TechSpot

CPU at maximum - Cannot find a problem

By kingmob
Jul 25, 2015
  1. Beeing trying to find malware/rootkit myself, as I suspect that is the problem here, but everything I threw at it, has not helped. Asking for some help here, hoping you can find something I haven't been able to. I have not done system restore.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-07-2015
    Ran by Sam D (administrator) on SAMD-PC (25-07-2015 12:00:19)
    Running from C:\Users\Sam D\Downloads
    Loaded Profiles: Sam D (Available Profiles: Sam D)
    Platform: Microsoft Windows 7 Ultimate (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [159744 2007-07-02] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [Fences] => C:\Program Files\Stardock\Fences\Fences.exe [4031152 2013-11-26] (Stardock Corporation)
    Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll [2010-10-05] (Kaspersky Lab ZAO)
    HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6715160 2015-07-08] (SUPERAntiSpyware)
    HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd)
    HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Run: [Dropbox Update] => C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-06-19] (Microsoft Corporation)
    Startup: C:\Users\Sam D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-12]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-us
    URLSearchHook: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000 - (No Name) - {5F9575C2-1AB4-4883-8505-5C6D0DFDF2D5} - No File
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
    Toolbar: HKLM - KeywordSpy™ SEO/PPC - {0AE831B0-427E-4D0A-BC88-4BA47E7471C3} - C:\Program Files\KeywordSpy SEOPPC Plug-in\KeywordSpySEO.dll [2010-07-31] ()
    Toolbar: HKU\.DEFAULT -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000 -> KeywordSpy™ SEO/PPC - {0AE831B0-427E-4D0A-BC88-4BA47E7471C3} - C:\Program Files\KeywordSpy SEOPPC Plug-in\KeywordSpySEO.dll [2010-07-31] ()
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
    Handler: WSAMAllMyTubechrome - {C985F516-9C03-4F90 - No File
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{753E788B-AD78-4CDD-B153-CDD66A6584E0}: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630
    FF DefaultSearchEngine.US: Google
    FF Homepage: gmail.com
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
    FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-10] (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-30] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3192665374-2718563871-2505210960-1000: @acestream.net/acestreamplugin,version=3.0.12 -> C:\Users\Sam D\AppData\Roaming\ACEStream\player\npace_plugin.dll No File
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-02-10] (Microsoft Corporation)
    FF Extension: Copy Urls Expert - C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\Extensions\copy-urls-expert@kashiif-gmail.com.xpi [2015-07-20]
    FF Extension: MozBar - C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\Extensions\toolbar@seomoz.org.xpi [2015-06-28]
    FF Extension: PPCWebSpy Toolbar - C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\Extensions\{86c18b42-e466-45a9-ae7a-9b95ba6f5640}.xpi [2015-05-17]
    FF Extension: SEO Global For Google Search™ - C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\Extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}.xpi [2015-06-24]
    FF Extension: Download YouTube Videos as MP4 - C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-05-31]
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-08]
    FF HKLM\...\Firefox\Extensions: [AMAllMyTube@Aimersoft.com] - C:\ProgramData\Aimersoft\YouTube Downloader\AMAllMyTube@Aimersoft.com
    FF Extension: Aimersoft YouTube Downloader - C:\ProgramData\Aimersoft\YouTube Downloader\AMAllMyTube@Aimersoft.com [2015-05-31]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Default
    CHR Profile: C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Webbing) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fblcpdlednddbkcdbkkaiggjipjjgpdp [2014-10-15]
    CHR Extension: (DivX HiQ) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2012-07-28]
    CHR Extension: (NextCouup) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\goeeobfmefldgbbdlmjdjagkkhmmnopi [2014-10-08]
    CHR Extension: (GoSavvE) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hgdnccifmkfafkohlbeailfepfjbmdna [2014-09-25]
    CHR Extension: (OpptOn) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hnojomgcmohiefbikenglccliaogccbn [2014-09-27]
    CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-07-28]
    CHR Extension: (HTML5ify) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jikbjpjgjmmdhcmlagappehlpiljoaop [2015-03-12]
    CHR Extension: (Codec-V) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho [2012-07-28]
    CHR Extension: (Deezify) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kpkbhaapafmlmgodhicgpngihalhepll [2015-02-14]
    CHR Extension: (GoSSave) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lhijjoggceedllbdndfjjnjpomecffad [2014-10-08]
    CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-07-28]
    CHR Profile: C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2
    CHR Extension: (Google Drive) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-18]
    CHR Extension: (Poper Blocker) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2015-07-01]
    CHR Extension: (APK Downloader) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2014-10-26]
    CHR Extension: (Image Downloader) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2014-10-16]
    CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-11-25]
    CHR Extension: (Video Downloader professional) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-11-17]
    CHR Extension: (Webbing) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fblcpdlednddbkcdbkkaiggjipjjgpdp [2014-10-15]
    CHR Extension: (AdBlock) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-01]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
    CHR Extension: (Google Wallet) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
    CHR Extension: (SEO Global For Google Search™) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ojgmigafbpedhdilmemphfklkbghlphi [2015-06-24]
    CHR Profile: C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3
    CHR Extension: (Google Docs) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-27]
    CHR Extension: (Google Drive) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-27]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-27]
    CHR Extension: (YouTube) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-27]
    CHR Extension: (Google Search) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-27]
    CHR Extension: (HTML5ify) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jikbjpjgjmmdhcmlagappehlpiljoaop [2015-03-12]
    CHR Extension: (Deezify) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kpkbhaapafmlmgodhicgpngihalhepll [2015-02-14]
    CHR Extension: (Google Wallet) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-27]
    CHR Extension: (Gmail) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-27]
    CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [Not Found]
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
    CHR HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\SAMD~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
    R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
    R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-09-11] (Freemake) [File not signed]
    R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-09-11] (Ellora Assets Corp.) [File not signed]
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-02-16] ()
    R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [132184 2010-06-09] (Kaspersky Lab ZAO)
    R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2010-06-09] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [488536 2010-12-26] (Kaspersky Lab)
    S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [22104 2010-04-22] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-25] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2014-11-05] (The OpenVPN Project)
    S3 TSVAD_PCM; C:\Windows\System32\drivers\tsvadpcm.sys [28432 2014-08-15] (Windows (R) Win 7 DDK provider)
    S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
    S3 vncmirror; C:\Windows\System32\DRIVERS\vncmirror.sys [4608 2014-11-28] (RealVNC Ltd.)
    R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116736 2014-09-02] (Webroot)
    S3 catchme; \??\C:\Users\SAMD~1\AppData\Local\Temp\catchme.sys [X]
    S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-25 12:00 - 2015-07-25 12:01 - 00024169 _____ C:\Users\Sam D\Downloads\FRST.txt
    2015-07-25 12:00 - 2015-07-25 12:00 - 00000000 ____D C:\FRST
    2015-07-25 11:59 - 2015-07-25 11:59 - 01650688 _____ (Farbar) C:\Users\Sam D\Downloads\FRST.exe
    2015-07-25 02:14 - 2015-07-25 02:14 - 00028527 _____ C:\ComboFix.txt
    2015-07-25 01:43 - 2015-07-25 01:43 - 00001098 _____ C:\Users\Sam D\Desktop\ComboFix - Shortcut.lnk
    2015-07-25 01:40 - 2015-07-25 01:42 - 00003448 _____ C:\Users\Sam D\Desktop\Rkill.txt
    2015-07-25 01:39 - 2015-07-25 01:39 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Sam D\Downloads\rkill.exe
    2015-07-25 01:22 - 2015-07-25 01:22 - 00002982 _____ C:\Users\Sam D\Desktop\JRT.txt
    2015-07-25 00:48 - 2015-07-25 00:48 - 02248704 _____ C:\Users\Sam D\Downloads\adwcleaner_4.208.exe
    2015-07-25 00:47 - 2015-07-25 00:48 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Sam D\Downloads\JRT (1).exe
    2015-07-25 00:33 - 2015-07-25 00:34 - 18705480 _____ C:\Users\Sam D\Downloads\RogueKiller.exe
    2015-07-24 23:42 - 2015-07-24 23:43 - 07269656 _____ (Bitdefender LLC) C:\Users\Sam D\Downloads\BootkitRemoval_x86.exe
    2015-07-24 22:40 - 2015-07-25 11:33 - 00002828 _____ C:\Windows\setupact.log
    2015-07-24 22:40 - 2015-07-25 02:06 - 00001430 _____ C:\Windows\PFRO.log
    2015-07-24 22:40 - 2015-07-24 22:40 - 00000000 _____ C:\Windows\setuperr.log
    2015-07-24 21:56 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
    2015-07-24 21:56 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
    2015-07-24 21:56 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-07-24 21:56 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-07-24 21:56 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-07-24 21:56 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
    2015-07-24 21:56 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
    2015-07-24 21:56 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
    2015-07-24 21:55 - 2015-07-25 02:14 - 00000000 ____D C:\Qoobox
    2015-07-24 16:56 - 2015-07-24 16:58 - 05633622 ____R (Swearware) C:\Users\Sam D\Downloads\ComboFix.exe
    2015-07-24 16:51 - 2015-07-24 16:52 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Sam D\Downloads\tdsskiller.exe
    2015-07-24 13:43 - 2015-07-25 00:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-07-24 13:41 - 2015-07-24 16:38 - 00000000 ____D C:\Users\Sam D\Desktop\mbar
    2015-07-24 13:40 - 2015-07-24 13:41 - 00380416 _____ C:\Users\Sam D\Downloads\y6so8ixt.exe
    2015-07-24 13:38 - 2015-07-24 13:40 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Sam D\Downloads\mbar-1.09.1.1004.exe
    2015-07-24 12:27 - 2015-07-24 12:27 - 00000177 _____ C:\Users\Sam D\Desktop\scrapebox.txt
    2015-07-24 11:12 - 2015-07-24 11:12 - 00000000 ____D C:\Program Files\ESET
    2015-07-24 11:11 - 2015-07-24 11:11 - 02870984 _____ (ESET) C:\Users\Sam D\Downloads\esetsmartinstaller_enu.exe
    2015-07-24 10:59 - 2015-07-24 11:04 - 06754696 _____ C:\Users\Sam D\Downloads\CCl3aner5.07.5261.rar
    2015-07-22 12:37 - 2015-07-22 12:37 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TheBestSpinner3
    2015-07-22 12:37 - 2015-07-22 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBestSpinner3
    2015-07-22 12:37 - 2015-07-22 12:37 - 00000000 ____D C:\Program Files\TheBestSpinner3
    2015-07-22 12:28 - 2015-07-22 12:28 - 00784723 _____ C:\Users\Sam D\Downloads\bonus_super_spun_articles_55afc6468bce4.zip
    2015-07-21 22:53 - 2015-07-21 22:53 - 05509505 _____ C:\Users\Sam D\Downloads\SetupTheBestSpinner3.exe
    2015-07-21 22:53 - 2015-07-21 22:53 - 00784723 _____ C:\Users\Sam D\Downloads\bonus_super_spun_articles_55af074bbc3ca.zip
    2015-07-21 22:31 - 2015-07-21 22:32 - 00000000 ____D C:\Users\Sam D\Downloads\SetupTheBestSpinner3.421
    2015-07-21 22:22 - 2015-07-21 22:22 - 00000000 ____D C:\Users\Sam D\Downloads\TBS2k15 (1)
    2015-07-21 21:18 - 2015-07-21 21:18 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-07-21 20:23 - 2015-07-24 12:54 - 00000000 ____D C:\Users\Sam D\Desktop\San antonio articles stuff
    2015-07-21 15:15 - 2015-07-21 16:03 - 00000000 ____D C:\Users\Sam D\Downloads\KeywordResearcher
    2015-07-21 15:15 - 2015-07-21 15:15 - 02852471 _____ C:\Users\Sam D\Downloads\KeywordResearcher.rar
    2015-07-21 15:15 - 2015-01-09 04:19 - 08483504 _____ C:\Users\Sam D\Desktop\KeywordResearcher.exe
    2015-07-21 15:14 - 2015-07-21 15:14 - 03717120 _____ (Microsoft Corporation) C:\Users\Sam D\Downloads\KeywordResearcher9Latest.exe
    2015-07-19 18:44 - 2015-07-22 11:22 - 00000000 ____D C:\Users\Sam D\Desktop\New folder (2)
    2015-07-19 00:01 - 2015-07-19 00:01 - 01874588 _____ C:\Users\Sam D\Downloads\Fiverr SEO Gigs Handbook.zip
    2015-07-18 18:38 - 2015-07-18 18:39 - 61902129 _____ C:\Users\Sam D\Downloads\X-SpinnerBeta (1).zip
    2015-07-17 20:54 - 2015-07-17 20:55 - 155415094 _____ C:\Users\Sam D\Downloads\Wirecast_Play_6_0_5 (1).zip
    2015-07-17 20:47 - 2015-07-17 20:47 - 06537216 _____ C:\Users\Sam D\Downloads\flashmedialiveencoder_3.2_wwe_signed.msi
    2015-07-17 18:13 - 2015-07-18 15:55 - 00000000 ____D C:\Users\Sam D\Documents\Camtasia Studio
    2015-07-17 18:09 - 2015-07-17 18:09 - 00001128 _____ C:\Users\Public\Desktop\Camtasia Studio 8.lnk
    2015-07-17 18:09 - 2015-07-17 18:09 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
    2015-07-17 18:09 - 2015-07-17 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
    2015-07-17 18:08 - 2015-07-17 18:08 - 00000000 ____D C:\Program Files\Common Files\TechSmith Shared
    2015-07-17 18:07 - 2015-07-17 18:07 - 00000000 ____D C:\Program Files\TechSmith
    2015-07-17 17:54 - 2015-07-17 17:55 - 00000000 ____D C:\Users\Sam D\Documents\TechSmith Camtasia Studio 8.5.1 Build 1962 RePack by KpoJIuK
    2015-07-17 16:45 - 2015-07-17 16:45 - 00000165 ____H C:\Users\Sam D\Desktop\~$Sales call log and organizer1 sam.xlsx
    2015-07-17 00:19 - 2015-07-17 00:19 - 00001710 _____ C:\Users\Sam D\Desktop\FreemakeVD - Shortcut.lnk
    2015-07-17 00:19 - 2015-07-17 00:19 - 00000000 ____D C:\Users\Sam D\Documents\Freemake
    2015-07-17 00:14 - 2015-07-17 00:14 - 03705660 _____ C:\Users\Sam D\Downloads\julie martinz.rar
    2015-07-17 00:12 - 2015-07-17 00:12 - 01428393 _____ C:\Users\Sam D\Downloads\dr perkins reports.rar
    2015-07-17 00:04 - 2015-07-17 01:39 - 56338278 _____ C:\Users\Sam D\Downloads\brooks ballard stuff.rar
    2015-07-17 00:00 - 2015-07-17 00:00 - 00000000 ____D C:\Users\Sam D\Downloads\Archive-d013
    2015-07-16 23:53 - 2015-07-16 23:53 - 00469218 _____ C:\Users\Sam D\Downloads\alex fetanax reports.rar
    2015-07-16 23:29 - 2015-07-16 23:29 - 00001344 _____ C:\Users\Public\Desktop\Aimersoft YouTube Downloader.lnk
    2015-07-16 23:24 - 2015-07-16 23:25 - 00000000 ____D C:\Users\Sam D\Documents\SEO Content Machine
    2015-07-16 23:22 - 2015-07-16 23:22 - 15140358 _____ C:\Users\Sam D\Downloads\SEOCNTNTMCHN.zip
    2015-07-16 21:39 - 2015-07-16 21:39 - 00000165 ____H C:\Users\Sam D\Downloads\~$DrPerkins-KeywordRanking-Report (8).xlsx
    2015-07-16 15:32 - 2015-07-16 15:57 - 00000000 ____D C:\Users\Sam D\Downloads\X-SpinnerBeta
    2015-07-15 21:50 - 2015-07-15 21:50 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\JonathanLeger.com
    2015-07-15 21:50 - 2015-07-15 21:50 - 00000000 ____D C:\Users\Sam D\AppData\Local\JonathanLeger.com
    2015-07-15 21:40 - 2015-07-21 22:23 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.bak
    2015-07-15 21:38 - 2015-07-15 21:38 - 00002597 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hosts File Editor.lnk
    2015-07-15 21:38 - 2015-07-15 21:38 - 00000000 ____D C:\Program Files\Hosts File Editor
    2015-07-15 21:37 - 2015-07-15 21:37 - 00965632 _____ C:\Users\Sam D\Downloads\HostsFileEditorSetup-1.0.0.msi
    2015-07-15 21:35 - 2015-07-15 21:35 - 05478738 _____ C:\Users\Sam D\Downloads\TBS2k15.rar
    2015-07-15 21:35 - 2015-07-15 21:35 - 00000000 ____D C:\Users\Sam D\Downloads\TBS2k15
    2015-07-15 20:48 - 2015-07-15 21:08 - 62928929 _____ C:\Users\Sam D\Downloads\X-SpinnerBeta.zip
    2015-07-15 20:38 - 2015-07-15 20:42 - 00000000 ____D C:\Users\Sam D\Downloads\spinnerchiefiiirelease
    2015-07-15 20:31 - 2015-07-15 20:34 - 143837293 _____ C:\Users\Sam D\Downloads\spinnerchiefiiirelease.zip
    2015-07-15 19:50 - 2015-07-15 19:50 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\TechSmith
    2015-07-14 20:06 - 2015-07-14 20:56 - 155415094 _____ C:\Users\Sam D\Downloads\Wirecast_Play_6_0_5.zip
    2015-07-09 22:37 - 2015-07-09 22:38 - 08009896 _____ (TeamViewer GmbH) C:\Users\Sam D\Downloads\TeamViewer_Setup_en.exe
    2015-07-09 20:27 - 2015-07-09 20:29 - 34862410 _____ C:\Users\Sam D\Downloads\SuperStreamTube.zip
    2015-07-09 00:21 - 2015-07-09 00:22 - 74709456 _____ C:\Users\Sam D\Downloads\lvp-module-2-all-ad-commercials-zipped.zip
    2015-07-08 21:42 - 2015-07-08 22:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2015-07-05 22:52 - 2015-07-05 22:57 - 198186937 _____ C:\Users\Sam D\Downloads\13freeplrvideos.zip
    2015-07-05 22:43 - 2015-07-05 22:44 - 43332581 _____ C:\Users\Sam D\Downloads\usfreeadstraffic.zip
    2015-07-05 22:42 - 2015-07-05 22:43 - 23271937 _____ C:\Users\Sam D\Downloads\youtubeeditor.zip
    2015-07-05 22:29 - 2015-07-05 22:29 - 11159654 _____ C:\Users\Sam D\Downloads\PetGroomingTempPLR09JH.zip
    2015-07-05 22:15 - 2015-07-05 22:17 - 60621578 _____ C:\Users\Sam D\Downloads\Offline How To Videos for Local Businesses Set 1.zip
    2015-07-05 21:56 - 2015-07-05 21:56 - 17449904 _____ C:\Users\Sam D\Downloads\Groomers-postcards.zip
    2015-07-05 15:37 - 2015-07-06 17:31 - 00001721 _____ C:\Users\Sam D\Desktop\pi victorville.txt
    2015-07-04 12:46 - 2015-07-04 12:47 - 00000000 ____D C:\Users\Sam D\AppData\Local\Windows Live Writer
    2015-07-04 12:46 - 2015-07-04 12:46 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Windows Live Writer
    2015-07-03 21:06 - 2015-07-03 21:07 - 00189484 _____ C:\Users\Sam D\Downloads\3.5x2_businesscard.zip
    2015-07-02 19:46 - 2015-07-02 19:46 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Disruptive Innovations SARL
    2015-07-02 19:46 - 2015-07-02 19:46 - 00000000 ____D C:\Users\Sam D\AppData\Local\Disruptive Innovations SARL
    2015-07-02 19:45 - 2015-07-02 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueGriffon
    2015-07-02 19:45 - 2015-07-02 19:45 - 00000000 ____D C:\Program Files\BlueGriffon
    2015-07-02 17:06 - 2015-07-02 17:06 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\KompoZer
    2015-07-02 17:05 - 2015-07-02 17:05 - 00000000 ____D C:\Users\Sam D\Downloads\kompozer-0.7.10-win32
    2015-07-02 16:50 - 2015-07-02 16:50 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Nvu
    2015-07-02 16:19 - 2015-07-02 16:19 - 00000000 ____D C:\Users\Sam D\Downloads\2015 Minecraft account giveaways
    2015-07-02 13:54 - 2015-07-17 00:12 - 00000000 ____D C:\Users\Sam D\Desktop\youtube comment method
    2015-07-01 12:57 - 2015-07-01 12:57 - 00860501 _____ C:\Users\Sam D\Downloads\medlin.zip
    2015-06-30 16:34 - 2015-06-30 16:34 - 00000165 ____H C:\Users\Sam D\Desktop\~$50_old_usa_pva_gmail_accounts.xlsx
    2015-06-29 17:09 - 2015-07-23 18:18 - 00007604 _____ C:\Users\Sam D\AppData\Local\Resmon.ResmonCfg
    2015-06-26 23:06 - 2015-06-26 23:06 - 00000000 ____D C:\Users\Sam D\AppData\Local\Deshaker
    2015-06-25 02:33 - 2015-06-25 02:33 - 00000159 _____ C:\Users\Sam D\Downloads\Delicious.txt
    2015-06-25 02:33 - 2015-06-25 02:33 - 00000123 _____ C:\Users\Sam D\Downloads\Diigo.txt
    2015-06-25 00:23 - 2015-06-25 00:24 - 17713160 _____ (Microsoft Corporation) C:\Users\Sam D\Downloads\wsemp.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-25 11:57 - 2015-05-31 22:59 - 00000000 ____D C:\ProgramData\boost_interprocess
    2015-07-25 11:49 - 2014-12-29 19:27 - 01272075 _____ C:\Windows\WindowsUpdate.log
    2015-07-25 11:37 - 2015-02-01 21:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-07-25 11:37 - 2014-09-29 01:47 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-07-25 11:36 - 2015-03-15 21:10 - 00000000 ___RD C:\Users\Sam D\Dropbox
    2015-07-25 11:35 - 2015-03-15 21:06 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Dropbox
    2015-07-25 11:34 - 2014-09-29 01:47 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-07-25 11:34 - 2014-08-28 09:19 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-07-25 11:33 - 2011-04-14 23:32 - 00000000 ____D C:\ProgramData\NVIDIA
    2015-07-25 11:33 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-07-25 02:07 - 2009-07-13 22:04 - 00000215 _____ C:\Windows\system.ini
    2015-07-25 01:46 - 2011-01-10 19:42 - 00000000 ___HD C:\Users\Sam D\AppData\Local\Apps\2.0
    2015-07-25 01:45 - 2009-07-14 00:34 - 00016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-07-25 01:45 - 2009-07-14 00:34 - 00016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-07-25 01:44 - 2011-02-06 20:38 - 00000000 ____D C:\Windows\pss
    2015-07-25 01:31 - 2015-02-16 11:09 - 00000000 ____D C:\AdwCleaner
    2015-07-25 01:15 - 2015-06-16 16:05 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000UA.job
    2015-07-25 01:10 - 2014-09-28 02:12 - 00000000 ____D C:\Users\Sam D
    2015-07-25 01:06 - 2014-09-27 13:30 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-07-25 00:34 - 2014-09-27 13:30 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2015-07-24 22:57 - 2009-07-13 22:37 - 00000000 __RHD C:\Users\Default
    2015-07-24 22:39 - 2009-07-13 22:03 - 59506688 _____ C:\Windows\system32\config\SOFTWARE.bak
    2015-07-24 22:39 - 2009-07-13 22:03 - 28311552 _____ C:\Windows\system32\config\SYSTEM.bak
    2015-07-24 22:39 - 2009-07-13 22:03 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
    2015-07-24 22:39 - 2009-07-13 22:03 - 00028672 _____ C:\Windows\system32\config\SAM.bak
    2015-07-24 22:39 - 2009-07-13 22:03 - 00020480 _____ C:\Windows\system32\config\SECURITY.bak
    2015-07-24 22:38 - 2014-09-27 02:51 - 00000000 ____D C:\Windows\ERDNT
    2015-07-24 20:11 - 2015-02-12 01:59 - 00002042 _____ C:\Users\Sam D\Documents\Default.rdp
    2015-07-24 13:57 - 2014-09-27 20:28 - 00000000 ____D C:\Users\Sam D\AppData\Local\CrashDumps
    2015-07-24 13:42 - 2014-08-28 09:18 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-07-24 12:55 - 2011-04-24 19:50 - 00000000 ___HD C:\Users\Sam D\AppData\Roaming\Skype
    2015-07-24 02:15 - 2015-06-16 16:05 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000Core.job
    2015-07-22 20:07 - 2009-09-24 15:40 - 00000000 ____D C:\Program Files\CCleaner
    2015-07-21 20:25 - 2015-06-22 14:09 - 00000000 ____D C:\Users\Sam D\Desktop\New folder
    2015-07-20 16:50 - 2015-05-31 16:04 - 00000000 ____D C:\ProgramData\Aimersoft YouTube Downloader
    2015-07-18 20:22 - 2015-05-31 22:24 - 00123556 _____ C:\Users\Sam D\AppData\Roaming\net.telestream.wirecast.xml
    2015-07-18 20:21 - 2015-05-31 22:24 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Wirecast for YouTube
    2015-07-18 13:05 - 2014-12-09 17:36 - 00000000 ____D C:\_acestream_cache_
    2015-07-17 20:48 - 2012-11-01 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
    2015-07-17 20:48 - 2011-01-08 00:40 - 00000000 ____D C:\Program Files\Adobe
    2015-07-17 20:48 - 2010-12-26 19:38 - 00000000 ___HD C:\Users\Sam D\AppData\Roaming\Adobe
    2015-07-17 19:58 - 2010-12-26 20:04 - 00000000 ___HD C:\Users\Sam D\AppData\Roaming\BitTorrent
    2015-07-17 19:57 - 2014-11-01 02:45 - 00000000 ____D C:\Windows\Minidump
    2015-07-17 18:09 - 2011-01-21 17:10 - 00000000 ____D C:\ProgramData\TechSmith
    2015-07-17 10:17 - 2012-04-11 17:57 - 00117272 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
    2015-07-17 10:16 - 2009-07-14 00:33 - 00446912 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-07-17 01:40 - 2015-03-05 16:36 - 56410227 _____ C:\Users\Sam D\Downloads\BrooksBallardFineHomesEstates.zip
    2015-07-17 01:17 - 2014-12-11 21:37 - 00000000 ____D C:\Program Files\Citrix
    2015-07-17 01:12 - 2015-06-19 23:46 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Stardock
    2015-07-17 01:12 - 2015-06-19 23:46 - 00000000 ____D C:\Users\Sam D\AppData\Local\Stardock
    2015-07-17 01:12 - 2015-06-19 23:46 - 00000000 ____D C:\ProgramData\Stardock
    2015-07-17 01:12 - 2015-06-19 23:45 - 00000000 ____D C:\Program Files\Stardock
    2015-07-17 00:51 - 2014-12-07 23:21 - 00000000 ____D C:\Users\Sam D\AppData\Local\Deployment
    2015-07-17 00:49 - 2015-03-11 13:29 - 00000000 ____D C:\Users\Sam D\AppData\Local\Mozilla
    2015-07-17 00:49 - 2015-03-11 12:57 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Mozilla
    2015-07-17 00:43 - 2011-01-10 03:16 - 00000000 ____D C:\Windows\system32\XPSViewer
    2015-07-17 00:43 - 2009-07-14 00:56 - 00000000 ____D C:\Windows\system32\winrm
    2015-07-17 00:00 - 2015-06-10 19:25 - 00000000 ____D C:\Users\Sam D\AppData\Local\IIIQ
    2015-07-16 23:55 - 2015-03-07 01:09 - 00000000 ____D C:\Users\Sam D\Downloads\Archive-9cd1
    2015-07-16 23:39 - 2014-09-28 11:22 - 00118056 _____ C:\Users\Sam D\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-07-16 23:24 - 2015-06-12 22:37 - 00000000 ____D C:\Users\Sam D\AppData\Local\Satin_Blue
    2015-07-16 23:07 - 2011-04-19 13:06 - 02721183 _____ C:\Windows\system32\oodbs.lor
    2015-07-16 13:20 - 2015-03-25 20:59 - 00000000 ____D C:\Users\Sam D\Desktop\PPC Business
    2015-07-16 12:36 - 2015-05-05 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-07-15 23:49 - 2012-02-21 15:48 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\vlc
    2015-07-14 20:10 - 2014-12-27 14:03 - 00023398 _____ C:\Users\Sam D\Desktop\50_old_usa_pva_gmail_accounts.xlsx
    2015-07-14 16:37 - 2012-04-22 12:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-07-14 16:37 - 2011-05-20 16:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-07-14 15:16 - 2014-10-30 23:55 - 00000000 ____D C:\Users\Sam D\Desktop\Consulting
    2015-07-14 15:00 - 2011-04-06 14:25 - 00000000 ___HD C:\Users\Sam D\AppData\Roaming\Media Player Classic
    2015-07-14 14:41 - 2015-06-02 18:12 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\HandBrake
    2015-07-14 14:05 - 2015-06-08 19:50 - 00096511 _____ C:\Users\Sam D\.websiteauditor.properties
    2015-07-14 14:05 - 2015-06-08 19:50 - 00000000 ____D C:\Users\Sam D\.websiteauditor
    2015-07-14 14:03 - 2015-06-17 01:12 - 00000000 ____D C:\Users\Sam D\.ranktracker
    2015-07-14 14:03 - 2014-11-07 01:57 - 00137380 _____ C:\Users\Sam D\.ranktracker.properties
    2015-07-14 14:02 - 2010-12-26 20:11 - 00000000 ____D C:\Users\Sam D\Desktop\entertainment
    2015-07-14 13:59 - 2014-09-28 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-07-14 11:56 - 2014-12-26 17:27 - 00000000 ____D C:\Users\Sam D\Desktop\proxy stuff and related
    2015-07-14 11:34 - 2014-09-29 01:48 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-07-13 16:04 - 2011-01-08 18:45 - 00000000 ___HD C:\Users\Sam D\AppData\Roaming\FileZilla
    2015-07-11 01:20 - 2014-10-31 15:05 - 00000000 ___RD C:\Program Files\Skype
    2015-07-11 01:20 - 2011-04-24 19:49 - 00000000 ____D C:\ProgramData\Skype
    2015-07-10 17:39 - 2015-02-10 17:02 - 00000000 ____D C:\Users\Sam D\Desktop\Ripoffreport Stuff
    2015-07-10 14:20 - 2015-02-01 00:24 - 00000000 ____D C:\Users\Sam D\AppData\Local\Commando
    2015-07-09 12:14 - 2014-09-28 17:01 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-07-08 15:37 - 2015-04-20 14:31 - 00040553 _____ C:\Users\Sam D\Desktop\Sales call log and organizer1 sam.xlsx
    2015-07-08 15:06 - 2015-04-20 10:16 - 00000000 ____D C:\Users\Sam D\Desktop\Attorney Combined Files
    2015-07-04 12:46 - 2013-02-28 23:35 - 00001406 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    2015-07-04 12:46 - 2013-02-28 23:21 - 00000000 ____D C:\Users\Sam D\AppData\Local\Windows Live
    2015-07-02 19:38 - 2015-01-18 01:01 - 00001952 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
    2015-07-02 19:38 - 2011-01-08 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
    2015-07-02 19:38 - 2011-01-08 18:45 - 00000000 ____D C:\Program Files\FileZilla FTP Client
    2015-07-02 13:56 - 2015-02-17 19:50 - 00000000 ____D C:\Users\Sam D\Desktop\customer info
    2015-07-01 23:36 - 2009-04-24 18:28 - 00052736 _____ C:\Users\Sam D\Desktop\affiliate list.v1.xls
    2015-06-27 15:24 - 2014-08-28 09:18 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-06-27 15:24 - 2014-08-28 09:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-06-27 15:24 - 2014-08-28 09:17 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2015-06-26 12:47 - 2014-12-29 17:57 - 00005632 _____ C:\Users\Sam D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ==================== Files in the root of some directories =======

    2014-09-17 21:05 - 2014-09-17 21:05 - 11249152 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
    2014-03-18 14:13 - 2014-03-18 14:14 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
    2011-01-10 02:44 - 2011-01-10 02:44 - 0874496 ____H (ExtremeCoderz) C:\Users\Sam D\AppData\Roaming\MultiPoster4.exe
    2015-05-31 22:24 - 2015-07-18 20:22 - 0123556 _____ () C:\Users\Sam D\AppData\Roaming\net.telestream.wirecast.xml
    2015-06-01 00:15 - 2015-06-01 00:15 - 0014543 _____ () C:\Users\Sam D\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_destination.png
    2015-06-01 00:15 - 2015-06-01 00:15 - 0014186 _____ () C:\Users\Sam D\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_main.png
    2011-01-10 02:44 - 2011-01-10 02:44 - 0000324 ____H () C:\Users\Sam D\AppData\Roaming\settings.cfg
    2014-12-29 17:57 - 2015-06-26 12:47 - 0005632 _____ () C:\Users\Sam D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-01-19 12:34 - 2015-04-02 21:27 - 0000600 _____ () C:\Users\Sam D\AppData\Local\PUTTY.RND
    2015-06-29 17:09 - 2015-07-23 18:18 - 0007604 _____ () C:\Users\Sam D\AppData\Local\Resmon.ResmonCfg
    2014-12-15 13:45 - 2014-12-15 13:45 - 0000000 _____ () C:\Users\Sam D\AppData\Local\{EA8A6224-C8D9-48BF-8C16-038572217C9F}

    Some files in TEMP:
    ====================
    C:\Users\Sam D\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5sdnxp.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => MD5 is legit
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-07-16 13:40

    ==================== End of log ============================
     
  2. kingmob

    kingmob TS Rookie Topic Starter Posts: 25

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-07-2015
    Ran by Sam D at 2015-07-25 12:03:33
    Running from C:\Users\Sam D\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3192665374-2718563871-2505210960-500 - Administrator - Disabled)
    Guest (S-1-5-21-3192665374-2718563871-2505210960-501 - Limited - Disabled)
    Sam D (S-1-5-21-3192665374-2718563871-2505210960-1000 - Administrator - Enabled) => C:\Users\Sam D

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.214 - Adobe Systems Incorporated)
    Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
    Adobe Flash Media Live Encoder 3.2 (HKLM\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)
    Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
    Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
    Adobe Reader 9.5.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
    Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - )
    Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - )
    Aimersoft YouTube Downloader(Build 4.3.3.0) (HKLM\...\Aimersoft YouTube Downloader_is1) (Version: 4.3.3.0 - Aimersoft Software)
    BitTorrent (HKLM\...\BitTorrent) (Version: 7.2.1 - )
    BitTorrent (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
    BlueGriffon version 1.7.2 (HKLM\...\{A9015334-10BE-4D64-A776-203336EFE806}_is1) (Version: 1.7.2 - Disruptive Innovations SAS)
    Camtasia Studio 8 (HKLM\...\{A0FC961E-DC6D-4144-9277-ECDBB99D0AB9}) (Version: 8.5.1.1962 - TechSmith Corporation)
    CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
    Comcast Desktop Software (v1.2.1) (HKLM\...\{118C3943-1683-42EF-824D-C22E70DB42E7}) (Version: 24 - Comcast)
    CommandoHQ (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\51b760cdbee7f500) (Version: 2.0.9.20 - CommandoHQ)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1001 - CyberLink Corp.)
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell System Detect - 1 (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\73f463568823ebbe) (Version: 5.12.0.3 - Dell)
    Dell System Detect (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\9204f5692a8faf3b) (Version: 5.10.0.8 - Dell)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.102.7 - Alps Electric)
    DELL Webcam Center (HKLM\...\DELL Webcam Center) (Version: - )
    DELL Webcam Manager (HKLM\...\DELL Webcam Manager) (Version: - )
    DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
    DocSignal (HKLM\...\{F1360A8D-370E-41D3-B93B-9FD2A4C127E3}) (Version: 1.0.0 - DocSignal)
    Dropbox (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Dropbox) (Version: 3.6.9 - Dropbox, Inc.)
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    FileZilla Client 3.11.0.2 (HKLM\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse)
    Foxit Advanced PDF Editor 3 (HKLM\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)
    Foxit Creator (HKLM\...\Foxit Creator) (Version: 3,0,2,0506 - Foxit Corporation)
    Foxit Reader (HKLM\...\Foxit Reader) (Version: 3.1.2.1013 - Foxit Software Company)
    Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
    Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
    Google Drive (HKLM\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
    HandBrake 0.10.1 (HKLM\...\HandBrake) (Version: 0.10.1 - )
    Hosts File Editor (HKLM\...\{EC9CF3E9-3C14-43D6-B9D0-5B4232926FAC}) (Version: 1.0.0 - Scott Lerch)
    iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
    Internet Email Extractor (HKLM\...\{3C86FB10-F491-4DE1-84A7-78AEAF12C41B}) (Version: 5.0.9.20 - theskysoft)
    ISO Opener (HKLM\...\{CE235F00-F8CD-41AF-83D5-236D90E33BFB}_is1) (Version: - www.isoopener.com)
    Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    KeywordSpy SEO/PPC Plug-in 1.0.2 (HKLM\...\KeywordSpy SEO/PPC Plug-in) (Version: 1.0.2 - KeywordSpy.com)
    K-Lite Mega Codec Pack 6.7.0 (HKLM\...\KLiteCodecPack_is1) (Version: 6.7.0 - )
    Laptop Integrated Webcam Driver (1.04.01.1011) (HKLM\...\Creative OEM002) (Version: - )
    Lead Grabber Pro 3.0 (HKLM\...\{CE4D250E-2F02-4ADA-82E8-43ED01AC4120}) (Version: 3.0.0 - Mindless Marketing LLC)
    Magic YouTube Xtractor version 1.16 (HKLM\...\{9629C88B-66A7-4EB3-84E4-DAA47F683DCA}_is1) (Version: 1.16 - Alexandr Krulik)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Office Standard Edition 2003 (HKLM\...\{90120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SkyDrive (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
    Online Lead Finder (HKLM\...\{1650E57C-59B0-41AC-BDB5-91DC30825C2B}) (Version: 3.3.07 - Duncan Wierman)
    Online Lead Finder Installer (HKLM\...\{D4159E19-380E-4F2E-B57C-20237F3D19B6}) (Version: 3.3.06 - Duncan Wierman)
    OpenAL (HKLM\...\OpenAL) (Version: - )
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    PhotoFiltre (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\PhotoFiltre) (Version: - )
    Port Forward Network Utilities (HKLM\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.7 - Portforward, LLC)
    Privoxy (remove only) (HKLM\...\Privoxy) (Version: - )
    ProxySwitcher Standard (HKLM\...\ProxySwitcher Standard_is1) (Version: 5.10.1 - V-Tech LLC)
    ProxyToolbox (HKLM\...\{C9851860-8485-43EA-81C5-84551DF9AE1E}) (Version: 1.0.1 - XorBots)
    QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
    SEO PowerSuite (HKLM\...\seopowersuite) (Version: - )
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
    Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
    Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
    SopCast 3.9.3 (HKLM\...\SopCast) (Version: 3.9.3 - www.sopcast.com)
    SQLite ADO.NET 2.0/3.5 Provider (HKLM\...\{00257FA9-3622-45E4-8B4B-A792CC5169EB}) (Version: 1.066.0 - Phoenix Software Solutions, LLC)
    Stardock Fences 2 (HKLM\...\Stardock Fences 2) (Version: 2.12 - Stardock Software, Inc.)
    StreamTorrent 1.0 (HKLM\...\StreamTorrent 1.0) (Version: - )
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
    System.Data.SQLite v1.0.83.0 (HKLM\...\{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1) (Version: 1.0.83.0 - System.Data.SQLite Team)
    TheBestSpinner3 (HKLM\...\TheBestSpinner3) (Version: - )
    Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version: - Microsoft)
    Update or Uninstall SENukeX (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\2ce4fd5e017fe1d3) (Version: 3.0.0.56 - SENukeX)
    VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
    Video Marketing Blaster Pro (HKLM\...\Video Marketing Blaster Pro) (Version: 1.03 - BlasterSuite)
    Video Spin Blaster 2.92 (HKLM\...\Video Spin Blaster 2.92) (Version: 2.92 - Sodevrom)
    Video Spin Blaster Pro (HKLM\...\Video Spin Blaster Pro) (Version: 2.09 - BlasterSuite)
    VideoPad Video Editor (HKLM\...\VideoPad) (Version: 4.08 - NCH Software)
    VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Web Data Extractor 8.3 (HKLM\...\Web Data Extractor_is1) (Version: - )
    WebHarvy (HKLM\...\{844AF52E-FECD-4BDC-AB6E-11EF790A7DA2}) (Version: 3.3.0.106 - SysNucleus)
    Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
    Winamp Detector Plug-in (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
    WinAVI All in One Converter (HKLM\...\WinAVI All in One Converter) (Version: 1.2.0.3939 - ZJMedia Digital Technology Ltd.)
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
    Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
    Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
    WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
    Wirecast (HKLM\...\{5E0D2663-CFB2-440E-900C-7A7AC59C06F4}) (Version: 6.0.4 - Telestream LLC)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Users\Sam D\AppData\Local\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSW (the data entry has 15 more characters).
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Users\Sam D\AppData\Local\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSP (the data entry has 21 more characters).
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{2A235D7E-0358-40E2-B51A-DE22F8F5C50D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> C:\Users\Sam D\AppData\Local\TechSmith\SnagIt\Accessories\{18AA4E21-D540-4a3a-9F9F-E6DE33D6F253}\MSE (the data entry has 16 more characters).
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{672CDBDB-0270-4EB9-83EC-216377522D21}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Users\Sam D\AppData\Local\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSW (the data entry has 15 more characters).
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\FileSyncApi.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    17-07-2015 20:47:42 Installed Adobe Flash Media Live Encoder 3.2.
    19-07-2015 16:24:46 Revo Uninstaller Pro's restore point - TheBestSpinner3
    19-07-2015 16:41:27 Revo Uninstaller Pro's restore point - TheBestSpinner3
    21-07-2015 21:15:20 Revo Uninstaller Pro's restore point - TheBestSpinner3
    21-07-2015 21:33:23 Revo Uninstaller Pro's restore point - TheBestSpinner3
    21-07-2015 21:39:36 Revo Uninstaller Pro's restore point - TheBestSpinner3
    21-07-2015 22:15:10 Revo Uninstaller Pro's restore point - TheBestSpinner3
    21-07-2015 22:34:26 Revo Uninstaller Pro's restore point - TheBestSpinner3
    22-07-2015 12:30:40 Revo Uninstaller Pro's restore point - TheBestSpinner3
    24-07-2015 16:36:49 Malwarebytes Anti-Rootkit Restore Point
    25-07-2015 01:07:57 JRT Pre-Junkware Removal

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:04 - 2015-07-25 02:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00F435BA-51B3-4144-8AA0-00B6A0D48CDB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {10A4A8BF-6135-452F-8EB4-9512B7B951CE} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3192665374-2718563871-2505210960-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {2747CF55-1A81-4664-8474-89BB26640D50} - System32\Tasks\1aad7560 => C:\Users\SAMD~1\AppData\Local\Temp\\setup2115342688.exe <==== ATTENTION
    Task: {2C9E545E-0FE2-4689-A1A2-829FDFFE227A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-04-12] ()
    Task: {33C6D576-29F2-4C98-B744-E2EA051CECB4} - \avaxvyyvyf No Task File <==== ATTENTION
    Task: {4BB7520A-1ABC-4F12-AACF-31390DF41E6C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000Core => C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
    Task: {5EC408D9-C9FE-4262-AC19-55E8BFC63274} - System32\Tasks\123bd930 => C:\Users\SAMD~1\AppData\Local\Temp\\setup784407880.exe <==== ATTENTION
    Task: {7128EE8C-CC01-4E7B-B6C4-CE4F48F74E74} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {789232E3-7544-466D-AC63-7FE9394B2D6C} - System32\Tasks\{43F6B7A1-A0A0-4311-B669-5661413222D5} => C:\Program Files\Skype\\Phone\Skype.exe [2015-06-29] (Skype Technologies S.A.)
    Task: {791118FA-D3CD-4CF9-A2E8-3FABACC396F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
    Task: {7B4A94EB-0827-43E6-ADB0-8E81D0973647} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
    Task: {7D0F2FF6-F8F7-4B53-AA9B-4491D26BDB92} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SamD-PC-Sam D SamD-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
    Task: {8B0C429A-39C7-4BDD-8060-3F71F06A1FEB} - System32\Tasks\{0B3BB5FE-BF15-427C-BFED-2C169AA0E2D8} => C:\Users\Sam D\Documents\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exe
    Task: {92357EA3-E6D8-4D2D-AFAB-C92C92F60554} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
    Task: {951DB3A3-8D65-4C59-B0F7-2DD8A0028BEB} - System32\Tasks\{113B5DFE-1E86-41BA-8A42-53C576EAE466} => C:\Users\Sam D\Documents\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exe
    Task: {9D7E4113-E6E4-409C-9EEA-8DF1DEEBEFF9} - System32\Tasks\{CD4C9D5F-CBBD-4DDE-921D-41FDF0849985} => pcalua.exe -a "C:\Users\Sam D\Documents\Advanced ID Creator Premier\Advanced ID Creator Premier.exe" -d "C:\Users\Sam D\Documents\Advanced ID Creator Premier"
    Task: {9EF16D03-FE9A-4C17-B73C-09B6A7633228} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000UA => C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
    Task: {A991C7C8-4D55-4D2C-AAC2-6C29A52B98B7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
    Task: {BFF8A89F-6FC3-4169-B533-BFE99AD22926} - System32\Tasks\4518aa00 => C:\Users\SAMD~1\AppData\Local\Temp\\setup2397252992.exe <==== ATTENTION
    Task: {D7A6C2E9-C503-4070-B04E-808551566845} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3192665374-2718563871-2505210960-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {DF13B937-746F-4BBF-A29A-060CF1446D56} - System32\Tasks\{695DE3E2-42FC-46E4-B3B1-558ADC26D2AC} => C:\Users\Sam D\Documents\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exe
    Task: {E85E6223-3FB4-4B8D-B26C-E480C59368FC} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
    Task: {EBD7A3F6-3F03-44DA-B28A-71AC1D1B56DF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {EE14D30D-59F8-43A1-9947-740A4E8F164E} - System32\Tasks\{F734AC17-73A6-468A-BBCE-9B881F27CC4D} => C:\Users\Sam D\Documents\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exe
    Task: {FAF2834E-BE6E-4664-96A3-A7D06103FABB} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
    Task: {FFBBF448-B9B0-40D5-8E8E-BCE134F07E89} - \PCDEventLauncherTask No Task File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000Core.job => C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000UA.job => C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2014-12-08 01:25 - 2014-05-19 20:04 - 00106840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
    2015-06-02 11:20 - 2015-06-02 11:20 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
    2015-06-23 02:13 - 2015-06-23 02:13 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
    2015-01-21 14:58 - 2015-01-21 14:58 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2015-05-07 15:27 - 2015-05-07 15:27 - 00259584 _____ () C:\Program Files\Telestream\Wirecast\filters\WirecastVirtualCamera.ax
    2015-07-14 11:34 - 2015-07-13 17:55 - 01281864 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
    2015-07-14 11:34 - 2015-07-13 17:55 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.134\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Sam D\Downloads\FiverrMiddleMan.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Sam D\Downloads\LinkedInAdvertising.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Sam D\Downloads\LinkedInLeads.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Sam D\Downloads\National-List-Attorneys.zip:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Sam D\Downloads\Ultimate_Tube_Profits.pdf:$CmdZnID

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\dell.com -> dell.com
    IE trusted site: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\intuit.com -> hxxps://ttlc.intuit.com


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sam D\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AffinegyService => 2
    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: Fax => 3
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: lxbk_device => 2
    MSCONFIG\startupfolder: C:^Users^Sam D^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk => C:\Windows\pss\Stardock ObjectDock.lnk.Startup
    MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    MSCONFIG\startupreg: BitTorrent => "C:\Users\Sam D\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Aimersoft\YouTube Downloader\DelayPluginI.exe
    MSCONFIG\startupreg: Desktop Software => "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
    MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    MSCONFIG\startupreg: Power2GoExpress => "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe"
    MSCONFIG\startupreg: PSwitch => C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [UDP Query User{19E61B84-BE3F-47B2-8158-4E6799AFEC76}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe
    FirewallRules: [TCP Query User{38D0EECD-5E94-46B7-BBD1-2BCBBF1E3A67}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe
    FirewallRules: [{A3FB9A38-9FA5-4AA2-9B1D-7539C9214A79}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe
    FirewallRules: [{F548139A-CA87-4272-BAA7-B6BB1FDAF5FA}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe
    FirewallRules: [UDP Query User{ACF03D02-E5DB-4A37-9B01-153D15A3EBAC}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
    FirewallRules: [TCP Query User{5ADBE869-3344-48C6-A4C6-D7BEB4F04DBC}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
    FirewallRules: [{0D38C7A5-5C87-44C5-BF58-D66DB3E8CAE9}] => (Allow) C:\Users\Sam D\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{04422F43-AEDC-45E3-BB9A-68F3FE292CC8}] => (Allow) C:\Users\Sam D\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{3DF235C1-0AA6-416E-9CAC-3FE747CD60EE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
    FirewallRules: [{ECBB7116-7B46-40F0-A8D3-38A3B3EAA74B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{A4BA1717-F71D-4AC5-A3A5-03B015D1109D}] => (Allow) C:\Program Files\Winamp\winamp.exe
    FirewallRules: [{2423CA43-42FD-45DE-BD1E-23F19B873579}] => (Allow) C:\Program Files\Winamp\winamp.exe
    FirewallRules: [TCP Query User{68635257-B1A5-4329-A476-762824EC5902}C:\users\sam d\documents\microsoft office 2013 professional plus (32-bit) (x86) + activation toolkit\microsoft toolkit 2.4.9\microsoft toolkit.exe] => (Allow) C:\users\sam d\documents\microsoft office 2013 professional plus (32-bit) (x86) + activation toolkit\microsoft toolkit 2.4.9\microsoft toolkit.exe
    FirewallRules: [UDP Query User{0175FE63-7A98-483C-A8DA-FA3CC70E4D36}C:\users\sam d\documents\microsoft office 2013 professional plus (32-bit) (x86) + activation toolkit\microsoft toolkit 2.4.9\microsoft toolkit.exe] => (Allow) C:\users\sam d\documents\microsoft office 2013 professional plus (32-bit) (x86) + activation toolkit\microsoft toolkit 2.4.9\microsoft toolkit.exe
    FirewallRules: [{131D81C0-6D68-4D41-B3F5-0E7C200B5C8A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{2FC7876D-834B-48D0-89D5-762192D2621D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{42B357BA-489D-406F-897B-67DDB40BBE16}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{833E2418-D638-4D20-A3A6-4E936B4B9C45}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [TCP Query User{15E9D20A-2BC2-451A-A062-B2D6ACC55DF0}C:\program files\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files\portforward\port forward network utilities\pfportchecker.exe
    FirewallRules: [UDP Query User{12940B2B-90F9-4DFD-951B-5959305B3480}C:\program files\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files\portforward\port forward network utilities\pfportchecker.exe
    FirewallRules: [{E577BB6D-4FAE-4017-AA72-D073847CBDCF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{7E1C7E47-5B19-465F-A4CC-1037272D1DC4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{2CB05B58-A76F-4EED-AC6A-A115F1CABB5E}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{F53E1AF0-CD4A-4D8C-8CB4-7DE12CE6FABC}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
    FirewallRules: [{17F6FA62-C840-4B53-B05C-9A08468738EB}] => (Allow) C:\Users\Sam D\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{1D26A52A-D643-4F6F-A807-3FC2259F509A}] => (Allow) C:\Users\Sam D\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [TCP Query User{7A499074-E6D5-4A0B-8614-14C782CC33EE}C:\users\sam d\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sam d\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{FF2BC76E-B26B-45C3-AC62-8552CB1C1652}C:\users\sam d\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sam d\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{7F6344DB-B551-4EE7-BDBC-CB47D4898471}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{51217ED9-F716-4F38-8EFC-2AF2B36C3CA9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{3B53104C-1784-40E8-A228-F47AFD294171}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{3AF3A65D-FBB0-406A-BA8D-CAB361923E6A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [TCP Query User{371CC202-0227-45B3-B359-9C2B63945AA4}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
    FirewallRules: [UDP Query User{85A9067E-9F8F-4E3E-ACAD-3E535F5A88A7}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
    FirewallRules: [TCP Query User{D9EA6939-A7E5-4CB9-93DF-9DFE51BC6EC0}C:\users\sam d\lead software\images\phantomjs.exe] => (Allow) C:\users\sam d\lead software\images\phantomjs.exe
    FirewallRules: [UDP Query User{F7A3D181-B3FA-4601-B64C-D2BAE2C55DF6}C:\users\sam d\lead software\images\phantomjs.exe] => (Allow) C:\users\sam d\lead software\images\phantomjs.exe
    FirewallRules: [TCP Query User{FD934498-D11D-4304-A7F6-97198EA81280}C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe
    FirewallRules: [UDP Query User{D70E3FE5-8BB1-40CC-9295-3F25039FF837}C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe
    FirewallRules: [TCP Query User{9A2841D7-78A8-4919-8467-77358F532D9B}C:\program files\sopcast\sopcast.exe] => (Block) C:\program files\sopcast\sopcast.exe
    FirewallRules: [UDP Query User{584AD027-B8CC-45B3-99AB-344204752135}C:\program files\sopcast\sopcast.exe] => (Block) C:\program files\sopcast\sopcast.exe
    FirewallRules: [TCP Query User{09856936-5DE6-4056-8A2E-D369EB2C7570}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
    FirewallRules: [UDP Query User{38064DAE-1DDA-4B6C-89D8-FE9AF166F181}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
    FirewallRules: [{613A2CFC-14AC-458F-83E5-24FE21D9DE2D}] => (Allow) C:\Windows\explorer.exe
    FirewallRules: [{6C90A10E-312F-4D09-8556-99F1A978D68B}] => (Allow) C:\Windows\system32\rundll32.exe
    FirewallRules: [{A09733B8-8C6C-4EF1-A05D-A0F2839B4D6E}] => (Allow) C:\Program Files\Link-AssistantCom\BuzzBundle\bin\buzzbundle.exe
    FirewallRules: [{4DD21B2E-D023-4717-A07D-7AF259A4A472}] => (Allow) C:\Program Files\Link-AssistantCom\BuzzBundle\bin\buzzbundle.exe
    FirewallRules: [{0CE5DF61-048D-4A9B-BC16-AB285FC33A0A}] => (Allow) C:\Program Files\Link-AssistantCom\BuzzBundle\bin\buzzbundle.exe
    FirewallRules: [{1634C6B4-0709-4DA0-8308-44E516AFA34B}] => (Allow) C:\Program Files\Link-AssistantCom\BuzzBundle\bin\buzzbundle.exe
    FirewallRules: [{8D583FD3-1536-4DFA-9230-883ECE8F85D9}] => (Allow) C:\Program Files\Link-AssistantCom\SEO SpyGlass\bin\seospyglass.exe
    FirewallRules: [{DAF689C9-3D87-4826-8449-DB211723D71E}] => (Allow) C:\Program Files\Link-AssistantCom\SEO SpyGlass\bin\seospyglass.exe
    FirewallRules: [{8BA605B7-E777-454F-8E6D-EB197F40140D}] => (Allow) C:\Program Files\Link-AssistantCom\SEO SpyGlass\bin\seospyglass.exe
    FirewallRules: [{C6E3EFFF-02CD-48CE-97BD-09CF9BF66789}] => (Allow) C:\Program Files\Link-AssistantCom\SEO SpyGlass\bin\seospyglass.exe
    FirewallRules: [{DF0F5A16-C312-4909-BDD3-82EA099BBC4B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{DB45E0B5-51B5-4DF8-BAE2-CFE6A67DB5A6}C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe
    FirewallRules: [UDP Query User{2310DE64-26A4-49E1-AC74-B8587011847A}C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe
    FirewallRules: [{CEEE0219-D277-46C8-82CB-1299597EC0F9}] => (Allow) LPort=8317

    ==================== Faulty Device Manager Devices =============

    Name: Kaspersky Anti-Virus NDIS 6 Filter
    Description: Kaspersky Anti-Virus NDIS 6 Filter
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: KLIM6
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Base System Device
    Description: Base System Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
    Description: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
    Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Manufacturer: NVIDIA
    Service: nvvad_WaveExtensible
    Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
    Resolution: The start type for this driver is set to disabled in the registry.
    Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

    Name: Base System Device
    Description: Base System Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/25/2015 11:37:34 AM) (Source: Intuit Update Service) (EventID: 0) (User: )
    Description: Service cannot be started. The service process could not connect to the service controller

    Error: (07/25/2015 11:33:58 AM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: Windows license activation failed. Error 0x80070005.

    Error: (07/25/2015 01:48:12 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Windows\System32\wbem\WmiPrvSE.exe; Description = ComboFix created restore point; Error = 0x8007043c).

    Error: (07/25/2015 01:48:11 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
    .


    Operation:
    Instantiating VSS server

    Error: (07/25/2015 01:48:11 AM) (Source: VSS) (EventID: 18) (User: )
    Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
    The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
    ]


    Operation:
    Instantiating VSS server

    Error: (07/25/2015 01:32:45 AM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: Windows license activation failed. Error 0x80070005.

    Error: (07/25/2015 12:52:16 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (07/25/2015 12:07:37 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (07/25/2015 12:03:19 AM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: Windows license activation failed. Error 0x80070005.

    Error: (07/24/2015 11:16:41 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005


    System errors:
    =============
    Error: (07/25/2015 11:38:33 AM) (Source: DCOM) (EventID: 10001) (User: )
    Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

    Error: (07/25/2015 11:37:25 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error: (07/25/2015 11:35:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1058

    Error: (07/25/2015 11:34:32 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    KLIM6

    Error: (07/25/2015 02:14:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (07/25/2015 02:14:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (07/25/2015 02:14:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (07/25/2015 02:14:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (07/25/2015 02:14:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (07/25/2015 02:14:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068


    Microsoft Office:
    =========================
    Error: (07/25/2015 11:37:34 AM) (Source: Intuit Update Service) (EventID: 0) (User: )
    Description: Service cannot be started. The service process could not connect to the service controller

    Error: (07/25/2015 11:33:58 AM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: 0x800700050x00000000

    Error: (07/25/2015 01:48:12 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: C:\Windows\System32\wbem\WmiPrvSE.exeComboFix created restore point0x8007043c

    Error: (07/25/2015 01:48:11 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


    Operation:
    Instantiating VSS server

    Error: (07/25/2015 01:48:11 AM) (Source: VSS) (EventID: 18) (User: )
    Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


    Operation:
    Instantiating VSS server

    Error: (07/25/2015 01:32:45 AM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: 0x800700050x00000000

    Error: (07/25/2015 12:52:16 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: 0x80070005

    Error: (07/25/2015 12:07:37 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\Sam D\Downloads\KeywordResearcher9Latest.exe

    Error: (07/25/2015 12:03:19 AM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: 0x800700050x00000000

    Error: (07/24/2015 11:16:41 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: 0x80070005


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz
    Percentage of memory in use: 56%
    Total physical RAM: 3582.04 MB
    Available physical RAM: 1552 MB
    Total Virtual: 7162.36 MB
    Available Virtual: 4689.76 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:220.34 GB) (Free:46.21 GB) NTFS ==>[system with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 10000000)
    Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
    Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=220.3 GB) - (Type=07 NTFS)

    ==================== End of log ============================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  4. kingmob

    kingmob TS Rookie Topic Starter Posts: 25

    RogueKiller V10.9.3.0 [Jul 21 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User : Sam D [Administrator]
    Started from : C:\Users\Sam D\Downloads\RogueKiller.exe
    Mode : Scan -- Date : 07/25/2015 14:35:02

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 0 ¤¤¤

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][FIREFX:Config] f2lvmis4.default-1426352688630 : user_pref("browser.startup.homepage", "gmail.com"); -> Found

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: FUJITSU MHZ2250BH G2 ATA Device +++++
    --- User ---
    [MBR] 3a60d8c79e37b28a5e26161367a388ab
    [BSP] 8e029f58da79ef771928940010828b9d : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 98304 | Size: 10240 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 21069824 | Size: 225625 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK
     
  5. kingmob

    kingmob TS Rookie Topic Starter Posts: 25

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 7/25/2015
    Scan Time: 12:58 PM
    Logfile: malware scan 7.25.txt
    Administrator: Yes

    Version: 2.1.8.1057
    Malware Database: v2015.07.25.03
    Rootkit Database: v2015.07.22.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7
    CPU: x86
    File System: NTFS
    User: Sam D

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 394660
    Time Elapsed: 1 hr, 10 min, 42 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 2
    PUP.Optional.Amonetize, C:\Users\Sam D\Downloads\MegaPackHackV7.zip, Quarantined, [3dba1bcafd8dab8b1edf8a2652af4bb5],
    PUP.Optional.SimpleFiles.A, C:\Users\Sam D\Downloads\Justin_Wayne_Domino_Effect_Pdf.zip, Quarantined, [6790a342365488aee29d1d51e81d50b0],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  6. kingmob

    kingmob TS Rookie Topic Starter Posts: 25

    # AdwCleaner v4.208 - Logfile created 25/07/2015 at 14:43:03
    # Updated 09/07/2015 by Xplode
    # Database : 2015-07-15.1 [Server]
    # Operating system : Windows 7 Ultimate (x86)
    # Username : Sam D - SAMD-PC
    # Running from : C:\Users\Sam D\Downloads\adwcleaner_4.208.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\AceStream

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v8.0.7600.16385


    -\\ Mozilla Firefox v39.0 (x86 en-US)


    -\\ Google Chrome v43.0.2357.134


    -\\ Chromium v


    -\\ Comodo Dragon v


    -\\ Chrome Canary v


    *************************

    AdwCleaner[R0].txt - [8381 bytes] - [16/02/2015 11:09:28]
    AdwCleaner[R1].txt - [7463 bytes] - [14/03/2015 13:09:20]
    AdwCleaner[R2].txt - [1023 bytes] - [15/03/2015 08:57:41]
    AdwCleaner[R3].txt - [5002 bytes] - [25/07/2015 01:23:45]
    AdwCleaner[R4].txt - [1298 bytes] - [25/07/2015 14:38:00]
    AdwCleaner[S0].txt - [7199 bytes] - [14/03/2015 13:20:20]
    AdwCleaner[S1].txt - [1090 bytes] - [15/03/2015 09:03:38]
    AdwCleaner[S2].txt - [5153 bytes] - [25/07/2015 01:31:02]
    AdwCleaner[S3].txt - [1226 bytes] - [25/07/2015 14:43:03]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1285 bytes] ##########
     
  7. kingmob

    kingmob TS Rookie Topic Starter Posts: 25

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.5.1 (07.16.2015:1)
    OS: Windows 7 Ultimate x86
    Ran by Sam D on Sat 07/25/2015 at 14:51:11.42
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Empty Folder] C:\Users\Sam D\Appdata\Local\{0052A0ED-8F80-4CD5-B364-D18745B6F92E}



    ~~~ Chrome


    [C:\Users\Sam D\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\Sam D\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Users\Sam D\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\Sam D\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 07/25/2015 at 15:06:46.18
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  8. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  9. kingmob

    kingmob TS Rookie Topic Starter Posts: 25

    ComboFix 15-07-23.01 - Sam D 07/25/2015 20:32:47.3.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2498 [GMT -4:00]
    Running from: c:\users\Sam D\Downloads\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Sam D\AppData\Roaming\Microsoft\Windows\Recent\???? ???????????? - ?? ??? ??????? - YouTube.URL . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-06-26 to 2015-07-26 )))))))))))))))))))))))))))))))
    .
    .
    2015-07-26 01:01 . 2015-07-26 01:01 -------- d-----w- c:\users\Public\AppData\Local\temp
    2015-07-26 01:01 . 2015-07-26 01:01 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2015-07-26 01:01 . 2015-07-26 01:01 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-07-26 01:01 . 2015-07-26 01:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2015-07-25 23:26 . 2015-07-25 23:28 -------- d-----w- c:\users\Sam D\AppData\Roaming\Notepad++
    2015-07-25 23:26 . 2015-07-25 23:27 -------- d-----w- c:\program files\Notepad++
    2015-07-25 16:00 . 2015-07-25 16:07 -------- d-----w- C:\FRST
    2015-07-25 06:05 . 2015-07-26 01:07 -------- d-----w- c:\users\Sam D\AppData\Local\temp
    2015-07-24 17:43 . 2015-07-25 04:02 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2015-07-24 15:12 . 2015-07-24 15:12 -------- d-----w- c:\program files\ESET
    2015-07-22 16:37 . 2015-07-22 16:37 -------- d-----w- c:\program files\TheBestSpinner3
    2015-07-22 00:00 . 2015-07-22 00:00 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D24149F-8E86-4BAE-A23C-5AA1DFDDC773}\offreg.2380.dll
    2015-07-17 22:09 . 2015-07-17 22:09 -------- d-----w- c:\programdata\regid.1995-08.com.techsmith
    2015-07-17 22:08 . 2015-07-17 22:08 -------- d-----w- c:\program files\Common Files\TechSmith Shared
    2015-07-17 22:07 . 2015-07-17 22:07 -------- d-----w- c:\program files\TechSmith
    2015-07-16 01:50 . 2015-07-16 01:50 -------- d-----w- c:\users\Sam D\AppData\Roaming\JonathanLeger.com
    2015-07-16 01:50 . 2015-07-16 01:50 -------- d-----w- c:\users\Sam D\AppData\Local\JonathanLeger.com
    2015-07-16 01:38 . 2015-07-16 01:38 -------- d-----w- c:\program files\Hosts File Editor
    2015-07-15 23:50 . 2015-07-15 23:50 -------- d-----w- c:\users\Sam D\AppData\Roaming\TechSmith
    2015-07-04 16:46 . 2015-07-04 16:47 -------- d-----w- c:\users\Sam D\AppData\Local\Windows Live Writer
    2015-07-04 16:46 . 2015-07-04 16:46 -------- d-----w- c:\users\Sam D\AppData\Roaming\Windows Live Writer
    2015-07-02 23:46 . 2015-07-02 23:46 -------- d-----w- c:\users\Sam D\AppData\Roaming\Disruptive Innovations SARL
    2015-07-02 23:46 . 2015-07-02 23:46 -------- d-----w- c:\users\Sam D\AppData\Local\Disruptive Innovations SARL
    2015-07-02 23:45 . 2015-07-02 23:45 -------- d-----w- c:\program files\BlueGriffon
    2015-07-02 21:06 . 2015-07-02 21:06 -------- d-----w- c:\users\Sam D\AppData\Roaming\KompoZer
    2015-07-02 20:50 . 2015-07-02 20:50 -------- d-----w- c:\users\Sam D\AppData\Roaming\Nvu
    2015-06-27 03:06 . 2015-06-27 03:06 -------- d-----w- c:\users\Sam D\AppData\Local\Deshaker
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-07-26 01:03 . 2014-08-28 13:19 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-07-25 17:22 . 2014-09-27 17:30 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-07-24 17:42 . 2014-08-28 13:18 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-07-14 20:37 . 2012-04-22 16:39 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2015-07-14 20:37 . 2011-05-20 20:13 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2015-06-18 12:41 . 2014-08-28 13:18 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-06-18 12:41 . 2014-08-28 13:18 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-05-18 08:51 . 2015-06-19 02:59 9265072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D24149F-8E86-4BAE-A23C-5AA1DFDDC773}\mpengine.dll
    2014-09-18 01:05 . 2014-09-18 01:05 11249152 ----a-w- c:\program files\Common Files\lpuninstall.exe
    2014-03-18 18:14 . 2014-03-18 18:13 10395072 ----a-w- c:\program files\Common Files\wruninstall.exe
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2014-10-08 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
    [7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
    [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\ERDNT\cache\user32.dll
    [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-03-01 03:28 220632 ----a-w- c:\users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-03-01 03:28 220632 ----a-w- c:\users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-03-01 03:28 220632 ----a-w- c:\users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2015-01-21 18:59 1729744 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2015-01-21 18:59 1729744 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2015-01-21 18:59 1729744 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2015-07-07 19:24 151576 ----a-w- c:\users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2015-06-20 17:48 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2015-06-20 17:48 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2015-06-20 17:48 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2015-06-20 17:48 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2015-06-20 17:48 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-07-09 6715160]
    "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-05-08 6369048]
    "Dropbox Update"="c:\users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-16 134512]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
    "Fences"="c:\program files\Stardock\Fences\Fences.exe" [2013-11-26 4031152]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2015-06-19 280576]
    .
    c:\users\Sam D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Sam D\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-4 44236896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2013-11-26 456368]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^Users^Sam D^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
    path=c:\users\Sam D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
    backup=c:\windows\pss\Stardock ObjectDock.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2014-09-12 09:43 3499920 ----a-w- c:\program files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2014-09-12 09:43 959176 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2014-02-28 01:38 558496 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aimersoft Helper Compact.exe]
    2013-05-29 19:50 1734144 ----a-w- c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
    2013-11-20 20:43 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    2015-05-17 04:39 1696104 ----a-w- c:\users\Sam D\AppData\Roaming\BitTorrent\BitTorrent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
    2015-05-08 19:49 6369048 ----a-w- c:\program files\CCleaner\CCleaner.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelaypluginInstall]
    2015-05-25 18:50 1960336 ----a-w- c:\programdata\Aimersoft\YouTube Downloader\DelayPluginI.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Software]
    2009-04-24 07:57 1025320 ----a-w- c:\program files\Common Files\SupportSoft\bin\bcont.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
    2010-10-01 23:28 2639144 ----a-w- c:\program files\CyberLink\Power2Go\Power2GoExpress.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch]
    2014-07-29 01:21 5778488 ----a-w- c:\program files\Proxy Switcher Standard\ProxySwitcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2014-01-17 20:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2015-06-29 20:41 53282944 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2014-10-07 20:39 507776 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-06-03 327296]
    R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2015-02-16 35992]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
    R3 TSVAD_PCM;Wirecast Virtual Microphone Driver;c:\windows\system32\drivers\tsvadpcm.sys [2014-08-16 28432]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-10-08 1343400]
    R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [x]
    S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2014-09-02 116736]
    S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-07-22 142648]
    S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-05-01 1394816]
    S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-05-01 1772672]
    S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2014-09-11 108032]
    S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [2014-09-11 9216]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-05-19 410968]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-07-26 98520]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-07-25 20:36 995144 ----a-w- c:\program files\Google\Chrome\Application\44.0.2403.107\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 20:37]
    .
    2015-07-24 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000Core.job
    - c:\users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 20:05]
    .
    2015-07-26 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000UA.job
    - c:\users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 20:05]
    .
    2015-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2014-09-29 05:46]
    .
    2015-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2014-09-29 05:46]
    .
    .
    ------- Supplementary Scan -------
    .
    Trusted Zone: dell.com
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{753E788B-AD78-4CDD-B153-CDD66A6584E0}\2656C6B696E6E2035616: NameServer = 198.18.0.1,198.18.0.2
    TCP: Interfaces\{753E788B-AD78-4CDD-B153-CDD66A6584E0}\4505D2C494E4B4F5338343938334: NameServer = 198.18.0.1,198.18.0.2
    TCP: Interfaces\{753E788B-AD78-4CDD-B153-CDD66A6584E0}\7524028456166756E6: NameServer = 198.18.0.1,198.18.0.2
    TCP: Interfaces\{753E788B-AD78-4CDD-B153-CDD66A6584E0}\75248456166756E6: NameServer = 198.18.0.1,198.18.0.2
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\
    FF - prefs.js: browser.startup.homepage - gmail.com
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,e2,1a,9a,b4,61,8e,4a,ad,4d,2e,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,e2,1a,9a,b4,61,8e,4a,ad,4d,2e,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\taskhost.exe
    c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    c:\program files\Malwarebytes Anti-Malware\mbam.exe
    c:\windows\system32\UI0Detect.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\sppsvc.exe
    c:\users\Sam D\AppData\Roaming\Dropbox\bin\Dropbox.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\program files\DellTPad\HidFind.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    c:\program files\DellTPad\Apntex.exe
    c:\windows\system32\conhost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\AUDIODG.EXE
    .
    **************************************************************************
    .
    Completion time: 2015-07-25 21:20:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2015-07-26 01:20
    ComboFix2.txt 2015-07-25 06:14
    ComboFix3.txt 2015-07-25 02:57
    .
    Pre-Run: 55,481,581,568 bytes free
    Post-Run: 55,192,600,576 bytes free
    .
    - - End Of File - - 7EE098E06A2C3E059CF1549FA50BF3D9
    A36C5E4F47E84449FF07ED3517B43A31
     
  10. kingmob

    kingmob TS Rookie Topic Starter Posts: 25

    Rkill 2.7.0 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2015 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 07/25/2015 09:24:54 PM in x86 mode. (Safe Mode)
    Windows Version: Windows 7 Ultimate

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * Advanced Explorer Setting Removed: HideIcons [HKCU]

    Backup Registry file created at:
    C:\Users\Sam D\Desktop\rkill\rkill-07-25-2015-09-25-00.reg

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * No issues found.

    Checking Windows Service Integrity:

    * COM+ Event System (EventSystem) is not Running.
    Startup Type set to: Automatic

    * Security Center (wscsvc) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Windows Update (wuauserv) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    Searching for Missing Digital Signatures:

    * C:\Windows\System32\user32.dll : 811,520 : 10/08/2014 12:01 AM : 7bd7f45ff37fa0669cd32ca0ef46e22c [NoSig]
    +-> C:\Windows\ERDNT\cache\user32.dll : 811,520 : 07/13/2009 09:16 PM : 34b7e222e81fafa885f0c5f2cfa56861 [Pos Repl]
    +-> C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll : 811,520 : 07/13/2009 09:16 PM : 34b7e222e81fafa885f0c5f2cfa56861 [Pos Repl]
    +-> C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll : 811,520 : 11/20/2010 08:21 AM : f1dd3acaee5e6b4bbc69bc6df75cef66 [Pos Repl]

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 localhost

    Program finished at: 07/25/2015 09:26:24 PM
    Execution time: 0 hours(s), 1 minute(s), and 30 seconds(s)
     
  11. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  12. kingmob

    kingmob TS Rookie Topic Starter Posts: 25

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-07-2015
    Ran by Sam D (administrator) on SAMD-PC (25-07-2015 22:53:38)
    Running from C:\Users\Sam D\Downloads
    Loaded Profiles: Sam D (Available Profiles: Sam D)
    Platform: Microsoft Windows 7 Ultimate (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
    (Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\ace_engine.exe
    () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\ace_update.exe
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
    (Innovative Digital Technologies) C:\Users\Sam D\AppData\Roaming\ACEStream\player\ace_player.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [159744 2007-07-02] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [Fences] => C:\Program Files\Stardock\Fences\Fences.exe [4031152 2013-11-26] (Stardock Corporation)
    Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll [2010-10-05] (Kaspersky Lab ZAO)
    HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6715160 2015-07-08] (SUPERAntiSpyware)
    HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd)
    HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Run: [Dropbox Update] => C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
    HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Run: [AceUpdater] => C:\Users\Sam D\AppData\Roaming\ACEStream\updater\ace_update.exe [22824 2014-10-01] ()
    HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Run: [AceWebExtensionUpdater] => C:\Users\Sam D\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-27] ()
    HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Run: [AceStream] => C:\Users\Sam D\AppData\Roaming\ACEStream\engine\ace_engine.exe [23984 2015-03-27] ()
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-06-19] (Microsoft Corporation)
    Startup: C:\Users\Sam D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-12]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-us
    URLSearchHook: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000 - (No Name) - {5F9575C2-1AB4-4883-8505-5C6D0DFDF2D5} - No File
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
    Toolbar: HKLM - KeywordSpy™ SEO/PPC - {0AE831B0-427E-4D0A-BC88-4BA47E7471C3} - C:\Program Files\KeywordSpy SEOPPC Plug-in\KeywordSpySEO.dll [2010-07-31] ()
    Toolbar: HKU\.DEFAULT -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000 -> KeywordSpy™ SEO/PPC - {0AE831B0-427E-4D0A-BC88-4BA47E7471C3} - C:\Program Files\KeywordSpy SEOPPC Plug-in\KeywordSpySEO.dll [2010-07-31] ()
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
    Handler: WSAMAllMyTubechrome - {C985F516-9C03-4F90 - No File
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{753E788B-AD78-4CDD-B153-CDD66A6584E0}: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630
    FF DefaultSearchEngine.US: Google
    FF Homepage: gmail.com
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
    FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-10] (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-30] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3192665374-2718563871-2505210960-1000: @acestream.net/acestreamplugin,version=3.0.12 -> C:\Users\Sam D\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-03] (Innovative Digital Technologies)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-02-10] (Microsoft Corporation)
    FF Extension: Copy Urls Expert - C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\Extensions\copy-urls-expert@kashiif-gmail.com.xpi [2015-07-20]
    FF Extension: MozBar - C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\Extensions\toolbar@seomoz.org.xpi [2015-06-28]
    FF Extension: PPCWebSpy Toolbar - C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\Extensions\{86c18b42-e466-45a9-ae7a-9b95ba6f5640}.xpi [2015-05-17]
    FF Extension: SEO Global For Google Search™ - C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\Extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}.xpi [2015-06-24]
    FF Extension: Download YouTube Videos as MP4 - C:\Users\Sam D\AppData\Roaming\Mozilla\Firefox\Profiles\f2lvmis4.default-1426352688630\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-05-31]
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-08]
    FF HKLM\...\Firefox\Extensions: [AMAllMyTube@Aimersoft.com] - C:\ProgramData\Aimersoft\YouTube Downloader\AMAllMyTube@Aimersoft.com
    FF Extension: Aimersoft YouTube Downloader - C:\ProgramData\Aimersoft\YouTube Downloader\AMAllMyTube@Aimersoft.com [2015-05-31]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Default
    CHR Profile: C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Webbing) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fblcpdlednddbkcdbkkaiggjipjjgpdp [2014-10-15]
    CHR Extension: (DivX HiQ) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2012-07-28]
    CHR Extension: (NextCouup) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\goeeobfmefldgbbdlmjdjagkkhmmnopi [2014-10-08]
    CHR Extension: (GoSavvE) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hgdnccifmkfafkohlbeailfepfjbmdna [2014-09-25]
    CHR Extension: (OpptOn) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hnojomgcmohiefbikenglccliaogccbn [2014-09-27]
    CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-07-28]
    CHR Extension: (HTML5ify) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jikbjpjgjmmdhcmlagappehlpiljoaop [2015-03-12]
    CHR Extension: (Codec-V) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho [2012-07-28]
    CHR Extension: (Deezify) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kpkbhaapafmlmgodhicgpngihalhepll [2015-02-14]
    CHR Extension: (GoSSave) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lhijjoggceedllbdndfjjnjpomecffad [2014-10-08]
    CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-07-28]
    CHR Profile: C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2
    CHR Extension: (Google Drive) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-18]
    CHR Extension: (Poper Blocker) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2015-07-01]
    CHR Extension: (APK Downloader) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2014-10-26]
    CHR Extension: (Image Downloader) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2014-10-16]
    CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-11-25]
    CHR Extension: (Video Downloader professional) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-11-17]
    CHR Extension: (Webbing) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fblcpdlednddbkcdbkkaiggjipjjgpdp [2014-10-15]
    CHR Extension: (AdBlock) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-01]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
    CHR Extension: (Google Wallet) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
    CHR Extension: (SEO Global For Google Search™) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ojgmigafbpedhdilmemphfklkbghlphi [2015-06-24]
    CHR Profile: C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3
    CHR Extension: (Google Docs) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-27]
    CHR Extension: (Google Drive) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-27]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-27]
    CHR Extension: (YouTube) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-27]
    CHR Extension: (Google Search) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-27]
    CHR Extension: (HTML5ify) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jikbjpjgjmmdhcmlagappehlpiljoaop [2015-03-12]
    CHR Extension: (Deezify) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kpkbhaapafmlmgodhicgpngihalhepll [2015-02-14]
    CHR Extension: (Google Wallet) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-27]
    CHR Extension: (Gmail) - C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-27]
    CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [Not Found]
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
    CHR HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\SAMD~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
    R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
    R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-09-11] (Freemake) [File not signed]
    R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-09-11] (Ellora Assets Corp.) [File not signed]
    S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-02-16] ()
    R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [132184 2010-06-09] (Kaspersky Lab ZAO)
    R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2010-06-09] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [488536 2010-12-26] (Kaspersky Lab)
    S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [22104 2010-04-22] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2014-11-05] (The OpenVPN Project)
    S3 TSVAD_PCM; C:\Windows\System32\drivers\tsvadpcm.sys [28432 2014-08-15] (Windows (R) Win 7 DDK provider)
    S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
    S3 vncmirror; C:\Windows\System32\DRIVERS\vncmirror.sys [4608 2014-11-28] (RealVNC Ltd.)
    R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116736 2014-09-02] (Webroot)
    S3 catchme; \??\C:\Users\SAMD~1\AppData\Local\Temp\catchme.sys [X]
    S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-25 22:09 - 2015-07-25 22:36 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\.ACEStream
    2015-07-25 22:05 - 2015-07-25 22:10 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\AceWebExtension
    2015-07-25 22:05 - 2015-07-25 22:10 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\ACEStream
    2015-07-25 21:59 - 2015-07-25 22:02 - 70566360 _____ C:\Users\Sam D\Downloads\Ace_Stream_Media_3.0.12_VLC_1.1.12.exe
    2015-07-25 21:48 - 2015-07-25 21:48 - 00003360 ____N C:\bootsqm.dat
    2015-07-25 21:25 - 2015-07-25 21:25 - 00000000 ____D C:\Users\Sam D\Desktop\rkill
    2015-07-25 21:21 - 2015-07-25 21:21 - 00029194 _____ C:\Users\Sam D\Desktop\combo.txt
    2015-07-25 21:20 - 2015-07-25 21:20 - 00029194 _____ C:\ComboFix.txt
    2015-07-25 20:29 - 2015-07-25 21:21 - 00000000 ____D C:\ComboFix
    2015-07-25 19:27 - 2015-07-25 19:27 - 00001031 _____ C:\Users\Sam D\Desktop\Notepad++.lnk
    2015-07-25 19:27 - 2015-07-25 19:27 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
    2015-07-25 19:27 - 2015-07-25 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
    2015-07-25 19:26 - 2015-07-25 19:28 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Notepad++
    2015-07-25 19:26 - 2015-07-25 19:27 - 00000000 ____D C:\Program Files\Notepad++
    2015-07-25 19:25 - 2015-07-25 19:26 - 05357534 _____ C:\Users\Sam D\Downloads\npp.6.8.Installer.exe
    2015-07-25 15:06 - 2015-07-25 15:06 - 00001275 _____ C:\Users\Sam D\Desktop\JRT.txt
    2015-07-25 14:48 - 2015-07-25 14:48 - 00001365 _____ C:\Users\Sam D\Desktop\adw report.txt
    2015-07-25 14:35 - 2015-07-25 14:35 - 00002890 _____ C:\Users\Sam D\Desktop\rogue report.txt
    2015-07-25 14:22 - 2015-07-25 14:22 - 00001288 _____ C:\Users\Sam D\Desktop\malware scan 7.25.txt
    2015-07-25 12:03 - 2015-07-25 12:07 - 00049702 _____ C:\Users\Sam D\Downloads\Addition.txt
    2015-07-25 12:00 - 2015-07-25 22:55 - 00024404 _____ C:\Users\Sam D\Downloads\FRST.txt
    2015-07-25 12:00 - 2015-07-25 22:53 - 00000000 ____D C:\FRST
    2015-07-25 11:59 - 2015-07-25 11:59 - 01650688 _____ (Farbar) C:\Users\Sam D\Downloads\FRST.exe
    2015-07-25 01:43 - 2015-07-25 01:43 - 00001098 _____ C:\Users\Sam D\Desktop\ComboFix - Shortcut.lnk
    2015-07-25 01:40 - 2015-07-25 21:27 - 00004068 _____ C:\Users\Sam D\Desktop\Rkill.txt
    2015-07-25 01:39 - 2015-07-25 01:39 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Sam D\Downloads\rkill.exe
    2015-07-25 00:48 - 2015-07-25 00:48 - 02248704 _____ C:\Users\Sam D\Downloads\adwcleaner_4.208.exe
    2015-07-25 00:47 - 2015-07-25 00:48 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Sam D\Downloads\JRT (1).exe
    2015-07-25 00:33 - 2015-07-25 00:34 - 18705480 _____ C:\Users\Sam D\Downloads\RogueKiller.exe
    2015-07-24 23:42 - 2015-07-24 23:43 - 07269656 _____ (Bitdefender LLC) C:\Users\Sam D\Downloads\BootkitRemoval_x86.exe
    2015-07-24 22:40 - 2015-07-25 21:51 - 00005656 _____ C:\Windows\setupact.log
    2015-07-24 22:40 - 2015-07-25 21:02 - 00001976 _____ C:\Windows\PFRO.log
    2015-07-24 22:40 - 2015-07-24 22:40 - 00000000 _____ C:\Windows\setuperr.log
    2015-07-24 21:56 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
    2015-07-24 21:56 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
    2015-07-24 21:56 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-07-24 21:56 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-07-24 21:56 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-07-24 21:56 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
    2015-07-24 21:56 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
    2015-07-24 21:56 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
    2015-07-24 21:55 - 2015-07-25 21:20 - 00000000 ____D C:\Qoobox
    2015-07-24 16:56 - 2015-07-24 16:58 - 05633622 ____R (Swearware) C:\Users\Sam D\Downloads\ComboFix.exe
    2015-07-24 16:51 - 2015-07-24 16:52 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Sam D\Downloads\tdsskiller.exe
    2015-07-24 13:43 - 2015-07-25 00:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-07-24 13:41 - 2015-07-24 16:38 - 00000000 ____D C:\Users\Sam D\Desktop\mbar
    2015-07-24 13:40 - 2015-07-24 13:41 - 00380416 _____ C:\Users\Sam D\Downloads\y6so8ixt.exe
    2015-07-24 13:38 - 2015-07-24 13:40 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Sam D\Downloads\mbar-1.09.1.1004.exe
    2015-07-24 12:27 - 2015-07-24 12:27 - 00000177 _____ C:\Users\Sam D\Desktop\scrapebox.txt
    2015-07-24 11:12 - 2015-07-24 11:12 - 00000000 ____D C:\Program Files\ESET
    2015-07-24 11:11 - 2015-07-24 11:11 - 02870984 _____ (ESET) C:\Users\Sam D\Downloads\esetsmartinstaller_enu.exe
    2015-07-24 10:59 - 2015-07-24 11:04 - 06754696 _____ C:\Users\Sam D\Downloads\CCl3aner5.07.5261.rar
    2015-07-22 12:37 - 2015-07-22 12:37 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TheBestSpinner3
    2015-07-22 12:37 - 2015-07-22 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBestSpinner3
    2015-07-22 12:37 - 2015-07-22 12:37 - 00000000 ____D C:\Program Files\TheBestSpinner3
    2015-07-22 12:28 - 2015-07-22 12:28 - 00784723 _____ C:\Users\Sam D\Downloads\bonus_super_spun_articles_55afc6468bce4.zip
    2015-07-21 22:53 - 2015-07-21 22:53 - 05509505 _____ C:\Users\Sam D\Downloads\SetupTheBestSpinner3.exe
    2015-07-21 22:53 - 2015-07-21 22:53 - 00784723 _____ C:\Users\Sam D\Downloads\bonus_super_spun_articles_55af074bbc3ca.zip
    2015-07-21 22:31 - 2015-07-21 22:32 - 00000000 ____D C:\Users\Sam D\Downloads\SetupTheBestSpinner3.421
    2015-07-21 22:22 - 2015-07-21 22:22 - 00000000 ____D C:\Users\Sam D\Downloads\TBS2k15 (1)
    2015-07-21 21:18 - 2015-07-21 21:18 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-07-21 20:23 - 2015-07-24 12:54 - 00000000 ____D C:\Users\Sam D\Desktop\San antonio articles stuff
    2015-07-21 15:15 - 2015-07-21 16:03 - 00000000 ____D C:\Users\Sam D\Downloads\KeywordResearcher
    2015-07-21 15:15 - 2015-07-21 15:15 - 02852471 _____ C:\Users\Sam D\Downloads\KeywordResearcher.rar
    2015-07-21 15:15 - 2015-01-09 04:19 - 08483504 _____ C:\Users\Sam D\Desktop\KeywordResearcher.exe
    2015-07-21 15:14 - 2015-07-21 15:14 - 03717120 _____ (Microsoft Corporation) C:\Users\Sam D\Downloads\KeywordResearcher9Latest.exe
    2015-07-19 18:44 - 2015-07-22 11:22 - 00000000 ____D C:\Users\Sam D\Desktop\New folder (2)
    2015-07-19 00:01 - 2015-07-19 00:01 - 01874588 _____ C:\Users\Sam D\Downloads\Fiverr SEO Gigs Handbook.zip
    2015-07-18 18:38 - 2015-07-18 18:39 - 61902129 _____ C:\Users\Sam D\Downloads\X-SpinnerBeta (1).zip
    2015-07-17 20:54 - 2015-07-17 20:55 - 155415094 _____ C:\Users\Sam D\Downloads\Wirecast_Play_6_0_5 (1).zip
    2015-07-17 20:47 - 2015-07-17 20:47 - 06537216 _____ C:\Users\Sam D\Downloads\flashmedialiveencoder_3.2_wwe_signed.msi
    2015-07-17 18:13 - 2015-07-18 15:55 - 00000000 ____D C:\Users\Sam D\Documents\Camtasia Studio
    2015-07-17 18:09 - 2015-07-17 18:09 - 00001128 _____ C:\Users\Public\Desktop\Camtasia Studio 8.lnk
    2015-07-17 18:09 - 2015-07-17 18:09 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
    2015-07-17 18:09 - 2015-07-17 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
    2015-07-17 18:08 - 2015-07-17 18:08 - 00000000 ____D C:\Program Files\Common Files\TechSmith Shared
    2015-07-17 18:07 - 2015-07-17 18:07 - 00000000 ____D C:\Program Files\TechSmith
    2015-07-17 17:54 - 2015-07-17 17:55 - 00000000 ____D C:\Users\Sam D\Documents\TechSmith Camtasia Studio 8.5.1 Build 1962 RePack by KpoJIuK
    2015-07-17 16:45 - 2015-07-17 16:45 - 00000165 ____H C:\Users\Sam D\Desktop\~$Sales call log and organizer1 sam.xlsx
    2015-07-17 00:19 - 2015-07-17 00:19 - 00001710 _____ C:\Users\Sam D\Desktop\FreemakeVD - Shortcut.lnk
    2015-07-17 00:19 - 2015-07-17 00:19 - 00000000 ____D C:\Users\Sam D\Documents\Freemake
    2015-07-17 00:14 - 2015-07-17 00:14 - 03705660 _____ C:\Users\Sam D\Downloads\julie martinz.rar
    2015-07-17 00:12 - 2015-07-17 00:12 - 01428393 _____ C:\Users\Sam D\Downloads\dr perkins reports.rar
    2015-07-17 00:04 - 2015-07-17 01:39 - 56338278 _____ C:\Users\Sam D\Downloads\brooks ballard stuff.rar
    2015-07-17 00:00 - 2015-07-17 00:00 - 00000000 ____D C:\Users\Sam D\Downloads\Archive-d013
    2015-07-16 23:53 - 2015-07-16 23:53 - 00469218 _____ C:\Users\Sam D\Downloads\alex fetanax reports.rar
    2015-07-16 23:29 - 2015-07-16 23:29 - 00001344 _____ C:\Users\Public\Desktop\Aimersoft YouTube Downloader.lnk
    2015-07-16 23:24 - 2015-07-16 23:25 - 00000000 ____D C:\Users\Sam D\Documents\SEO Content Machine
    2015-07-16 23:22 - 2015-07-16 23:22 - 15140358 _____ C:\Users\Sam D\Downloads\SEOCNTNTMCHN.zip
    2015-07-16 21:39 - 2015-07-16 21:39 - 00000165 ____H C:\Users\Sam D\Downloads\~$DrPerkins-KeywordRanking-Report (8).xlsx
    2015-07-16 15:32 - 2015-07-16 15:57 - 00000000 ____D C:\Users\Sam D\Downloads\X-SpinnerBeta
    2015-07-15 21:50 - 2015-07-15 21:50 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\JonathanLeger.com
    2015-07-15 21:50 - 2015-07-15 21:50 - 00000000 ____D C:\Users\Sam D\AppData\Local\JonathanLeger.com
    2015-07-15 21:40 - 2015-07-21 22:23 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.bak
    2015-07-15 21:38 - 2015-07-15 21:38 - 00002597 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hosts File Editor.lnk
    2015-07-15 21:38 - 2015-07-15 21:38 - 00000000 ____D C:\Program Files\Hosts File Editor
    2015-07-15 21:37 - 2015-07-15 21:37 - 00965632 _____ C:\Users\Sam D\Downloads\HostsFileEditorSetup-1.0.0.msi
    2015-07-15 21:35 - 2015-07-15 21:35 - 05478738 _____ C:\Users\Sam D\Downloads\TBS2k15.rar
    2015-07-15 21:35 - 2015-07-15 21:35 - 00000000 ____D C:\Users\Sam D\Downloads\TBS2k15
    2015-07-15 20:48 - 2015-07-15 21:08 - 62928929 _____ C:\Users\Sam D\Downloads\X-SpinnerBeta.zip
    2015-07-15 20:38 - 2015-07-15 20:42 - 00000000 ____D C:\Users\Sam D\Downloads\spinnerchiefiiirelease
    2015-07-15 20:31 - 2015-07-15 20:34 - 143837293 _____ C:\Users\Sam D\Downloads\spinnerchiefiiirelease.zip
    2015-07-15 19:50 - 2015-07-15 19:50 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\TechSmith
    2015-07-14 20:06 - 2015-07-14 20:56 - 155415094 _____ C:\Users\Sam D\Downloads\Wirecast_Play_6_0_5.zip
    2015-07-09 22:37 - 2015-07-09 22:38 - 08009896 _____ (TeamViewer GmbH) C:\Users\Sam D\Downloads\TeamViewer_Setup_en.exe
    2015-07-09 20:27 - 2015-07-09 20:29 - 34862410 _____ C:\Users\Sam D\Downloads\SuperStreamTube.zip
    2015-07-09 00:21 - 2015-07-09 00:22 - 74709456 _____ C:\Users\Sam D\Downloads\lvp-module-2-all-ad-commercials-zipped.zip
    2015-07-08 21:42 - 2015-07-08 22:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2015-07-05 22:52 - 2015-07-05 22:57 - 198186937 _____ C:\Users\Sam D\Downloads\13freeplrvideos.zip
    2015-07-05 22:43 - 2015-07-05 22:44 - 43332581 _____ C:\Users\Sam D\Downloads\usfreeadstraffic.zip
    2015-07-05 22:42 - 2015-07-05 22:43 - 23271937 _____ C:\Users\Sam D\Downloads\youtubeeditor.zip
    2015-07-05 22:29 - 2015-07-05 22:29 - 11159654 _____ C:\Users\Sam D\Downloads\PetGroomingTempPLR09JH.zip
    2015-07-05 22:15 - 2015-07-05 22:17 - 60621578 _____ C:\Users\Sam D\Downloads\Offline How To Videos for Local Businesses Set 1.zip
    2015-07-05 21:56 - 2015-07-05 21:56 - 17449904 _____ C:\Users\Sam D\Downloads\Groomers-postcards.zip
    2015-07-05 15:37 - 2015-07-06 17:31 - 00001721 _____ C:\Users\Sam D\Desktop\pi victorville.txt
    2015-07-04 12:46 - 2015-07-04 12:47 - 00000000 ____D C:\Users\Sam D\AppData\Local\Windows Live Writer
    2015-07-04 12:46 - 2015-07-04 12:46 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Windows Live Writer
    2015-07-03 21:06 - 2015-07-03 21:07 - 00189484 _____ C:\Users\Sam D\Downloads\3.5x2_businesscard.zip
    2015-07-02 19:46 - 2015-07-02 19:46 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Disruptive Innovations SARL
    2015-07-02 19:46 - 2015-07-02 19:46 - 00000000 ____D C:\Users\Sam D\AppData\Local\Disruptive Innovations SARL
    2015-07-02 19:45 - 2015-07-02 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueGriffon
    2015-07-02 19:45 - 2015-07-02 19:45 - 00000000 ____D C:\Program Files\BlueGriffon
    2015-07-02 17:06 - 2015-07-02 17:06 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\KompoZer
    2015-07-02 17:05 - 2015-07-02 17:05 - 00000000 ____D C:\Users\Sam D\Downloads\kompozer-0.7.10-win32
    2015-07-02 16:50 - 2015-07-02 16:50 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Nvu
    2015-07-02 16:19 - 2015-07-02 16:19 - 00000000 ____D C:\Users\Sam D\Downloads\2015 Minecraft account giveaways
    2015-07-02 13:54 - 2015-07-17 00:12 - 00000000 ____D C:\Users\Sam D\Desktop\youtube comment method
    2015-07-01 12:57 - 2015-07-01 12:57 - 00860501 _____ C:\Users\Sam D\Downloads\medlin.zip
    2015-06-30 16:34 - 2015-06-30 16:34 - 00000165 ____H C:\Users\Sam D\Desktop\~$50_old_usa_pva_gmail_accounts.xlsx
    2015-06-29 17:09 - 2015-07-23 18:18 - 00007604 _____ C:\Users\Sam D\AppData\Local\Resmon.ResmonCfg
    2015-06-26 23:06 - 2015-06-26 23:06 - 00000000 ____D C:\Users\Sam D\AppData\Local\Deshaker
    2015-06-25 02:33 - 2015-06-25 02:33 - 00000159 _____ C:\Users\Sam D\Downloads\Delicious.txt
    2015-06-25 02:33 - 2015-06-25 02:33 - 00000123 _____ C:\Users\Sam D\Downloads\Diigo.txt
    2015-06-25 00:23 - 2015-06-25 00:24 - 17713160 _____ (Microsoft Corporation) C:\Users\Sam D\Downloads\wsemp.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-25 22:37 - 2015-02-01 21:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-07-25 22:35 - 2014-09-29 01:47 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-07-25 22:34 - 2014-12-09 17:36 - 00000000 ____D C:\_acestream_cache_
    2015-07-25 22:19 - 2015-03-15 21:10 - 00000000 ___RD C:\Users\Sam D\Dropbox
    2015-07-25 22:19 - 2015-03-15 21:06 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Dropbox
    2015-07-25 22:15 - 2015-06-16 16:05 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000UA.job
    2015-07-25 22:07 - 2015-04-12 11:08 - 00001881 _____ C:\Users\Sam D\Desktop\Ace Player.lnk
    2015-07-25 22:07 - 2015-04-12 11:08 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
    2015-07-25 21:59 - 2015-05-31 22:59 - 00000000 ____D C:\ProgramData\boost_interprocess
    2015-07-25 21:56 - 2014-12-29 19:27 - 01288118 _____ C:\Windows\WindowsUpdate.log
    2015-07-25 21:52 - 2014-09-29 01:47 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-07-25 21:52 - 2014-08-28 09:19 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-07-25 21:52 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-07-25 21:51 - 2011-04-14 23:32 - 00000000 ____D C:\ProgramData\NVIDIA
    2015-07-25 21:39 - 2009-07-14 00:34 - 00016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-07-25 21:39 - 2009-07-14 00:34 - 00016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-07-25 21:27 - 2011-01-10 19:42 - 00000000 ___HD C:\Users\Sam D\AppData\Local\Apps\2.0
    2015-07-25 21:06 - 2009-07-13 22:04 - 00000215 _____ C:\Windows\system.ini
    2015-07-25 20:28 - 2015-02-12 01:59 - 00002042 _____ C:\Users\Sam D\Documents\Default.rdp
    2015-07-25 16:41 - 2014-09-29 01:48 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-07-25 14:47 - 2015-02-16 11:09 - 00000000 ____D C:\AdwCleaner
    2015-07-25 13:22 - 2014-09-27 13:30 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2015-07-25 01:44 - 2011-02-06 20:38 - 00000000 ____D C:\Windows\pss
    2015-07-25 01:10 - 2014-09-28 02:12 - 00000000 ____D C:\Users\Sam D
    2015-07-25 01:06 - 2014-09-27 13:30 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-07-24 22:57 - 2009-07-13 22:37 - 00000000 __RHD C:\Users\Default
    2015-07-24 22:39 - 2009-07-13 22:03 - 59506688 _____ C:\Windows\system32\config\SOFTWARE.bak
    2015-07-24 22:39 - 2009-07-13 22:03 - 28311552 _____ C:\Windows\system32\config\SYSTEM.bak
    2015-07-24 22:39 - 2009-07-13 22:03 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
    2015-07-24 22:39 - 2009-07-13 22:03 - 00028672 _____ C:\Windows\system32\config\SAM.bak
    2015-07-24 22:39 - 2009-07-13 22:03 - 00020480 _____ C:\Windows\system32\config\SECURITY.bak
    2015-07-24 22:38 - 2014-09-27 02:51 - 00000000 ____D C:\Windows\ERDNT
    2015-07-24 13:57 - 2014-09-27 20:28 - 00000000 ____D C:\Users\Sam D\AppData\Local\CrashDumps
    2015-07-24 13:42 - 2014-08-28 09:18 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-07-24 12:55 - 2011-04-24 19:50 - 00000000 ___HD C:\Users\Sam D\AppData\Roaming\Skype
    2015-07-24 02:15 - 2015-06-16 16:05 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000Core.job
    2015-07-22 20:07 - 2009-09-24 15:40 - 00000000 ____D C:\Program Files\CCleaner
    2015-07-21 20:25 - 2015-06-22 14:09 - 00000000 ____D C:\Users\Sam D\Desktop\New folder
    2015-07-20 16:50 - 2015-05-31 16:04 - 00000000 ____D C:\ProgramData\Aimersoft YouTube Downloader
    2015-07-18 20:22 - 2015-05-31 22:24 - 00123556 _____ C:\Users\Sam D\AppData\Roaming\net.telestream.wirecast.xml
    2015-07-18 20:21 - 2015-05-31 22:24 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Wirecast for YouTube
    2015-07-17 20:48 - 2012-11-01 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
    2015-07-17 20:48 - 2011-01-08 00:40 - 00000000 ____D C:\Program Files\Adobe
    2015-07-17 20:48 - 2010-12-26 19:38 - 00000000 ___HD C:\Users\Sam D\AppData\Roaming\Adobe
    2015-07-17 19:58 - 2010-12-26 20:04 - 00000000 ___HD C:\Users\Sam D\AppData\Roaming\BitTorrent
    2015-07-17 19:57 - 2014-11-01 02:45 - 00000000 ____D C:\Windows\Minidump
    2015-07-17 18:09 - 2011-01-21 17:10 - 00000000 ____D C:\ProgramData\TechSmith
    2015-07-17 10:17 - 2012-04-11 17:57 - 00117272 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
    2015-07-17 10:16 - 2009-07-14 00:33 - 00446912 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-07-17 01:40 - 2015-03-05 16:36 - 56410227 _____ C:\Users\Sam D\Downloads\BrooksBallardFineHomesEstates.zip
    2015-07-17 01:17 - 2014-12-11 21:37 - 00000000 ____D C:\Program Files\Citrix
    2015-07-17 01:12 - 2015-06-19 23:46 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Stardock
    2015-07-17 01:12 - 2015-06-19 23:46 - 00000000 ____D C:\Users\Sam D\AppData\Local\Stardock
    2015-07-17 01:12 - 2015-06-19 23:46 - 00000000 ____D C:\ProgramData\Stardock
    2015-07-17 01:12 - 2015-06-19 23:45 - 00000000 ____D C:\Program Files\Stardock
    2015-07-17 00:51 - 2014-12-07 23:21 - 00000000 ____D C:\Users\Sam D\AppData\Local\Deployment
    2015-07-17 00:49 - 2015-03-11 13:29 - 00000000 ____D C:\Users\Sam D\AppData\Local\Mozilla
    2015-07-17 00:49 - 2015-03-11 12:57 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\Mozilla
    2015-07-17 00:43 - 2011-01-10 03:16 - 00000000 ____D C:\Windows\system32\XPSViewer
    2015-07-17 00:43 - 2009-07-14 00:56 - 00000000 ____D C:\Windows\system32\winrm
    2015-07-17 00:00 - 2015-06-10 19:25 - 00000000 ____D C:\Users\Sam D\AppData\Local\IIIQ
    2015-07-16 23:55 - 2015-03-07 01:09 - 00000000 ____D C:\Users\Sam D\Downloads\Archive-9cd1
    2015-07-16 23:39 - 2014-09-28 11:22 - 00118056 _____ C:\Users\Sam D\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-07-16 23:24 - 2015-06-12 22:37 - 00000000 ____D C:\Users\Sam D\AppData\Local\Satin_Blue
    2015-07-16 23:07 - 2011-04-19 13:06 - 02721183 _____ C:\Windows\system32\oodbs.lor
    2015-07-16 13:20 - 2015-03-25 20:59 - 00000000 ____D C:\Users\Sam D\Desktop\PPC Business
    2015-07-16 12:36 - 2015-05-05 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-07-15 23:49 - 2012-02-21 15:48 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\vlc
    2015-07-14 20:10 - 2014-12-27 14:03 - 00023398 _____ C:\Users\Sam D\Desktop\50_old_usa_pva_gmail_accounts.xlsx
    2015-07-14 16:37 - 2012-04-22 12:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-07-14 16:37 - 2011-05-20 16:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-07-14 15:16 - 2014-10-30 23:55 - 00000000 ____D C:\Users\Sam D\Desktop\Consulting
    2015-07-14 15:00 - 2011-04-06 14:25 - 00000000 ___HD C:\Users\Sam D\AppData\Roaming\Media Player Classic
    2015-07-14 14:41 - 2015-06-02 18:12 - 00000000 ____D C:\Users\Sam D\AppData\Roaming\HandBrake
    2015-07-14 14:05 - 2015-06-08 19:50 - 00096511 _____ C:\Users\Sam D\.websiteauditor.properties
    2015-07-14 14:05 - 2015-06-08 19:50 - 00000000 ____D C:\Users\Sam D\.websiteauditor
    2015-07-14 14:03 - 2015-06-17 01:12 - 00000000 ____D C:\Users\Sam D\.ranktracker
    2015-07-14 14:03 - 2014-11-07 01:57 - 00137380 _____ C:\Users\Sam D\.ranktracker.properties
    2015-07-14 14:02 - 2010-12-26 20:11 - 00000000 ____D C:\Users\Sam D\Desktop\entertainment
    2015-07-14 13:59 - 2014-09-28 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-07-14 11:56 - 2014-12-26 17:27 - 00000000 ____D C:\Users\Sam D\Desktop\proxy stuff and related
    2015-07-13 16:04 - 2011-01-08 18:45 - 00000000 ___HD C:\Users\Sam D\AppData\Roaming\FileZilla
    2015-07-11 01:20 - 2014-10-31 15:05 - 00000000 ___RD C:\Program Files\Skype
    2015-07-11 01:20 - 2011-04-24 19:49 - 00000000 ____D C:\ProgramData\Skype
    2015-07-10 17:39 - 2015-02-10 17:02 - 00000000 ____D C:\Users\Sam D\Desktop\Ripoffreport Stuff
    2015-07-10 14:20 - 2015-02-01 00:24 - 00000000 ____D C:\Users\Sam D\AppData\Local\Commando
    2015-07-09 12:14 - 2014-09-28 17:01 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-07-08 15:37 - 2015-04-20 14:31 - 00040553 _____ C:\Users\Sam D\Desktop\Sales call log and organizer1 sam.xlsx
    2015-07-08 15:06 - 2015-04-20 10:16 - 00000000 ____D C:\Users\Sam D\Desktop\Attorney Combined Files
    2015-07-04 12:46 - 2013-02-28 23:35 - 00001406 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    2015-07-04 12:46 - 2013-02-28 23:21 - 00000000 ____D C:\Users\Sam D\AppData\Local\Windows Live
    2015-07-02 19:38 - 2015-01-18 01:01 - 00001952 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
    2015-07-02 19:38 - 2011-01-08 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
    2015-07-02 19:38 - 2011-01-08 18:45 - 00000000 ____D C:\Program Files\FileZilla FTP Client
    2015-07-02 13:56 - 2015-02-17 19:50 - 00000000 ____D C:\Users\Sam D\Desktop\customer info
    2015-07-01 23:36 - 2009-04-24 18:28 - 00052736 _____ C:\Users\Sam D\Desktop\affiliate list.v1.xls
    2015-06-27 15:24 - 2014-08-28 09:18 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-06-27 15:24 - 2014-08-28 09:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-06-27 15:24 - 2014-08-28 09:17 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2015-06-26 12:47 - 2014-12-29 17:57 - 00005632 _____ C:\Users\Sam D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ==================== Files in the root of some directories =======

    2014-09-17 21:05 - 2014-09-17 21:05 - 11249152 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
    2014-03-18 14:13 - 2014-03-18 14:14 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
    2011-01-10 02:44 - 2011-01-10 02:44 - 0874496 ____H (ExtremeCoderz) C:\Users\Sam D\AppData\Roaming\MultiPoster4.exe
    2015-05-31 22:24 - 2015-07-18 20:22 - 0123556 _____ () C:\Users\Sam D\AppData\Roaming\net.telestream.wirecast.xml
    2015-06-01 00:15 - 2015-06-01 00:15 - 0014543 _____ () C:\Users\Sam D\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_destination.png
    2015-06-01 00:15 - 2015-06-01 00:15 - 0014186 _____ () C:\Users\Sam D\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_main.png
    2011-01-10 02:44 - 2011-01-10 02:44 - 0000324 ____H () C:\Users\Sam D\AppData\Roaming\settings.cfg
    2014-12-29 17:57 - 2015-06-26 12:47 - 0005632 _____ () C:\Users\Sam D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-01-19 12:34 - 2015-04-02 21:27 - 0000600 _____ () C:\Users\Sam D\AppData\Local\PUTTY.RND
    2015-06-29 17:09 - 2015-07-23 18:18 - 0007604 _____ () C:\Users\Sam D\AppData\Local\Resmon.ResmonCfg
    2014-12-15 13:45 - 2014-12-15 13:45 - 0000000 _____ () C:\Users\Sam D\AppData\Local\{EA8A6224-C8D9-48BF-8C16-038572217C9F}

    Some files in TEMP:
    ====================
    C:\Users\Sam D\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfcgnjl.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => MD5 is legit
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-07-16 13:40

    ==================== End of log ============================
     
  13. kingmob

    kingmob TS Rookie Topic Starter Posts: 25

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-07-2015
    Ran by Sam D at 2015-07-25 23:00:10
    Running from C:\Users\Sam D\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3192665374-2718563871-2505210960-500 - Administrator - Disabled)
    Guest (S-1-5-21-3192665374-2718563871-2505210960-501 - Limited - Disabled)
    Sam D (S-1-5-21-3192665374-2718563871-2505210960-1000 - Administrator - Enabled) => C:\Users\Sam D

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Ace Stream Media 3.0.12 (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\AceStream) (Version: 3.0.12 - Ace Stream Media) <==== ATTENTION!
    Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.214 - Adobe Systems Incorporated)
    Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
    Adobe Flash Media Live Encoder 3.2 (HKLM\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)
    Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
    Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
    Adobe Reader 9.5.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
    Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - )
    Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - )
    Aimersoft YouTube Downloader(Build 4.3.3.0) (HKLM\...\Aimersoft YouTube Downloader_is1) (Version: 4.3.3.0 - Aimersoft Software)
    BitTorrent (HKLM\...\BitTorrent) (Version: 7.2.1 - )
    BitTorrent (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
    BlueGriffon version 1.7.2 (HKLM\...\{A9015334-10BE-4D64-A776-203336EFE806}_is1) (Version: 1.7.2 - Disruptive Innovations SAS)
    Camtasia Studio 8 (HKLM\...\{A0FC961E-DC6D-4144-9277-ECDBB99D0AB9}) (Version: 8.5.1.1962 - TechSmith Corporation)
    CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
    Comcast Desktop Software (v1.2.1) (HKLM\...\{118C3943-1683-42EF-824D-C22E70DB42E7}) (Version: 24 - Comcast)
    CommandoHQ (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\51b760cdbee7f500) (Version: 2.0.9.20 - CommandoHQ)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1001 - CyberLink Corp.)
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell System Detect - 1 (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\73f463568823ebbe) (Version: 5.12.0.3 - Dell)
    Dell System Detect (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\9204f5692a8faf3b) (Version: 5.10.0.8 - Dell)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.102.7 - Alps Electric)
    DELL Webcam Center (HKLM\...\DELL Webcam Center) (Version: - )
    DELL Webcam Manager (HKLM\...\DELL Webcam Manager) (Version: - )
    DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
    DocSignal (HKLM\...\{F1360A8D-370E-41D3-B93B-9FD2A4C127E3}) (Version: 1.0.0 - DocSignal)
    Dropbox (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Dropbox) (Version: 3.6.9 - Dropbox, Inc.)
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    FileZilla Client 3.11.0.2 (HKLM\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse)
    Foxit Advanced PDF Editor 3 (HKLM\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)
    Foxit Creator (HKLM\...\Foxit Creator) (Version: 3,0,2,0506 - Foxit Corporation)
    Foxit Reader (HKLM\...\Foxit Reader) (Version: 3.1.2.1013 - Foxit Software Company)
    Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
    Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.107 - Google Inc.)
    Google Drive (HKLM\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
    HandBrake 0.10.1 (HKLM\...\HandBrake) (Version: 0.10.1 - )
    Hosts File Editor (HKLM\...\{EC9CF3E9-3C14-43D6-B9D0-5B4232926FAC}) (Version: 1.0.0 - Scott Lerch)
    iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
    Internet Email Extractor (HKLM\...\{3C86FB10-F491-4DE1-84A7-78AEAF12C41B}) (Version: 5.0.9.20 - theskysoft)
    ISO Opener (HKLM\...\{CE235F00-F8CD-41AF-83D5-236D90E33BFB}_is1) (Version: - www.isoopener.com)
    Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    KeywordSpy SEO/PPC Plug-in 1.0.2 (HKLM\...\KeywordSpy SEO/PPC Plug-in) (Version: 1.0.2 - KeywordSpy.com)
    K-Lite Mega Codec Pack 6.7.0 (HKLM\...\KLiteCodecPack_is1) (Version: 6.7.0 - )
    Laptop Integrated Webcam Driver (1.04.01.1011) (HKLM\...\Creative OEM002) (Version: - )
    Lead Grabber Pro 3.0 (HKLM\...\{CE4D250E-2F02-4ADA-82E8-43ED01AC4120}) (Version: 3.0.0 - Mindless Marketing LLC)
    Magic YouTube Xtractor version 1.16 (HKLM\...\{9629C88B-66A7-4EB3-84E4-DAA47F683DCA}_is1) (Version: 1.16 - Alexandr Krulik)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Office Standard Edition 2003 (HKLM\...\{90120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SkyDrive (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
    Notepad++ (HKLM\...\Notepad++) (Version: 6.8 - Notepad++ Team)
    Online Lead Finder (HKLM\...\{1650E57C-59B0-41AC-BDB5-91DC30825C2B}) (Version: 3.3.07 - Duncan Wierman)
    Online Lead Finder Installer (HKLM\...\{D4159E19-380E-4F2E-B57C-20237F3D19B6}) (Version: 3.3.06 - Duncan Wierman)
    OpenAL (HKLM\...\OpenAL) (Version: - )
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    PhotoFiltre (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\PhotoFiltre) (Version: - )
    Port Forward Network Utilities (HKLM\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.7 - Portforward, LLC)
    Privoxy (remove only) (HKLM\...\Privoxy) (Version: - )
    ProxySwitcher Standard (HKLM\...\ProxySwitcher Standard_is1) (Version: 5.10.1 - V-Tech LLC)
    ProxyToolbox (HKLM\...\{C9851860-8485-43EA-81C5-84551DF9AE1E}) (Version: 1.0.1 - XorBots)
    QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
    SEO PowerSuite (HKLM\...\seopowersuite) (Version: - )
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
    Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
    Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
    SopCast 3.9.3 (HKLM\...\SopCast) (Version: 3.9.3 - www.sopcast.com)
    SQLite ADO.NET 2.0/3.5 Provider (HKLM\...\{00257FA9-3622-45E4-8B4B-A792CC5169EB}) (Version: 1.066.0 - Phoenix Software Solutions, LLC)
    Stardock Fences 2 (HKLM\...\Stardock Fences 2) (Version: 2.12 - Stardock Software, Inc.)
    StreamTorrent 1.0 (HKLM\...\StreamTorrent 1.0) (Version: - )
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
    System.Data.SQLite v1.0.83.0 (HKLM\...\{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1) (Version: 1.0.83.0 - System.Data.SQLite Team)
    TheBestSpinner3 (HKLM\...\TheBestSpinner3) (Version: - )
    Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version: - Microsoft)
    Update or Uninstall SENukeX (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\2ce4fd5e017fe1d3) (Version: 3.0.0.56 - SENukeX)
    VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
    Video Marketing Blaster Pro (HKLM\...\Video Marketing Blaster Pro) (Version: 1.03 - BlasterSuite)
    Video Spin Blaster 2.92 (HKLM\...\Video Spin Blaster 2.92) (Version: 2.92 - Sodevrom)
    Video Spin Blaster Pro (HKLM\...\Video Spin Blaster Pro) (Version: 2.09 - BlasterSuite)
    VideoPad Video Editor (HKLM\...\VideoPad) (Version: 4.08 - NCH Software)
    VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Web Data Extractor 8.3 (HKLM\...\Web Data Extractor_is1) (Version: - )
    WebHarvy (HKLM\...\{844AF52E-FECD-4BDC-AB6E-11EF790A7DA2}) (Version: 3.3.0.106 - SysNucleus)
    Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
    Winamp Detector Plug-in (HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
    WinAVI All in One Converter (HKLM\...\WinAVI All in One Converter) (Version: 1.2.0.3939 - ZJMedia Digital Technology Ltd.)
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
    Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
    Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
    WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
    Wirecast (HKLM\...\{5E0D2663-CFB2-440E-900C-7A7AC59C06F4}) (Version: 6.0.4 - Telestream LLC)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Users\Sam D\AppData\Local\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSW (the data entry has 15 more characters).
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Users\Sam D\AppData\Local\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSP (the data entry has 21 more characters).
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{2A235D7E-0358-40E2-B51A-DE22F8F5C50D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> C:\Users\Sam D\AppData\Local\TechSmith\SnagIt\Accessories\{18AA4E21-D540-4a3a-9F9F-E6DE33D6F253}\MSE (the data entry has 16 more characters).
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{672CDBDB-0270-4EB9-83EC-216377522D21}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Users\Sam D\AppData\Local\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSW (the data entry has 15 more characters).
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\FileSyncApi.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sam D\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Sam D\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    19-07-2015 16:24:46 Revo Uninstaller Pro's restore point - TheBestSpinner3
    19-07-2015 16:41:27 Revo Uninstaller Pro's restore point - TheBestSpinner3
    21-07-2015 21:15:20 Revo Uninstaller Pro's restore point - TheBestSpinner3
    21-07-2015 21:33:23 Revo Uninstaller Pro's restore point - TheBestSpinner3
    21-07-2015 21:39:36 Revo Uninstaller Pro's restore point - TheBestSpinner3
    21-07-2015 22:15:10 Revo Uninstaller Pro's restore point - TheBestSpinner3
    21-07-2015 22:34:26 Revo Uninstaller Pro's restore point - TheBestSpinner3
    22-07-2015 12:30:40 Revo Uninstaller Pro's restore point - TheBestSpinner3
    24-07-2015 16:36:49 Malwarebytes Anti-Rootkit Restore Point
    25-07-2015 01:07:57 JRT Pre-Junkware Removal
    25-07-2015 14:51:29 JRT Pre-Junkware Removal

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:04 - 2015-07-25 21:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
  14. kingmob

    kingmob TS Rookie Topic Starter Posts: 25

    Task: {00F435BA-51B3-4144-8AA0-00B6A0D48CDB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {10A4A8BF-6135-452F-8EB4-9512B7B951CE} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3192665374-2718563871-2505210960-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {2747CF55-1A81-4664-8474-89BB26640D50} - System32\Tasks\1aad7560 => C:\Users\SAMD~1\AppData\Local\Temp\\setup2115342688.exe <==== ATTENTION
    Task: {33C6D576-29F2-4C98-B744-E2EA051CECB4} - \avaxvyyvyf No Task File <==== ATTENTION
    Task: {4BB7520A-1ABC-4F12-AACF-31390DF41E6C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000Core => C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
    Task: {5EC408D9-C9FE-4262-AC19-55E8BFC63274} - System32\Tasks\123bd930 => C:\Users\SAMD~1\AppData\Local\Temp\\setup784407880.exe <==== ATTENTION
    Task: {7128EE8C-CC01-4E7B-B6C4-CE4F48F74E74} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {789232E3-7544-466D-AC63-7FE9394B2D6C} - System32\Tasks\{43F6B7A1-A0A0-4311-B669-5661413222D5} => C:\Program Files\Skype\\Phone\Skype.exe [2015-06-29] (Skype Technologies S.A.)
    Task: {791118FA-D3CD-4CF9-A2E8-3FABACC396F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
    Task: {7B4A94EB-0827-43E6-ADB0-8E81D0973647} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
    Task: {7D0F2FF6-F8F7-4B53-AA9B-4491D26BDB92} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SamD-PC-Sam D SamD-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
    Task: {8B0C429A-39C7-4BDD-8060-3F71F06A1FEB} - System32\Tasks\{0B3BB5FE-BF15-427C-BFED-2C169AA0E2D8} => C:\Users\Sam D\Documents\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exe
    Task: {92357EA3-E6D8-4D2D-AFAB-C92C92F60554} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
    Task: {951DB3A3-8D65-4C59-B0F7-2DD8A0028BEB} - System32\Tasks\{113B5DFE-1E86-41BA-8A42-53C576EAE466} => C:\Users\Sam D\Documents\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exe
    Task: {9D7E4113-E6E4-409C-9EEA-8DF1DEEBEFF9} - System32\Tasks\{CD4C9D5F-CBBD-4DDE-921D-41FDF0849985} => pcalua.exe -a "C:\Users\Sam D\Documents\Advanced ID Creator Premier\Advanced ID Creator Premier.exe" -d "C:\Users\Sam D\Documents\Advanced ID Creator Premier"
    Task: {9EF16D03-FE9A-4C17-B73C-09B6A7633228} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000UA => C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
    Task: {A913D4DF-A248-48F4-A984-B2F93167A661} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-04-12] ()
    Task: {A991C7C8-4D55-4D2C-AAC2-6C29A52B98B7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
    Task: {BFF8A89F-6FC3-4169-B533-BFE99AD22926} - System32\Tasks\4518aa00 => C:\Users\SAMD~1\AppData\Local\Temp\\setup2397252992.exe <==== ATTENTION
    Task: {D7A6C2E9-C503-4070-B04E-808551566845} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3192665374-2718563871-2505210960-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {DF13B937-746F-4BBF-A29A-060CF1446D56} - System32\Tasks\{695DE3E2-42FC-46E4-B3B1-558ADC26D2AC} => C:\Users\Sam D\Documents\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exe
    Task: {E85E6223-3FB4-4B8D-B26C-E480C59368FC} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
    Task: {EBD7A3F6-3F03-44DA-B28A-71AC1D1B56DF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {EE14D30D-59F8-43A1-9947-740A4E8F164E} - System32\Tasks\{F734AC17-73A6-468A-BBCE-9B881F27CC4D} => C:\Users\Sam D\Documents\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\3DMGAME-Football.Manager.2015.v15.1.3.Cracked-3DM\Football Manager 2015\fm.exe
    Task: {FAF2834E-BE6E-4664-96A3-A7D06103FABB} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
    Task: {FFBBF448-B9B0-40D5-8E8E-BCE134F07E89} - \PCDEventLauncherTask No Task File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000Core.job => C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3192665374-2718563871-2505210960-1000UA.job => C:\Users\Sam D\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2014-12-08 01:25 - 2014-05-19 20:04 - 00106840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
    2015-06-02 11:20 - 2015-06-02 11:20 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
    2015-05-07 15:27 - 2015-05-07 15:27 - 00259584 _____ () C:\Program Files\Telestream\Wirecast\filters\WirecastVirtualCamera.ax
    2015-07-25 16:41 - 2015-07-23 18:39 - 01405768 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.107\libglesv2.dll
    2015-07-25 16:41 - 2015-07-23 18:39 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.107\libegl.dll
    2015-03-27 20:09 - 2015-03-27 20:09 - 00023984 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\ace_engine.exe
    2015-03-27 20:09 - 2015-03-27 20:09 - 00268800 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
    2011-06-12 09:09 - 2011-06-12 09:09 - 00038400 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
    2011-06-12 09:09 - 2011-06-12 09:09 - 00720896 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
    2015-02-26 07:18 - 2015-02-26 07:18 - 00018944 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
    2011-06-12 09:06 - 2011-06-12 09:06 - 00287232 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
    2015-02-26 07:18 - 2015-02-26 07:18 - 02386432 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pywebrtc.pyd
    2015-03-27 20:07 - 2015-03-27 20:07 - 02029056 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
    2011-06-12 09:06 - 2011-06-12 09:06 - 00106496 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
    2011-06-12 09:06 - 2011-06-12 09:06 - 00011776 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\select.pyd
    2014-01-23 07:37 - 2014-01-23 07:37 - 00036352 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
    2013-12-21 09:20 - 2013-12-21 09:20 - 00053248 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
    2013-12-21 09:20 - 2013-12-21 09:20 - 00040448 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
    2011-01-18 17:56 - 2011-01-18 17:56 - 00334336 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
    2011-06-12 09:06 - 2011-06-12 09:06 - 00152576 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
    2011-02-13 11:02 - 2011-02-13 11:02 - 00031232 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
    2015-03-27 20:23 - 2015-03-27 20:23 - 03035648 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
    2012-02-07 12:37 - 2012-02-07 12:37 - 00098816 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
    2012-02-07 12:35 - 2012-02-07 12:35 - 00110080 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
    2012-02-07 12:38 - 2012-02-07 12:38 - 00358912 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
    2012-02-07 12:36 - 2012-02-07 12:36 - 00111616 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
    2012-02-07 12:36 - 2012-02-07 12:36 - 00024064 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
    2010-10-10 18:23 - 2010-10-10 18:23 - 00723968 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
    2013-01-29 12:20 - 2013-01-29 12:20 - 00082944 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
    2011-07-15 15:37 - 2011-07-15 15:37 - 00981504 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
    2011-07-15 15:38 - 2011-07-15 15:38 - 00746496 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
    2011-07-15 15:38 - 2011-07-15 15:38 - 00670720 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
    2011-07-15 15:38 - 2011-07-15 15:38 - 00966144 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
    2011-07-15 15:38 - 2011-07-15 15:38 - 00674816 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
    2011-06-12 09:06 - 2011-06-12 09:06 - 00688128 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
    2015-02-26 07:18 - 2015-02-26 07:18 - 00061952 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
    2013-01-29 12:20 - 2013-01-29 12:20 - 00066048 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
    2014-10-01 12:32 - 2014-10-01 12:32 - 00022824 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\ace_update.exe
    2011-06-12 09:09 - 2011-06-12 09:09 - 00038400 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
    2011-06-12 09:09 - 2011-06-12 09:09 - 00720896 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
    2011-07-15 15:37 - 2011-07-15 15:37 - 00981504 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
    2011-07-15 15:38 - 2011-07-15 15:38 - 00746496 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
    2011-07-15 15:38 - 2011-07-15 15:38 - 00670720 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
    2011-07-15 15:38 - 2011-07-15 15:38 - 00966144 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
    2011-07-15 15:38 - 2011-07-15 15:38 - 00674816 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
    2011-06-12 09:06 - 2011-06-12 09:06 - 00287232 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
    2011-01-18 17:56 - 2011-01-18 17:56 - 00334336 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
    2011-06-12 09:06 - 2011-06-12 09:06 - 00011776 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\select.pyd
    2011-06-12 09:06 - 2011-06-12 09:06 - 00152576 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
    2012-02-07 12:37 - 2012-02-07 12:37 - 00098816 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
    2012-02-07 12:35 - 2012-02-07 12:35 - 00110080 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
    2012-02-07 12:38 - 2012-02-07 12:38 - 00358912 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
    2012-02-07 12:36 - 2012-02-07 12:36 - 00111616 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
    2012-02-07 12:36 - 2012-02-07 12:36 - 00024064 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd
    2014-10-01 07:50 - 2014-10-01 07:50 - 00149288 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\libtsplayer.dll
    2014-10-01 07:50 - 2014-10-01 07:50 - 01974056 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\libtsplayercore.dll
    2013-11-20 09:05 - 2013-11-20 09:05 - 00051320 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libaout_directx_plugin.dll
    2014-04-07 07:42 - 2014-04-07 07:42 - 00074872 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libdirectx_plugin.dll
    2013-11-20 09:06 - 2013-11-20 09:06 - 00213624 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libdshow_plugin.dll
    2013-11-20 09:08 - 2013-11-20 09:08 - 00052344 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libwaveout_plugin.dll
    2013-11-20 09:06 - 2013-11-20 09:06 - 00039032 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libmemcpymmxext_plugin.dll
    2014-12-05 10:29 - 2014-12-05 10:29 - 01477928 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libp2p_access_plugin.dll
    2014-03-03 13:00 - 2014-03-03 13:00 - 00510584 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libsqlite_plugin.dll
    2013-11-20 09:05 - 2013-11-20 09:05 - 00095864 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libaccess_bd_plugin.dll
    2013-11-20 09:06 - 2013-11-20 09:06 - 00238200 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libdvdnav_plugin.dll
    2013-11-20 09:06 - 2013-11-20 09:06 - 00044152 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libfilesystem_plugin.dll
    2013-11-20 09:07 - 2013-11-20 09:07 - 00039544 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libstream_filter_rar_plugin.dll
    2013-11-20 09:08 - 2013-11-20 09:08 - 00084600 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libzip_plugin.dll
    2013-11-20 09:07 - 2013-11-20 09:07 - 00036984 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libstream_filter_record_plugin.dll
    2013-11-20 09:07 - 2013-11-20 09:07 - 00112760 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libplaylist_plugin.dll
    2013-11-20 09:07 - 2013-11-20 09:07 - 01111160 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libtaglib_plugin.dll
    2013-11-20 09:06 - 2013-11-20 09:06 - 00343672 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\liblua_plugin.dll
    2013-11-20 09:08 - 2013-11-20 09:08 - 01143416 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libxml_plugin.dll
    2013-11-20 09:06 - 2013-11-20 09:06 - 00053880 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libhotkeys_plugin.dll
    2013-11-20 09:06 - 2013-11-20 09:06 - 00039032 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libglobalhotkeys_plugin.dll
    2014-12-05 10:29 - 2014-12-05 10:29 - 30864168 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libqt4_plugin.dll
    2013-11-20 09:06 - 2013-11-20 09:06 - 00044664 _____ () C:\Users\Sam D\AppData\Roaming\ACEStream\player\plugins\libexport_plugin.dll
    2015-07-25 16:41 - 2015-07-23 18:39 - 16308040 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.107\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Sam D\Downloads\FiverrMiddleMan.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Sam D\Downloads\LinkedInAdvertising.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Sam D\Downloads\LinkedInLeads.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Sam D\Downloads\National-List-Attorneys.zip:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Sam D\Downloads\Ultimate_Tube_Profits.pdf:$CmdZnID

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\dell.com -> dell.com
    IE trusted site: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\...\intuit.com -> hxxps://ttlc.intuit.com


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sam D\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AffinegyService => 2
    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: Fax => 3
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: lxbk_device => 2
    MSCONFIG\startupfolder: C:^Users^Sam D^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk => C:\Windows\pss\Stardock ObjectDock.lnk.Startup
    MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    MSCONFIG\startupreg: BitTorrent => "C:\Users\Sam D\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Aimersoft\YouTube Downloader\DelayPluginI.exe
    MSCONFIG\startupreg: Desktop Software => "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
    MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    MSCONFIG\startupreg: Power2GoExpress => "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe"
    MSCONFIG\startupreg: PSwitch => C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [UDP Query User{19E61B84-BE3F-47B2-8158-4E6799AFEC76}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe
    FirewallRules: [TCP Query User{38D0EECD-5E94-46B7-BBD1-2BCBBF1E3A67}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe
    FirewallRules: [{A3FB9A38-9FA5-4AA2-9B1D-7539C9214A79}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe
    FirewallRules: [{F548139A-CA87-4272-BAA7-B6BB1FDAF5FA}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe
    FirewallRules: [UDP Query User{ACF03D02-E5DB-4A37-9B01-153D15A3EBAC}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
    FirewallRules: [TCP Query User{5ADBE869-3344-48C6-A4C6-D7BEB4F04DBC}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
    FirewallRules: [{0D38C7A5-5C87-44C5-BF58-D66DB3E8CAE9}] => (Allow) C:\Users\Sam D\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{04422F43-AEDC-45E3-BB9A-68F3FE292CC8}] => (Allow) C:\Users\Sam D\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{3DF235C1-0AA6-416E-9CAC-3FE747CD60EE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
    FirewallRules: [{ECBB7116-7B46-40F0-A8D3-38A3B3EAA74B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{A4BA1717-F71D-4AC5-A3A5-03B015D1109D}] => (Allow) C:\Program Files\Winamp\winamp.exe
    FirewallRules: [{2423CA43-42FD-45DE-BD1E-23F19B873579}] => (Allow) C:\Program Files\Winamp\winamp.exe
    FirewallRules: [TCP Query User{68635257-B1A5-4329-A476-762824EC5902}C:\users\sam d\documents\microsoft office 2013 professional plus (32-bit) (x86) + activation toolkit\microsoft toolkit 2.4.9\microsoft toolkit.exe] => (Allow) C:\users\sam d\documents\microsoft office 2013 professional plus (32-bit) (x86) + activation toolkit\microsoft toolkit 2.4.9\microsoft toolkit.exe
    FirewallRules: [UDP Query User{0175FE63-7A98-483C-A8DA-FA3CC70E4D36}C:\users\sam d\documents\microsoft office 2013 professional plus (32-bit) (x86) + activation toolkit\microsoft toolkit 2.4.9\microsoft toolkit.exe] => (Allow) C:\users\sam d\documents\microsoft office 2013 professional plus (32-bit) (x86) + activation toolkit\microsoft toolkit 2.4.9\microsoft toolkit.exe
    FirewallRules: [{131D81C0-6D68-4D41-B3F5-0E7C200B5C8A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{2FC7876D-834B-48D0-89D5-762192D2621D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{42B357BA-489D-406F-897B-67DDB40BBE16}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{833E2418-D638-4D20-A3A6-4E936B4B9C45}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [TCP Query User{15E9D20A-2BC2-451A-A062-B2D6ACC55DF0}C:\program files\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files\portforward\port forward network utilities\pfportchecker.exe
    FirewallRules: [UDP Query User{12940B2B-90F9-4DFD-951B-5959305B3480}C:\program files\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files\portforward\port forward network utilities\pfportchecker.exe
    FirewallRules: [{E577BB6D-4FAE-4017-AA72-D073847CBDCF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{7E1C7E47-5B19-465F-A4CC-1037272D1DC4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{2CB05B58-A76F-4EED-AC6A-A115F1CABB5E}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{F53E1AF0-CD4A-4D8C-8CB4-7DE12CE6FABC}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
    FirewallRules: [{17F6FA62-C840-4B53-B05C-9A08468738EB}] => (Allow) C:\Users\Sam D\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{1D26A52A-D643-4F6F-A807-3FC2259F509A}] => (Allow) C:\Users\Sam D\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [TCP Query User{7A499074-E6D5-4A0B-8614-14C782CC33EE}C:\users\sam d\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sam d\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{FF2BC76E-B26B-45C3-AC62-8552CB1C1652}C:\users\sam d\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sam d\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{7F6344DB-B551-4EE7-BDBC-CB47D4898471}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{51217ED9-F716-4F38-8EFC-2AF2B36C3CA9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{3B53104C-1784-40E8-A228-F47AFD294171}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{3AF3A65D-FBB0-406A-BA8D-CAB361923E6A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [TCP Query User{371CC202-0227-45B3-B359-9C2B63945AA4}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
    FirewallRules: [UDP Query User{85A9067E-9F8F-4E3E-ACAD-3E535F5A88A7}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
    FirewallRules: [TCP Query User{D9EA6939-A7E5-4CB9-93DF-9DFE51BC6EC0}C:\users\sam d\lead software\images\phantomjs.exe] => (Allow) C:\users\sam d\lead software\images\phantomjs.exe
    FirewallRules: [UDP Query User{F7A3D181-B3FA-4601-B64C-D2BAE2C55DF6}C:\users\sam d\lead software\images\phantomjs.exe] => (Allow) C:\users\sam d\lead software\images\phantomjs.exe
    FirewallRules: [TCP Query User{FD934498-D11D-4304-A7F6-97198EA81280}C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe
    FirewallRules: [UDP Query User{D70E3FE5-8BB1-40CC-9295-3F25039FF837}C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe
    FirewallRules: [TCP Query User{9A2841D7-78A8-4919-8467-77358F532D9B}C:\program files\sopcast\sopcast.exe] => (Block) C:\program files\sopcast\sopcast.exe
    FirewallRules: [UDP Query User{584AD027-B8CC-45B3-99AB-344204752135}C:\program files\sopcast\sopcast.exe] => (Block) C:\program files\sopcast\sopcast.exe
    FirewallRules: [TCP Query User{09856936-5DE6-4056-8A2E-D369EB2C7570}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
    FirewallRules: [UDP Query User{38064DAE-1DDA-4B6C-89D8-FE9AF166F181}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
    FirewallRules: [{613A2CFC-14AC-458F-83E5-24FE21D9DE2D}] => (Allow) C:\Windows\explorer.exe
    FirewallRules: [{6C90A10E-312F-4D09-8556-99F1A978D68B}] => (Allow) C:\Windows\system32\rundll32.exe
    FirewallRules: [{A09733B8-8C6C-4EF1-A05D-A0F2839B4D6E}] => (Allow) C:\Program Files\Link-AssistantCom\BuzzBundle\bin\buzzbundle.exe
    FirewallRules: [{4DD21B2E-D023-4717-A07D-7AF259A4A472}] => (Allow) C:\Program Files\Link-AssistantCom\BuzzBundle\bin\buzzbundle.exe
    FirewallRules: [{0CE5DF61-048D-4A9B-BC16-AB285FC33A0A}] => (Allow) C:\Program Files\Link-AssistantCom\BuzzBundle\bin\buzzbundle.exe
    FirewallRules: [{1634C6B4-0709-4DA0-8308-44E516AFA34B}] => (Allow) C:\Program Files\Link-AssistantCom\BuzzBundle\bin\buzzbundle.exe
    FirewallRules: [{8D583FD3-1536-4DFA-9230-883ECE8F85D9}] => (Allow) C:\Program Files\Link-AssistantCom\SEO SpyGlass\bin\seospyglass.exe
    FirewallRules: [{DAF689C9-3D87-4826-8449-DB211723D71E}] => (Allow) C:\Program Files\Link-AssistantCom\SEO SpyGlass\bin\seospyglass.exe
    FirewallRules: [{8BA605B7-E777-454F-8E6D-EB197F40140D}] => (Allow) C:\Program Files\Link-AssistantCom\SEO SpyGlass\bin\seospyglass.exe
    FirewallRules: [{C6E3EFFF-02CD-48CE-97BD-09CF9BF66789}] => (Allow) C:\Program Files\Link-AssistantCom\SEO SpyGlass\bin\seospyglass.exe
    FirewallRules: [TCP Query User{DB45E0B5-51B5-4DF8-BAE2-CFE6A67DB5A6}C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe
    FirewallRules: [UDP Query User{2310DE64-26A4-49E1-AC74-B8587011847A}C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\sam d\appdata\roaming\acestream\engine\ace_engine.exe
    FirewallRules: [{CEEE0219-D277-46C8-82CB-1299597EC0F9}] => (Allow) LPort=8317
    FirewallRules: [{C8EE2D30-96F7-4FD2-AF74-A7AD7CBB58F4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============

    Name: Kaspersky Anti-Virus NDIS 6 Filter
    Description: Kaspersky Anti-Virus NDIS 6 Filter
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: KLIM6
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
    Description: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
    Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Manufacturer: NVIDIA
    Service: nvvad_WaveExtensible
    Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
    Resolution: The start type for this driver is set to disabled in the registry.
    Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

    Name: Base System Device
    Description: Base System Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Base System Device
    Description: Base System Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/25/2015 10:53:11 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (07/25/2015 10:40:18 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (07/25/2015 09:51:58 PM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: Windows license activation failed. Error 0x80070005.

    Error: (07/25/2015 09:49:31 PM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: Windows license activation failed. Error 0x80070005.

    Error: (07/25/2015 09:29:17 PM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: Windows license activation failed. Error 0x80070005.

    Error: (07/25/2015 09:26:50 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (07/25/2015 09:22:52 PM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: Windows license activation failed. Error 0x80070005.

    Error: (07/25/2015 09:02:35 PM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: Windows license activation failed. Error 0x80070005.

    Error: (07/25/2015 08:40:10 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
    0x80070005

    Error: (07/25/2015 07:40:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program notepad++.exe version 6.8.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 7ec

    Start Time: 01d0c73199343bbe

    Termination Time: 31

    Application Path: C:\Program Files\Notepad++\notepad++.exe

    Report Id: 855ec9e4-3326-11e5-8d09-001d09ce33f2


    System errors:
    =============
    Error: (07/25/2015 10:40:18 PM) (Source: DCOM) (EventID: 10001) (User: )
    Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

    Error: (07/25/2015 09:53:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1058

    Error: (07/25/2015 09:52:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    KLIM6

    Error: (07/25/2015 09:49:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1058

    Error: (07/25/2015 09:49:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (07/25/2015 09:49:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (07/25/2015 09:49:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (07/25/2015 09:49:43 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

    Error: (07/25/2015 09:49:42 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error: (07/25/2015 09:49:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068


    Microsoft Office:
    =========================
    Error: (07/25/2015 10:53:11 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\Sam D\Downloads\KeywordResearcher9Latest.exe

    Error: (07/25/2015 10:40:18 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: 0x80070005

    Error: (07/25/2015 09:51:58 PM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: 0x800700050x00000000

    Error: (07/25/2015 09:49:31 PM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: 0x800700050x00000000

    Error: (07/25/2015 09:29:17 PM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: 0x800700050x00000000

    Error: (07/25/2015 09:26:50 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\Sam D\Downloads\KeywordResearcher9Latest.exe

    Error: (07/25/2015 09:22:52 PM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: 0x800700050x00000000

    Error: (07/25/2015 09:02:35 PM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: 0x800700050x00000000

    Error: (07/25/2015 08:40:10 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
    Description: 0x80070005

    Error: (07/25/2015 07:40:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: notepad++.exe6.8.0.07ec01d0c73199343bbe31C:\Program Files\Notepad++\notepad++.exe855ec9e4-3326-11e5-8d09-001d09ce33f2


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz
    Percentage of memory in use: 39%
    Total physical RAM: 3582.04 MB
    Available physical RAM: 2170.68 MB
    Total Virtual: 7162.36 MB
    Available Virtual: 5554.15 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:220.34 GB) (Free:51.3 GB) NTFS ==>[system with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 10000000)
    Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
    Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=220.3 GB) - (Type=07 NTFS)

    ==================== End of log ============================
     
  15. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    [​IMG] How did Ace Stream Media get on your computer?
    I didn't see it in your initial FRST log.
    In any case, uninstall it.

    [​IMG] Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  16. kingmob

    kingmob TS Rookie Topic Starter Posts: 25

    I reinstalled Ace stream. It is not malicious in any way, and I needed it
     
  17. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    OK, go ahead with fiflist.
     
  18. kingmob

    kingmob TS Rookie Topic Starter Posts: 25

    Fix result of Farbar Recovery Scan Tool (x86) Version: 25-07-2015
    Ran by Sam D at 2015-07-26 19:47:18 Run:1
    Running from C:\Users\Sam D\Desktop
    Loaded Profiles: Sam D (Available Profiles: Sam D)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    URLSearchHook: HKU\S-1-5-21-3192665374-2718563871-2505210960-1000 - (No Name) - {5F9575C2-1AB4-4883-8505-5C6D0DFDF2D5} - No File
    Handler: WSAMAllMyTubechrome - {C985F516-9C03-4F90 - No File
    CHR HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\SAMD~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
    CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [Not Found]
    S3 catchme; \??\C:\Users\SAMD~1\AppData\Local\Temp\catchme.sys [X]
    S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
    R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116736 2014-09-02] (Webroot)
    C:\Windows\System32\drivers\WRkrn.sys
    2014-09-17 21:05 - 2014-09-17 21:05 - 11249152 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
    2014-03-18 14:13 - 2014-03-18 14:14 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
    2011-01-10 02:44 - 2011-01-10 02:44 - 0874496 ____H (ExtremeCoderz) C:\Users\Sam D\AppData\Roaming\MultiPoster4.exe
    2015-05-31 22:24 - 2015-07-18 20:22 - 0123556 _____ () C:\Users\Sam D\AppData\Roaming\net.telestream.wirecast.xml
    2015-06-01 00:15 - 2015-06-01 00:15 - 0014543 _____ () C:\Users\Sam D\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_destination.png
    2015-06-01 00:15 - 2015-06-01 00:15 - 0014186 _____ () C:\Users\Sam D\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_main.png
    2011-01-10 02:44 - 2011-01-10 02:44 - 0000324 ____H () C:\Users\Sam D\AppData\Roaming\settings.cfg
    2014-12-29 17:57 - 2015-06-26 12:47 - 0005632 _____ () C:\Users\Sam D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-01-19 12:34 - 2015-04-02 21:27 - 0000600 _____ () C:\Users\Sam D\AppData\Local\PUTTY.RND
    2015-06-29 17:09 - 2015-07-23 18:18 - 0007604 _____ () C:\Users\Sam D\AppData\Local\Resmon.ResmonCfg
    2014-12-15 13:45 - 2014-12-15 13:45 - 0000000 _____ () C:\Users\Sam D\AppData\Local\{EA8A6224-C8D9-48BF-8C16-038572217C9F}
    C:\Users\Sam D\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfcgnjl.dll
    Task: {2747CF55-1A81-4664-8474-89BB26640D50} - System32\Tasks\1aad7560 => C:\Users\SAMD~1\AppData\Local\Temp\\setup2115342688.exe <==== ATTENTION
    Task: {33C6D576-29F2-4C98-B744-E2EA051CECB4} - \avaxvyyvyf No Task File <==== ATTENTION
    C:\Users\SAMD~1\AppData\Local\Temp\\setup2115342688.exe
    Task: {5EC408D9-C9FE-4262-AC19-55E8BFC63274} - System32\Tasks\123bd930 => C:\Users\SAMD~1\AppData\Local\Temp\\setup784407880.exe <==== ATTENTION
    C:\Users\SAMD~1\AppData\Local\Temp\\setup784407880.exe
    Task: {BFF8A89F-6FC3-4169-B533-BFE99AD22926} - System32\Tasks\4518aa00 => C:\Users\SAMD~1\AppData\Local\Temp\\setup2397252992.exe <==== ATTENTION
    C:\Users\SAMD~1\AppData\Local\Temp\\setup2397252992.exe
    Task: {FFBBF448-B9B0-40D5-8E8E-BCE134F07E89} - \PCDEventLauncherTask No Task File <==== ATTENTION
    AlternateDataStreams: C:\Users\Sam D\Downloads\FiverrMiddleMan.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Sam D\Downloads\LinkedInAdvertising.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Sam D\Downloads\LinkedInLeads.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Sam D\Downloads\National-List-Attorneys.zip:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Sam D\Downloads\Ultimate_Tube_Profits.pdf:$CmdZnID


    *****************

    C:\Windows\system32\GroupPolicy\Machine => moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
    "HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
    HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{5F9575C2-1AB4-4883-8505-5C6D0DFDF2D5} => value removed successfully.
    "HKCR\PROTOCOLS\Handler\WSAMAllMyTubechrome" => key removed successfully.
    "HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => key removed successfully.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj" => key removed successfully.
    catchme => service removed successfully.
    nvvad_WaveExtensible => service removed successfully.
    WRkrn => Unable to stop service.
    WRkrn => service removed successfully.
    Could not move "C:\Windows\System32\drivers\WRkrn.sys" => Scheduled to move on reboot.
    C:\Program Files\Common Files\lpuninstall.exe => moved successfully.
    C:\Program Files\Common Files\wruninstall.exe => moved successfully.
    C:\Users\Sam D\AppData\Roaming\MultiPoster4.exe => moved successfully.
    C:\Users\Sam D\AppData\Roaming\net.telestream.wirecast.xml => moved successfully.
    C:\Users\Sam D\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_destination.png => moved successfully.
    C:\Users\Sam D\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_main.png => moved successfully.
    C:\Users\Sam D\AppData\Roaming\settings.cfg => moved successfully.
    C:\Users\Sam D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully.
    C:\Users\Sam D\AppData\Local\PUTTY.RND => moved successfully.
    C:\Users\Sam D\AppData\Local\Resmon.ResmonCfg => moved successfully.
    C:\Users\Sam D\AppData\Local\{EA8A6224-C8D9-48BF-8C16-038572217C9F} => moved successfully.
    "C:\Users\Sam D\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfcgnjl.dll" => File/Folder not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2747CF55-1A81-4664-8474-89BB26640D50}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2747CF55-1A81-4664-8474-89BB26640D50}" => key removed successfully.
    C:\Windows\System32\Tasks\1aad7560 => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1aad7560" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33C6D576-29F2-4C98-B744-E2EA051CECB4}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33C6D576-29F2-4C98-B744-E2EA051CECB4}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaxvyyvyf" => key removed successfully.
    "C:\Users\SAMD~1\AppData\Local\Temp\\setup2115342688.exe" => File/Folder not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EC408D9-C9FE-4262-AC19-55E8BFC63274}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EC408D9-C9FE-4262-AC19-55E8BFC63274}" => key removed successfully.
    C:\Windows\System32\Tasks\123bd930 => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\123bd930" => key removed successfully.
    "C:\Users\SAMD~1\AppData\Local\Temp\\setup784407880.exe" => File/Folder not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFF8A89F-6FC3-4169-B533-BFE99AD22926}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFF8A89F-6FC3-4169-B533-BFE99AD22926}" => key removed successfully.
    C:\Windows\System32\Tasks\4518aa00 => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4518aa00" => key removed successfully.
    "C:\Users\SAMD~1\AppData\Local\Temp\\setup2397252992.exe" => File/Folder not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFBBF448-B9B0-40D5-8E8E-BCE134F07E89}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFBBF448-B9B0-40D5-8E8E-BCE134F07E89}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask" => key removed successfully.
    C:\Users\Sam D\Downloads\FiverrMiddleMan.pdf => ":$CmdZnID" ADS removed successfully..
    C:\Users\Sam D\Downloads\LinkedInAdvertising.pdf => ":$CmdZnID" ADS removed successfully..
    C:\Users\Sam D\Downloads\LinkedInLeads.pdf => ":$CmdZnID" ADS removed successfully..
    C:\Users\Sam D\Downloads\National-List-Attorneys.zip => ":com.dropbox.attributes" ADS removed successfully..
    C:\Users\Sam D\Downloads\Ultimate_Tube_Profits.pdf => ":$CmdZnID" ADS removed successfully..
    => Error: No automatic fix found for this entry.

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-26 19:50:02)<=

    C:\Windows\System32\drivers\WRkrn.sys => is moved successfully

    ==== End of Fixlog 19:50:02 ====
     
  19. kingmob

    kingmob TS Rookie Topic Starter Posts: 25

    MY CPU still running very high, varies from 70% to 100% with chrome open.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    [​IMG]
    Reset Chrome...
    Click on "Customize and control Google Chrome":
    [​IMG]
    Click "Settings" then "Show advanced settings" at the bottom of the screen.
    Click "Reset browser settings" button.
    Restart Chrome.

    If the above didn't help....

    Reinstall Chrome...
    If you want to save your bookmarks...
    How to Backup Bookmarks in Google Chrome
    If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/
    • Close all Chrome windows and tabs.
    • Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
    • Click Programs and Features.
    • Double-click Google Chrome.
    • Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.
    Install fresh copy.
     
  21. kingmob

    kingmob TS Rookie Topic Starter Posts: 25

    Reinstalling chrome had no effect. I only brought it up as I had it open at the time. Using any application spikes up cpu usage to near max amount. I'm pretty sure that the problem malware/rootkit still undetected.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  23. kingmob

    kingmob TS Rookie Topic Starter Posts: 25

    Results of screen317's Security Check version 1.006
    Windows 7 x86 (UAC is enabled)
    Out of date service pack!!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    KeywordSpy SEO/PPC Plug-in 1.0.2
    SUPERAntiSpyware
    Hosts File Editor
    CCleaner
    Java 7 Update 67
    Java 8 Update 25
    Java version 32-bit out of Date!
    Adobe Flash Player 18.0.0.209
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox (39.0)
    Google Chrome (44.0.2403.107)
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2%
    ````````````````````End of Log``````````````````````
     
  24. kingmob

    kingmob TS Rookie Topic Starter Posts: 25

    Farbar Service Scanner Version: 26-07-2015
    Ran by Sam D (administrator) on 26-07-2015 at 21:42:39
    Running from "C:\Users\Sam D\Downloads"
    Microsoft Windows 7 Ultimate (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => File is digitally signed
    C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\system32\dhcpcore.dll => File is digitally signed
    C:\Windows\system32\Drivers\afd.sys => File is digitally signed
    C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
    C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\system32\dnsrslvr.dll => File is digitally signed
    C:\Windows\system32\mpssvc.dll => File is digitally signed
    C:\Windows\system32\bfe.dll => File is digitally signed
    C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\system32\SDRSVC.dll => File is digitally signed
    C:\Windows\system32\vssvc.exe => File is digitally signed
    C:\Windows\system32\wscsvc.dll => File is digitally signed
    C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\system32\wuaueng.dll => File is digitally signed
    C:\Windows\system32\qmgr.dll => File is digitally signed
    C:\Windows\system32\es.dll => File is digitally signed
    C:\Windows\system32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\system32\ipnathlp.dll => File is digitally signed
    C:\Windows\system32\iphlpsvc.dll => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  25. kingmob

    kingmob TS Rookie Topic Starter Posts: 25

    Getting user folders.

    Stopping running processes.

    Emptying Temp folders.


    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 57311 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Sam D
    ->Temp folder emptied: 1098739 bytes
    ->Temporary Internet Files folder emptied: 10649492 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 29521689 bytes
    ->Google Chrome cache emptied: 15439767 bytes
    ->Flash cache emptied: 58203 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1064796 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

    Emptying RecycleBin. Do not interrupt.

    RecycleBin emptied: 0 bytes
    Process complete!

    Total Files Cleaned = 55.00 mb
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...