Inactive CPU at maximum - Cannot find a problem

[kingmob]

Beeing trying to find malware/rootkit myself, as I suspect that is the problem here, but everything I threw at it, has not helped. Asking for some help here, hoping you can find something I haven't been able to. I have not done system restore.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-07-2015
Ran by Sam D (administrator) on SAMD-PC (25-07-2015 12:00:19)
Running from C:\Users\Sam D\Downloads
Loaded Profiles: Sam D (Available Profiles: Sam D)
Platform: Microsoft Windows 7 Ultimate (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [159744 2007-07-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Fences] => C:\Program Files\Stardock\Fences\Fences.exe [4031152 2013-11-26] (Stardock Corporation)
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll [2010-10-05] (Kaspersky Lab ZAO)
HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6715160 2015-07-08] (SUPERAntiSpyware)
HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Run: [Dropbox Update] => C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-06-19] (Microsoft Corporation)
Startup: C:\Users\Sam D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-us
URLSearchHook: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000 - (No Name) - {5F9575C2-1AB4-4883-8505-5C6D0DFDF2D5} - No File
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - KeywordSpy™ SEO/PPC - {0AE831B0-427E-4D0A-BC88-4BA47E7471C3} - C:\Program Files\KeywordSpy SEOPPC Plug-in\KeywordSpySEO.dll [2010-07-31] ()
Toolbar: HKU\.DEFAULT -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000 -> KeywordSpy™ SEO/PPC - {0AE831B0-427E-4D0A-BC88-4BA47E7471C3} - C:\Program Files\KeywordSpy SEOPPC Plug-in\KeywordSpySEO.dll [2010-07-31] ()
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: WSAMAllMyTubechrome - {C985F516-9C03-4F90 - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{753E788B-AD78-4CDD-B153-CDD66A6584E0}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630
FF DefaultSearchEngine.US: Google
FF Homepage: gmail.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-10] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3192665374-2718563871-2505210960-1000: @acestream.net/acestreamplugin,version=3.0.12 -> C:\Users\Sam D\AppData\Roaming\ACEStream\player\npace_plugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-02-10] (Microsoft Corporation)
FF Extension: Copy Urls Expert - C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\Extensions\copy-urls-expert@kashiif-gmail.com.xpi [2015-07-20]
FF Extension: MozBar - C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\Extensions\toolbar@seomoz.org.xpi [2015-06-28]
FF Extension: PPCWebSpy Toolbar - C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\Extensions\{86c18b42-e466-45a9-ae7a-9b95ba6f5640}.xpi [2015-05-17]
FF Extension: SEO Global For Google Search™ - C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\Extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}.xpi [2015-06-24]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-05-31]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-08]
FF HKLM\...\Firefox\Extensions: [AMAllMyTube@Aimersoft.com] - C:\ProgramData\Aimersoft\YouTube Downloader\AMAllMyTube@Aimersoft.com
FF Extension: Aimersoft YouTube Downloader - C:\ProgramData\Aimersoft\YouTube Downloader\AMAllMyTube@Aimersoft.com [2015-05-31]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Webbing) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fblcpdlednddbkcdbkkaiggjipjjgpdp [2014-10-15]
CHR Extension: (DivX HiQ) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2012-07-28]
CHR Extension: (NextCouup) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\goeeobfmefldgbbdlmjdjagkkhmmnopi [2014-10-08]
CHR Extension: (GoSavvE) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hgdnccifmkfafkohlbeailfepfjbmdna [2014-09-25]
CHR Extension: (OpptOn) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hnojomgcmohiefbikenglccliaogccbn [2014-09-27]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-07-28]
CHR Extension: (HTML5ify) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jikbjpjgjmmdhcmlagappehlpiljoaop [2015-03-12]
CHR Extension: (Codec-V) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho [2012-07-28]
CHR Extension: (Deezify) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kpkbhaapafmlmgodhicgpngihalhepll [2015-02-14]
CHR Extension: (GoSSave) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lhijjoggceedllbdndfjjnjpomecffad [2014-10-08]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-07-28]
CHR Profile: C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Drive) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-18]
CHR Extension: (Poper Blocker) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2015-07-01]
CHR Extension: (APK Downloader) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2014-10-26]
CHR Extension: (Image Downloader) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2014-10-16]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-11-25]
CHR Extension: (Video Downloader professional) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-11-17]
CHR Extension: (Webbing) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fblcpdlednddbkcdbkkaiggjipjjgpdp [2014-10-15]
CHR Extension: (AdBlock) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (SEO Global For Google Search™) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ojgmigafbpedhdilmemphfklkbghlphi [2015-06-24]
CHR Profile: C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Docs) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-27]
CHR Extension: (Google Drive) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-27]
CHR Extension: (YouTube) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-27]
CHR Extension: (Google Search) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-27]
CHR Extension: (HTML5ify) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jikbjpjgjmmdhcmlagappehlpiljoaop [2015-03-12]
CHR Extension: (Deezify) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kpkbhaapafmlmgodhicgpngihalhepll [2015-02-14]
CHR Extension: (Google Wallet) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-27]
CHR Extension: (Gmail) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-27]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\SAMD~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-09-11] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-09-11] (Ellora Assets Corp.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-02-16] ()
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [132184 2010-06-09] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2010-06-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [488536 2010-12-26] (Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [22104 2010-04-22] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2014-11-05] (The OpenVPN Project)
S3 TSVAD_PCM; C:\Windows\System32\drivers\tsvadpcm.sys [28432 2014-08-15] (Windows (R) Win 7 DDK provider)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 vncmirror; C:\Windows\System32\DRIVERS\vncmirror.sys [4608 2014-11-28] (RealVNC Ltd.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116736 2014-09-02] (Webroot)
S3 catchme; \??\C:\Users\SAMD~1\AppData\Local\Temp\catchme.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-25 12:00 - 2015-07-25 12:01 - 00024169 _____ C:\Users\Sam D\Downloads\FRST.txt
2015-07-25 12:00 - 2015-07-25 12:00 - 00000000 ____D C:\FRST
2015-07-25 11:59 - 2015-07-25 11:59 - 01650688 _____ (Farbar) C:\Users\Sam D\Downloads\FRST.exe
2015-07-25 02:14 - 2015-07-25 02:14 - 00028527 _____ C:\ComboFix.txt
2015-07-25 01:43 - 2015-07-25 01:43 - 00001098 _____ C:\Users\Sam D\Desktop\ComboFix - Shortcut.lnk
2015-07-25 01:40 - 2015-07-25 01:42 - 00003448 _____ C:\Users\Sam D\Desktop\Rkill.txt
2015-07-25 01:39 - 2015-07-25 01:39 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Sam D\Downloads\rkill.exe
2015-07-25 01:22 - 2015-07-25 01:22 - 00002982 _____ C:\Users\Sam D\Desktop\JRT.txt
2015-07-25 00:48 - 2015-07-25 00:48 - 02248704 _____ C:\Users\Sam D\Downloads\adwcleaner_4.208.exe
2015-07-25 00:47 - 2015-07-25 00:48 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Sam D\Downloads\JRT (1).exe
2015-07-25 00:33 - 2015-07-25 00:34 - 18705480 _____ C:\Users\Sam D\Downloads\RogueKiller.exe
2015-07-24 23:42 - 2015-07-24 23:43 - 07269656 _____ (Bitdefender LLC) C:\Users\Sam D\Downloads\BootkitRemoval_x86.exe
2015-07-24 22:40 - 2015-07-25 11:33 - 00002828 _____ C:\Windows\setupact.log
2015-07-24 22:40 - 2015-07-25 02:06 - 00001430 _____ C:\Windows\PFRO.log
2015-07-24 22:40 - 2015-07-24 22:40 - 00000000 _____ C:\Windows\setuperr.log
2015-07-24 21:56 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-24 21:56 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-24 21:56 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-24 21:56 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-24 21:56 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-24 21:56 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-24 21:56 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-24 21:56 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-24 21:55 - 2015-07-25 02:14 - 00000000 ____D C:\Qoobox
2015-07-24 16:56 - 2015-07-24 16:58 - 05633622 ____R (Swearware) C:\Users\Sam D\Downloads\ComboFix.exe
2015-07-24 16:51 - 2015-07-24 16:52 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Sam D\Downloads\tdsskiller.exe
2015-07-24 13:43 - 2015-07-25 00:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-24 13:41 - 2015-07-24 16:38 - 00000000 ____D C:\Users\Sam D\Desktop\mbar
2015-07-24 13:40 - 2015-07-24 13:41 - 00380416 _____ C:\Users\Sam D\Downloads\y6so8ixt.exe
2015-07-24 13:38 - 2015-07-24 13:40 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Sam D\Downloads\mbar-1.09.1.1004.exe
2015-07-24 12:27 - 2015-07-24 12:27 - 00000177 _____ C:\Users\Sam D\Desktop\scrapebox.txt
2015-07-24 11:12 - 2015-07-24 11:12 - 00000000 ____D C:\Program Files\ESET
2015-07-24 11:11 - 2015-07-24 11:11 - 02870984 _____ (ESET) C:\Users\Sam D\Downloads\esetsmartinstaller_enu.exe
2015-07-24 10:59 - 2015-07-24 11:04 - 06754696 _____ C:\Users\Sam D\Downloads\CCl3aner5.07.5261.rar
2015-07-22 12:37 - 2015-07-22 12:37 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TheBestSpinner3
2015-07-22 12:37 - 2015-07-22 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBestSpinner3
2015-07-22 12:37 - 2015-07-22 12:37 - 00000000 ____D C:\Program Files\TheBestSpinner3
2015-07-22 12:28 - 2015-07-22 12:28 - 00784723 _____ C:\Users\Sam D\Downloads\bonus_super_spun_articles_55afc6468bce4.zip
2015-07-21 22:53 - 2015-07-21 22:53 - 05509505 _____ C:\Users\Sam D\Downloads\SetupTheBestSpinner3.exe
2015-07-21 22:53 - 2015-07-21 22:53 - 00784723 _____ C:\Users\Sam D\Downloads\bonus_super_spun_articles_55af074bbc3ca.zip
2015-07-21 22:31 - 2015-07-21 22:32 - 00000000 ____D C:\Users\Sam D\Downloads\SetupTheBestSpinner3.421
2015-07-21 22:22 - 2015-07-21 22:22 - 00000000 ____D C:\Users\Sam D\Downloads\TBS2k15 (1)
2015-07-21 21:18 - 2015-07-21 21:18 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-21 20:23 - 2015-07-24 12:54 - 00000000 ____D C:\Users\Sam D\Desktop\San antonio articles stuff
2015-07-21 15:15 - 2015-07-21 16:03 - 00000000 ____D C:\Users\Sam D\Downloads\KeywordResearcher
2015-07-21 15:15 - 2015-07-21 15:15 - 02852471 _____ C:\Users\Sam D\Downloads\KeywordResearcher.rar
2015-07-21 15:15 - 2015-01-09 04:19 - 08483504 _____ C:\Users\Sam D\Desktop\KeywordResearcher.exe
2015-07-21 15:14 - 2015-07-21 15:14 - 03717120 _____ (Microsoft Corporation) C:\Users\Sam D\Downloads\KeywordResearcher9Latest.exe
2015-07-19 18:44 - 2015-07-22 11:22 - 00000000 ____D C:\Users\Sam D\Desktop\New folder (2)
2015-07-19 00:01 - 2015-07-19 00:01 - 01874588 _____ C:\Users\Sam D\Downloads\Fiverr SEO Gigs Handbook.zip
2015-07-18 18:38 - 2015-07-18 18:39 - 61902129 _____ C:\Users\Sam D\Downloads\X-SpinnerBeta (1).zip
2015-07-17 20:54 - 2015-07-17 20:55 - 155415094 _____ C:\Users\Sam D\Downloads\Wirecast_Play_6_0_5 (1).zip
2015-07-17 20:47 - 2015-07-17 20:47 - 06537216 _____ C:\Users\Sam D\Downloads\flashmedialiveencoder_3.2_wwe_signed.msi
2015-07-17 18:13 - 2015-07-18 15:55 - 00000000 ____D C:\Users\Sam D\Documents\Camtasia Studio
2015-07-17 18:09 - 2015-07-17 18:09 - 00001128 _____ C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2015-07-17 18:09 - 2015-07-17 18:09 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2015-07-17 18:09 - 2015-07-17 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-07-17 18:08 - 2015-07-17 18:08 - 00000000 ____D C:\Program Files\Common Files\TechSmith Shared
2015-07-17 18:07 - 2015-07-17 18:07 - 00000000 ____D C:\Program Files\TechSmith
2015-07-17 17:54 - 2015-07-17 17:55 - 00000000 ____D C:\Users\Sam D\Documents\TechSmith Camtasia Studio 8.5.1 Build 1962 RePack by KpoJIuK
2015-07-17 16:45 - 2015-07-17 16:45 - 00000165 ____H C:\Users\Sam D\Desktop\~$Sales call log and organizer1 sam.xlsx
2015-07-17 00:19 - 2015-07-17 00:19 - 00001710 _____ C:\Users\Sam D\Desktop\FreemakeVD - Shortcut.lnk
2015-07-17 00:19 - 2015-07-17 00:19 - 00000000 ____D C:\Users\Sam D\Documents\Freemake
2015-07-17 00:14 - 2015-07-17 00:14 - 03705660 _____ C:\Users\Sam D\Downloads\julie martinz.rar
2015-07-17 00:12 - 2015-07-17 00:12 - 01428393 _____ C:\Users\Sam D\Downloads\dr perkins reports.rar
2015-07-17 00:04 - 2015-07-17 01:39 - 56338278 _____ C:\Users\Sam D\Downloads\brooks ballard stuff.rar
2015-07-17 00:00 - 2015-07-17 00:00 - 00000000 ____D C:\Users\Sam D\Downloads\Archive-d013
2015-07-16 23:53 - 2015-07-16 23:53 - 00469218 _____ C:\Users\Sam D\Downloads\alex fetanax reports.rar
2015-07-16 23:29 - 2015-07-16 23:29 - 00001344 _____ C:\Users\Public\Desktop\Aimersoft YouTube Downloader.lnk
2015-07-16 23:24 - 2015-07-16 23:25 - 00000000 ____D C:\Users\Sam D\Documents\SEO Content Machine
2015-07-16 23:22 - 2015-07-16 23:22 - 15140358 _____ C:\Users\Sam D\Downloads\SEOCNTNTMCHN.zip
2015-07-16 21:39 - 2015-07-16 21:39 - 00000165 ____H C:\Users\Sam D\Downloads\~$DrPerkins-KeywordRanking-Report (8).xlsx
2015-07-16 15:32 - 2015-07-16 15:57 - 00000000 ____D C:\Users\Sam D\Downloads\X-SpinnerBeta
2015-07-15 21:50 - 2015-07-15 21:50 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\JonathanLeger.com
2015-07-15 21:50 - 2015-07-15 21:50 - 00000000 ____D C:\Users\Sam D\AppData\Local\JonathanLeger.com
2015-07-15 21:40 - 2015-07-21 22:23 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2015-07-15 21:38 - 2015-07-15 21:38 - 00002597 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hosts File Editor.lnk
2015-07-15 21:38 - 2015-07-15 21:38 - 00000000 ____D C:\Program Files\Hosts File Editor
2015-07-15 21:37 - 2015-07-15 21:37 - 00965632 _____ C:\Users\Sam D\Downloads\HostsFileEditorSetup-1.0.0.msi
2015-07-15 21:35 - 2015-07-15 21:35 - 05478738 _____ C:\Users\Sam D\Downloads\TBS2k15.rar
2015-07-15 21:35 - 2015-07-15 21:35 - 00000000 ____D C:\Users\Sam D\Downloads\TBS2k15
2015-07-15 20:48 - 2015-07-15 21:08 - 62928929 _____ C:\Users\Sam D\Downloads\X-SpinnerBeta.zip
2015-07-15 20:38 - 2015-07-15 20:42 - 00000000 ____D C:\Users\Sam D\Downloads\spinnerchiefiiirelease
2015-07-15 20:31 - 2015-07-15 20:34 - 143837293 _____ C:\Users\Sam D\Downloads\spinnerchiefiiirelease.zip
2015-07-15 19:50 - 2015-07-15 19:50 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\TechSmith
2015-07-14 20:06 - 2015-07-14 20:56 - 155415094 _____ C:\Users\Sam D\Downloads\Wirecast_Play_6_0_5.zip
2015-07-09 22:37 - 2015-07-09 22:38 - 08009896 _____ (TeamViewer GmbH) C:\Users\Sam D\Downloads\TeamViewer_Setup_en.exe
2015-07-09 20:27 - 2015-07-09 20:29 - 34862410 _____ C:\Users\Sam D\Downloads\SuperStreamTube.zip
2015-07-09 00:21 - 2015-07-09 00:22 - 74709456 _____ C:\Users\Sam D\Downloads\lvp-module-2-all-ad-commercials-zipped.zip
2015-07-08 21:42 - 2015-07-08 22:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-05 22:52 - 2015-07-05 22:57 - 198186937 _____ C:\Users\Sam D\Downloads\13freeplrvideos.zip
2015-07-05 22:43 - 2015-07-05 22:44 - 43332581 _____ C:\Users\Sam D\Downloads\usfreeadstraffic.zip
2015-07-05 22:42 - 2015-07-05 22:43 - 23271937 _____ C:\Users\Sam D\Downloads\youtubeeditor.zip
2015-07-05 22:29 - 2015-07-05 22:29 - 11159654 _____ C:\Users\Sam D\Downloads\PetGroomingTempPLR09JH.zip
2015-07-05 22:15 - 2015-07-05 22:17 - 60621578 _____ C:\Users\Sam D\Downloads\Offline How To Videos for Local Businesses Set 1.zip
2015-07-05 21:56 - 2015-07-05 21:56 - 17449904 _____ C:\Users\Sam D\Downloads\Groomers-postcards.zip
2015-07-05 15:37 - 2015-07-06 17:31 - 00001721 _____ C:\Users\Sam D\Desktop\pi victorville.txt
2015-07-04 12:46 - 2015-07-04 12:47 - 00000000 ____D C:\Users\Sam D\AppData\Local\Windows Live Writer
2015-07-04 12:46 - 2015-07-04 12:46 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Windows Live Writer
2015-07-03 21:06 - 2015-07-03 21:07 - 00189484 _____ C:\Users\Sam D\Downloads\3.5x2_businesscard.zip
2015-07-02 19:46 - 2015-07-02 19:46 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Disruptive Innovations SARL
2015-07-02 19:46 - 2015-07-02 19:46 - 00000000 ____D C:\Users\Sam D\AppData\Local\Disruptive Innovations SARL
2015-07-02 19:45 - 2015-07-02 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueGriffon
2015-07-02 19:45 - 2015-07-02 19:45 - 00000000 ____D C:\Program Files\BlueGriffon
2015-07-02 17:06 - 2015-07-02 17:06 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\KompoZer
2015-07-02 17:05 - 2015-07-02 17:05 - 00000000 ____D C:\Users\Sam D\Downloads\kompozer-0.7.10-win32
2015-07-02 16:50 - 2015-07-02 16:50 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Nvu
2015-07-02 16:19 - 2015-07-02 16:19 - 00000000 ____D C:\Users\Sam D\Downloads\2015 Minecraft account giveaways
2015-07-02 13:54 - 2015-07-17 00:12 - 00000000 ____D C:\Users\Sam D\Desktop\youtube comment method
2015-07-01 12:57 - 2015-07-01 12:57 - 00860501 _____ C:\Users\Sam D\Downloads\medlin.zip
2015-06-30 16:34 - 2015-06-30 16:34 - 00000165 ____H C:\Users\Sam D\Desktop\~$50_old_usa_pva_gmail_accounts.xlsx
2015-06-29 17:09 - 2015-07-23 18:18 - 00007604 _____ C:\Users\Sam D\AppData\Local\Resmon.ResmonCfg
2015-06-26 23:06 - 2015-06-26 23:06 - 00000000 ____D C:\Users\Sam D\AppData\Local\Deshaker
2015-06-25 02:33 - 2015-06-25 02:33 - 00000159 _____ C:\Users\Sam D\Downloads\Delicious.txt
2015-06-25 02:33 - 2015-06-25 02:33 - 00000123 _____ C:\Users\Sam D\Downloads\Diigo.txt
2015-06-25 00:23 - 2015-06-25 00:24 - 17713160 _____ (Microsoft Corporation) C:\Users\Sam D\Downloads\wsemp.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-25 11:57 - 2015-05-31 22:59 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-25 11:49 - 2014-12-29 19:27 - 01272075 _____ C:\Windows\WindowsUpdate.log
2015-07-25 11:37 - 2015-02-01 21:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-25 11:37 - 2014-09-29 01:47 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-25 11:36 - 2015-03-15 21:10 - 00000000 ___RD C:\Users\Sam D\Dropbox
2015-07-25 11:35 - 2015-03-15 21:06 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Dropbox
2015-07-25 11:34 - 2014-09-29 01:47 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-25 11:34 - 2014-08-28 09:19 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-25 11:33 - 2011-04-14 23:32 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-25 11:33 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-25 02:07 - 2009-07-13 22:04 - 00000215 _____ C:\Windows\system.ini
2015-07-25 01:46 - 2011-01-10 19:42 - 00000000 ___HD C:\Users\Sam D\AppData\Local\Apps\2.0
2015-07-25 01:45 - 2009-07-14 00:34 - 00016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-25 01:45 - 2009-07-14 00:34 - 00016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-25 01:44 - 2011-02-06 20:38 - 00000000 ____D C:\Windows\pss
2015-07-25 01:31 - 2015-02-16 11:09 - 00000000 ____D C:\AdwCleaner
2015-07-25 01:15 - 2015-06-16 16:05 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000UA.job
2015-07-25 01:10 - 2014-09-28 02:12 - 00000000 ____D C:\Users\Sam D
2015-07-25 01:06 - 2014-09-27 13:30 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-25 00:34 - 2014-09-27 13:30 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-24 22:57 - 2009-07-13 22:37 - 00000000 __RHD C:\Users\Default
2015-07-24 22:39 - 2009-07-13 22:03 - 59506688 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-07-24 22:39 - 2009-07-13 22:03 - 28311552 _____ C:\Windows\system32\config\SYSTEM.bak
2015-07-24 22:39 - 2009-07-13 22:03 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2015-07-24 22:39 - 2009-07-13 22:03 - 00028672 _____ C:\Windows\system32\config\SAM.bak
2015-07-24 22:39 - 2009-07-13 22:03 - 00020480 _____ C:\Windows\system32\config\SECURITY.bak
2015-07-24 22:38 - 2014-09-27 02:51 - 00000000 ____D C:\Windows\ERDNT
2015-07-24 20:11 - 2015-02-12 01:59 - 00002042 _____ C:\Users\Sam D\Documents\Default.rdp
2015-07-24 13:57 - 2014-09-27 20:28 - 00000000 ____D C:\Users\Sam D\AppData\Local\CrashDumps
2015-07-24 13:42 - 2014-08-28 09:18 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-24 12:55 - 2011-04-24 19:50 - 00000000 ___HD C:\Users\Sam D\AppData\Roaming\Skype
2015-07-24 02:15 - 2015-06-16 16:05 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000Core.job
2015-07-22 20:07 - 2009-09-24 15:40 - 00000000 ____D C:\Program Files\CCleaner
2015-07-21 20:25 - 2015-06-22 14:09 - 00000000 ____D C:\Users\Sam D\Desktop\New folder
2015-07-20 16:50 - 2015-05-31 16:04 - 00000000 ____D C:\ProgramData\Aimersoft YouTube Downloader
2015-07-18 20:22 - 2015-05-31 22:24 - 00123556 _____ C:\Users\Sam D\AppData\Roaming\net.telestream.wirecast.xml
2015-07-18 20:21 - 2015-05-31 22:24 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Wirecast for YouTube
2015-07-18 13:05 - 2014-12-09 17:36 - 00000000 ____D C:\_acestream_cache_
2015-07-17 20:48 - 2012-11-01 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2015-07-17 20:48 - 2011-01-08 00:40 - 00000000 ____D C:\Program Files\Adobe
2015-07-17 20:48 - 2010-12-26 19:38 - 00000000 ___HD C:\Users\Sam D\AppData\Roaming\Adobe
2015-07-17 19:58 - 2010-12-26 20:04 - 00000000 ___HD C:\Users\Sam D\AppData\Roaming\BitTorrent
2015-07-17 19:57 - 2014-11-01 02:45 - 00000000 ____D C:\Windows\Minidump
2015-07-17 18:09 - 2011-01-21 17:10 - 00000000 ____D C:\ProgramData\TechSmith
2015-07-17 10:17 - 2012-04-11 17:57 - 00117272 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-07-17 10:16 - 2009-07-14 00:33 - 00446912 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-17 01:40 - 2015-03-05 16:36 - 56410227 _____ C:\Users\Sam D\Downloads\BrooksBallardFineHomesEstates.zip
2015-07-17 01:17 - 2014-12-11 21:37 - 00000000 ____D C:\Program Files\Citrix
2015-07-17 01:12 - 2015-06-19 23:46 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Stardock
2015-07-17 01:12 - 2015-06-19 23:46 - 00000000 ____D C:\Users\Sam D\AppData\Local\Stardock
2015-07-17 01:12 - 2015-06-19 23:46 - 00000000 ____D C:\ProgramData\Stardock
2015-07-17 01:12 - 2015-06-19 23:45 - 00000000 ____D C:\Program Files\Stardock
2015-07-17 00:51 - 2014-12-07 23:21 - 00000000 ____D C:\Users\Sam D\AppData\Local\Deployment
2015-07-17 00:49 - 2015-03-11 13:29 - 00000000 ____D C:\Users\Sam D\AppData\Local\Mozilla
2015-07-17 00:49 - 2015-03-11 12:57 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Mozilla
2015-07-17 00:43 - 2011-01-10 03:16 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-07-17 00:43 - 2009-07-14 00:56 - 00000000 ____D C:\Windows\system32\winrm
2015-07-17 00:00 - 2015-06-10 19:25 - 00000000 ____D C:\Users\Sam D\AppData\Local\IIIQ
2015-07-16 23:55 - 2015-03-07 01:09 - 00000000 ____D C:\Users\Sam D\Downloads\Archive-9cd1
2015-07-16 23:39 - 2014-09-28 11:22 - 00118056 _____ C:\Users\Sam D\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-16 23:24 - 2015-06-12 22:37 - 00000000 ____D C:\Users\Sam D\AppData\Local\Satin_Blue
2015-07-16 23:07 - 2011-04-19 13:06 - 02721183 _____ C:\Windows\system32\oodbs.lor
2015-07-16 13:20 - 2015-03-25 20:59 - 00000000 ____D C:\Users\Sam D\Desktop\PPC Business
2015-07-16 12:36 - 2015-05-05 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-15 23:49 - 2012-02-21 15:48 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\vlc
2015-07-14 20:10 - 2014-12-27 14:03 - 00023398 _____ C:\Users\Sam D\Desktop\50_old_usa_pva_gmail_accounts.xlsx
2015-07-14 16:37 - 2012-04-22 12:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-14 16:37 - 2011-05-20 16:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-14 15:16 - 2014-10-30 23:55 - 00000000 ____D C:\Users\Sam D\Desktop\Consulting
2015-07-14 15:00 - 2011-04-06 14:25 - 00000000 ___HD C:\Users\Sam D\AppData\Roaming\Media Player Classic
2015-07-14 14:41 - 2015-06-02 18:12 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\HandBrake
2015-07-14 14:05 - 2015-06-08 19:50 - 00096511 _____ C:\Users\Sam D\.websiteauditor.properties
2015-07-14 14:05 - 2015-06-08 19:50 - 00000000 ____D C:\Users\Sam D\.websiteauditor
2015-07-14 14:03 - 2015-06-17 01:12 - 00000000 ____D C:\Users\Sam D\.ranktracker
2015-07-14 14:03 - 2014-11-07 01:57 - 00137380 _____ C:\Users\Sam D\.ranktracker.properties
2015-07-14 14:02 - 2010-12-26 20:11 - 00000000 ____D C:\Users\Sam D\Desktop\entertainment
2015-07-14 13:59 - 2014-09-28 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-07-14 11:56 - 2014-12-26 17:27 - 00000000 ____D C:\Users\Sam D\Desktop\proxy stuff and related
2015-07-14 11:34 - 2014-09-29 01:48 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-13 16:04 - 2011-01-08 18:45 - 00000000 ___HD C:\Users\Sam D\AppData\Roaming\FileZilla
2015-07-11 01:20 - 2014-10-31 15:05 - 00000000 ___RD C:\Program Files\Skype
2015-07-11 01:20 - 2011-04-24 19:49 - 00000000 ____D C:\ProgramData\Skype
2015-07-10 17:39 - 2015-02-10 17:02 - 00000000 ____D C:\Users\Sam D\Desktop\Ripoffreport Stuff
2015-07-10 14:20 - 2015-02-01 00:24 - 00000000 ____D C:\Users\Sam D\AppData\Local\Commando
2015-07-09 12:14 - 2014-09-28 17:01 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-08 15:37 - 2015-04-20 14:31 - 00040553 _____ C:\Users\Sam D\Desktop\Sales call log and organizer1 sam.xlsx
2015-07-08 15:06 - 2015-04-20 10:16 - 00000000 ____D C:\Users\Sam D\Desktop\Attorney Combined Files
2015-07-04 12:46 - 2013-02-28 23:35 - 00001406 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-07-04 12:46 - 2013-02-28 23:21 - 00000000 ____D C:\Users\Sam D\AppData\Local\Windows Live
2015-07-02 19:38 - 2015-01-18 01:01 - 00001952 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2015-07-02 19:38 - 2011-01-08 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-07-02 19:38 - 2011-01-08 18:45 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2015-07-02 13:56 - 2015-02-17 19:50 - 00000000 ____D C:\Users\Sam D\Desktop\customer info
2015-07-01 23:36 - 2009-04-24 18:28 - 00052736 _____ C:\Users\Sam D\Desktop\affiliate list.v1.xls
2015-06-27 15:24 - 2014-08-28 09:18 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-27 15:24 - 2014-08-28 09:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-27 15:24 - 2014-08-28 09:17 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-26 12:47 - 2014-12-29 17:57 - 00005632 _____ C:\Users\Sam D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Files in the root of some directories =======

2014-09-17 21:05 - 2014-09-17 21:05 - 11249152 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2014-03-18 14:13 - 2014-03-18 14:14 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2011-01-10 02:44 - 2011-01-10 02:44 - 0874496 ____H (ExtremeCoderz) C:\Users\Sam D\AppData\Roaming\MultiPoster4.exe
2015-05-31 22:24 - 2015-07-18 20:22 - 0123556 _____ () C:\Users\Sam D\AppData\Roaming\net.telestream.wirecast.xml
2015-06-01 00:15 - 2015-06-01 00:15 - 0014543 _____ () C:\Users\Sam D\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_destination.png
2015-06-01 00:15 - 2015-06-01 00:15 - 0014186 _____ () C:\Users\Sam D\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_main.png
2011-01-10 02:44 - 2011-01-10 02:44 - 0000324 ____H () C:\Users\Sam D\AppData\Roaming\settings.cfg
2014-12-29 17:57 - 2015-06-26 12:47 - 0005632 _____ () C:\Users\Sam D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-19 12:34 - 2015-04-02 21:27 - 0000600 _____ () C:\Users\Sam D\AppData\Local\PUTTY.RND
2015-06-29 17:09 - 2015-07-23 18:18 - 0007604 _____ () C:\Users\Sam D\AppData\Local\Resmon.ResmonCfg
2014-12-15 13:45 - 2014-12-15 13:45 - 0000000 _____ () C:\Users\Sam D\AppData\Local\{EA8A6224-C8D9-48BF-8C16-038572217C9F}

Some files in TEMP:
====================
C:\Users\Sam D\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5sdnxp.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-16 13:40

==================== End of log ============================

 

[kingmob]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-07-2015
Ran by Sam D at 2015-07-25 12:03:33
Running from C:\Users\Sam D\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3192665374-2718563871-2505210960-500 - Administrator - Disabled)
Guest (S-1-5-21-3192665374-2718563871-2505210960-501 - Limited - Disabled)
Sam D (S-1-5-21-3192665374-2718563871-2505210960-1000 - Administrator - Enabled) => C:\Users\Sam D

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.214 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Media Live Encoder 3.2 (HKLM\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - )
Aimersoft YouTube Downloader(Build 4.3.3.0) (HKLM\...\Aimersoft YouTube Downloader_is1) (Version: 4.3.3.0 - Aimersoft Software)
BitTorrent (HKLM\...\BitTorrent) (Version: 7.2.1 - )
BitTorrent (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
BlueGriffon version 1.7.2 (HKLM\...\{A9015334-10BE-4D64-A776-203336EFE806}_is1) (Version: 1.7.2 - Disruptive Innovations SAS)
Camtasia Studio 8 (HKLM\...\{A0FC961E-DC6D-4144-9277-ECDBB99D0AB9}) (Version: 8.5.1.1962 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Comcast Desktop Software (v1.2.1) (HKLM\...\{118C3943-1683-42EF-824D-C22E70DB42E7}) (Version: 24 - Comcast)
CommandoHQ (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\51b760cdbee7f500) (Version: 2.0.9.20 - CommandoHQ)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1001 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell System Detect - 1 (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\73f463568823ebbe) (Version: 5.12.0.3 - Dell)
Dell System Detect (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\9204f5692a8faf3b) (Version: 5.10.0.8 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.102.7 - Alps Electric)
DELL Webcam Center (HKLM\...\DELL Webcam Center) (Version: - )
DELL Webcam Manager (HKLM\...\DELL Webcam Manager) (Version: - )
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
DocSignal (HKLM\...\{F1360A8D-370E-41D3-B93B-9FD2A4C127E3}) (Version: 1.0.0 - DocSignal)
Dropbox (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Dropbox) (Version: 3.6.9 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FileZilla Client 3.11.0.2 (HKLM\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse)
Foxit Advanced PDF Editor 3 (HKLM\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)
Foxit Creator (HKLM\...\Foxit Creator) (Version: 3,0,2,0506 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader) (Version: 3.1.2.1013 - Foxit Software Company)
Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Drive (HKLM\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
HandBrake 0.10.1 (HKLM\...\HandBrake) (Version: 0.10.1 - )
Hosts File Editor (HKLM\...\{EC9CF3E9-3C14-43D6-B9D0-5B4232926FAC}) (Version: 1.0.0 - Scott Lerch)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
Internet Email Extractor (HKLM\...\{3C86FB10-F491-4DE1-84A7-78AEAF12C41B}) (Version: 5.0.9.20 - theskysoft)
ISO Opener (HKLM\...\{CE235F00-F8CD-41AF-83D5-236D90E33BFB}_is1) (Version: - www.isoopener.com)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
KeywordSpy SEO/PPC Plug-in 1.0.2 (HKLM\...\KeywordSpy SEO/PPC Plug-in) (Version: 1.0.2 - KeywordSpy.com)
K-Lite Mega Codec Pack 6.7.0 (HKLM\...\KLiteCodecPack_is1) (Version: 6.7.0 - )
Laptop Integrated Webcam Driver (1.04.01.1011) (HKLM\...\Creative OEM002) (Version: - )
Lead Grabber Pro 3.0 (HKLM\...\{CE4D250E-2F02-4ADA-82E8-43ED01AC4120}) (Version: 3.0.0 - Mindless Marketing LLC)
Magic YouTube Xtractor version 1.16 (HKLM\...\{9629C88B-66A7-4EB3-84E4-DAA47F683DCA}_is1) (Version: 1.16 - Alexandr Krulik)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{90120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Online Lead Finder (HKLM\...\{1650E57C-59B0-41AC-BDB5-91DC30825C2B}) (Version: 3.3.07 - Duncan Wierman)
Online Lead Finder Installer (HKLM\...\{D4159E19-380E-4F2E-B57C-20237F3D19B6}) (Version: 3.3.06 - Duncan Wierman)
OpenAL (HKLM\...\OpenAL) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PhotoFiltre (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\PhotoFiltre) (Version: - )
Port Forward Network Utilities (HKLM\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.7 - Portforward, LLC)
Privoxy (remove only) (HKLM\...\Privoxy) (Version: - )
ProxySwitcher Standard (HKLM\...\ProxySwitcher Standard_is1) (Version: 5.10.1 - V-Tech LLC)
ProxyToolbox (HKLM\...\{C9851860-8485-43EA-81C5-84551DF9AE1E}) (Version: 1.0.1 - XorBots)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
SEO PowerSuite (HKLM\...\seopowersuite) (Version: - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
SopCast 3.9.3 (HKLM\...\SopCast) (Version: 3.9.3 - www.sopcast.com)
SQLite ADO.NET 2.0/3.5 Provider (HKLM\...\{00257FA9-3622-45E4-8B4B-A792CC5169EB}) (Version: 1.066.0 - Phoenix Software Solutions, LLC)
Stardock Fences 2 (HKLM\...\Stardock Fences 2) (Version: 2.12 - Stardock Software, Inc.)
StreamTorrent 1.0 (HKLM\...\StreamTorrent 1.0) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
System.Data.SQLite v1.0.83.0 (HKLM\...\{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1) (Version: 1.0.83.0 - System.Data.SQLite Team)
TheBestSpinner3 (HKLM\...\TheBestSpinner3) (Version: - )
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version: - Microsoft)
Update or Uninstall SENukeX (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\2ce4fd5e017fe1d3) (Version: 3.0.0.56 - SENukeX)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Video Marketing Blaster Pro (HKLM\...\Video Marketing Blaster Pro) (Version: 1.03 - BlasterSuite)
Video Spin Blaster 2.92 (HKLM\...\Video Spin Blaster 2.92) (Version: 2.92 - Sodevrom)
Video Spin Blaster Pro (HKLM\...\Video Spin Blaster Pro) (Version: 2.09 - BlasterSuite)
VideoPad Video Editor (HKLM\...\VideoPad) (Version: 4.08 - NCH Software)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Web Data Extractor 8.3 (HKLM\...\Web Data Extractor_is1) (Version: - )
WebHarvy (HKLM\...\{844AF52E-FECD-4BDC-AB6E-11EF790A7DA2}) (Version: 3.3.0.106 - SysNucleus)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinAVI All in One Converter (HKLM\...\WinAVI All in One Converter) (Version: 1.2.0.3939 - ZJMedia Digital Technology Ltd.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Wirecast (HKLM\...\{5E0D2663-CFB2-440E-900C-7A7AC59C06F4}) (Version: 6.0.4 - Telestream LLC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Users\Sam D\AppData\Local\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSW (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Users\Sam D\AppData\Local\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSP (the data entry has 21 more characters).
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{2A235D7E-0358-40E2-B51A-DE22F8F5C50D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> C:\Users\Sam D\AppData\Local\TechSmith\SnagIt\Accessories\{18AA4E21-D540-4a3a-9F9F-E6DE33D6F253}\MSE (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{672CDBDB-0270-4EB9-83EC-216377522D21}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Users\Sam D\AppData\Local\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSW (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Restore Points =========================

17-07-2015 20:47:42 Installed Adobe Flash Media Live Encoder 3.2.
19-07-2015 16:24:46 Revo Uninstaller Pro's restore point - TheBestSpinner3
19-07-2015 16:41:27 Revo Uninstaller Pro's restore point - TheBestSpinner3
21-07-2015 21:15:20 Revo Uninstaller Pro's restore point - TheBestSpinner3
21-07-2015 21:33:23 Revo Uninstaller Pro's restore point - TheBestSpinner3
21-07-2015 21:39:36 Revo Uninstaller Pro's restore point - TheBestSpinner3
21-07-2015 22:15:10 Revo Uninstaller Pro's restore point - TheBestSpinner3
21-07-2015 22:34:26 Revo Uninstaller Pro's restore point - TheBestSpinner3
22-07-2015 12:30:40 Revo Uninstaller Pro's restore point - TheBestSpinner3
24-07-2015 16:36:49 Malwarebytes Anti-Rootkit Restore Point
25-07-2015 01:07:57 JRT Pre-Junkware Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2015-07-25 02:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00F435BA-51B3-4144-8AA0-00B6A0D48CDB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {10A4A8BF-6135-452F-8EB4-9512B7B951CE} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3192665374-2718563871-2505210960-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {2747CF55-1A81-4664-8474-89BB26640D50} - System32\Tasks\1aad7560 => C:\Users\SAMD~1\AppData\Local\Temp\\setup2115342688.exe <==== ATTENTION
Task: {2C9E545E-0FE2-4689-A1A2-829FDFFE227A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-04-12] ()
Task: {33C6D576-29F2-4C98-B744-E2EA051CECB4} - \avaxvyyvyf No Task File <==== ATTENTION
Task: {4BB7520A-1ABC-4F12-AACF-31390DF41E6C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000Core => C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {5EC408D9-C9FE-4262-AC19-55E8BFC63274} - System32\Tasks\123bd930 => C:\Users\SAMD~1\AppData\Local\Temp\\setup784407880.exe <==== ATTENTION
Task: {7128EE8C-CC01-4E7B-B6C4-CE4F48F74E74} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {789232E3-7544-466D-AC63-7FE9394B2D6C} - System32\Tasks\{43F6B7A1-A0A0-4311-B669-5661413222D5} => C:\Program Files\Skype\\Phone\Skype.exe [2015-06-29] (Skype Technologies S.A.)
Task: {791118FA-D3CD-4CF9-A2E8-3FABACC396F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
Task: {7B4A94EB-0827-43E6-ADB0-8E81D0973647} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {7D0F2FF6-F8F7-4B53-AA9B-4491D26BDB92} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SamD-PC-Sam D SamD-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {8B0C429A-39C7-4BDD-8060-3F71F06A1FEB} - System32\Tasks\{0B3BB5FE-BF15-427C-BFED-2C169AA0E2D8} => C:\Users\Sam D\Documents\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exe
Task: {92357EA3-E6D8-4D2D-AFAB-C92C92F60554} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
Task: {951DB3A3-8D65-4C59-B0F7-2DD8A0028BEB} - System32\Tasks\{113B5DFE-1E86-41BA-8A42-53C576EAE466} => C:\Users\Sam D\Documents\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exe
Task: {9D7E4113-E6E4-409C-9EEA-8DF1DEEBEFF9} - System32\Tasks\{CD4C9D5F-CBBD-4DDE-921D-41FDF0849985} => pcalua.exe -a "C:\Users\Sam D\Documents\Advanced ID Creator Premier\Advanced ID Creator Premier.exe" -d "C:\Users\Sam D\Documents\Advanced ID Creator Premier"
Task: {9EF16D03-FE9A-4C17-B73C-09B6A7633228} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000UA => C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {A991C7C8-4D55-4D2C-AAC2-6C29A52B98B7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {BFF8A89F-6FC3-4169-B533-BFE99AD22926} - System32\Tasks\4518aa00 => C:\Users\SAMD~1\AppData\Local\Temp\\setup2397252992.exe <==== ATTENTION
Task: {D7A6C2E9-C503-4070-B04E-808551566845} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3192665374-2718563871-2505210960-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {DF13B937-746F-4BBF-A29A-060CF1446D56} - System32\Tasks\{695DE3E2-42FC-46E4-B3B1-558ADC26D2AC} => C:\Users\Sam D\Documents\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exe
Task: {E85E6223-3FB4-4B8D-B26C-E480C59368FC} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {EBD7A3F6-3F03-44DA-B28A-71AC1D1B56DF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {EE14D30D-59F8-43A1-9947-740A4E8F164E} - System32\Tasks\{F734AC17-73A6-468A-BBCE-9B881F27CC4D} => C:\Users\Sam D\Documents\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exe
Task: {FAF2834E-BE6E-4664-96A3-A7D06103FABB} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {FFBBF448-B9B0-40D5-8E8E-BCE134F07E89} - \PCDEventLauncherTask No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000Core.job => C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000UA.job => C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-12-08 01:25 - 2014-05-19 20:04 - 00106840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-06-02 11:20 - 2015-06-02 11:20 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2015-06-23 02:13 - 2015-06-23 02:13 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2015-01-21 14:58 - 2015-01-21 14:58 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-05-07 15:27 - 2015-05-07 15:27 - 00259584 _____ () C:\Program Files\Telestream\Wirecast\filters\WirecastVirtualCamera.ax
2015-07-14 11:34 - 2015-07-13 17:55 - 01281864 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 11:34 - 2015-07-13 17:55 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.134\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Sam D\Downloads\FiverrMiddleMan.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Sam D\Downloads\LinkedInAdvertising.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Sam D\Downloads\LinkedInLeads.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Sam D\Downloads\National-List-Attorneys.zip:com.dropbox.attributes
AlternateDataStreams: C:\Users\Sam D\Downloads\Ultimate_Tube_Profits.pdf:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\intuit.com -> hxxps://ttlc.intuit.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sam D\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AffinegyService => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: lxbk_device => 2
MSCONFIG\startupfolder: C:^Users^Sam D^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk => C:\Windows\pss\Stardock ObjectDock.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: BitTorrent => "C:\Users\Sam D\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Aimersoft\YouTube Downloader\DelayPluginI.exe
MSCONFIG\startupreg: Desktop Software => "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Power2GoExpress => "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe"
MSCONFIG\startupreg: PSwitch => C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{19E61B84-BE3F-47B2-8158-4E6799AFEC76}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe
FirewallRules: [TCP Query User{38D0EECD-5E94-46B7-BBD1-2BCBBF1E3A67}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe
FirewallRules: [{A3FB9A38-9FA5-4AA2-9B1D-7539C9214A79}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe
FirewallRules: [{F548139A-CA87-4272-BAA7-B6BB1FDAF5FA}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe
FirewallRules: [UDP Query User{ACF03D02-E5DB-4A37-9B01-153D15A3EBAC}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{5ADBE869-3344-48C6-A4C6-D7BEB4F04DBC}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [{0D38C7A5-5C87-44C5-BF58-D66DB3E8CAE9}] => (Allow) C:\Users\Sam D\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{04422F43-AEDC-45E3-BB9A-68F3FE292CC8}] => (Allow) C:\Users\Sam D\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3DF235C1-0AA6-416E-9CAC-3FE747CD60EE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{ECBB7116-7B46-40F0-A8D3-38A3B3EAA74B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{A4BA1717-F71D-4AC5-A3A5-03B015D1109D}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{2423CA43-42FD-45DE-BD1E-23F19B873579}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [TCP Query User{68635257-B1A5-4329-A476-762824EC5902}C:\users\sam d\documents\microsoft office 2013 professional plus (32-bit) (x86) + activation toolkit\microsoft toolkit 2.4.9\microsoft toolkit.exe] => (Allow) C:\users\sam d\documents\microsoft office 2013 professional plus (32-bit) (x86) + activation toolkit\microsoft toolkit 2.4.9\microsoft toolkit.exe
FirewallRules: [UDP Query User{0175FE63-7A98-483C-A8DA-FA3CC70E4D36}C:\users\sam d\documents\microsoft office 2013 professional plus (32-bit) (x86) + activation toolkit\microsoft toolkit 2.4.9\microsoft toolkit.exe] => (Allow) C:\users\sam d\documents\microsoft office 2013 professional plus (32-bit) (x86) + activation toolkit\microsoft toolkit 2.4.9\microsoft toolkit.exe
FirewallRules: [{131D81C0-6D68-4D41-B3F5-0E7C200B5C8A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{2FC7876D-834B-48D0-89D5-762192D2621D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{42B357BA-489D-406F-897B-67DDB40BBE16}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{833E2418-D638-4D20-A3A6-4E936B4B9C45}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{15E9D20A-2BC2-451A-A062-B2D6ACC55DF0}C:\program files\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{12940B2B-90F9-4DFD-951B-5959305B3480}C:\program files\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [{E577BB6D-4FAE-4017-AA72-D073847CBDCF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7E1C7E47-5B19-465F-A4CC-1037272D1DC4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2CB05B58-A76F-4EED-AC6A-A115F1CABB5E}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F53E1AF0-CD4A-4D8C-8CB4-7DE12CE6FABC}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{17F6FA62-C840-4B53-B05C-9A08468738EB}] => (Allow) C:\Users\Sam D\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1D26A52A-D643-4F6F-A807-3FC2259F509A}] => (Allow) C:\Users\Sam D\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7A499074-E6D5-4A0B-8614-14C782CC33EE}C:\users\sam d\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sam d\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{FF2BC76E-B26B-45C3-AC62-8552CB1C1652}C:\users\sam d\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sam d\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{7F6344DB-B551-4EE7-BDBC-CB47D4898471}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{51217ED9-F716-4F38-8EFC-2AF2B36C3CA9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3B53104C-1784-40E8-A228-F47AFD294171}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3AF3A65D-FBB0-406A-BA8D-CAB361923E6A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{371CC202-0227-45B3-B359-9C2B63945AA4}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [UDP Query User{85A9067E-9F8F-4E3E-ACAD-3E535F5A88A7}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [TCP Query User{D9EA6939-A7E5-4CB9-93DF-9DFE51BC6EC0}C:\users\sam d\lead software\images\phantomjs.exe] => (Allow) C:\users\sam d\lead software\images\phantomjs.exe
FirewallRules: [UDP Query User{F7A3D181-B3FA-4601-B64C-D2BAE2C55DF6}C:\users\sam d\lead software\images\phantomjs.exe] => (Allow) C:\users\sam d\lead software\images\phantomjs.exe
FirewallRules: [TCP Query User{FD934498-D11D-4304-A7F6-97198EA81280}C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{D70E3FE5-8BB1-40CC-9295-3F25039FF837}C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [TCP Query User{9A2841D7-78A8-4919-8467-77358F532D9B}C:\program files\sopcast\sopcast.exe] => (Block) C:\program files\sopcast\sopcast.exe
FirewallRules: [UDP Query User{584AD027-B8CC-45B3-99AB-344204752135}C:\program files\sopcast\sopcast.exe] => (Block) C:\program files\sopcast\sopcast.exe
FirewallRules: [TCP Query User{09856936-5DE6-4056-8A2E-D369EB2C7570}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{38064DAE-1DDA-4B6C-89D8-FE9AF166F181}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [{613A2CFC-14AC-458F-83E5-24FE21D9DE2D}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{6C90A10E-312F-4D09-8556-99F1A978D68B}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{A09733B8-8C6C-4EF1-A05D-A0F2839B4D6E}] => (Allow) C:\Program Files\Link-AssistantCom\BuzzBundle\bin\buzzbundle.exe
FirewallRules: [{4DD21B2E-D023-4717-A07D-7AF259A4A472}] => (Allow) C:\Program Files\Link-AssistantCom\BuzzBundle\bin\buzzbundle.exe
FirewallRules: [{0CE5DF61-048D-4A9B-BC16-AB285FC33A0A}] => (Allow) C:\Program Files\Link-AssistantCom\BuzzBundle\bin\buzzbundle.exe
FirewallRules: [{1634C6B4-0709-4DA0-8308-44E516AFA34B}] => (Allow) C:\Program Files\Link-AssistantCom\BuzzBundle\bin\buzzbundle.exe
FirewallRules: [{8D583FD3-1536-4DFA-9230-883ECE8F85D9}] => (Allow) C:\Program Files\Link-AssistantCom\SEO SpyGlass\bin\seospyglass.exe
FirewallRules: [{DAF689C9-3D87-4826-8449-DB211723D71E}] => (Allow) C:\Program Files\Link-AssistantCom\SEO SpyGlass\bin\seospyglass.exe
FirewallRules: [{8BA605B7-E777-454F-8E6D-EB197F40140D}] => (Allow) C:\Program Files\Link-AssistantCom\SEO SpyGlass\bin\seospyglass.exe
FirewallRules: [{C6E3EFFF-02CD-48CE-97BD-09CF9BF66789}] => (Allow) C:\Program Files\Link-AssistantCom\SEO SpyGlass\bin\seospyglass.exe
FirewallRules: [{DF0F5A16-C312-4909-BDD3-82EA099BBC4B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{DB45E0B5-51B5-4DF8-BAE2-CFE6A67DB5A6}C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{2310DE64-26A4-49E1-AC74-B8587011847A}C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{CEEE0219-D277-46C8-82CB-1299597EC0F9}] => (Allow) LPort=8317

==================== Faulty Device Manager Devices =============

Name: Kaspersky Anti-Virus NDIS 6 Filter
Description: Kaspersky Anti-Virus NDIS 6 Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KLIM6
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Description: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvvad_WaveExtensible
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/25/2015 11:37:34 AM) (Source: Intuit Update Service) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (07/25/2015 11:33:58 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/25/2015 01:48:12 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\System32\wbem\WmiPrvSE.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (07/25/2015 01:48:11 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (07/25/2015 01:48:11 AM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server

Error: (07/25/2015 01:32:45 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/25/2015 12:52:16 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2015 12:07:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/25/2015 12:03:19 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/24/2015 11:16:41 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005


System errors:
=============
Error: (07/25/2015 11:38:33 AM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (07/25/2015 11:37:25 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/25/2015 11:35:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058

Error: (07/25/2015 11:34:32 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
KLIM6

Error: (07/25/2015 02:14:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/25/2015 02:14:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/25/2015 02:14:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/25/2015 02:14:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/25/2015 02:14:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/25/2015 02:14:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office:
=========================
Error: (07/25/2015 11:37:34 AM) (Source: Intuit Update Service) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (07/25/2015 11:33:58 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (07/25/2015 01:48:12 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\System32\wbem\WmiPrvSE.exeComboFix created restore point0x8007043c

Error: (07/25/2015 01:48:11 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (07/25/2015 01:48:11 AM) (Source: VSS) (EventID: 18) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (07/25/2015 01:32:45 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (07/25/2015 12:52:16 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (07/25/2015 12:07:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\Sam D\Downloads\KeywordResearcher9Latest.exe

Error: (07/25/2015 12:03:19 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (07/24/2015 11:16:41 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz
Percentage of memory in use: 56%
Total physical RAM: 3582.04 MB
Available physical RAM: 1552 MB
Total Virtual: 7162.36 MB
Available Virtual: 4689.76 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:220.34 GB) (Free:46.21 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220.3 GB) - (Type=07 NTFS)

==================== End of log ============================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[kingmob]

RogueKiller V10.9.3.0 [Jul 21 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Sam D [Administrator]
Started from : C:\Users\Sam D\Downloads\RogueKiller.exe
Mode : Scan -- Date : 07/25/2015 14:35:02

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] f2lvmis4.default-1426352688630 : user_pref("browser.startup.homepage", "gmail.com"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHZ2250BH G2 ATA Device +++++
--- User ---
[MBR] 3a60d8c79e37b28a5e26161367a388ab
[BSP] 8e029f58da79ef771928940010828b9d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 98304 | Size: 10240 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 21069824 | Size: 225625 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 

[kingmob]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/25/2015
Scan Time: 12:58 PM
Logfile: malware scan 7.25.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.25.03
Rootkit Database: v2015.07.22.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: Sam D

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 394660
Time Elapsed: 1 hr, 10 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.Amonetize, C:\Users\Sam D\Downloads\MegaPackHackV7.zip, Quarantined, [3dba1bcafd8dab8b1edf8a2652af4bb5],
PUP.Optional.SimpleFiles.A, C:\Users\Sam D\Downloads\Justin_Wayne_Domino_Effect_Pdf.zip, Quarantined, [6790a342365488aee29d1d51e81d50b0],

Physical Sectors: 0
(No malicious items detected)


(end)

 

[kingmob]

# AdwCleaner v4.208 - Logfile created 25/07/2015 at 14:43:03
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Ultimate (x86)
# Username : Sam D - SAMD-PC
# Running from : C:\Users\Sam D\Downloads\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AceStream

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v39.0 (x86 en-US)


-\\ Google Chrome v43.0.2357.134


-\\ Chromium v


-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [8381 bytes] - [16/02/2015 11:09:28]
AdwCleaner[R1].txt - [7463 bytes] - [14/03/2015 13:09:20]
AdwCleaner[R2].txt - [1023 bytes] - [15/03/2015 08:57:41]
AdwCleaner[R3].txt - [5002 bytes] - [25/07/2015 01:23:45]
AdwCleaner[R4].txt - [1298 bytes] - [25/07/2015 14:38:00]
AdwCleaner[S0].txt - [7199 bytes] - [14/03/2015 13:20:20]
AdwCleaner[S1].txt - [1090 bytes] - [15/03/2015 09:03:38]
AdwCleaner[S2].txt - [5153 bytes] - [25/07/2015 01:31:02]
AdwCleaner[S3].txt - [1226 bytes] - [25/07/2015 14:43:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1285 bytes] ##########

 

[kingmob]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Ultimate x86
Ran by Sam D on Sat 07/25/2015 at 14:51:11.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Sam D\Appdata\Local\{0052A0ED-8F80-4CD5-B364-D18745B6F92E}



~~~ Chrome


[C:\Users\Sam D\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Sam D\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Sam D\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Sam D\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/25/2015 at 15:06:46.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[kingmob]

ComboFix 15-07-23.01 - Sam D 07/25/2015 20:32:47.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2498 [GMT -4:00]
Running from: c:\users\Sam D\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sam D\AppData\Roaming\Microsoft\Windows\Recent\???? ???????????? - ?? ??? ??????? - YouTube.URL . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2015-06-26 to 2015-07-26 )))))))))))))))))))))))))))))))
.
.
2015-07-26 01:01 . 2015-07-26 01:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-07-26 01:01 . 2015-07-26 01:01 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-07-26 01:01 . 2015-07-26 01:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-26 01:01 . 2015-07-26 01:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-07-25 23:26 . 2015-07-25 23:28 -------- d-----w- c:\users\Sam D\AppData\Roaming\Notepad++
2015-07-25 23:26 . 2015-07-25 23:27 -------- d-----w- c:\program files\Notepad++
2015-07-25 16:00 . 2015-07-25 16:07 -------- d-----w- C:\FRST
2015-07-25 06:05 . 2015-07-26 01:07 -------- d-----w- c:\users\Sam D\AppData\Local\temp
2015-07-24 17:43 . 2015-07-25 04:02 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-07-24 15:12 . 2015-07-24 15:12 -------- d-----w- c:\program files\ESET
2015-07-22 16:37 . 2015-07-22 16:37 -------- d-----w- c:\program files\TheBestSpinner3
2015-07-22 00:00 . 2015-07-22 00:00 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D24149F-8E86-4BAE-A23C-5AA1DFDDC773}\offreg.2380.dll
2015-07-17 22:09 . 2015-07-17 22:09 -------- d-----w- c:\programdata\regid.1995-08.com.techsmith
2015-07-17 22:08 . 2015-07-17 22:08 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2015-07-17 22:07 . 2015-07-17 22:07 -------- d-----w- c:\program files\TechSmith
2015-07-16 01:50 . 2015-07-16 01:50 -------- d-----w- c:\users\Sam D\AppData\Roaming\JonathanLeger.com
2015-07-16 01:50 . 2015-07-16 01:50 -------- d-----w- c:\users\Sam D\AppData\Local\JonathanLeger.com
2015-07-16 01:38 . 2015-07-16 01:38 -------- d-----w- c:\program files\Hosts File Editor
2015-07-15 23:50 . 2015-07-15 23:50 -------- d-----w- c:\users\Sam D\AppData\Roaming\TechSmith
2015-07-04 16:46 . 2015-07-04 16:47 -------- d-----w- c:\users\Sam D\AppData\Local\Windows Live Writer
2015-07-04 16:46 . 2015-07-04 16:46 -------- d-----w- c:\users\Sam D\AppData\Roaming\Windows Live Writer
2015-07-02 23:46 . 2015-07-02 23:46 -------- d-----w- c:\users\Sam D\AppData\Roaming\Disruptive Innovations SARL
2015-07-02 23:46 . 2015-07-02 23:46 -------- d-----w- c:\users\Sam D\AppData\Local\Disruptive Innovations SARL
2015-07-02 23:45 . 2015-07-02 23:45 -------- d-----w- c:\program files\BlueGriffon
2015-07-02 21:06 . 2015-07-02 21:06 -------- d-----w- c:\users\Sam D\AppData\Roaming\KompoZer
2015-07-02 20:50 . 2015-07-02 20:50 -------- d-----w- c:\users\Sam D\AppData\Roaming\Nvu
2015-06-27 03:06 . 2015-06-27 03:06 -------- d-----w- c:\users\Sam D\AppData\Local\Deshaker
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-26 01:03 . 2014-08-28 13:19 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-25 17:22 . 2014-09-27 17:30 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-24 17:42 . 2014-08-28 13:18 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-14 20:37 . 2012-04-22 16:39 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-14 20:37 . 2011-05-20 20:13 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-18 12:41 . 2014-08-28 13:18 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 12:41 . 2014-08-28 13:18 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-18 08:51 . 2015-06-19 02:59 9265072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D24149F-8E86-4BAE-A23C-5AA1DFDDC773}\mpengine.dll
2014-09-18 01:05 . 2014-09-18 01:05 11249152 ----a-w- c:\program files\Common Files\lpuninstall.exe
2014-03-18 18:14 . 2014-03-18 18:13 10395072 ----a-w- c:\program files\Common Files\wruninstall.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2014-10-08 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\ERDNT\cache\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-01 03:28 220632 ----a-w- c:\users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-01 03:28 220632 ----a-w- c:\users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-01 03:28 220632 ----a-w- c:\users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 18:59 1729744 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 18:59 1729744 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 18:59 1729744 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-06-20 17:48 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-06-20 17:48 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-06-20 17:48 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-06-20 17:48 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-06-20 17:48 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-07-09 6715160]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-05-08 6369048]
"Dropbox Update"="c:\users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-16 134512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"Fences"="c:\program files\Stardock\Fences\Fences.exe" [2013-11-26 4031152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2015-06-19 280576]
.
c:\users\Sam D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sam D\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-4 44236896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2013-11-26 456368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Sam D^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\users\Sam D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2014-09-12 09:43 3499920 ----a-w- c:\program files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-09-12 09:43 959176 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2014-02-28 01:38 558496 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aimersoft Helper Compact.exe]
2013-05-29 19:50 1734144 ----a-w- c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
2013-11-20 20:43 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2015-05-17 04:39 1696104 ----a-w- c:\users\Sam D\AppData\Roaming\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-05-08 19:49 6369048 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelaypluginInstall]
2015-05-25 18:50 1960336 ----a-w- c:\programdata\Aimersoft\YouTube Downloader\DelayPluginI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Software]
2009-04-24 07:57 1025320 ----a-w- c:\program files\Common Files\SupportSoft\bin\bcont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2010-10-01 23:28 2639144 ----a-w- c:\program files\CyberLink\Power2Go\Power2GoExpress.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch]
2014-07-29 01:21 5778488 ----a-w- c:\program files\Proxy Switcher Standard\ProxySwitcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 20:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2015-06-29 20:41 53282944 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-10-07 20:39 507776 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-06-03 327296]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2015-02-16 35992]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 TSVAD_PCM;Wirecast Virtual Microphone Driver;c:\windows\system32\drivers\tsvadpcm.sys [2014-08-16 28432]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-10-08 1343400]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2014-09-02 116736]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-07-22 142648]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-05-01 1394816]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-05-01 1772672]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2014-09-11 108032]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [2014-09-11 9216]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-05-19 410968]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-07-26 98520]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-25 20:36 995144 ----a-w- c:\program files\Google\Chrome\Application\44.0.2403.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 20:37]
.
2015-07-24 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000Core.job
- c:\users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 20:05]
.
2015-07-26 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000UA.job
- c:\users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 20:05]
.
2015-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-29 05:46]
.
2015-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-29 05:46]
.
.
------- Supplementary Scan -------
.
Trusted Zone: dell.com
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{753E788B-AD78-4CDD-B153-CDD66A6584E0}\2656C6B696E6E2035616: NameServer = 198.18.0.1,198.18.0.2
TCP: Interfaces\{753E788B-AD78-4CDD-B153-CDD66A6584E0}\4505D2C494E4B4F5338343938334: NameServer = 198.18.0.1,198.18.0.2
TCP: Interfaces\{753E788B-AD78-4CDD-B153-CDD66A6584E0}\7524028456166756E6: NameServer = 198.18.0.1,198.18.0.2
TCP: Interfaces\{753E788B-AD78-4CDD-B153-CDD66A6584E0}\75248456166756E6: NameServer = 198.18.0.1,198.18.0.2
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\
FF - prefs.js: browser.startup.homepage - gmail.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,e2,1a,9a,b4,61,8e,4a,ad,4d,2e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,e2,1a,9a,b4,61,8e,4a,ad,4d,2e,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\UI0Detect.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\users\Sam D\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\AUDIODG.EXE
.
**************************************************************************
.
Completion time: 2015-07-25 21:20:41 - machine was rebooted
ComboFix-quarantined-files.txt 2015-07-26 01:20
ComboFix2.txt 2015-07-25 06:14
ComboFix3.txt 2015-07-25 02:57
.
Pre-Run: 55,481,581,568 bytes free
Post-Run: 55,192,600,576 bytes free
.
- - End Of File - - 7EE098E06A2C3E059CF1549FA50BF3D9
A36C5E4F47E84449FF07ED3517B43A31

 

[kingmob]

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/25/2015 09:24:54 PM in x86 mode. (Safe Mode)
Windows Version: Windows 7 Ultimate

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Advanced Explorer Setting Removed: HideIcons [HKCU]

Backup Registry file created at:
C:\Users\Sam D\Desktop\rkill\rkill-07-25-2015-09-25-00.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* C:\Windows\System32\user32.dll : 811,520 : 10/08/2014 12:01 AM : 7bd7f45ff37fa0669cd32ca0ef46e22c [NoSig]
+-> C:\Windows\ERDNT\cache\user32.dll : 811,520 : 07/13/2009 09:16 PM : 34b7e222e81fafa885f0c5f2cfa56861 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll : 811,520 : 07/13/2009 09:16 PM : 34b7e222e81fafa885f0c5f2cfa56861 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll : 811,520 : 11/20/2010 08:21 AM : f1dd3acaee5e6b4bbc69bc6df75cef66 [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 07/25/2015 09:26:24 PM
Execution time: 0 hours(s), 1 minute(s), and 30 seconds(s)

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[kingmob]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-07-2015
Ran by Sam D (administrator) on SAMD-PC (25-07-2015 22:53:38)
Running from C:\Users\Sam D\Downloads
Loaded Profiles: Sam D (Available Profiles: Sam D)
Platform: Microsoft Windows 7 Ultimate (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Users\Sam D\AppData\Roaming\ACEStream\engine\ace_engine.exe
() C:\Users\Sam D\AppData\Roaming\ACEStream\updater\ace_update.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Innovative Digital Technologies) C:\Users\Sam D\AppData\Roaming\ACEStream\player\ace_player.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [159744 2007-07-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Fences] => C:\Program Files\Stardock\Fences\Fences.exe [4031152 2013-11-26] (Stardock Corporation)
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll [2010-10-05] (Kaspersky Lab ZAO)
HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6715160 2015-07-08] (SUPERAntiSpyware)
HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Run: [Dropbox Update] => C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Run: [AceUpdater] => C:\Users\Sam D\AppData\Roaming\ACEStream\updater\ace_update.exe [22824 2014-10-01] ()
HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Run: [AceWebExtensionUpdater] => C:\Users\Sam D\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-27] ()
HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Run: [AceStream] => C:\Users\Sam D\AppData\Roaming\ACEStream\engine\ace_engine.exe [23984 2015-03-27] ()
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-06-19] (Microsoft Corporation)
Startup: C:\Users\Sam D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-us
URLSearchHook: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000 - (No Name) - {5F9575C2-1AB4-4883-8505-5C6D0DFDF2D5} - No File
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - KeywordSpy™ SEO/PPC - {0AE831B0-427E-4D0A-BC88-4BA47E7471C3} - C:\Program Files\KeywordSpy SEOPPC Plug-in\KeywordSpySEO.dll [2010-07-31] ()
Toolbar: HKU\.DEFAULT -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000 -> KeywordSpy™ SEO/PPC - {0AE831B0-427E-4D0A-BC88-4BA47E7471C3} - C:\Program Files\KeywordSpy SEOPPC Plug-in\KeywordSpySEO.dll [2010-07-31] ()
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: WSAMAllMyTubechrome - {C985F516-9C03-4F90 - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{753E788B-AD78-4CDD-B153-CDD66A6584E0}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630
FF DefaultSearchEngine.US: Google
FF Homepage: gmail.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-10] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3192665374-2718563871-2505210960-1000: @acestream.net/acestreamplugin,version=3.0.12 -> C:\Users\Sam D\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-03] (Innovative Digital Technologies)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-02-10] (Microsoft Corporation)
FF Extension: Copy Urls Expert - C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\Extensions\copy-urls-expert@kashiif-gmail.com.xpi [2015-07-20]
FF Extension: MozBar - C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\Extensions\toolbar@seomoz.org.xpi [2015-06-28]
FF Extension: PPCWebSpy Toolbar - C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\Extensions\{86c18b42-e466-45a9-ae7a-9b95ba6f5640}.xpi [2015-05-17]
FF Extension: SEO Global For Google Search™ - C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\Extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}.xpi [2015-06-24]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-05-31]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-08]
FF HKLM\...\Firefox\Extensions: [AMAllMyTube@Aimersoft.com] - C:\ProgramData\Aimersoft\YouTube Downloader\AMAllMyTube@Aimersoft.com
FF Extension: Aimersoft YouTube Downloader - C:\ProgramData\Aimersoft\YouTube Downloader\AMAllMyTube@Aimersoft.com [2015-05-31]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Webbing) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fblcpdlednddbkcdbkkaiggjipjjgpdp [2014-10-15]
CHR Extension: (DivX HiQ) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2012-07-28]
CHR Extension: (NextCouup) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\goeeobfmefldgbbdlmjdjagkkhmmnopi [2014-10-08]
CHR Extension: (GoSavvE) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hgdnccifmkfafkohlbeailfepfjbmdna [2014-09-25]
CHR Extension: (OpptOn) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hnojomgcmohiefbikenglccliaogccbn [2014-09-27]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-07-28]
CHR Extension: (HTML5ify) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jikbjpjgjmmdhcmlagappehlpiljoaop [2015-03-12]
CHR Extension: (Codec-V) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho [2012-07-28]
CHR Extension: (Deezify) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kpkbhaapafmlmgodhicgpngihalhepll [2015-02-14]
CHR Extension: (GoSSave) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lhijjoggceedllbdndfjjnjpomecffad [2014-10-08]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-07-28]
CHR Profile: C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Drive) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-18]
CHR Extension: (Poper Blocker) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2015-07-01]
CHR Extension: (APK Downloader) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2014-10-26]
CHR Extension: (Image Downloader) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2014-10-16]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-11-25]
CHR Extension: (Video Downloader professional) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-11-17]
CHR Extension: (Webbing) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fblcpdlednddbkcdbkkaiggjipjjgpdp [2014-10-15]
CHR Extension: (AdBlock) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (SEO Global For Google Search™) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ojgmigafbpedhdilmemphfklkbghlphi [2015-06-24]
CHR Profile: C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Docs) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-27]
CHR Extension: (Google Drive) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-27]
CHR Extension: (YouTube) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-27]
CHR Extension: (Google Search) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-27]
CHR Extension: (HTML5ify) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jikbjpjgjmmdhcmlagappehlpiljoaop [2015-03-12]
CHR Extension: (Deezify) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kpkbhaapafmlmgodhicgpngihalhepll [2015-02-14]
CHR Extension: (Google Wallet) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-27]
CHR Extension: (Gmail) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-27]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\SAMD~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-09-11] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-09-11] (Ellora Assets Corp.) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-02-16] ()
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [132184 2010-06-09] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2010-06-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [488536 2010-12-26] (Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [22104 2010-04-22] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2014-11-05] (The OpenVPN Project)
S3 TSVAD_PCM; C:\Windows\System32\drivers\tsvadpcm.sys [28432 2014-08-15] (Windows (R) Win 7 DDK provider)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 vncmirror; C:\Windows\System32\DRIVERS\vncmirror.sys [4608 2014-11-28] (RealVNC Ltd.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116736 2014-09-02] (Webroot)
S3 catchme; \??\C:\Users\SAMD~1\AppData\Local\Temp\catchme.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-25 22:09 - 2015-07-25 22:36 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\.ACEStream
2015-07-25 22:05 - 2015-07-25 22:10 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\AceWebExtension
2015-07-25 22:05 - 2015-07-25 22:10 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\ACEStream
2015-07-25 21:59 - 2015-07-25 22:02 - 70566360 _____ C:\Users\Sam D\Downloads\Ace_Stream_Media_3.0.12_VLC_1.1.12.exe
2015-07-25 21:48 - 2015-07-25 21:48 - 00003360 ____N C:\bootsqm.dat
2015-07-25 21:25 - 2015-07-25 21:25 - 00000000 ____D C:\Users\Sam D\Desktop\rkill
2015-07-25 21:21 - 2015-07-25 21:21 - 00029194 _____ C:\Users\Sam D\Desktop\combo.txt
2015-07-25 21:20 - 2015-07-25 21:20 - 00029194 _____ C:\ComboFix.txt
2015-07-25 20:29 - 2015-07-25 21:21 - 00000000 ____D C:\ComboFix
2015-07-25 19:27 - 2015-07-25 19:27 - 00001031 _____ C:\Users\Sam D\Desktop\Notepad++.lnk
2015-07-25 19:27 - 2015-07-25 19:27 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-07-25 19:27 - 2015-07-25 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-07-25 19:26 - 2015-07-25 19:28 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Notepad++
2015-07-25 19:26 - 2015-07-25 19:27 - 00000000 ____D C:\Program Files\Notepad++
2015-07-25 19:25 - 2015-07-25 19:26 - 05357534 _____ C:\Users\Sam D\Downloads\npp.6.8.Installer.exe
2015-07-25 15:06 - 2015-07-25 15:06 - 00001275 _____ C:\Users\Sam D\Desktop\JRT.txt
2015-07-25 14:48 - 2015-07-25 14:48 - 00001365 _____ C:\Users\Sam D\Desktop\adw report.txt
2015-07-25 14:35 - 2015-07-25 14:35 - 00002890 _____ C:\Users\Sam D\Desktop\rogue report.txt
2015-07-25 14:22 - 2015-07-25 14:22 - 00001288 _____ C:\Users\Sam D\Desktop\malware scan 7.25.txt
2015-07-25 12:03 - 2015-07-25 12:07 - 00049702 _____ C:\Users\Sam D\Downloads\Addition.txt
2015-07-25 12:00 - 2015-07-25 22:55 - 00024404 _____ C:\Users\Sam D\Downloads\FRST.txt
2015-07-25 12:00 - 2015-07-25 22:53 - 00000000 ____D C:\FRST
2015-07-25 11:59 - 2015-07-25 11:59 - 01650688 _____ (Farbar) C:\Users\Sam D\Downloads\FRST.exe
2015-07-25 01:43 - 2015-07-25 01:43 - 00001098 _____ C:\Users\Sam D\Desktop\ComboFix - Shortcut.lnk
2015-07-25 01:40 - 2015-07-25 21:27 - 00004068 _____ C:\Users\Sam D\Desktop\Rkill.txt
2015-07-25 01:39 - 2015-07-25 01:39 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Sam D\Downloads\rkill.exe
2015-07-25 00:48 - 2015-07-25 00:48 - 02248704 _____ C:\Users\Sam D\Downloads\adwcleaner_4.208.exe
2015-07-25 00:47 - 2015-07-25 00:48 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Sam D\Downloads\JRT (1).exe
2015-07-25 00:33 - 2015-07-25 00:34 - 18705480 _____ C:\Users\Sam D\Downloads\RogueKiller.exe
2015-07-24 23:42 - 2015-07-24 23:43 - 07269656 _____ (Bitdefender LLC) C:\Users\Sam D\Downloads\BootkitRemoval_x86.exe
2015-07-24 22:40 - 2015-07-25 21:51 - 00005656 _____ C:\Windows\setupact.log
2015-07-24 22:40 - 2015-07-25 21:02 - 00001976 _____ C:\Windows\PFRO.log
2015-07-24 22:40 - 2015-07-24 22:40 - 00000000 _____ C:\Windows\setuperr.log
2015-07-24 21:56 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-24 21:56 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-24 21:56 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-24 21:56 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-24 21:56 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-24 21:56 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-24 21:56 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-24 21:56 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-24 21:55 - 2015-07-25 21:20 - 00000000 ____D C:\Qoobox
2015-07-24 16:56 - 2015-07-24 16:58 - 05633622 ____R (Swearware) C:\Users\Sam D\Downloads\ComboFix.exe
2015-07-24 16:51 - 2015-07-24 16:52 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Sam D\Downloads\tdsskiller.exe
2015-07-24 13:43 - 2015-07-25 00:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-24 13:41 - 2015-07-24 16:38 - 00000000 ____D C:\Users\Sam D\Desktop\mbar
2015-07-24 13:40 - 2015-07-24 13:41 - 00380416 _____ C:\Users\Sam D\Downloads\y6so8ixt.exe
2015-07-24 13:38 - 2015-07-24 13:40 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Sam D\Downloads\mbar-1.09.1.1004.exe
2015-07-24 12:27 - 2015-07-24 12:27 - 00000177 _____ C:\Users\Sam D\Desktop\scrapebox.txt
2015-07-24 11:12 - 2015-07-24 11:12 - 00000000 ____D C:\Program Files\ESET
2015-07-24 11:11 - 2015-07-24 11:11 - 02870984 _____ (ESET) C:\Users\Sam D\Downloads\esetsmartinstaller_enu.exe
2015-07-24 10:59 - 2015-07-24 11:04 - 06754696 _____ C:\Users\Sam D\Downloads\CCl3aner5.07.5261.rar
2015-07-22 12:37 - 2015-07-22 12:37 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TheBestSpinner3
2015-07-22 12:37 - 2015-07-22 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBestSpinner3
2015-07-22 12:37 - 2015-07-22 12:37 - 00000000 ____D C:\Program Files\TheBestSpinner3
2015-07-22 12:28 - 2015-07-22 12:28 - 00784723 _____ C:\Users\Sam D\Downloads\bonus_super_spun_articles_55afc6468bce4.zip
2015-07-21 22:53 - 2015-07-21 22:53 - 05509505 _____ C:\Users\Sam D\Downloads\SetupTheBestSpinner3.exe
2015-07-21 22:53 - 2015-07-21 22:53 - 00784723 _____ C:\Users\Sam D\Downloads\bonus_super_spun_articles_55af074bbc3ca.zip
2015-07-21 22:31 - 2015-07-21 22:32 - 00000000 ____D C:\Users\Sam D\Downloads\SetupTheBestSpinner3.421
2015-07-21 22:22 - 2015-07-21 22:22 - 00000000 ____D C:\Users\Sam D\Downloads\TBS2k15 (1)
2015-07-21 21:18 - 2015-07-21 21:18 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-21 20:23 - 2015-07-24 12:54 - 00000000 ____D C:\Users\Sam D\Desktop\San antonio articles stuff
2015-07-21 15:15 - 2015-07-21 16:03 - 00000000 ____D C:\Users\Sam D\Downloads\KeywordResearcher
2015-07-21 15:15 - 2015-07-21 15:15 - 02852471 _____ C:\Users\Sam D\Downloads\KeywordResearcher.rar
2015-07-21 15:15 - 2015-01-09 04:19 - 08483504 _____ C:\Users\Sam D\Desktop\KeywordResearcher.exe
2015-07-21 15:14 - 2015-07-21 15:14 - 03717120 _____ (Microsoft Corporation) C:\Users\Sam D\Downloads\KeywordResearcher9Latest.exe
2015-07-19 18:44 - 2015-07-22 11:22 - 00000000 ____D C:\Users\Sam D\Desktop\New folder (2)
2015-07-19 00:01 - 2015-07-19 00:01 - 01874588 _____ C:\Users\Sam D\Downloads\Fiverr SEO Gigs Handbook.zip
2015-07-18 18:38 - 2015-07-18 18:39 - 61902129 _____ C:\Users\Sam D\Downloads\X-SpinnerBeta (1).zip
2015-07-17 20:54 - 2015-07-17 20:55 - 155415094 _____ C:\Users\Sam D\Downloads\Wirecast_Play_6_0_5 (1).zip
2015-07-17 20:47 - 2015-07-17 20:47 - 06537216 _____ C:\Users\Sam D\Downloads\flashmedialiveencoder_3.2_wwe_signed.msi
2015-07-17 18:13 - 2015-07-18 15:55 - 00000000 ____D C:\Users\Sam D\Documents\Camtasia Studio
2015-07-17 18:09 - 2015-07-17 18:09 - 00001128 _____ C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2015-07-17 18:09 - 2015-07-17 18:09 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2015-07-17 18:09 - 2015-07-17 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-07-17 18:08 - 2015-07-17 18:08 - 00000000 ____D C:\Program Files\Common Files\TechSmith Shared
2015-07-17 18:07 - 2015-07-17 18:07 - 00000000 ____D C:\Program Files\TechSmith
2015-07-17 17:54 - 2015-07-17 17:55 - 00000000 ____D C:\Users\Sam D\Documents\TechSmith Camtasia Studio 8.5.1 Build 1962 RePack by KpoJIuK
2015-07-17 16:45 - 2015-07-17 16:45 - 00000165 ____H C:\Users\Sam D\Desktop\~$Sales call log and organizer1 sam.xlsx
2015-07-17 00:19 - 2015-07-17 00:19 - 00001710 _____ C:\Users\Sam D\Desktop\FreemakeVD - Shortcut.lnk
2015-07-17 00:19 - 2015-07-17 00:19 - 00000000 ____D C:\Users\Sam D\Documents\Freemake
2015-07-17 00:14 - 2015-07-17 00:14 - 03705660 _____ C:\Users\Sam D\Downloads\julie martinz.rar
2015-07-17 00:12 - 2015-07-17 00:12 - 01428393 _____ C:\Users\Sam D\Downloads\dr perkins reports.rar
2015-07-17 00:04 - 2015-07-17 01:39 - 56338278 _____ C:\Users\Sam D\Downloads\brooks ballard stuff.rar
2015-07-17 00:00 - 2015-07-17 00:00 - 00000000 ____D C:\Users\Sam D\Downloads\Archive-d013
2015-07-16 23:53 - 2015-07-16 23:53 - 00469218 _____ C:\Users\Sam D\Downloads\alex fetanax reports.rar
2015-07-16 23:29 - 2015-07-16 23:29 - 00001344 _____ C:\Users\Public\Desktop\Aimersoft YouTube Downloader.lnk
2015-07-16 23:24 - 2015-07-16 23:25 - 00000000 ____D C:\Users\Sam D\Documents\SEO Content Machine
2015-07-16 23:22 - 2015-07-16 23:22 - 15140358 _____ C:\Users\Sam D\Downloads\SEOCNTNTMCHN.zip
2015-07-16 21:39 - 2015-07-16 21:39 - 00000165 ____H C:\Users\Sam D\Downloads\~$DrPerkins-KeywordRanking-Report (8).xlsx
2015-07-16 15:32 - 2015-07-16 15:57 - 00000000 ____D C:\Users\Sam D\Downloads\X-SpinnerBeta
2015-07-15 21:50 - 2015-07-15 21:50 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\JonathanLeger.com
2015-07-15 21:50 - 2015-07-15 21:50 - 00000000 ____D C:\Users\Sam D\AppData\Local\JonathanLeger.com
2015-07-15 21:40 - 2015-07-21 22:23 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2015-07-15 21:38 - 2015-07-15 21:38 - 00002597 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hosts File Editor.lnk
2015-07-15 21:38 - 2015-07-15 21:38 - 00000000 ____D C:\Program Files\Hosts File Editor
2015-07-15 21:37 - 2015-07-15 21:37 - 00965632 _____ C:\Users\Sam D\Downloads\HostsFileEditorSetup-1.0.0.msi
2015-07-15 21:35 - 2015-07-15 21:35 - 05478738 _____ C:\Users\Sam D\Downloads\TBS2k15.rar
2015-07-15 21:35 - 2015-07-15 21:35 - 00000000 ____D C:\Users\Sam D\Downloads\TBS2k15
2015-07-15 20:48 - 2015-07-15 21:08 - 62928929 _____ C:\Users\Sam D\Downloads\X-SpinnerBeta.zip
2015-07-15 20:38 - 2015-07-15 20:42 - 00000000 ____D C:\Users\Sam D\Downloads\spinnerchiefiiirelease
2015-07-15 20:31 - 2015-07-15 20:34 - 143837293 _____ C:\Users\Sam D\Downloads\spinnerchiefiiirelease.zip
2015-07-15 19:50 - 2015-07-15 19:50 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\TechSmith
2015-07-14 20:06 - 2015-07-14 20:56 - 155415094 _____ C:\Users\Sam D\Downloads\Wirecast_Play_6_0_5.zip
2015-07-09 22:37 - 2015-07-09 22:38 - 08009896 _____ (TeamViewer GmbH) C:\Users\Sam D\Downloads\TeamViewer_Setup_en.exe
2015-07-09 20:27 - 2015-07-09 20:29 - 34862410 _____ C:\Users\Sam D\Downloads\SuperStreamTube.zip
2015-07-09 00:21 - 2015-07-09 00:22 - 74709456 _____ C:\Users\Sam D\Downloads\lvp-module-2-all-ad-commercials-zipped.zip
2015-07-08 21:42 - 2015-07-08 22:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-05 22:52 - 2015-07-05 22:57 - 198186937 _____ C:\Users\Sam D\Downloads\13freeplrvideos.zip
2015-07-05 22:43 - 2015-07-05 22:44 - 43332581 _____ C:\Users\Sam D\Downloads\usfreeadstraffic.zip
2015-07-05 22:42 - 2015-07-05 22:43 - 23271937 _____ C:\Users\Sam D\Downloads\youtubeeditor.zip
2015-07-05 22:29 - 2015-07-05 22:29 - 11159654 _____ C:\Users\Sam D\Downloads\PetGroomingTempPLR09JH.zip
2015-07-05 22:15 - 2015-07-05 22:17 - 60621578 _____ C:\Users\Sam D\Downloads\Offline How To Videos for Local Businesses Set 1.zip
2015-07-05 21:56 - 2015-07-05 21:56 - 17449904 _____ C:\Users\Sam D\Downloads\Groomers-postcards.zip
2015-07-05 15:37 - 2015-07-06 17:31 - 00001721 _____ C:\Users\Sam D\Desktop\pi victorville.txt
2015-07-04 12:46 - 2015-07-04 12:47 - 00000000 ____D C:\Users\Sam D\AppData\Local\Windows Live Writer
2015-07-04 12:46 - 2015-07-04 12:46 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Windows Live Writer
2015-07-03 21:06 - 2015-07-03 21:07 - 00189484 _____ C:\Users\Sam D\Downloads\3.5x2_businesscard.zip
2015-07-02 19:46 - 2015-07-02 19:46 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Disruptive Innovations SARL
2015-07-02 19:46 - 2015-07-02 19:46 - 00000000 ____D C:\Users\Sam D\AppData\Local\Disruptive Innovations SARL
2015-07-02 19:45 - 2015-07-02 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueGriffon
2015-07-02 19:45 - 2015-07-02 19:45 - 00000000 ____D C:\Program Files\BlueGriffon
2015-07-02 17:06 - 2015-07-02 17:06 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\KompoZer
2015-07-02 17:05 - 2015-07-02 17:05 - 00000000 ____D C:\Users\Sam D\Downloads\kompozer-0.7.10-win32
2015-07-02 16:50 - 2015-07-02 16:50 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Nvu
2015-07-02 16:19 - 2015-07-02 16:19 - 00000000 ____D C:\Users\Sam D\Downloads\2015 Minecraft account giveaways
2015-07-02 13:54 - 2015-07-17 00:12 - 00000000 ____D C:\Users\Sam D\Desktop\youtube comment method
2015-07-01 12:57 - 2015-07-01 12:57 - 00860501 _____ C:\Users\Sam D\Downloads\medlin.zip
2015-06-30 16:34 - 2015-06-30 16:34 - 00000165 ____H C:\Users\Sam D\Desktop\~$50_old_usa_pva_gmail_accounts.xlsx
2015-06-29 17:09 - 2015-07-23 18:18 - 00007604 _____ C:\Users\Sam D\AppData\Local\Resmon.ResmonCfg
2015-06-26 23:06 - 2015-06-26 23:06 - 00000000 ____D C:\Users\Sam D\AppData\Local\Deshaker
2015-06-25 02:33 - 2015-06-25 02:33 - 00000159 _____ C:\Users\Sam D\Downloads\Delicious.txt
2015-06-25 02:33 - 2015-06-25 02:33 - 00000123 _____ C:\Users\Sam D\Downloads\Diigo.txt
2015-06-25 00:23 - 2015-06-25 00:24 - 17713160 _____ (Microsoft Corporation) C:\Users\Sam D\Downloads\wsemp.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-25 22:37 - 2015-02-01 21:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-25 22:35 - 2014-09-29 01:47 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-25 22:34 - 2014-12-09 17:36 - 00000000 ____D C:\_acestream_cache_
2015-07-25 22:19 - 2015-03-15 21:10 - 00000000 ___RD C:\Users\Sam D\Dropbox
2015-07-25 22:19 - 2015-03-15 21:06 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Dropbox
2015-07-25 22:15 - 2015-06-16 16:05 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000UA.job
2015-07-25 22:07 - 2015-04-12 11:08 - 00001881 _____ C:\Users\Sam D\Desktop\Ace Player.lnk
2015-07-25 22:07 - 2015-04-12 11:08 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
2015-07-25 21:59 - 2015-05-31 22:59 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-25 21:56 - 2014-12-29 19:27 - 01288118 _____ C:\Windows\WindowsUpdate.log
2015-07-25 21:52 - 2014-09-29 01:47 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-25 21:52 - 2014-08-28 09:19 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-25 21:52 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-25 21:51 - 2011-04-14 23:32 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-25 21:39 - 2009-07-14 00:34 - 00016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-25 21:39 - 2009-07-14 00:34 - 00016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-25 21:27 - 2011-01-10 19:42 - 00000000 ___HD C:\Users\Sam D\AppData\Local\Apps\2.0
2015-07-25 21:06 - 2009-07-13 22:04 - 00000215 _____ C:\Windows\system.ini
2015-07-25 20:28 - 2015-02-12 01:59 - 00002042 _____ C:\Users\Sam D\Documents\Default.rdp
2015-07-25 16:41 - 2014-09-29 01:48 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-25 14:47 - 2015-02-16 11:09 - 00000000 ____D C:\AdwCleaner
2015-07-25 13:22 - 2014-09-27 13:30 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-25 01:44 - 2011-02-06 20:38 - 00000000 ____D C:\Windows\pss
2015-07-25 01:10 - 2014-09-28 02:12 - 00000000 ____D C:\Users\Sam D
2015-07-25 01:06 - 2014-09-27 13:30 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-24 22:57 - 2009-07-13 22:37 - 00000000 __RHD C:\Users\Default
2015-07-24 22:39 - 2009-07-13 22:03 - 59506688 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-07-24 22:39 - 2009-07-13 22:03 - 28311552 _____ C:\Windows\system32\config\SYSTEM.bak
2015-07-24 22:39 - 2009-07-13 22:03 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2015-07-24 22:39 - 2009-07-13 22:03 - 00028672 _____ C:\Windows\system32\config\SAM.bak
2015-07-24 22:39 - 2009-07-13 22:03 - 00020480 _____ C:\Windows\system32\config\SECURITY.bak
2015-07-24 22:38 - 2014-09-27 02:51 - 00000000 ____D C:\Windows\ERDNT
2015-07-24 13:57 - 2014-09-27 20:28 - 00000000 ____D C:\Users\Sam D\AppData\Local\CrashDumps
2015-07-24 13:42 - 2014-08-28 09:18 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-24 12:55 - 2011-04-24 19:50 - 00000000 ___HD C:\Users\Sam D\AppData\Roaming\Skype
2015-07-24 02:15 - 2015-06-16 16:05 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000Core.job
2015-07-22 20:07 - 2009-09-24 15:40 - 00000000 ____D C:\Program Files\CCleaner
2015-07-21 20:25 - 2015-06-22 14:09 - 00000000 ____D C:\Users\Sam D\Desktop\New folder
2015-07-20 16:50 - 2015-05-31 16:04 - 00000000 ____D C:\ProgramData\Aimersoft YouTube Downloader
2015-07-18 20:22 - 2015-05-31 22:24 - 00123556 _____ C:\Users\Sam D\AppData\Roaming\net.telestream.wirecast.xml
2015-07-18 20:21 - 2015-05-31 22:24 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Wirecast for YouTube
2015-07-17 20:48 - 2012-11-01 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2015-07-17 20:48 - 2011-01-08 00:40 - 00000000 ____D C:\Program Files\Adobe
2015-07-17 20:48 - 2010-12-26 19:38 - 00000000 ___HD C:\Users\Sam D\AppData\Roaming\Adobe
2015-07-17 19:58 - 2010-12-26 20:04 - 00000000 ___HD C:\Users\Sam D\AppData\Roaming\BitTorrent
2015-07-17 19:57 - 2014-11-01 02:45 - 00000000 ____D C:\Windows\Minidump
2015-07-17 18:09 - 2011-01-21 17:10 - 00000000 ____D C:\ProgramData\TechSmith
2015-07-17 10:17 - 2012-04-11 17:57 - 00117272 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-07-17 10:16 - 2009-07-14 00:33 - 00446912 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-17 01:40 - 2015-03-05 16:36 - 56410227 _____ C:\Users\Sam D\Downloads\BrooksBallardFineHomesEstates.zip
2015-07-17 01:17 - 2014-12-11 21:37 - 00000000 ____D C:\Program Files\Citrix
2015-07-17 01:12 - 2015-06-19 23:46 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Stardock
2015-07-17 01:12 - 2015-06-19 23:46 - 00000000 ____D C:\Users\Sam D\AppData\Local\Stardock
2015-07-17 01:12 - 2015-06-19 23:46 - 00000000 ____D C:\ProgramData\Stardock
2015-07-17 01:12 - 2015-06-19 23:45 - 00000000 ____D C:\Program Files\Stardock
2015-07-17 00:51 - 2014-12-07 23:21 - 00000000 ____D C:\Users\Sam D\AppData\Local\Deployment
2015-07-17 00:49 - 2015-03-11 13:29 - 00000000 ____D C:\Users\Sam D\AppData\Local\Mozilla
2015-07-17 00:49 - 2015-03-11 12:57 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Mozilla
2015-07-17 00:43 - 2011-01-10 03:16 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-07-17 00:43 - 2009-07-14 00:56 - 00000000 ____D C:\Windows\system32\winrm
2015-07-17 00:00 - 2015-06-10 19:25 - 00000000 ____D C:\Users\Sam D\AppData\Local\IIIQ
2015-07-16 23:55 - 2015-03-07 01:09 - 00000000 ____D C:\Users\Sam D\Downloads\Archive-9cd1
2015-07-16 23:39 - 2014-09-28 11:22 - 00118056 _____ C:\Users\Sam D\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-16 23:24 - 2015-06-12 22:37 - 00000000 ____D C:\Users\Sam D\AppData\Local\Satin_Blue
2015-07-16 23:07 - 2011-04-19 13:06 - 02721183 _____ C:\Windows\system32\oodbs.lor
2015-07-16 13:20 - 2015-03-25 20:59 - 00000000 ____D C:\Users\Sam D\Desktop\PPC Business
2015-07-16 12:36 - 2015-05-05 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-15 23:49 - 2012-02-21 15:48 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\vlc
2015-07-14 20:10 - 2014-12-27 14:03 - 00023398 _____ C:\Users\Sam D\Desktop\50_old_usa_pva_gmail_accounts.xlsx
2015-07-14 16:37 - 2012-04-22 12:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-14 16:37 - 2011-05-20 16:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-14 15:16 - 2014-10-30 23:55 - 00000000 ____D C:\Users\Sam D\Desktop\Consulting
2015-07-14 15:00 - 2011-04-06 14:25 - 00000000 ___HD C:\Users\Sam D\AppData\Roaming\Media Player Classic
2015-07-14 14:41 - 2015-06-02 18:12 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\HandBrake
2015-07-14 14:05 - 2015-06-08 19:50 - 00096511 _____ C:\Users\Sam D\.websiteauditor.properties
2015-07-14 14:05 - 2015-06-08 19:50 - 00000000 ____D C:\Users\Sam D\.websiteauditor
2015-07-14 14:03 - 2015-06-17 01:12 - 00000000 ____D C:\Users\Sam D\.ranktracker
2015-07-14 14:03 - 2014-11-07 01:57 - 00137380 _____ C:\Users\Sam D\.ranktracker.properties
2015-07-14 14:02 - 2010-12-26 20:11 - 00000000 ____D C:\Users\Sam D\Desktop\entertainment
2015-07-14 13:59 - 2014-09-28 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-07-14 11:56 - 2014-12-26 17:27 - 00000000 ____D C:\Users\Sam D\Desktop\proxy stuff and related
2015-07-13 16:04 - 2011-01-08 18:45 - 00000000 ___HD C:\Users\Sam D\AppData\Roaming\FileZilla
2015-07-11 01:20 - 2014-10-31 15:05 - 00000000 ___RD C:\Program Files\Skype
2015-07-11 01:20 - 2011-04-24 19:49 - 00000000 ____D C:\ProgramData\Skype
2015-07-10 17:39 - 2015-02-10 17:02 - 00000000 ____D C:\Users\Sam D\Desktop\Ripoffreport Stuff
2015-07-10 14:20 - 2015-02-01 00:24 - 00000000 ____D C:\Users\Sam D\AppData\Local\Commando
2015-07-09 12:14 - 2014-09-28 17:01 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-08 15:37 - 2015-04-20 14:31 - 00040553 _____ C:\Users\Sam D\Desktop\Sales call log and organizer1 sam.xlsx
2015-07-08 15:06 - 2015-04-20 10:16 - 00000000 ____D C:\Users\Sam D\Desktop\Attorney Combined Files
2015-07-04 12:46 - 2013-02-28 23:35 - 00001406 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-07-04 12:46 - 2013-02-28 23:21 - 00000000 ____D C:\Users\Sam D\AppData\Local\Windows Live
2015-07-02 19:38 - 2015-01-18 01:01 - 00001952 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2015-07-02 19:38 - 2011-01-08 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-07-02 19:38 - 2011-01-08 18:45 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2015-07-02 13:56 - 2015-02-17 19:50 - 00000000 ____D C:\Users\Sam D\Desktop\customer info
2015-07-01 23:36 - 2009-04-24 18:28 - 00052736 _____ C:\Users\Sam D\Desktop\affiliate list.v1.xls
2015-06-27 15:24 - 2014-08-28 09:18 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-27 15:24 - 2014-08-28 09:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-27 15:24 - 2014-08-28 09:17 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-26 12:47 - 2014-12-29 17:57 - 00005632 _____ C:\Users\Sam D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Files in the root of some directories =======

2014-09-17 21:05 - 2014-09-17 21:05 - 11249152 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2014-03-18 14:13 - 2014-03-18 14:14 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2011-01-10 02:44 - 2011-01-10 02:44 - 0874496 ____H (ExtremeCoderz) C:\Users\Sam D\AppData\Roaming\MultiPoster4.exe
2015-05-31 22:24 - 2015-07-18 20:22 - 0123556 _____ () C:\Users\Sam D\AppData\Roaming\net.telestream.wirecast.xml
2015-06-01 00:15 - 2015-06-01 00:15 - 0014543 _____ () C:\Users\Sam D\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_destination.png
2015-06-01 00:15 - 2015-06-01 00:15 - 0014186 _____ () C:\Users\Sam D\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_main.png
2011-01-10 02:44 - 2011-01-10 02:44 - 0000324 ____H () C:\Users\Sam D\AppData\Roaming\settings.cfg
2014-12-29 17:57 - 2015-06-26 12:47 - 0005632 _____ () C:\Users\Sam D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-19 12:34 - 2015-04-02 21:27 - 0000600 _____ () C:\Users\Sam D\AppData\Local\PUTTY.RND
2015-06-29 17:09 - 2015-07-23 18:18 - 0007604 _____ () C:\Users\Sam D\AppData\Local\Resmon.ResmonCfg
2014-12-15 13:45 - 2014-12-15 13:45 - 0000000 _____ () C:\Users\Sam D\AppData\Local\{EA8A6224-C8D9-48BF-8C16-038572217C9F}

Some files in TEMP:
====================
C:\Users\Sam D\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfcgnjl.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-16 13:40

==================== End of log ============================

 

[kingmob]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-07-2015
Ran by Sam D at 2015-07-25 23:00:10
Running from C:\Users\Sam D\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3192665374-2718563871-2505210960-500 - Administrator - Disabled)
Guest (S-1-5-21-3192665374-2718563871-2505210960-501 - Limited - Disabled)
Sam D (S-1-5-21-3192665374-2718563871-2505210960-1000 - Administrator - Enabled) => C:\Users\Sam D

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ace Stream Media 3.0.12 (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\AceStream) (Version: 3.0.12 - Ace Stream Media) <==== ATTENTION!
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.214 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Media Live Encoder 3.2 (HKLM\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - )
Aimersoft YouTube Downloader(Build 4.3.3.0) (HKLM\...\Aimersoft YouTube Downloader_is1) (Version: 4.3.3.0 - Aimersoft Software)
BitTorrent (HKLM\...\BitTorrent) (Version: 7.2.1 - )
BitTorrent (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
BlueGriffon version 1.7.2 (HKLM\...\{A9015334-10BE-4D64-A776-203336EFE806}_is1) (Version: 1.7.2 - Disruptive Innovations SAS)
Camtasia Studio 8 (HKLM\...\{A0FC961E-DC6D-4144-9277-ECDBB99D0AB9}) (Version: 8.5.1.1962 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Comcast Desktop Software (v1.2.1) (HKLM\...\{118C3943-1683-42EF-824D-C22E70DB42E7}) (Version: 24 - Comcast)
CommandoHQ (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\51b760cdbee7f500) (Version: 2.0.9.20 - CommandoHQ)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1001 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell System Detect - 1 (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\73f463568823ebbe) (Version: 5.12.0.3 - Dell)
Dell System Detect (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\9204f5692a8faf3b) (Version: 5.10.0.8 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.102.7 - Alps Electric)
DELL Webcam Center (HKLM\...\DELL Webcam Center) (Version: - )
DELL Webcam Manager (HKLM\...\DELL Webcam Manager) (Version: - )
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
DocSignal (HKLM\...\{F1360A8D-370E-41D3-B93B-9FD2A4C127E3}) (Version: 1.0.0 - DocSignal)
Dropbox (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Dropbox) (Version: 3.6.9 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FileZilla Client 3.11.0.2 (HKLM\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse)
Foxit Advanced PDF Editor 3 (HKLM\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)
Foxit Creator (HKLM\...\Foxit Creator) (Version: 3,0,2,0506 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader) (Version: 3.1.2.1013 - Foxit Software Company)
Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.107 - Google Inc.)
Google Drive (HKLM\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
HandBrake 0.10.1 (HKLM\...\HandBrake) (Version: 0.10.1 - )
Hosts File Editor (HKLM\...\{EC9CF3E9-3C14-43D6-B9D0-5B4232926FAC}) (Version: 1.0.0 - Scott Lerch)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
Internet Email Extractor (HKLM\...\{3C86FB10-F491-4DE1-84A7-78AEAF12C41B}) (Version: 5.0.9.20 - theskysoft)
ISO Opener (HKLM\...\{CE235F00-F8CD-41AF-83D5-236D90E33BFB}_is1) (Version: - www.isoopener.com)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
KeywordSpy SEO/PPC Plug-in 1.0.2 (HKLM\...\KeywordSpy SEO/PPC Plug-in) (Version: 1.0.2 - KeywordSpy.com)
K-Lite Mega Codec Pack 6.7.0 (HKLM\...\KLiteCodecPack_is1) (Version: 6.7.0 - )
Laptop Integrated Webcam Driver (1.04.01.1011) (HKLM\...\Creative OEM002) (Version: - )
Lead Grabber Pro 3.0 (HKLM\...\{CE4D250E-2F02-4ADA-82E8-43ED01AC4120}) (Version: 3.0.0 - Mindless Marketing LLC)
Magic YouTube Xtractor version 1.16 (HKLM\...\{9629C88B-66A7-4EB3-84E4-DAA47F683DCA}_is1) (Version: 1.16 - Alexandr Krulik)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{90120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Notepad++ (HKLM\...\Notepad++) (Version: 6.8 - Notepad++ Team)
Online Lead Finder (HKLM\...\{1650E57C-59B0-41AC-BDB5-91DC30825C2B}) (Version: 3.3.07 - Duncan Wierman)
Online Lead Finder Installer (HKLM\...\{D4159E19-380E-4F2E-B57C-20237F3D19B6}) (Version: 3.3.06 - Duncan Wierman)
OpenAL (HKLM\...\OpenAL) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PhotoFiltre (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\PhotoFiltre) (Version: - )
Port Forward Network Utilities (HKLM\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.7 - Portforward, LLC)
Privoxy (remove only) (HKLM\...\Privoxy) (Version: - )
ProxySwitcher Standard (HKLM\...\ProxySwitcher Standard_is1) (Version: 5.10.1 - V-Tech LLC)
ProxyToolbox (HKLM\...\{C9851860-8485-43EA-81C5-84551DF9AE1E}) (Version: 1.0.1 - XorBots)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
SEO PowerSuite (HKLM\...\seopowersuite) (Version: - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
SopCast 3.9.3 (HKLM\...\SopCast) (Version: 3.9.3 - www.sopcast.com)
SQLite ADO.NET 2.0/3.5 Provider (HKLM\...\{00257FA9-3622-45E4-8B4B-A792CC5169EB}) (Version: 1.066.0 - Phoenix Software Solutions, LLC)
Stardock Fences 2 (HKLM\...\Stardock Fences 2) (Version: 2.12 - Stardock Software, Inc.)
StreamTorrent 1.0 (HKLM\...\StreamTorrent 1.0) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
System.Data.SQLite v1.0.83.0 (HKLM\...\{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1) (Version: 1.0.83.0 - System.Data.SQLite Team)
TheBestSpinner3 (HKLM\...\TheBestSpinner3) (Version: - )
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version: - Microsoft)
Update or Uninstall SENukeX (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\2ce4fd5e017fe1d3) (Version: 3.0.0.56 - SENukeX)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Video Marketing Blaster Pro (HKLM\...\Video Marketing Blaster Pro) (Version: 1.03 - BlasterSuite)
Video Spin Blaster 2.92 (HKLM\...\Video Spin Blaster 2.92) (Version: 2.92 - Sodevrom)
Video Spin Blaster Pro (HKLM\...\Video Spin Blaster Pro) (Version: 2.09 - BlasterSuite)
VideoPad Video Editor (HKLM\...\VideoPad) (Version: 4.08 - NCH Software)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Web Data Extractor 8.3 (HKLM\...\Web Data Extractor_is1) (Version: - )
WebHarvy (HKLM\...\{844AF52E-FECD-4BDC-AB6E-11EF790A7DA2}) (Version: 3.3.0.106 - SysNucleus)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinAVI All in One Converter (HKLM\...\WinAVI All in One Converter) (Version: 1.2.0.3939 - ZJMedia Digital Technology Ltd.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Wirecast (HKLM\...\{5E0D2663-CFB2-440E-900C-7A7AC59C06F4}) (Version: 6.0.4 - Telestream LLC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Users\Sam D\AppData\Local\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSW (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Users\Sam D\AppData\Local\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSP (the data entry has 21 more characters).
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{2A235D7E-0358-40E2-B51A-DE22F8F5C50D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> C:\Users\Sam D\AppData\Local\TechSmith\SnagIt\Accessories\{18AA4E21-D540-4a3a-9F9F-E6DE33D6F253}\MSE (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{672CDBDB-0270-4EB9-83EC-216377522D21}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Users\Sam D\AppData\Local\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSW (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Restore Points =========================

19-07-2015 16:24:46 Revo Uninstaller Pro's restore point - TheBestSpinner3
19-07-2015 16:41:27 Revo Uninstaller Pro's restore point - TheBestSpinner3
21-07-2015 21:15:20 Revo Uninstaller Pro's restore point - TheBestSpinner3
21-07-2015 21:33:23 Revo Uninstaller Pro's restore point - TheBestSpinner3
21-07-2015 21:39:36 Revo Uninstaller Pro's restore point - TheBestSpinner3
21-07-2015 22:15:10 Revo Uninstaller Pro's restore point - TheBestSpinner3
21-07-2015 22:34:26 Revo Uninstaller Pro's restore point - TheBestSpinner3
22-07-2015 12:30:40 Revo Uninstaller Pro's restore point - TheBestSpinner3
24-07-2015 16:36:49 Malwarebytes Anti-Rootkit Restore Point
25-07-2015 01:07:57 JRT Pre-Junkware Removal
25-07-2015 14:51:29 JRT Pre-Junkware Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2015-07-25 21:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

[kingmob]

Task: {00F435BA-51B3-4144-8AA0-00B6A0D48CDB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {10A4A8BF-6135-452F-8EB4-9512B7B951CE} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3192665374-2718563871-2505210960-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {2747CF55-1A81-4664-8474-89BB26640D50} - System32\Tasks\1aad7560 => C:\Users\SAMD~1\AppData\Local\Temp\\setup2115342688.exe <==== ATTENTION
Task: {33C6D576-29F2-4C98-B744-E2EA051CECB4} - \avaxvyyvyf No Task File <==== ATTENTION
Task: {4BB7520A-1ABC-4F12-AACF-31390DF41E6C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000Core => C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {5EC408D9-C9FE-4262-AC19-55E8BFC63274} - System32\Tasks\123bd930 => C:\Users\SAMD~1\AppData\Local\Temp\\setup784407880.exe <==== ATTENTION
Task: {7128EE8C-CC01-4E7B-B6C4-CE4F48F74E74} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {789232E3-7544-466D-AC63-7FE9394B2D6C} - System32\Tasks\{43F6B7A1-A0A0-4311-B669-5661413222D5} => C:\Program Files\Skype\\Phone\Skype.exe [2015-06-29] (Skype Technologies S.A.)
Task: {791118FA-D3CD-4CF9-A2E8-3FABACC396F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
Task: {7B4A94EB-0827-43E6-ADB0-8E81D0973647} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {7D0F2FF6-F8F7-4B53-AA9B-4491D26BDB92} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SamD-PC-Sam D SamD-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {8B0C429A-39C7-4BDD-8060-3F71F06A1FEB} - System32\Tasks\{0B3BB5FE-BF15-427C-BFED-2C169AA0E2D8} => C:\Users\Sam D\Documents\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exe
Task: {92357EA3-E6D8-4D2D-AFAB-C92C92F60554} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
Task: {951DB3A3-8D65-4C59-B0F7-2DD8A0028BEB} - System32\Tasks\{113B5DFE-1E86-41BA-8A42-53C576EAE466} => C:\Users\Sam D\Documents\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exe
Task: {9D7E4113-E6E4-409C-9EEA-8DF1DEEBEFF9} - System32\Tasks\{CD4C9D5F-CBBD-4DDE-921D-41FDF0849985} => pcalua.exe -a "C:\Users\Sam D\Documents\Advanced ID Creator Premier\Advanced ID Creator Premier.exe" -d "C:\Users\Sam D\Documents\Advanced ID Creator Premier"
Task: {9EF16D03-FE9A-4C17-B73C-09B6A7633228} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000UA => C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {A913D4DF-A248-48F4-A984-B2F93167A661} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-04-12] ()
Task: {A991C7C8-4D55-4D2C-AAC2-6C29A52B98B7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {BFF8A89F-6FC3-4169-B533-BFE99AD22926} - System32\Tasks\4518aa00 => C:\Users\SAMD~1\AppData\Local\Temp\\setup2397252992.exe <==== ATTENTION
Task: {D7A6C2E9-C503-4070-B04E-808551566845} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3192665374-2718563871-2505210960-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {DF13B937-746F-4BBF-A29A-060CF1446D56} - System32\Tasks\{695DE3E2-42FC-46E4-B3B1-558ADC26D2AC} => C:\Users\Sam D\Documents\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exe
Task: {E85E6223-3FB4-4B8D-B26C-E480C59368FC} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {EBD7A3F6-3F03-44DA-B28A-71AC1D1B56DF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {EE14D30D-59F8-43A1-9947-740A4E8F164E} - System32\Tasks\{F734AC17-73A6-468A-BBCE-9B881F27CC4D} => C:\Users\Sam D\Documents\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exe
Task: {FAF2834E-BE6E-4664-96A3-A7D06103FABB} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {FFBBF448-B9B0-40D5-8E8E-BCE134F07E89} - \PCDEventLauncherTask No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000Core.job => C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000UA.job => C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-12-08 01:25 - 2014-05-19 20:04 - 00106840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-06-02 11:20 - 2015-06-02 11:20 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2015-05-07 15:27 - 2015-05-07 15:27 - 00259584 _____ () C:\Program Files\Telestream\Wirecast\filters\WirecastVirtualCamera.ax
2015-07-25 16:41 - 2015-07-23 18:39 - 01405768 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.107\libglesv2.dll
2015-07-25 16:41 - 2015-07-23 18:39 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.107\libegl.dll
2015-03-27 20:09 - 2015-03-27 20:09 - 00023984 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\ace_engine.exe
2015-03-27 20:09 - 2015-03-27 20:09 - 00268800 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
2011-06-12 09:09 - 2011-06-12 09:09 - 00038400 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
2011-06-12 09:09 - 2011-06-12 09:09 - 00720896 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
2015-02-26 07:18 - 2015-02-26 07:18 - 00018944 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
2011-06-12 09:06 - 2011-06-12 09:06 - 00287232 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
2015-02-26 07:18 - 2015-02-26 07:18 - 02386432 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pywebrtc.pyd
2015-03-27 20:07 - 2015-03-27 20:07 - 02029056 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
2011-06-12 09:06 - 2011-06-12 09:06 - 00106496 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
2011-06-12 09:06 - 2011-06-12 09:06 - 00011776 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\select.pyd
2014-01-23 07:37 - 2014-01-23 07:37 - 00036352 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
2013-12-21 09:20 - 2013-12-21 09:20 - 00053248 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
2013-12-21 09:20 - 2013-12-21 09:20 - 00040448 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
2011-01-18 17:56 - 2011-01-18 17:56 - 00334336 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
2011-06-12 09:06 - 2011-06-12 09:06 - 00152576 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
2011-02-13 11:02 - 2011-02-13 11:02 - 00031232 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
2015-03-27 20:23 - 2015-03-27 20:23 - 03035648 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
2012-02-07 12:37 - 2012-02-07 12:37 - 00098816 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
2012-02-07 12:35 - 2012-02-07 12:35 - 00110080 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
2012-02-07 12:38 - 2012-02-07 12:38 - 00358912 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
2012-02-07 12:36 - 2012-02-07 12:36 - 00111616 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
2012-02-07 12:36 - 2012-02-07 12:36 - 00024064 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
2010-10-10 18:23 - 2010-10-10 18:23 - 00723968 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
2013-01-29 12:20 - 2013-01-29 12:20 - 00082944 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
2011-07-15 15:37 - 2011-07-15 15:37 - 00981504 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
2011-07-15 15:38 - 2011-07-15 15:38 - 00746496 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
2011-07-15 15:38 - 2011-07-15 15:38 - 00670720 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
2011-07-15 15:38 - 2011-07-15 15:38 - 00966144 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
2011-07-15 15:38 - 2011-07-15 15:38 - 00674816 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
2011-06-12 09:06 - 2011-06-12 09:06 - 00688128 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
2015-02-26 07:18 - 2015-02-26 07:18 - 00061952 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
2013-01-29 12:20 - 2013-01-29 12:20 - 00066048 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
2014-10-01 12:32 - 2014-10-01 12:32 - 00022824 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\ace_update.exe
2011-06-12 09:09 - 2011-06-12 09:09 - 00038400 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
2011-06-12 09:09 - 2011-06-12 09:09 - 00720896 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
2011-07-15 15:37 - 2011-07-15 15:37 - 00981504 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
2011-07-15 15:38 - 2011-07-15 15:38 - 00746496 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
2011-07-15 15:38 - 2011-07-15 15:38 - 00670720 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
2011-07-15 15:38 - 2011-07-15 15:38 - 00966144 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
2011-07-15 15:38 - 2011-07-15 15:38 - 00674816 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
2011-06-12 09:06 - 2011-06-12 09:06 - 00287232 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
2011-01-18 17:56 - 2011-01-18 17:56 - 00334336 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 09:06 - 2011-06-12 09:06 - 00011776 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\select.pyd
2011-06-12 09:06 - 2011-06-12 09:06 - 00152576 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
2012-02-07 12:37 - 2012-02-07 12:37 - 00098816 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
2012-02-07 12:35 - 2012-02-07 12:35 - 00110080 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
2012-02-07 12:38 - 2012-02-07 12:38 - 00358912 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
2012-02-07 12:36 - 2012-02-07 12:36 - 00111616 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
2012-02-07 12:36 - 2012-02-07 12:36 - 00024064 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd
2014-10-01 07:50 - 2014-10-01 07:50 - 00149288 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\libtsplayer.dll
2014-10-01 07:50 - 2014-10-01 07:50 - 01974056 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\libtsplayercore.dll
2013-11-20 09:05 - 2013-11-20 09:05 - 00051320 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libaout_directx_plugin.dll
2014-04-07 07:42 - 2014-04-07 07:42 - 00074872 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libdirectx_plugin.dll
2013-11-20 09:06 - 2013-11-20 09:06 - 00213624 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libdshow_plugin.dll
2013-11-20 09:08 - 2013-11-20 09:08 - 00052344 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libwaveout_plugin.dll
2013-11-20 09:06 - 2013-11-20 09:06 - 00039032 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libmemcpymmxext_plugin.dll
2014-12-05 10:29 - 2014-12-05 10:29 - 01477928 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libp2p_access_plugin.dll
2014-03-03 13:00 - 2014-03-03 13:00 - 00510584 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libsqlite_plugin.dll
2013-11-20 09:05 - 2013-11-20 09:05 - 00095864 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libaccess_bd_plugin.dll
2013-11-20 09:06 - 2013-11-20 09:06 - 00238200 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libdvdnav_plugin.dll
2013-11-20 09:06 - 2013-11-20 09:06 - 00044152 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libfilesystem_plugin.dll
2013-11-20 09:07 - 2013-11-20 09:07 - 00039544 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libstream_filter_rar_plugin.dll
2013-11-20 09:08 - 2013-11-20 09:08 - 00084600 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libzip_plugin.dll
2013-11-20 09:07 - 2013-11-20 09:07 - 00036984 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libstream_filter_record_plugin.dll
2013-11-20 09:07 - 2013-11-20 09:07 - 00112760 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libplaylist_plugin.dll
2013-11-20 09:07 - 2013-11-20 09:07 - 01111160 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libtaglib_plugin.dll
2013-11-20 09:06 - 2013-11-20 09:06 - 00343672 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\liblua_plugin.dll
2013-11-20 09:08 - 2013-11-20 09:08 - 01143416 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libxml_plugin.dll
2013-11-20 09:06 - 2013-11-20 09:06 - 00053880 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libhotkeys_plugin.dll
2013-11-20 09:06 - 2013-11-20 09:06 - 00039032 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libglobalhotkeys_plugin.dll
2014-12-05 10:29 - 2014-12-05 10:29 - 30864168 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libqt4_plugin.dll
2013-11-20 09:06 - 2013-11-20 09:06 - 00044664 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libexport_plugin.dll
2015-07-25 16:41 - 2015-07-23 18:39 - 16308040 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.107\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Sam D\Downloads\FiverrMiddleMan.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Sam D\Downloads\LinkedInAdvertising.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Sam D\Downloads\LinkedInLeads.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Sam D\Downloads\National-List-Attorneys.zip:com.dropbox.attributes
AlternateDataStreams: C:\Users\Sam D\Downloads\Ultimate_Tube_Profits.pdf:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\intuit.com -> hxxps://ttlc.intuit.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sam D\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AffinegyService => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: lxbk_device => 2
MSCONFIG\startupfolder: C:^Users^Sam D^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk => C:\Windows\pss\Stardock ObjectDock.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: BitTorrent => "C:\Users\Sam D\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Aimersoft\YouTube Downloader\DelayPluginI.exe
MSCONFIG\startupreg: Desktop Software => "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Power2GoExpress => "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe"
MSCONFIG\startupreg: PSwitch => C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{19E61B84-BE3F-47B2-8158-4E6799AFEC76}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe
FirewallRules: [TCP Query User{38D0EECD-5E94-46B7-BBD1-2BCBBF1E3A67}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe
FirewallRules: [{A3FB9A38-9FA5-4AA2-9B1D-7539C9214A79}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe
FirewallRules: [{F548139A-CA87-4272-BAA7-B6BB1FDAF5FA}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe
FirewallRules: [UDP Query User{ACF03D02-E5DB-4A37-9B01-153D15A3EBAC}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{5ADBE869-3344-48C6-A4C6-D7BEB4F04DBC}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [{0D38C7A5-5C87-44C5-BF58-D66DB3E8CAE9}] => (Allow) C:\Users\Sam D\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{04422F43-AEDC-45E3-BB9A-68F3FE292CC8}] => (Allow) C:\Users\Sam D\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3DF235C1-0AA6-416E-9CAC-3FE747CD60EE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{ECBB7116-7B46-40F0-A8D3-38A3B3EAA74B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{A4BA1717-F71D-4AC5-A3A5-03B015D1109D}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{2423CA43-42FD-45DE-BD1E-23F19B873579}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [TCP Query User{68635257-B1A5-4329-A476-762824EC5902}C:\users\sam d\documents\microsoft office 2013 professional plus (32-bit) (x86) + activation toolkit\microsoft toolkit 2.4.9\microsoft toolkit.exe] => (Allow) C:\users\sam d\documents\microsoft office 2013 professional plus (32-bit) (x86) + activation toolkit\microsoft toolkit 2.4.9\microsoft toolkit.exe
FirewallRules: [UDP Query User{0175FE63-7A98-483C-A8DA-FA3CC70E4D36}C:\users\sam d\documents\microsoft office 2013 professional plus (32-bit) (x86) + activation toolkit\microsoft toolkit 2.4.9\microsoft toolkit.exe] => (Allow) C:\users\sam d\documents\microsoft office 2013 professional plus (32-bit) (x86) + activation toolkit\microsoft toolkit 2.4.9\microsoft toolkit.exe
FirewallRules: [{131D81C0-6D68-4D41-B3F5-0E7C200B5C8A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{2FC7876D-834B-48D0-89D5-762192D2621D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{42B357BA-489D-406F-897B-67DDB40BBE16}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{833E2418-D638-4D20-A3A6-4E936B4B9C45}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{15E9D20A-2BC2-451A-A062-B2D6ACC55DF0}C:\program files\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{12940B2B-90F9-4DFD-951B-5959305B3480}C:\program files\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [{E577BB6D-4FAE-4017-AA72-D073847CBDCF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7E1C7E47-5B19-465F-A4CC-1037272D1DC4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2CB05B58-A76F-4EED-AC6A-A115F1CABB5E}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F53E1AF0-CD4A-4D8C-8CB4-7DE12CE6FABC}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{17F6FA62-C840-4B53-B05C-9A08468738EB}] => (Allow) C:\Users\Sam D\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1D26A52A-D643-4F6F-A807-3FC2259F509A}] => (Allow) C:\Users\Sam D\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7A499074-E6D5-4A0B-8614-14C782CC33EE}C:\users\sam d\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sam d\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{FF2BC76E-B26B-45C3-AC62-8552CB1C1652}C:\users\sam d\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sam d\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{7F6344DB-B551-4EE7-BDBC-CB47D4898471}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{51217ED9-F716-4F38-8EFC-2AF2B36C3CA9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3B53104C-1784-40E8-A228-F47AFD294171}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3AF3A65D-FBB0-406A-BA8D-CAB361923E6A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{371CC202-0227-45B3-B359-9C2B63945AA4}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [UDP Query User{85A9067E-9F8F-4E3E-ACAD-3E535F5A88A7}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [TCP Query User{D9EA6939-A7E5-4CB9-93DF-9DFE51BC6EC0}C:\users\sam d\lead software\images\phantomjs.exe] => (Allow) C:\users\sam d\lead software\images\phantomjs.exe
FirewallRules: [UDP Query User{F7A3D181-B3FA-4601-B64C-D2BAE2C55DF6}C:\users\sam d\lead software\images\phantomjs.exe] => (Allow) C:\users\sam d\lead software\images\phantomjs.exe
FirewallRules: [TCP Query User{FD934498-D11D-4304-A7F6-97198EA81280}C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{D70E3FE5-8BB1-40CC-9295-3F25039FF837}C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [TCP Query User{9A2841D7-78A8-4919-8467-77358F532D9B}C:\program files\sopcast\sopcast.exe] => (Block) C:\program files\sopcast\sopcast.exe
FirewallRules: [UDP Query User{584AD027-B8CC-45B3-99AB-344204752135}C:\program files\sopcast\sopcast.exe] => (Block) C:\program files\sopcast\sopcast.exe
FirewallRules: [TCP Query User{09856936-5DE6-4056-8A2E-D369EB2C7570}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{38064DAE-1DDA-4B6C-89D8-FE9AF166F181}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [{613A2CFC-14AC-458F-83E5-24FE21D9DE2D}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{6C90A10E-312F-4D09-8556-99F1A978D68B}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{A09733B8-8C6C-4EF1-A05D-A0F2839B4D6E}] => (Allow) C:\Program Files\Link-AssistantCom\BuzzBundle\bin\buzzbundle.exe
FirewallRules: [{4DD21B2E-D023-4717-A07D-7AF259A4A472}] => (Allow) C:\Program Files\Link-AssistantCom\BuzzBundle\bin\buzzbundle.exe
FirewallRules: [{0CE5DF61-048D-4A9B-BC16-AB285FC33A0A}] => (Allow) C:\Program Files\Link-AssistantCom\BuzzBundle\bin\buzzbundle.exe
FirewallRules: [{1634C6B4-0709-4DA0-8308-44E516AFA34B}] => (Allow) C:\Program Files\Link-AssistantCom\BuzzBundle\bin\buzzbundle.exe
FirewallRules: [{8D583FD3-1536-4DFA-9230-883ECE8F85D9}] => (Allow) C:\Program Files\Link-AssistantCom\SEO SpyGlass\bin\seospyglass.exe
FirewallRules: [{DAF689C9-3D87-4826-8449-DB211723D71E}] => (Allow) C:\Program Files\Link-AssistantCom\SEO SpyGlass\bin\seospyglass.exe
FirewallRules: [{8BA605B7-E777-454F-8E6D-EB197F40140D}] => (Allow) C:\Program Files\Link-AssistantCom\SEO SpyGlass\bin\seospyglass.exe
FirewallRules: [{C6E3EFFF-02CD-48CE-97BD-09CF9BF66789}] => (Allow) C:\Program Files\Link-AssistantCom\SEO SpyGlass\bin\seospyglass.exe
FirewallRules: [TCP Query User{DB45E0B5-51B5-4DF8-BAE2-CFE6A67DB5A6}C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{2310DE64-26A4-49E1-AC74-B8587011847A}C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{CEEE0219-D277-46C8-82CB-1299597EC0F9}] => (Allow) LPort=8317
FirewallRules: [{C8EE2D30-96F7-4FD2-AF74-A7AD7CBB58F4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Kaspersky Anti-Virus NDIS 6 Filter
Description: Kaspersky Anti-Virus NDIS 6 Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KLIM6
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Description: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvvad_WaveExtensible
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/25/2015 10:53:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/25/2015 10:40:18 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2015 09:51:58 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/25/2015 09:49:31 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/25/2015 09:29:17 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/25/2015 09:26:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/25/2015 09:22:52 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/25/2015 09:02:35 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/25/2015 08:40:10 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2015 07:40:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program notepad++.exe version 6.8.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7ec

Start Time: 01d0c73199343bbe

Termination Time: 31

Application Path: C:\Program Files\Notepad++\notepad++.exe

Report Id: 855ec9e4-3326-11e5-8d09-001d09ce33f2


System errors:
=============
Error: (07/25/2015 10:40:18 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (07/25/2015 09:53:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058

Error: (07/25/2015 09:52:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
KLIM6

Error: (07/25/2015 09:49:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058

Error: (07/25/2015 09:49:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/25/2015 09:49:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/25/2015 09:49:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/25/2015 09:49:43 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/25/2015 09:49:42 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (07/25/2015 09:49:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office:
=========================
Error: (07/25/2015 10:53:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\Sam D\Downloads\KeywordResearcher9Latest.exe

Error: (07/25/2015 10:40:18 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (07/25/2015 09:51:58 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (07/25/2015 09:49:31 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (07/25/2015 09:29:17 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (07/25/2015 09:26:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\Sam D\Downloads\KeywordResearcher9Latest.exe

Error: (07/25/2015 09:22:52 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (07/25/2015 09:02:35 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (07/25/2015 08:40:10 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (07/25/2015 07:40:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: notepad++.exe6.8.0.07ec01d0c73199343bbe31C:\Program Files\Notepad++\notepad++.exe855ec9e4-3326-11e5-8d09-001d09ce33f2


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz
Percentage of memory in use: 39%
Total physical RAM: 3582.04 MB
Available physical RAM: 2170.68 MB
Total Virtual: 7162.36 MB
Available Virtual: 5554.15 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:220.34 GB) (Free:51.3 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220.3 GB) - (Type=07 NTFS)

==================== End of log ============================

 

[Broni]

How did Ace Stream Media get on your computer?
I didn't see it in your initial FRST log.
In any case, uninstall it.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[kingmob]

I reinstalled Ace stream. It is not malicious in any way, and I needed it

 

[Broni]

OK, go ahead with fiflist.

 

[kingmob]

Fix result of Farbar Recovery Scan Tool (x86) Version: 25-07-2015
Ran by Sam D at 2015-07-26 19:47:18 Run:1
Running from C:\Users\Sam D\Desktop
Loaded Profiles: Sam D (Available Profiles: Sam D)
Boot Mode: Normal

==============================================

fixlist content:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000 - (No Name) - {5F9575C2-1AB4-4883-8505-5C6D0DFDF2D5} - No File
Handler: WSAMAllMyTubechrome - {C985F516-9C03-4F90 - No File
CHR HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\SAMD~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [Not Found]
S3 catchme; \??\C:\Users\SAMD~1\AppData\Local\Temp\catchme.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116736 2014-09-02] (Webroot)
C:\Windows\System32\drivers\WRkrn.sys
2014-09-17 21:05 - 2014-09-17 21:05 - 11249152 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2014-03-18 14:13 - 2014-03-18 14:14 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2011-01-10 02:44 - 2011-01-10 02:44 - 0874496 ____H (ExtremeCoderz) C:\Users\Sam D\AppData\Roaming\MultiPoster4.exe
2015-05-31 22:24 - 2015-07-18 20:22 - 0123556 _____ () C:\Users\Sam D\AppData\Roaming\net.telestream.wirecast.xml
2015-06-01 00:15 - 2015-06-01 00:15 - 0014543 _____ () C:\Users\Sam D\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_destination.png
2015-06-01 00:15 - 2015-06-01 00:15 - 0014186 _____ () C:\Users\Sam D\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_main.png
2011-01-10 02:44 - 2011-01-10 02:44 - 0000324 ____H () C:\Users\Sam D\AppData\Roaming\settings.cfg
2014-12-29 17:57 - 2015-06-26 12:47 - 0005632 _____ () C:\Users\Sam D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-19 12:34 - 2015-04-02 21:27 - 0000600 _____ () C:\Users\Sam D\AppData\Local\PUTTY.RND
2015-06-29 17:09 - 2015-07-23 18:18 - 0007604 _____ () C:\Users\Sam D\AppData\Local\Resmon.ResmonCfg
2014-12-15 13:45 - 2014-12-15 13:45 - 0000000 _____ () C:\Users\Sam D\AppData\Local\{EA8A6224-C8D9-48BF-8C16-038572217C9F}
C:\Users\Sam D\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfcgnjl.dll
Task: {2747CF55-1A81-4664-8474-89BB26640D50} - System32\Tasks\1aad7560 => C:\Users\SAMD~1\AppData\Local\Temp\\setup2115342688.exe <==== ATTENTION
Task: {33C6D576-29F2-4C98-B744-E2EA051CECB4} - \avaxvyyvyf No Task File <==== ATTENTION
C:\Users\SAMD~1\AppData\Local\Temp\\setup2115342688.exe
Task: {5EC408D9-C9FE-4262-AC19-55E8BFC63274} - System32\Tasks\123bd930 => C:\Users\SAMD~1\AppData\Local\Temp\\setup784407880.exe <==== ATTENTION
C:\Users\SAMD~1\AppData\Local\Temp\\setup784407880.exe
Task: {BFF8A89F-6FC3-4169-B533-BFE99AD22926} - System32\Tasks\4518aa00 => C:\Users\SAMD~1\AppData\Local\Temp\\setup2397252992.exe <==== ATTENTION
C:\Users\SAMD~1\AppData\Local\Temp\\setup2397252992.exe
Task: {FFBBF448-B9B0-40D5-8E8E-BCE134F07E89} - \PCDEventLauncherTask No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\Sam D\Downloads\FiverrMiddleMan.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Sam D\Downloads\LinkedInAdvertising.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Sam D\Downloads\LinkedInLeads.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Sam D\Downloads\National-List-Attorneys.zip:com.dropbox.attributes
AlternateDataStreams: C:\Users\Sam D\Downloads\Ultimate_Tube_Profits.pdf:$CmdZnID


*****************

C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{5F9575C2-1AB4-4883-8505-5C6D0DFDF2D5} => value removed successfully.
"HKCR\PROTOCOLS\Handler\WSAMAllMyTubechrome" => key removed successfully.
"HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj" => key removed successfully.
catchme => service removed successfully.
nvvad_WaveExtensible => service removed successfully.
WRkrn => Unable to stop service.
WRkrn => service removed successfully.
Could not move "C:\Windows\System32\drivers\WRkrn.sys" => Scheduled to move on reboot.
C:\Program Files\Common Files\lpuninstall.exe => moved successfully.
C:\Program Files\Common Files\wruninstall.exe => moved successfully.
C:\Users\Sam D\AppData\Roaming\MultiPoster4.exe => moved successfully.
C:\Users\Sam D\AppData\Roaming\net.telestream.wirecast.xml => moved successfully.
C:\Users\Sam D\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_destination.png => moved successfully.
C:\Users\Sam D\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_main.png => moved successfully.
C:\Users\Sam D\AppData\Roaming\settings.cfg => moved successfully.
C:\Users\Sam D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully.
C:\Users\Sam D\AppData\Local\PUTTY.RND => moved successfully.
C:\Users\Sam D\AppData\Local\Resmon.ResmonCfg => moved successfully.
C:\Users\Sam D\AppData\Local\{EA8A6224-C8D9-48BF-8C16-038572217C9F} => moved successfully.
"C:\Users\Sam D\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfcgnjl.dll" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2747CF55-1A81-4664-8474-89BB26640D50}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2747CF55-1A81-4664-8474-89BB26640D50}" => key removed successfully.
C:\Windows\System32\Tasks\1aad7560 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1aad7560" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33C6D576-29F2-4C98-B744-E2EA051CECB4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33C6D576-29F2-4C98-B744-E2EA051CECB4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaxvyyvyf" => key removed successfully.
"C:\Users\SAMD~1\AppData\Local\Temp\\setup2115342688.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EC408D9-C9FE-4262-AC19-55E8BFC63274}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EC408D9-C9FE-4262-AC19-55E8BFC63274}" => key removed successfully.
C:\Windows\System32\Tasks\123bd930 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\123bd930" => key removed successfully.
"C:\Users\SAMD~1\AppData\Local\Temp\\setup784407880.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFF8A89F-6FC3-4169-B533-BFE99AD22926}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFF8A89F-6FC3-4169-B533-BFE99AD22926}" => key removed successfully.
C:\Windows\System32\Tasks\4518aa00 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4518aa00" => key removed successfully.
"C:\Users\SAMD~1\AppData\Local\Temp\\setup2397252992.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFBBF448-B9B0-40D5-8E8E-BCE134F07E89}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFBBF448-B9B0-40D5-8E8E-BCE134F07E89}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask" => key removed successfully.
C:\Users\Sam D\Downloads\FiverrMiddleMan.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\Sam D\Downloads\LinkedInAdvertising.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\Sam D\Downloads\LinkedInLeads.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\Sam D\Downloads\National-List-Attorneys.zip => ":com.dropbox.attributes" ADS removed successfully..
C:\Users\Sam D\Downloads\Ultimate_Tube_Profits.pdf => ":$CmdZnID" ADS removed successfully..
=> Error: No automatic fix found for this entry.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-26 19:50:02)<=

C:\Windows\System32\drivers\WRkrn.sys => is moved successfully

==== End of Fixlog 19:50:02 ====

 

[kingmob]

MY CPU still running very high, varies from 70% to 100% with chrome open.

 

[Broni]

Reset Chrome...
Click on "Customize and control Google Chrome":

Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help....

Reinstall Chrome...
If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome
If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

• Close all Chrome windows and tabs.
• Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
• Click Programs and Features.
• Double-click Google Chrome.
• Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.

Install fresh copy.

 

[kingmob]

Reinstalling chrome had no effect. I only brought it up as I had it open at the time. Using any application spikes up cpu usage to near max amount. I'm pretty sure that the problem malware/rootkit still undetected.

 

[Broni]

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[kingmob]

Results of screen317's Security Check version 1.006
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
KeywordSpy SEO/PPC Plug-in 1.0.2
SUPERAntiSpyware
Hosts File Editor
CCleaner
Java 7 Update 67
Java 8 Update 25
Java version 32-bit out of Date!
Adobe Flash Player 18.0.0.209
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (39.0)
Google Chrome (44.0.2403.107)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

 

[kingmob]

Farbar Service Scanner Version: 26-07-2015
Ran by Sam D (administrator) on 26-07-2015 at 21:42:39
Running from "C:\Users\Sam D\Downloads"
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

 

[kingmob]

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57311 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sam D
->Temp folder emptied: 1098739 bytes
->Temporary Internet Files folder emptied: 10649492 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29521689 bytes
->Google Chrome cache emptied: 15439767 bytes
->Flash cache emptied: 58203 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1064796 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 55.00 mb