Solved Assistance to remove malfare (istartsurf plus others), please?

[Samantha]

Can you please help? I recently downloaded a malware program unbeknownst to me and now it's caused chaos on my computer. I have run the FRST scan logs as requested and these are attached. Your help would be greatly appreciated!

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.

Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.




You have some serious infection on your PC. We can fully remove it, but I suggest not to try anything on your own. This infections is known to break your internet access and create a lot more impossible to repair issues if you don't know how to properly remove it.

Let me know when you're ready.

 

[Samantha]

All set to go! Awaiting your next response. Thanks heaps for the prompt reply, I know this is a website run by volunteers so your help is greatly appreciated.

 

[TwinHeadedEagle]

I spotted some pirated content on your PC and it is against the rules we have here.

2015-11-13 18:35 - 2015-11-13 18:35 - 00000000 ____D C:\Users\Samantha\Downloads\Arrow.S04E06.HDTV.x264-LOL[ettv]
2015-11-05 22:37 - 2015-11-06 20:51 - 00000000 ____D C:\Users\Samantha\Downloads\Arrow.S04E05.HDTV.x264-LOL[ettv]
2015-11-05 22:37 - 2015-11-06 20:50 - 00000000 ____D C:\Users\Samantha\Downloads\The.Flash.2014.S02E05.HDTV.x264-LOL[ettv]

Piracy policy

 

[Samantha]

So you did. My apologies; I'd honestly thought I'd removed anything of this nature. I have read your Piracy Policy and I understand if you cannot proceed.

Thank you for your time anyway.

 

[TwinHeadedEagle]

We can continue, but you need to remove all pirated content from your PC while working here with me.

 

[Samantha]

Thank you, I appreciate it. I believe I have removed everything of this nature. If something does pop up then it has escaped my search.

 

[Samantha]

But please let me know if if you spot anything else that looks like it's pirated.

 

[TwinHeadedEagle]

Okay, let's start with malware removal:

FRST search

Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

• Copy dnsapi.dll into the Search: field in FRST then click the Search Files button.
• FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
• Please attach it to your reply.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[Samantha]

Sorry for the lack of response the last day, I had a migraine and needed to stay off the computer.

I've run the Search and it is attached here. The log files are shown below:


EDITED: Never, never copy/paste reports, only upload them. Thanks



I look forward to your response. Whilst I don't know anything about programming, I thought the previous FRST log file produced a bit more than that. I hope I did it right.

Thanks,
Samantha.

 

[TwinHeadedEagle]

I need two FRST reports, FRST.txt and Addition.txt.

 

[Samantha]

Cool, finally got to scan it again. I did actually scan it before, I'm not sure why the FRST.txt report did not return much. Please find attached below.

My computer won't let me paste the text in this response so I have had to attach the files.

 

[Samantha]

The Search.txt file is as before, I have not rerun the scan because nothing has changed since the last scan.

 

[TwinHeadedEagle]

Uninstall some programs

We need to uninstall some unwanted/unneeded programs.

• Press the
  
  + R on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

• Compatible Web Directory
• GamesDesktop 027.005010146
• jogotempo 3.4
• Setup
• SwiftSearch 1.10.0.25

After completing uninstalls, please manually reboot your machine!

Note: If you get the message like: An error occurred while trying to uninstall, just press Yes.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Accept the Terms of use.
• Wait until the database is updated.
• Click Scan.
• When finished, please click Cleaning.
• Your PC should reboot now.
• After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Install the progam and select update.
• Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
• In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
• Click the Scan tab, choose Threat Scan is checked and click Start Scan.
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the Scan Log.
• At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

 

[Samantha]

Please see attached. Sorry, quite busy during the week but just got to it now.

AdwCleaner[C1].txt logfile:

# AdwCleaner v5.022 - Logfile created 28/11/2015 at 17:21:53
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Samantha - SAMANTHA-PC
# Running from : C:\Users\Samantha\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****

[-] Service Deleted : bsdriver
[-] Service Deleted : WdsManPro
[-] Service Deleted : swsedrvr_vw_1_10_0_25
[-] Service Deleted : wwfd_vw_1_10_0_24

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Concom
[-] Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
[-] Folder Deleted : C:\Program Files (x86)\TNT2
[-] Folder Deleted : C:\Program Files (x86)\Feed Notifier
[-] Folder Deleted : C:\Program Files\Common Files\Goobzo
[-] Folder Deleted : C:\ProgramData\SearchModule
[-] Folder Deleted : C:\ProgramData\19a87fa1ec024bbcbb41931263354405
[-] Folder Deleted : C:\ProgramData\2WMiniPro2
[-] Folder Deleted : C:\ProgramData\Avg_Update_0814tb
[-] Folder Deleted : C:\Users\Samantha\AppData\Local\apn
[-] Folder Deleted : C:\Users\Samantha\AppData\Local\SmartWeb
[-] Folder Deleted : C:\Users\Samantha\AppData\Local\BrowserAir
[-] Folder Deleted : C:\Users\Samantha\AppData\Local\803BB130-1446573932-E111-802C-B01DA2079387
[-] Folder Deleted : C:\Users\Samantha\AppData\Local\Installer\Install_18883
[-] Folder Deleted : C:\Users\Samantha\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\Users\Samantha\AppData\Roaming\istartsurf
[-] Folder Deleted : C:\Users\Samantha\AppData\Roaming\pccustubinstaller
[-] Folder Deleted : C:\Users\Samantha\AppData\Roaming\RHEng
[-] Folder Deleted : C:\Users\Samantha\AppData\Roaming\cpuminer
[-] Folder Deleted : C:\Users\Samantha\AppData\Roaming\ortmp
[-] Folder Deleted : C:\Users\Samantha\AppData\Roaming\RunDir
[-] Folder Deleted : C:\Users\Samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[-] Folder Deleted : C:\WINDOWS\SysWOW64\SearchProtect

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkopijddpkmggacdghppacglggodkcod
[-] File Deleted : C:\WINDOWS\SysNative\drivers\bsdriver.sys
[-] File Deleted : C:\WINDOWS\SysNative\drivers\cherimoya.sys
[-] File Deleted : C:\WINDOWS\SysNative\drivers\swsedrvr_vw_1_10_0_25.sys
[-] File Deleted : C:\WINDOWS\SysNative\drivers\wwfd_vw_1_10_0_24.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\Users\Samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk

***** [ Scheduled tasks ] *****

[-] Task Deleted : runTask
[-] Task Deleted : IBUpd

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\SysPlayerFile
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WdsManPro
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NetTcpHandler
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [iWebar-bg.exe]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ospd_us_013010134]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [rec_en_77]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_au_005010137]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_au_005010144]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_au_005010146]
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0035510.BHO
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0035510.BHO.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0035510.Sandbox
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0035510.Sandbox.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355555510}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366556610}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2F529F02-F496-4E94-B37D-A7694E84A60B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D6B19D6-DE21-45C0-9EDB-E7A9A2200645}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344554410}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D201910-6AE6-4530-8D7B-CB0181FB26CE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3DF0EC5A-F87C-4B1A-874E-E81863D6DE1F}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ec9129f-cb82-451d-af3a-c20578d7d17e}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0fbd7949-429a-40d2-baba-c8f31a03ef72}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a0e090da-972a-4ec7-9ceb-9be7cd2faedf}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c8bb0b19-467e-46ef-9bce-796ef8f3cc22}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e57ac0a3-66a0-49ea-8c03-315fb54e4ec8}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F6607505-0E5B-47E6-809E-EAEE53F1E4D7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355555510}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366556610}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2F529F02-F496-4E94-B37D-A7694E84A60B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D6B19D6-DE21-45C0-9EDB-E7A9A2200645}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ec9129f-cb82-451d-af3a-c20578d7d17e}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0fbd7949-429a-40d2-baba-c8f31a03ef72}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a0e090da-972a-4ec7-9ceb-9be7cd2faedf}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c8bb0b19-467e-46ef-9bce-796ef8f3cc22}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e57ac0a3-66a0-49ea-8c03-315fb54e4ec8}
[-] Key Deleted : HKCU\Software\IGearSettings
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\SysPlayer
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\BrowserAir
[-] Key Deleted : HKCU\Software\OB
[-] Key Deleted : HKCU\Software\{2B3FE8A2-C423-4F6D-a3A8-2F6BDE253672}
[-] Key Deleted : HKCU\Software\{A71EC8E5-DB6B-4224-b20C-2E7BF622284E}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKCU\Software\AppDataLow\Software\iWebar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
[-] Key Deleted : HKLM\SOFTWARE\iWebar
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\SysPlayer
[-] Key Deleted : HKLM\SOFTWARE\Avg Secure Update
[-] Key Deleted : HKLM\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\SpaceSondPro
[-] Key Deleted : HKLM\SOFTWARE\downchecker
[-] Key Deleted : HKLM\SOFTWARE\WdsManPro
[-] Key Deleted : HKLM\SOFTWARE\NetTcpHandler
[-] Key Deleted : HKLM\SOFTWARE\NtSvcHandler
[-] Key Deleted : HKLM\SOFTWARE\SmartPurpleConf
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : [x64] HKLM\SOFTWARE\SysPlayer
[-] Key Deleted : [x64] HKLM\SOFTWARE\downchecker
[-] Key Deleted : [x64] HKLM\SOFTWARE\BrowserAir
[-] Key Deleted : [x64] HKLM\SOFTWARE\SmartPurpleConf
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKU\.DEFAULT\Software\{2B3FE8A2-C423-4F6D-a3A8-2F6BDE253672}
[-] Key Deleted : HKU\.DEFAULT\Software\{A71EC8E5-DB6B-4224-b20C-2E7BF622284E}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\iWebar
[-] Key Deleted : HKU\S-1-5-19\Software\{2B3FE8A2-C423-4F6D-a3A8-2F6BDE253672}
[-] Key Deleted : HKU\S-1-5-19\Software\{A71EC8E5-DB6B-4224-b20C-2E7BF622284E}
[-] Key Deleted : HKU\S-1-5-20\Software\{2B3FE8A2-C423-4F6D-a3A8-2F6BDE253672}
[-] Key Deleted : HKU\S-1-5-20\Software\{A71EC8E5-DB6B-4224-b20C-2E7BF622284E}
[-] Key Deleted : HKU\S-1-5-21-3910472325-4293627743-2270786039-1000_Classes\Software\{2B3FE8A2-C423-4F6D-a3A8-2F6BDE253672}
[-] Key Deleted : HKU\S-1-5-21-3910472325-4293627743-2270786039-1000_Classes\Software\{A71EC8E5-DB6B-4224-b20C-2E7BF622284E}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C884A4BC-F8A3-4B6A-95DF-695C615E6956}
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\re-markit.co
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.re-markit00.re-markit.co
[-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\re-markit.co
[-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.re-markit00.re-markit.co

***** [ Web browsers ] *****

[-] [C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.istartsurf.com/webfavicon.ico
[-] [C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jmfkcklnlgedgbglfkkgedjfmejoahla
[-] [C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [14729 bytes] ##########



mbam-log.txt logfile:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28-Nov-15
Scan Time: 5:36 PM
Logfile: mbam-log.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.28.01
Rootkit Database: v2015.11.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Samantha

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 383642
Time Elapsed: 26 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 25
PUP.Optional.TidyNetwork, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F9E769ED-1DA4-43FC-A89E-6DD15B8AAA1A}, Quarantined, [79e8bdc6bfccfa3c764568b6669c32ce],
PUP.Optional.TidyNetwork, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F9E769ED-1DA4-43FC-A89E-6DD15B8AAA1A}, Quarantined, [79e8bdc6bfccfa3c764568b6669c32ce],
PUP.Optional.DeskBar, HKLM\SOFTWARE\MICROSOFT\TRACING\DeskBar_RASAPI32, Quarantined, [1b46a5de6823e353e8cd694ea45fd030],
PUP.Optional.DeskBar, HKLM\SOFTWARE\MICROSOFT\TRACING\DeskBar_RASMANCS, Quarantined, [ff62582b6d1ea98d556071469a69817f],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_DanLotdax, Quarantined, [b8a92162414a80b6ed71c422f40ff907],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Lamdex, Quarantined, [f170f1927a111521f8665393857e718f],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_U-doncof, Quarantined, [62ff2c5749420b2b055927bfd330966a],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Zerla, Quarantined, [0859146fb4d7350105597274679c38c8],
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\Crossbrowse, Quarantined, [7de40c772467bd7994d9ec8e47bc2ad6],
PUP.Optional.MyBrowser, HKLM\SOFTWARE\WOW6432NODE\MyBrowser, Quarantined, [bfa2e59e365540f6b1863f75768d8080],
PUP.Optional.SwiftSearch, HKLM\SOFTWARE\WOW6432NODE\SwiftSearch_1.10.0.25, Quarantined, [4819ff84e0abe4524a508b1bb152da26],
PUP.Optional.Vitruvian, HKLM\SOFTWARE\WOW6432NODE\WordWizard_1.10.0.24, Quarantined, [4819592abad1b383a2fbf5c12dd6bb45],
PUP.Optional.CrossBrowse, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\Crossbrowse, Quarantined, [88d98003701b4de9491fdaa031d247b9],
PUP.Optional.MyBrowser, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MyBrowser, Quarantined, [471a3e455f2c0135fa9e8e2654afc739],
PUP.Optional.CrossRider, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0EC9129F-CB82-451D-AF3A-C20578D7D17E}, Quarantined, [332ef58e602be5515ed3cab3d52e629e],
PUP.Optional.CrossRider, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0FBD7949-429A-40D2-BABA-C8F31A03EF72}, Quarantined, [c1a02261fe8d9c9a73bd235a4db601ff],
PUP.Optional.CrossRider, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6441C18C-F6C4-4B79-BA41-728C4ACF24D0}, Quarantined, [f26fe79c6c1fa98d19180d7041c2ac54],
PUP.Optional.CrossRider, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6D6DF08A-C5A8-4381-9F4C-78E96163EF66}, Quarantined, [acb5671c9eedcc6ac868b8c52ad9926e],
PUP.Optional.CrossRider, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9FB4EA6A-F4AF-40F1-B1C8-D7F1FEFC9869}, Quarantined, [c0a13152cebd55e1052ca4d9c1425fa1],
PUP.Optional.CrossRider, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A3D93C7C-6465-4CF2-B051-9B889641E0C0}, Quarantined, [2041ef94860531054be699e4976c2dd3],
PUP.Optional.CrossRider, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CF3E59FA-E730-4F1E-B83B-E51CE2944CF9}, Quarantined, [85dc5a29bdcefa3c7ab6daa3778c6b95],
PUP.Optional.CrossRider, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E57AC0A3-66A0-49EA-8C03-315FB54E4EC8}, Quarantined, [6cf5cdb67912bb7bf33cc3ba768d9e62],
PUP.Optional.CrossRider, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6509350-CC91-4798-91BF-C3723B5C84D6}, Quarantined, [70f1daa923683df9240dacd1ab58cf31],
PUP.Optional.CrossRider, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E91F03E4-DB11-4B68-9D3C-147EAD8A3676}, Quarantined, [134e146fa9e223137ab67ffe986b53ad],
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\SOFTWARE\{A71EC8E5-DB6B-4224-B20C-2E7BF622284E}, Quarantined, [ce93344f315ad85ebdfbd59781829769],

Registry Values: 17
PUP.Optional.SpaceSoundPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SpaceSoundPro, "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe", Quarantined, [98c97b085c2f4ee8b3f4bce7fe057090]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.sonic-search.com/?p=mKO...1ge_U91Ft_aeHyrW1FtikMyzh2tMc&q={searchTerms}, Quarantined, [3031493a06858babcaca3c2d44bf49b7]
PUP.Optional.Linkury, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\ENVIRONMENT|SNP, http://feed.snapdo.com?publisher=AP...e=05/11/2015&barcodeid=50045888&channelid=888, Quarantined, [77ea137008834aec51115736e1228c74]
PUP.Optional.Linkury, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\ENVIRONMENT|SNF, C:\ProgramData\Zitenops\snp.sc, Quarantined, [2a376a193853ef47a2bfb9d46e95ed13]
PUP.Optional.CrossRider, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0ec9129f-cb82-451d-af3a-c20578d7d17e}|AppName, iWebar-codedownloader.exe, Quarantined, [332ef58e602be5515ed3cab3d52e629e]
PUP.Optional.CrossRider, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0fbd7949-429a-40d2-baba-c8f31a03ef72}|AppName, iWebar-buttonutil.exe, Quarantined, [c1a02261fe8d9c9a73bd235a4db601ff]
PUP.Optional.CrossRider, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6441C18C-F6C4-4B79-BA41-728C4ACF24D0}|AppName, iWebar-enabler.exe-codedownloader.exe, Quarantined, [f26fe79c6c1fa98d19180d7041c2ac54]
PUP.Optional.CrossRider, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6D6DF08A-C5A8-4381-9F4C-78E96163EF66}|AppName, iWebar-enabler.exe-buttonutil.exe, Quarantined, [acb5671c9eedcc6ac868b8c52ad9926e]
PUP.Optional.CrossRider, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9FB4EA6A-F4AF-40F1-B1C8-D7F1FEFC9869}|AppName, iWebar-enabler.exe-codedownloader.exe, Quarantined, [c0a13152cebd55e1052ca4d9c1425fa1]
PUP.Optional.CrossRider, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A3D93C7C-6465-4CF2-B051-9B889641E0C0}|AppName, iWebar-enabler.exe-codedownloader.exe, Quarantined, [2041ef94860531054be699e4976c2dd3]
PUP.Optional.CrossRider, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CF3E59FA-E730-4F1E-B83B-E51CE2944CF9}|AppName, iWebar-enabler.exe-buttonutil.exe, Quarantined, [85dc5a29bdcefa3c7ab6daa3778c6b95]
PUP.Optional.CrossRider, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e57ac0a3-66a0-49ea-8c03-315fb54e4ec8}|AppName, iWebar-bg.exe, Quarantined, [6cf5cdb67912bb7bf33cc3ba768d9e62]
PUP.Optional.CrossRider, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6509350-CC91-4798-91BF-C3723B5C84D6}|AppName, iWebar-enabler.exe-codedownloader.exe, Quarantined, [70f1daa923683df9240dacd1ab58cf31]
PUP.Optional.CrossRider, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E91F03E4-DB11-4B68-9D3C-147EAD8A3676}|AppName, iWebar-enabler.exe-buttonutil.exe, Quarantined, [134e146fa9e223137ab67ffe986b53ad]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.sonic-search.com/?p=mKO...1ge_U91Ft_aeHyrW1FtikMyzh2tMc&q={searchTerms}, Quarantined, [d190d1b2abe0bc7aafe2e188a65d11ef]
PUM.Optional.LowRiskFileTypes, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;, Quarantined, [f76a146faae139fd28fc15ca5da60bf5]
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\SOFTWARE\{A71EC8E5-DB6B-4224-b20C-2E7BF622284E}|Name, C:\Program Files\shopperz031120150809\Mejepe.exe, Quarantined, [ce93344f315ad85ebdfbd59781829769]

Registry Data: 1
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.sonic-search.com/?p=mKO...1ge_U91Ft_aeHyrW1FtikMyzh2tMc&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.sonic-search.com/?p=mKO...aeHyrW1FtikMyzh2tMc&q={searchTerms}),Replaced,[6ef3f39097f4cc6aae6daebbea1a19e7]

Folders: 61
PUP.Optional.VBates, C:\Users\Samantha\AppData\LocalLow\Company\Product\1.0, Quarantined, [ca97f58e167565d19440b406f40f47b9],
PUP.Optional.VBates, C:\Users\Samantha\AppData\LocalLow\Company\Product, Quarantined, [ca97f58e167565d19440b406f40f47b9],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\css, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\html, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\bg, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ca, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\cs, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\da, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\de, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\el, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en_GB, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es_419, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\et, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fi, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fil, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fr, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hi, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hr, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hu, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\id, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\it, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ja, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ko, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lt, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lv, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nb, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nl, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pl, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_BR, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_PT, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ro, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ru, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sk, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sl, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sr, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sv, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\th, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\tr, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\uk, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\vi, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_CN, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_TW, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_metadata, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\GPUCache, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIcons, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Extension Settings, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Storage, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Zitenops, Quarantined, [fc655033256680b6a54ce5ade12139c7],

Files: 128
Rootkit.Komodia.PUA, C:\WINDOWS\SYSTEM32\drivers\bsdriver.sys, Delete-on-Reboot, [0b0b298d1fc4f3af91c6d1e827f26565],
PUP.Optional.Shopperz.BrwsrFlsh, C:\WINDOWS\SYSTEM32\drivers\cherimoya.sys, Delete-on-Reboot, [a796336f771e0f5990cd80131098c894],
PUP.Optional.Komodia.WnskRST, C:\WINDOWS\System32\Mulboyckoy64.dll, Quarantined, [0c5581024843ee48872a9dfcc938df21],
PUP.Optional.Winsock.WnskRST, C:\WINDOWS\System32\Pigrinnofd64.dll, Quarantined, [4918c7bc8a016dc9174e90ca8c7527d9],
PUP.Optional.Komodia.WnskRST, C:\WINDOWS\SysWOW64\Mulboyckoy.dll, Quarantined, [b8a903804e3d5bdb3a3da2f7936e4fb1],
PUP.Optional.Komodia.WnskRST, C:\WINDOWS\SysWOW64\Pigrinnofd.dll, Quarantined, [3928bac9414abe781b5cd4c50cf522de],
PUP.Optional.CrossRider, C:\Users\Samantha\AppData\Local\Beach Extension\xBin\BeachExtension.dll, Quarantined, [a6bb275c6b20290d2d05d6d425dccc34],
PUP.Optional.Downloader, C:\WINDOWS\chromebrowser.exe, Quarantined, [76eb3053880384b29fe1035acd37aa56],
PUP.Optional.Komodia.WnskRST, C:\WINDOWS\System32\MulboyckoyOff.ini, Quarantined, [6bf6542f8b00b086b75ddfb806fcb14f],
PUP.Optional.Komodia.WnskRST, C:\WINDOWS\SysWOW64\Mulboyckoy.ini, Quarantined, [cd94344fc8c3ab8b83917f1808fa12ee],
PUP.Optional.Komodia.WnskRST, C:\WINDOWS\SysWOW64\MulboyckoyOff.ini, Quarantined, [372a1073d9b27abca86c6c2ba55d44bc],
PUP.Optional.SideCubes, C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.sidecubes.com_0.localstorage, Delete-on-Reboot, [20411a69167535019c242a77a360c63a],
PUP.Optional.SideCubes, C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.sidecubes.com_0.localstorage-journal, Quarantined, [2e3394eff695f73fb20e940ded160ff1],
PUP.Optional.VBates, C:\Users\Samantha\AppData\LocalLow\Company\Product\1.0\localStorageIE.txt, Quarantined, [ca97f58e167565d19440b406f40f47b9],
PUP.Optional.VBates, C:\Users\Samantha\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt, Quarantined, [ca97f58e167565d19440b406f40f47b9],
PUP.Optional.Linkury.ShrtCln, C:\WINDOWS\System32\Tasks\psv_DanLotdax, Quarantined, [550cd2b1cdbe63d39dbeaa3c847fce32],
PUP.Optional.Linkury.ShrtCln, C:\WINDOWS\System32\Tasks\psv_Lamdex, Quarantined, [f66bb7cca3e8b2840853697d09fa2ad6],
PUP.Optional.Linkury.ShrtCln, C:\WINDOWS\System32\Tasks\psv_U-doncof, Quarantined, [adb4fa890e7dd36397c4ad39e12201ff],
PUP.Optional.Linkury.ShrtCln, C:\WINDOWS\System32\Tasks\psv_Zerla, Quarantined, [6ef3bbc84942171f6bf0c125768d38c8],
PUP.Optional.Komodia.WnskRST, C:\WINDOWS\System32\PigrinnofdOff.ini, Quarantined, [5809a1e2a0ebd16588de7c6b986b54ac],
PUP.Optional.Komodia.WnskRST, C:\WINDOWS\SysWOW64\Pigrinnofd.ini, Quarantined, [bca5bec58dfeb1850c5a36b1d132dd23],
PUP.Optional.Komodia.WnskRST, C:\WINDOWS\SysWOW64\PigrinnofdOff.ini, Quarantined, [5b06bcc7e5a6e65005619a4d2fd411ef],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\chrome.dat, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\First Run, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Local State, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Network Action Predictor-journal, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cookies, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cookies-journal, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Current Session, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Favicons, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Favicons-journal, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Google Profile.ico, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\History, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\History Provider Cache, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\History-journal, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Login Data, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Login Data-journal, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Network Action Predictor, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Preferences, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\README, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Secure Preferences, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Shortcuts, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Shortcuts-journal, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Top Sites, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Top Sites-journal, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Visited Links, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Web Data, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Web Data-journal, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\data_0, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\data_1, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\data_2, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\data_3, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\index, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State\000005.ldb, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State\000006.log, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State\CURRENT, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State\LOCK, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State\LOG, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State\LOG.old, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State\MANIFEST-000004, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\craw_background.js, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\craw_window.js, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\manifest.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\css\craw_window.css, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\html\craw_window.html, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\flapper.gif, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\icon_128.png, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\icon_16.png, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button.png, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button_close.png, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button_hover.png, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button_maximize.png, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button_pressed.png, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\bg\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ca\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\cs\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\da\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\de\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\el\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en_GB\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es_419\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\et\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fi\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fil\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fr\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hi\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hr\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hu\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\id\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\it\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ja\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ko\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lt\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lv\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nb\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nl\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pl\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_BR\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_PT\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ro\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ru\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sk\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sl\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sr\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sv\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\th\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\tr\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\uk\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\vi\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_CN\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_TW\messages.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_metadata\verified_contents.json, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\GPUCache\data_0, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\GPUCache\data_1, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\GPUCache\data_2, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\GPUCache\data_3, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\GPUCache\index, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIcons\1F3.tmp, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIcons\1F4.tmp, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.MyBrowser, C:\Users\Samantha\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal, Quarantined, [f46d52319af15ed874f5fc9444bed828],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Zitenops\ff.HP, Quarantined, [fc655033256680b6a54ce5ade12139c7],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Zitenops\ff.NT, Quarantined, [fc655033256680b6a54ce5ade12139c7],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Zitenops\snp.sc, Quarantined, [fc655033256680b6a54ce5ade12139c7],
PUP.Optional.HijackHosts.Gen, C:\WINDOWS\System32\rec\hozy\pesk.dat, Quarantined, [80e1d1b23a51d6607fac4c450301c937],
PUP.Optional.HijackHosts.Gen, C:\WINDOWS\System32\pae\aai\fieja.dat, Quarantined, [8fd2740f810a06305ecec8c9689cae52],

Physical Sectors: 0
(No malicious items detected)


(end)

_______

A/N: Already, I've noticed that Chrome did not open with the istartsurf home page so pretty happy. I'm guessing there is not much more to do, if anything.

 

[TwinHeadedEagle]

Okay, your PC is pretty much clean now, but let's make our final check:

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[Samantha]

Great to hear! Please see below.

FRST.txt logfile:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-11-2015
Ran by Samantha (administrator) on SAMANTHA-PC (29-11-2015 18:24:13)
Running from C:\Users\Samantha\Desktop
Loaded Profiles: Samantha (Available Profiles: Samantha & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\WINDOWS\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Spotify Ltd) C:\Users\Samantha\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Google Inc.) C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Samantha\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [981888 2011-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [285608 2011-09-24] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-08-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [598448 2011-06-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TOSDCR] => %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA)
HKLM-x32\...\Run: [TSUScheduler] => C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe [923520 2011-08-19] (TOSHIBA Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\...\Run: [Google Update] => C:\Users\Samantha\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\...\Run: [Spotify Web Helper] => C:\Users\Samantha\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-06-06] (Spotify Ltd)
HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN Client.exe [17254400 2015-07-12] (NordVPN Inc.)
HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\...\Run: [Private Internet Access] => C:\Program Files\pia_manager\pia_manager.exe [8817658 2015-08-13] ()
HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\...\RunOnce: [Uninstall C:\Users\Samantha\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Samantha\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\...\RunOnce: [Uninstall C:\Users\Samantha\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Samantha\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\...\RunOnce: [Uninstall C:\Users\Samantha\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Samantha\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\...\RunOnce: [Uninstall C:\Users\Samantha\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Samantha\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{f7323201-1eb3-4e44-a071-b751f1038f91}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-07-13] (<TOSHIBA>)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-07-13] (<TOSHIBA>)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-15] ()
FF Plugin HKU\S-1-5-21-3910472325-4293627743-2270786039-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Samantha\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-3910472325-4293627743-2270786039-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Samantha\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)

Chrome:
=======
CHR Plugin: (Native Client) - C:\Users\Samantha\AppData\Local\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Samantha\AppData\Local\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Samantha\AppData\Local\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => No File
CHR Plugin: (Norton Confidential) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\6.0.2_0\npcoplgn.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll => No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Samantha\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Profile: C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-02]
CHR Extension: (Gmail) - C:\Users\Samantha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athwbx.sys [4265984 2014-12-11] (Qualcomm Atheros Communications, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-08-04] (Toshiba Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S1 bsdriver; \??\C:\WINDOWS\system32\drivers\bsdriver.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-29 17:55 - 2015-11-29 17:55 - 00016148 _____ C:\WINDOWS\system32\SAMANTHA-PC_Samantha_HistoryPrediction.bin
2015-11-28 18:09 - 2015-11-28 18:09 - 00046509 _____ C:\Users\Samantha\Desktop\mbam-log.txt
2015-11-28 17:32 - 2015-11-28 18:07 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-28 17:30 - 2015-11-28 17:30 - 00001186 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-28 17:30 - 2015-11-28 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-28 17:30 - 2015-11-28 17:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-28 17:30 - 2015-11-28 17:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-28 17:30 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-28 17:30 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-28 17:30 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-28 17:28 - 2015-11-28 17:28 - 22908888 _____ (Malwarebytes ) C:\Users\Samantha\Desktop\mbam-setup-2.2.0.1024.exe
2015-11-28 17:27 - 2015-11-28 17:28 - 22908888 _____ (Malwarebytes ) C:\Users\Samantha\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-28 17:19 - 2015-11-28 17:21 - 00000000 ____D C:\AdwCleaner
2015-11-28 17:18 - 2015-11-28 17:18 - 01733632 _____ C:\Users\Samantha\Downloads\AdwCleaner.exe
2015-11-28 17:18 - 2015-11-28 17:18 - 01733632 _____ C:\Users\Samantha\Desktop\AdwCleaner.exe
2015-11-28 17:03 - 2015-11-28 17:16 - 00042544 _____ C:\Users\Samantha\Desktop\Fixlog.txt
2015-11-28 17:02 - 2015-11-28 17:02 - 00035408 _____ C:\Users\Samantha\Downloads\fixlist.txt
2015-11-22 19:20 - 2015-11-22 19:21 - 00044959 _____ C:\Users\Samantha\Desktop\Addition.txt
2015-11-22 19:18 - 2015-11-29 18:24 - 00014402 _____ C:\Users\Samantha\Desktop\FRST.txt
2015-11-17 20:55 - 2015-11-17 20:59 - 00001099 _____ C:\Users\Samantha\Desktop\Search.txt
2015-11-17 20:54 - 2015-11-28 17:03 - 02349056 _____ (Farbar) C:\Users\Samantha\Desktop\FRST64.exe
2015-11-17 20:54 - 2015-11-28 17:03 - 00000000 ____D C:\Users\Samantha\Desktop\FRST-OlderVersion
2015-11-15 12:57 - 2015-11-15 12:57 - 05286088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-11-06 23:26 - 2015-11-06 23:26 - 00000000 ____D C:\Users\Samantha\AppData\Roaming\Opera Software
2015-11-06 23:26 - 2015-11-06 23:26 - 00000000 ____D C:\Users\Samantha\AppData\Local\Opera Software
2015-11-06 21:14 - 2015-11-06 23:37 - 00000000 ____D C:\Program Files (x86)\Opera
2015-11-06 21:13 - 2015-11-06 21:13 - 00000000 ____D C:\WINDOWS\system32\rec
2015-11-06 20:59 - 2015-11-29 18:24 - 00000000 ____D C:\FRST
2015-11-06 20:58 - 2015-11-06 20:58 - 02198528 _____ (Farbar) C:\Users\Samantha\Downloads\FRST64.exe
2015-11-06 12:46 - 2015-11-06 12:46 - 00186880 _____ (TODO: <Company name>) C:\WINDOWS\system32\rsrcs.dll
2015-11-03 18:09 - 2015-11-06 21:14 - 00000000 ____D C:\Users\Samantha\AppData\Local\Tempfolder
2015-11-03 18:09 - 2015-11-03 18:09 - 00000000 ____D C:\WINDOWS\system32\pae
2015-11-03 18:08 - 2015-11-28 18:03 - 00000000 ____D C:\Users\Samantha\AppData\LocalLow\Company
2015-11-03 18:08 - 2015-11-03 18:08 - 00000000 ____D C:\uninst
2015-11-03 18:05 - 2015-11-05 22:32 - 00000000 ____D C:\Users\Samantha\AppData\Local\Beach Extension
2015-11-03 18:05 - 2009-06-11 08:00 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-11-03 18:02 - 2015-11-03 18:02 - 00000000 ____D C:\Program Files (x86)\DivX
2015-11-03 17:58 - 2015-11-03 17:58 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2015-11-03 17:58 - 2015-11-03 17:58 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2015-11-03 17:58 - 2015-11-03 17:58 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2015-11-03 17:58 - 2015-11-03 17:58 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2015-11-03 17:58 - 2015-11-03 17:58 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2015-11-03 17:58 - 2015-11-03 17:58 - 00000000 ____D C:\Users\DefaultAppPool
2015-11-03 17:58 - 2015-08-02 21:53 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\TuneUp Software
2015-11-03 17:58 - 2015-08-02 21:53 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2015-11-03 17:58 - 2015-08-02 21:53 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2015-11-03 17:58 - 2015-08-02 21:53 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2015-10-31 18:44 - 2015-10-28 10:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-31 18:44 - 2015-10-28 10:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-31 18:44 - 2015-10-21 23:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-10-31 18:44 - 2015-10-21 23:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-31 18:44 - 2015-10-21 23:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-31 18:44 - 2015-10-21 23:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-31 18:44 - 2015-10-21 23:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-31 18:44 - 2015-10-21 22:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-31 18:44 - 2015-10-21 22:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-31 18:44 - 2015-10-21 22:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-10-31 18:44 - 2015-10-21 22:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-31 18:44 - 2015-10-21 22:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-31 18:44 - 2015-10-21 22:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-31 18:44 - 2015-10-21 22:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-10-31 18:44 - 2015-10-21 22:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-31 18:44 - 2015-10-21 22:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-10-31 18:44 - 2015-10-21 22:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-31 18:44 - 2015-10-21 22:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-31 18:44 - 2015-10-21 16:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-31 18:44 - 2015-10-21 16:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-31 18:44 - 2015-10-21 16:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-31 18:44 - 2015-10-21 16:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-31 18:44 - 2015-10-21 16:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-31 18:44 - 2015-10-21 16:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-31 18:44 - 2015-10-21 16:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-31 18:44 - 2015-10-21 15:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-10-31 18:43 - 2015-10-21 23:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-10-31 18:43 - 2015-10-21 22:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-10-31 18:43 - 2015-10-21 22:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-10-31 18:43 - 2015-10-21 22:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-10-31 18:43 - 2015-10-21 22:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-10-31 18:43 - 2015-10-21 16:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-10-31 18:43 - 2015-10-21 15:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-31 18:43 - 2015-10-21 15:55 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-10-31 13:28 - 2015-10-31 13:28 - 00130193 _____ C:\Users\Samantha\Downloads\SASMR Flyer Nov.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-29 18:25 - 2012-05-27 12:52 - 00000944 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3910472325-4293627743-2270786039-1000UA.job
2015-11-29 18:24 - 2013-06-15 00:23 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-29 18:12 - 2015-07-10 22:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-29 18:08 - 2015-07-10 22:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-29 17:57 - 2012-12-06 07:56 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-28 18:10 - 2015-08-02 21:48 - 01005662 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-28 18:10 - 2015-07-10 22:02 - 00000000 ____D C:\WINDOWS\INF
2015-11-28 18:06 - 2013-06-15 00:23 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-28 18:05 - 2015-07-10 23:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-28 18:05 - 2015-07-10 20:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-28 18:03 - 2015-07-10 20:05 - 00000000 ____D C:\WINDOWS
2015-11-28 17:21 - 2015-06-06 21:09 - 00000000 ____D C:\Users\Samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2015-11-28 16:38 - 2015-07-10 21:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-22 19:24 - 2012-05-22 22:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-20 21:25 - 2012-05-27 12:52 - 00000892 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3910472325-4293627743-2270786039-1000Core.job
2015-11-20 21:18 - 2015-08-02 22:16 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-11-13 18:50 - 2012-06-10 23:30 - 00000000 ____D C:\Users\Samantha\AppData\Local\Downloaded Installations
2015-11-13 18:43 - 2013-12-14 17:59 - 00000000 ____D C:\Users\Samantha\AppData\Roaming\uTorrent
2015-11-06 19:42 - 2011-12-15 09:51 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
2015-11-06 19:42 - 2009-07-14 16:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-06 18:49 - 2012-08-16 16:10 - 00000000 ____D C:\ProgramData\Downloader
2015-11-05 22:31 - 2015-07-10 22:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-04 18:51 - 2015-08-02 22:19 - 00002400 _____ C:\Users\Samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-04 18:51 - 2015-08-02 22:19 - 00000000 ___RD C:\Users\Samantha\OneDrive
2015-11-04 05:20 - 2015-07-10 22:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-04 05:20 - 2015-07-10 22:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-03 19:05 - 2015-08-02 22:16 - 00000000 ____D C:\Users\Samantha\AppData\Local\Packages
2015-11-03 13:34 - 2011-09-13 13:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-11-03 13:33 - 2015-06-12 21:22 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-02 16:51 - 2015-07-10 22:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-02 16:18 - 2015-07-10 22:04 - 00000000 ____D C:\WINDOWS\system32\appraiser

Some files in TEMP:
====================
C:\Users\Samantha\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-06 19:06

==================== End of FRST.txt ============================


Addition.txt logfile:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-11-2015
Ran by Samantha (2015-11-29 18:25:51)
Running from C:\Users\Samantha\Desktop
Windows 10 Home (X64) (2015-08-02 11:16:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3910472325-4293627743-2270786039-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3910472325-4293627743-2270786039-503 - Limited - Disabled)
Guest (S-1-5-21-3910472325-4293627743-2270786039-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3910472325-4293627743-2270786039-1006 - Limited - Enabled)
Samantha (S-1-5-21-3910472325-4293627743-2270786039-1000 - Administrator - Enabled) => C:\Users\Samantha

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.0.0.9 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.13(T) - TOSHIBA CORPORATION)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel(R) Identity Protection Technology 1.2.18.0 (HKLM-x32\...\{9602841E-ECE2-1019-AAEE-906A4DE25D6B}) (Version: 1.2.18.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.5 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2509 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{6E579724-82F9-454C-A98E-39DDDAB167FF}) (Version: 1.0.0.1008 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.25.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.25.0 - Renesas Electronics Corporation) Hidden
RICOH Media Driver v2.15.17.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.15.17.02 - RICOH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.6 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 2.1.17.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{A9FD58A9-7640-4E61-B166-F5FBAD8219F6}) (Version: 8.0.42 - TOSHIBA CORPORATION)
TOSHIBA eco Utility (HKLM\...\{41C2B21A-63BB-4377-9567-A97B15F21E59}) (Version: 1.3.7.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.6 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.11.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2003 - TOSHIBA Corporation)
TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.9 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.9 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Sync Utility (HKLM-x32\...\{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}) (Version: 2.0.3090 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.9.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.29 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3910472325-4293627743-2270786039-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Samantha\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3910472325-4293627743-2270786039-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Samantha\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3910472325-4293627743-2270786039-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Samantha\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3910472325-4293627743-2270786039-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Samantha\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3910472325-4293627743-2270786039-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Samantha\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3910472325-4293627743-2270786039-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Samantha\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3910472325-4293627743-2270786039-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Samantha\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3910472325-4293627743-2270786039-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Samantha\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3910472325-4293627743-2270786039-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Samantha\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3910472325-4293627743-2270786039-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Samantha\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3910472325-4293627743-2270786039-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Samantha\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3910472325-4293627743-2270786039-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Samantha\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:34 - 2009-06-11 08:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04FD54E0-92E2-4A90-8FA6-012740723F8D} - \Install -> No File <==== ATTENTION
Task: {0D293B09-8171-4B2B-BB84-9EDA324C31F6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {0EAB3D3A-07A3-40FD-9518-55784F896DFD} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {1283942A-E82B-4539-9E5B-DB5047C22A5F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {21639AFA-5FD5-4829-9617-130C5EDE4377} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {22D4AEF8-36B2-4A61-B5E7-7A8B085990AA} - \snp -> No File <==== ATTENTION
Task: {27A0E448-935C-4350-885C-CAC7ADBB8BFE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {2893655C-7D52-44FF-821A-F6FFEC3BDAEC} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-15] (Adobe Systems Incorporated)
Task: {3FE80732-7237-4BC0-8668-49415EE8B500} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3910472325-4293627743-2270786039-1000UA => C:\Users\Samantha\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4A8BA539-F01E-4F0F-A101-1EC292FF2BA1} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {5B92CDCF-7E5A-4E08-8507-E2AD791D9B82} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {5E4FE9D3-F5F3-4774-BC46-2051E43EE0AE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {63E9184F-C2D5-4A22-AB96-9299928A6245} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {67343AE6-6F86-417D-82F9-9DA9C5EC46F8} - \psv_DanLotdax -> No File <==== ATTENTION
Task: {6D95CF56-0745-4A20-A74F-6946E84FE352} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-21] (Microsoft Corporation)
Task: {6E953CD5-C3A7-4056-82BB-F4AFE5FE66B0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {6F94D398-5C72-4B03-BDF9-DE3895602D4E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {6FC42B6D-2515-47CA-9235-52C7453E2D2B} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {77320E0C-218B-4A3B-8AF2-0A1E65086EAE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {7B267DC0-8B67-4190-9C76-4EEFF907DA79} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {89E64BCC-3F98-486F-B834-7C4D2C20C84F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {8ADFA54A-16FD-4A97-8CFF-EA0F830732AB} - \psv_U-doncof -> No File <==== ATTENTION
Task: {9EB504C1-344B-4F6D-B436-F15497FF3FFB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9F551074-7524-46B8-9D7C-7C8F777A47B1} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {B018634E-0B6A-44F9-9AD6-ED132068610E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3910472325-4293627743-2270786039-1000Core => C:\Users\Samantha\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B58DCC70-56F1-4A79-961B-2ADF04387535} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {B844C64E-0544-4B69-AC46-CEBB8F321197} - \snf -> No File <==== ATTENTION
Task: {BC0EFB08-210C-4F3C-9C4E-848A770D2B34} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {C4FC818F-A0E6-486C-A9AC-667E7BB733A0} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C6773BEA-EE3A-4EB5-A1AC-A7F2B33E3626} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {CC27B519-AABD-4CC3-BEF0-1F611FA8781A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {CE4B54E8-AF2B-4E02-BE39-4B14F96C950F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {D1A5D6E9-B2C3-47EA-A4B9-03AFFD1F604B} - \psv_Zerla -> No File <==== ATTENTION
Task: {D9E36153-E729-4C99-BB04-66A0F87ADA66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E6CFB4B0-2E38-442D-9DD6-74B3BE0C6601} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {EF5810FC-57FF-44AC-A5D8-73FB591A04AB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {FC617A3F-C97B-441D-8756-0427C9B6AFED} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {FD85B46C-4003-43C2-88E3-BE7092866966} - \psv_Lamdex -> No File <==== ATTENTION
Task: {FF1269D8-9F01-4B46-B4BB-D2912E159C9C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3910472325-4293627743-2270786039-1000Core.job => C:\Users\Samantha\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3910472325-4293627743-2270786039-1000UA.job => C:\Users\Samantha\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-08-03 15:33 - 2015-08-03 15:33 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2012-08-10 15:14 - 2012-07-31 13:01 - 00087152 _____ () C:\WINDOWS\System32\cpwmon64.dll
2015-08-22 19:27 - 2015-08-11 20:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-21 19:46 - 2015-09-17 17:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-21 19:46 - 2015-09-17 17:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-21 19:46 - 2015-09-17 16:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-21 19:47 - 2015-09-17 16:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-21 19:45 - 2015-09-17 16:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-21 19:45 - 2015-09-17 16:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-21 19:46 - 2015-09-17 16:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 22:00 - 2015-06-01 22:00 - 00102912 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2011-08-23 10:19 - 2011-08-23 10:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-12-01 05:37 - 2010-12-01 05:37 - 00048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-04 09:15 - 2010-03-04 09:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-04 09:15 - 2010-03-04 09:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2011-08-13 09:57 - 2011-08-13 09:57 - 00437632 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2010-12-16 10:19 - 2010-12-16 10:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-06-10 16:09 - 2011-06-10 16:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-11-13 19:36 - 2015-11-07 15:36 - 01532744 _____ () C:\Users\Samantha\AppData\Local\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-13 19:36 - 2015-11-07 15:36 - 00081224 _____ () C:\Users\Samantha\AppData\Local\Google\Chrome\Application\46.0.2490.86\libegl.dll
2015-11-13 19:36 - 2015-11-07 15:36 - 16496456 _____ () C:\Users\Samantha\AppData\Local\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3910472325-4293627743-2270786039-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Samantha\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{09B8D297-A819-4F51-86D8-6EAA873BE975}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{ED55D427-5D0E-46FA-8F2D-278329D53805}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{434AD1C0-5EC4-44A8-945D-FC28D08818AB}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{363B3EE8-7CE8-4E81-B8EE-BD07730C15A2}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [UDP Query User{2E9FECCD-8F0B-45E4-9D41-CEFA34832A1D}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{CF2A26F7-5F36-4F0B-94EE-07ECB6139063}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{C9EDB8ED-2E10-41D2-9D38-4232483B5EA4}C:\program files (x86)\deluge\deluge.exe] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{85275C62-E379-4590-A7D9-0E77D45F1AB9}C:\program files (x86)\deluge\deluge.exe] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{AD4DE164-0E9A-4F67-800B-E34C55261EBB}C:\users\samantha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\samantha\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{D071357B-A840-477D-95DB-50CD1C7FD460}C:\users\samantha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\samantha\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{901172A6-1F47-4D01-8021-9761C3396309}C:\users\samantha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\samantha\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E92BC6A6-892A-41A5-8531-D5D4D5887E9A}C:\users\samantha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\samantha\appdata\roaming\spotify\spotify.exe
FirewallRules: [{1F0FE6E3-1119-4200-8EF1-565B80EFA20E}] => (Allow) C:\Users\Samantha\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DE6860B8-5EB0-45E4-A6F6-974442D7D0D6}] => (Allow) C:\Users\Samantha\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{88E1AA93-F40F-449F-9DDD-9F9A87A453C4}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{1C2B7B42-B76A-4768-8DB5-4057703011A5}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{FCFFF500-F329-4C09-99D7-65479C890622}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1185622F-9C60-44A2-B990-D17159B2B976}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{6AEDF885-D714-44F8-A7D6-8DA2769B31EF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6537821B-C001-49E2-BC38-CCA7CB835933}] => (Allow) LPort=1900
FirewallRules: [{0A9C5054-65EB-4D77-A1E7-A8148F3285F4}] => (Allow) LPort=2869
FirewallRules: [{CECDC304-FD33-4F5F-AF10-37923188C48C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter_02
Description: Microsoft Virtual WiFi Miniport Adapter_02
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: TOSHIBA Web Camera - HD
Description: TOSHIBA Web Camera - HD
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/28/2015 05:00:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: netservice.exe, version: 0.0.0.0, time stamp: 0x557e7cf3
Faulting module name: netservice.exe, version: 0.0.0.0, time stamp: 0x557e7cf3
Exception code: 0xc0000409
Fault offset: 0x00013174
Faulting process id: 0x840
Faulting application start time: 0xnetservice.exe0
Faulting application path: netservice.exe1
Faulting module path: netservice.exe2
Report Id: netservice.exe3
Faulting package full name: netservice.exe4
Faulting package-relative application ID: netservice.exe5

Error: (11/28/2015 04:44:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAMANTHA-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/28/2015 04:44:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAMANTHA-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/28/2015 04:41:56 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (11/28/2015 04:40:29 PM) (Source: Service1) (EventID: 0) (User: )
Description: Service cannot be started. The handle is invalid

Error: (11/28/2015 04:39:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAMANTHA-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/28/2015 04:38:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAMANTHA-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/28/2015 04:38:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAMANTHA-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/28/2015 04:30:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: netservice.exe, version: 0.0.0.0, time stamp: 0x557e7cf3
Faulting module name: netservice.exe, version: 0.0.0.0, time stamp: 0x557e7cf3
Exception code: 0xc0000409
Fault offset: 0x00013174
Faulting process id: 0x930
Faulting application start time: 0xnetservice.exe0
Faulting application path: netservice.exe1
Faulting module path: netservice.exe2
Report Id: netservice.exe3
Faulting package full name: netservice.exe4
Faulting package-relative application ID: netservice.exe5

Error: (11/22/2015 07:33:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAMANTHA-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (11/28/2015 06:11:38 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/28/2015 06:05:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (11/28/2015 06:04:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (11/28/2015 06:03:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/28/2015 06:03:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/28/2015 06:03:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/28/2015 06:03:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/28/2015 05:23:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (11/28/2015 05:23:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/28/2015 05:23:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2015-11-04 18:55:26.825
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-04 18:55:26.746
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-04 18:55:26.673
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-04 18:55:21.040
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-04 18:55:20.419
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-03 18:38:32.047
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-03 18:38:32.012
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-03 18:38:31.974
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-03 18:38:31.922
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\System32\Pigrinnofd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-11-03 18:38:31.865
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\System32\Pigrinnofd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2467M CPU @ 1.60GHz
Percentage of memory in use: 50%
Total physical RAM: 3996.54 MB
Available physical RAM: 1984.57 MB
Total Virtual: 8092.54 MB
Available Virtual: 6017.94 MB

==================== Drives ================================

Drive c: (S3A4884D002) (Fixed) (Total:98.6 GB) (Free:46.24 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: A94307FC)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=98.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=84)
Partition 4: (Not Active) - (Size=11.2 GB) - (Type=17)

==================== End of Addition.txt ============================

____

Still have not had any dramas, really appreciate the assistance.

 

[TwinHeadedEagle]

Yes, your PC is cured


Since there are no more problems, we can declare this PC clean

Now, we can proceed with post-cleanup procedures. Let's remove my tools and create a new, non infected restore point concurrently deleting old ones.


Step 1. - Creation of system restore point and tools removal.


Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt). I don't need it for review.

Tool deletes old system restore points and creates a fresh system restore point after cleaning.


Step 2. - Tips and tricks to keep your computer clean, safe and in a good shape.


Security tips - highly recommended reading:

• Simple and easy ways to keep your computer safe and secure on the Internet

Maintenance tips:

• Optimize Windows for better performance

Additional software that I personally use and install on all my clients devices:

• Malwarebytes' Anti-Malware (paid version highly recommended) - to scan your system from time to time in search for malware.
• Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
• McShield - to prevent infections spread by removable media.
• Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
• Adblock - to surf the web without annoying ads!
• Qualys BrowserCheck - cloud service that scans your browsers and plugins to see if they’re all up-to-date.

My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​

Stay safe,
TwinHeadedEagle

 

[Samantha]

Wow, what a doozy of a month. Nevertheless, in the post-Christmas / pre-New Year lull I've finally been able to go over your email and make the installations you've recommended.

Firstly, thank you so, so much for your assistance. My brother is a software engineer but for something like this, I'm guessing he probably would have just rebuilt my computer, not to mention it would have been quite difficult to get him to look at it in the first place given we don't see each other often and frankly, it's better if I did the steps myself. So again, thank you.

I hope my donation suffices in getting you a beer or three with the exchange rate; it's considered tradition in Australia to pay someone in a slab (or carton, depending on where you're from) of beer (which amounts to 24) for helping you out in any way. You've honestly saved me a lot of stuffing around considering the steps you gave were simple and clearly effective. It only took its time because I don't really look at my computer at home during the week and this last month was ridiculously hectic.

Once again, thanks heaps for your help.

Happy holidays and Happy New Year!

Thanks,
Samantha.

 

[Samantha]

Hopefully that went through. Made easy paying in USD anyway. Cheers!