-4DCF-4F6C-8180-10F361274AB3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58375216-4DCF-4F6C-8180-10F361274AB3}" => key removed successfully
    C:\Windows\System32\Tasks\BrowserSafeguard Update Task => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5A7A7BF2-06E7-414A-92DA-65CA6CB12C59}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A7A7BF2-06E7-414A-92DA-65CA6CB12C59}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => key removed successfully
    "C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe" => File/Folder not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{62223D07-65B4-478B-B093-2BEC563D13FE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62223D07-65B4-478B-B093-2BEC563D13FE}" => key removed successfully
    C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SomotoUpdateCheckerAutoStart" => key removed successfully
    "C:\Users\patrick\AppData\Local\FilesFrog Update Checker\update_checker.exe" => File/Folder not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D701C70C-F956-45E6-A7DA-CBBAAE285CC4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D701C70C-F956-45E6-A7DA-CBBAAE285CC4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF13380F-2DBA-4D0F-B430-3CF574945456}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF13380F-2DBA-4D0F-B430-3CF574945456}" => key removed successfully
    C:\Windows\System32\Tasks\DTReg => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg" => key removed successfully
    "C:\Users\patrick\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe" => File/Folder not found.
    C:\ProgramData\Temp => ":43AAB821" ADS removed successfully.
    C:\Users\patrick\Documents\Traders_Dynamic_Index (1).mq4 => ":CursorPos" ADS removed successfully.
    C:\Users\patrick\Documents\Traders_Dynamic_Index (1).mq4 => ":LineFlags" ADS removed successfully.


    The system needed a reboot..

    ==== End of Fixlog 01:42:43 ====
     
  13. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...