FRST log (2 of 2)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-660230534-9386771-3986129850-1000] => http=127.0.0.1:50255;https=127.0.0.1:50255
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com
HKU\S-1-5-21-660230534-9386771-3986129850-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore =
http://samsung.msn.com
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {858971B9-B4DC-4D52-936D-4F77A419B0D6} URL =
http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> DefaultScope 0554F78DB8C9438E83BEE96C3671E8BB URL =
http://search.benefitbar.com/benefitbar/search/www.php?tid=a1133&sch={searchTerms}
SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> 0554F78DB8C9438E83BEE96C3671E8BB URL =
http://search.benefitbar.com/benefitbar/search/www.php?tid=a1133&sch={searchTerms}
SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
http://searchab.com/?aff=7&uid=3390b2f8-6414-11e2-afcb-e81132cd0c3e&q={searchTerms}
SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> {25EB4B57-AEBF-4948-A441-9C6D20C2651C} URL =
http://www.bing.com/search?FORM=U001DF&PC=U001&dt=061213&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> {88DC3AFE-FAF0-4808-8C7B-B74319B5C9DC} URL =
http://us.yhs4.search.yahoo.com/yhs...tPage,20120102,18482,0,0,6434&p={searchTerms}
SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> {B45E1180-07B2-4BDA-BB5E-FE78BBACE658} URL =
http://websearch.ask.com/redirect?c...pn_sauid=AA03DC7C-0768-44E2-BF13-BC40CFAE70A3
SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> {D2C0F1A9-014F-408C-8657-B0BEC7E9CCA9} URL =
http://www.mysearchresults.com/search?&c=2640&t=03&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Somoto Toolbar -> {652853ad-5592-4231-88c6-706613a52e61} -> C:\Program Files (x86)\somototoolbar\vmntemplateX.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: getsav-in 5.0 -> {A55A74F3-7602-43C9-92EC-ECE61ADE1086} -> C:\Users\patrick\AppData\Local\getsav-in\ie\getsav-in_1371059101.dll No File
BHO-x32: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-08-23] ()
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: BenefitBar -> {E155F23C-9931-47c6-A619-20E6FCA86D75} -> No File
Toolbar: HKLM-x32 - Somoto Toolbar - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll No File
Toolbar: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Winsock: Catalog9 01 C:\windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 02 C:\windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 03 C:\windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 04 C:\windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 16 C:\windows\system32\Sendori.dll File Not found ()
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2011-12-22] (Citrix Systems, Inc.)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin-x32:
www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin HKU\S-1-5-21-660230534-9386771-3986129850-1000: @fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1 -> C:\Users\patrick\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll [2014-01-03] ( )
FF Plugin HKU\S-1-5-21-660230534-9386771-3986129850-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\patrick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-660230534-9386771-3986129850-1000: @talk.google.com/O1DPlugin -> C:\Users\patrick\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-660230534-9386771-3986129850-1000: @tools.google.com/Google Update;version=3 -> C:\Users\patrick\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-660230534-9386771-3986129850-1000: @tools.google.com/Google Update;version=9 -> C:\Users\patrick\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-660230534-9386771-3986129850-1000: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll [2013-05-09] (Samsung)
FF Plugin ProgramFiles/Appdata: C:\Users\patrick\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\patrick\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
Chrome:
=======
CHR HomePage: Default -> hxxp://
www.google.com/
CHR Profile: C:\Users\patrick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-18]
CHR Extension: (Adblock Plus) - C:\Users\patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-12-01]
CHR Extension: (No Name) - C:\Users\patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\loaalbhdjmjgdckmmeflpmbacffgnmme [2012-10-16]
CHR Extension: (Amazing Coupons) - C:\Users\patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl [2013-06-12]
CHR Extension: (Google Wallet) - C:\Users\patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]
CHR HKU\S-1-5-21-660230534-9386771-3986129850-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\patrick\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-27]
CHR HKLM-x32\...\Chrome\Extension: [ippkomaaonokjnfjoikaemidanojkfmm] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\patrick\AppData\Local\Temp\ccex.crx [Not Found]
StartMenuInternet: Google Chrome.O2JHYUFJYXUUN2DDSNOWJV3QR4 - C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe
http://do-search.com/?type=sc&ts=1384814673&from=smt&uid=WDCXWD3200BPVT-35ZEST0_WD-WXD1A81D4496D4496
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe [405896 2013-05-03] (Samsung) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [X] <==== ATTENTION
S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [X]
S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [X] <==== ATTENTION
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2013-07-17] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2013-07-17] (BitDefender LLC)
S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
R1 GUBootStartup; C:\windows\System32\drivers\GUBootStartup.sys [20160 2015-03-12] (Glarysoft Ltd)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [138232 2013-07-17] (BitDefender LLC)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-09-27] (Windows (R) 2003 DDK 3790 provider)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-06-16 10:49 - 2015-06-16 10:54 - 00000000 ____D () C:\FRST
2015-06-09 04:59 - 2015-06-09 15:39 - 00001771 _____ () C:\Users\patrick\Desktop\MIGOSBULLY.txt
2015-06-07 08:24 - 2015-06-08 13:47 - 00001615 _____ () C:\Users\patrick\Desktop\if I could tell you.txt
2015-06-02 08:24 - 2015-06-08 13:50 - 00001936 _____ () C:\Users\patrick\Desktop\REPO.txt
2015-06-02 07:20 - 2015-06-02 07:45 - 00000101 _____ () C:\Users\patrick\Desktop\2Pac.txt
2015-06-02 00:11 - 2015-06-02 08:36 - 00002270 _____ () C:\Users\patrick\Desktop\DMX TYPE.txt
2015-05-29 01:51 - 2015-06-05 02:01 - 00002973 _____ () C:\Users\patrick\Desktop\Dealings.txt
2015-05-27 21:39 - 2015-05-27 23:52 - 00002587 _____ () C:\Users\patrick\Desktop\WORSHIP PRACTICE.txt
2015-05-27 02:24 - 2015-06-11 07:00 - 00002317 _____ () C:\Users\patrick\Desktop\Lil Wayne Sorry.txt
2015-05-21 16:47 - 2015-05-26 22:20 - 00002442 _____ () C:\Users\patrick\Desktop\ZEAF- Rae Sremmurd, ASAP Ferg Type Beat [Prod. Yosef].txt
2015-05-21 14:34 - 2015-05-29 00:18 - 00002991 _____ () C:\Users\patrick\Desktop\hardact yosef.txt
2015-05-18 01:18 - 2015-06-10 21:32 - 00002291 _____ () C:\Users\patrick\Desktop\yosef beat.txt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-06-16 10:47 - 2015-04-24 01:08 - 00001671 _____ () C:\Users\patrick\Desktop\lonley.txt
2015-06-16 10:47 - 2014-01-27 13:43 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-16 10:47 - 2012-08-28 16:48 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-16 10:47 - 2012-08-26 13:51 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660230534-9386771-3986129850-1000UA.job
2015-06-16 10:46 - 2013-02-07 04:04 - 01909871 _____ () C:\windows\WindowsUpdate.log
2015-06-11 15:15 - 2013-06-12 12:52 - 00000456 ____H () C:\windows\Tasks\Norton Security Scan for patrick.job
2015-06-11 02:31 - 2012-08-26 13:51 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-660230534-9386771-3986129850-1000Core.job
2015-06-11 01:43 - 2014-01-27 13:43 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-10 13:07 - 2015-04-30 03:45 - 00001916 _____ () C:\Users\patrick\Desktop\dawaythathelooves me.txt
2015-06-09 15:39 - 2009-07-14 00:13 - 00800860 _____ () C:\windows\system32\PerfStringBackup.INI
2015-06-09 03:40 - 2015-05-05 21:33 - 00001086 _____ () C:\Users\patrick\Desktop\God says.txt
2015-06-07 05:07 - 2015-04-16 10:42 - 00001893 _____ () C:\Users\patrick\Desktop\must be illumnati meek mill beat.txt
2015-06-05 02:58 - 2015-05-11 07:01 - 00002501 _____ () C:\Users\patrick\Desktop\T2.txt
2015-06-01 21:31 - 2014-11-19 15:49 - 00010865 _____ () C:\windows\setupact.log
2015-05-31 04:05 - 2009-07-13 23:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-31 04:05 - 2009-07-13 23:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-31 03:59 - 2013-02-27 01:51 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-05-31 03:58 - 2015-03-12 13:26 - 00000336 _____ () C:\windows\Tasks\GlaryInitialize 5.job
2015-05-31 03:58 - 2013-06-12 13:00 - 00000000 ____D () C:\Samsung Link
2015-05-31 03:57 - 2011-11-25 02:46 - 00000000 ____D () C:\Users\patrick\AppData\Roaming\Skype
2015-05-31 03:55 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-29 00:22 - 2015-03-28 00:08 - 00001465 _____ () C:\Users\patrick\Desktop\pray for me beat.txt
==================== Files in the root of some directories =======
2014-05-08 19:05 - 2014-05-08 19:05 - 6103040 _____ () C:\Program Files (x86)\GUT69F4.tmp
2012-12-05 20:00 - 2012-12-05 20:00 - 0017408 _____ () C:\Users\patrick\AppData\Local\WebpageIcons.db
2011-11-25 02:47 - 2011-11-25 02:47 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Some content of TEMP:
====================
C:\Users\patrick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpos40mo.dll
C:\Users\patrick\AppData\Local\Temp\pc_optimizer.exe
C:\Users\patrick\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\patrick\AppData\Local\Temp\System.Data.SQLite94543.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-04 10:11
==================== End Of Log ============================