TechSpot

Indexer.exe what shall I do with it?

By galaxy
Oct 22, 2014
  1. Hello every body. Recently I have a problem with my laptop which I have no idea whether its critical or not and if so,what should I do.My 2013 kaspersky internet security's license expired for 3 or 4 days and after I renewed it, a thread called "indexer.exe" is been detected and automatically deleted by my KIS2013 but after any reboot this process repeats again and again.(I this folder C:\Users....\Temp\msupdate71). I really don't know what to do with it and I would be most grateful if anybody helps.
     
  2. galaxy

    galaxy TS Rookie Topic Starter

    I forgot to say that after this issue I installed Malwarebytes anti-malware and scanned and quarantined all threats .after rebooting and re-scaning, MBAM found no threats and malwares but KIS2013 still finds and deletes again and again....:oops:
     
  3. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.


    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
    galaxy likes this.
  4. galaxy

    galaxy TS Rookie Topic Starter

    Thank u for yr reply
    Step 1 : I have KIS2013 with updated database
    .............................

    step 2 : MBAM (trial) vr 2.0.3.1025

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 10/22/2014
    Scan Time: 07:53:35 PM
    Logfile:
    Administrator: Yes

    Version: 0.00.0.0000
    Malware Database: v2014.10.22.07
    Rootkit Database: v2014.10.21.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Dandy

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 357695
    Time Elapsed: 11 min, 12 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Step 3 : DDs.txt
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16750 BrowserJavaVersion: 10.7.2
    Run by Dandy at 8:10:13 on 2014-10-23
    Microsoft Windows 7 Home Premium 6.1.7601.1.1256.981.1033.18.6058.3828 [GMT 3.5:30]
    .
    AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\nvvsvc.exe
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\WLANExt.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\windows\system32\nvvsvc.exe
    C:\windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\ProgramData\DatacardService\DCService.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
    C:\windows\system32\CNAB4RPD.EXE
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
    C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe
    C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe
    C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
    C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\igfxext.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Samsung\Eco Mode\SmartEco.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
    C:\windows\system32\hkcmd.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\windows\system32\igfxpers.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
    C:\windows\system32\wuauclt.exe
    C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
    C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uDefault_Page_URL = about:blank
    mStart Page = about:blank
    mSearch Page = www.google.com
    mDefault_Page_URL = about:blank
    mDefault_Search_URL = www.google.com
    uProxyOverride = local
    mWinlogon: Userinit = userinit.exe,
    BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
    BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
    BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
    TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [DLD.EXE] C:\Program Files (x86)\Download Direct\DLD.exe
    uRun: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
    mRun: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CANONL~1.LNK - C:\windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDQUIC~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
    IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
    TCP: NameServer = 8.8.8.8,208.67.222.222
    TCP: NameServer = 23.253.94.129 8.8.8.8
    TCP: Interfaces\{0F94A97A-365C-4B64-89C6-92B0743C79DC} : NameServer = 8.8.8.8,208.67.222.222
    TCP: Interfaces\{0F94A97A-365C-4B64-89C6-92B0743C79DC} : DHCPNameServer = 23.253.94.129 8.8.8.8
    TCP: Interfaces\{0F94A97A-365C-4B64-89C6-92B0743C79DC}\4414E44495D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{0F94A97A-365C-4B64-89C6-92B0743C79DC}\4505D2C494E4B4F5243403539373 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{6797D00C-E945-49CD-A7AF-2583477CD1DA} : DHCPNameServer = 192.168.42.129
    TCP: Interfaces\{7D4CCD51-620C-4141-805A-ED8762DEB07B} : NameServer = 8.8.8.8 4.2.2.4
    TCP: Interfaces\{FF553CC1-79B4-4BFC-A997-24F1D3512431} : NameServer = 10.10.66.144 10.10.66.145
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= c:\windows\syswow64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = about:blank
    x64-mSearch Page = www.google.com
    x64-mDefault_Page_URL = about:blank
    x64-mDefault_Search_URL = www.google.com
    x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
    x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
    x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
    x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    x64-Run: [Windows Mobile Device Center] C:\windows\WindowsMobile\wmdc.exe
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Dandy\AppData\Roaming\Mozilla\Firefox\Profiles\uj83mbg1.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
    FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2011-8-23 25960]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2012-8-2 29792]
    R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2012-6-8 54368]
    R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2012-8-13 178448]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-8-23 13824]
    R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
    R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356128]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
    R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2013-3-7 2568120]
    R2 DCService.exe;DCService.exe;C:\ProgramData\DataCardService\DCService.exe [2010-9-29 249856]
    R2 IDMWFP;IDMWFP;C:\windows\System32\drivers\idmwfp.sys [2014-10-15 180136]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-22 1871160]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-22 968504]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-10-8 19192]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-23 2656536]
    R2 WCMVCAM;WebcamMax, WDM Video Capture;C:\windows\System32\drivers\wcmvcam64.sys [2012-4-16 1071032]
    R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-8-1 317328]
    R2 WDFMEService;WDFMEService;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-8-1 1978256]
    R2 WDRulesService;WDRulesService;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-8-1 1338256]
    R3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
    R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-3-8 51712]
    R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-3-8 274944]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-4-14 31088]
    R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-8-24 138024]
    R3 huawei_enumerator;huawei_enumerator;C:\windows\System32\drivers\ew_jubusenum.sys [2012-7-5 86016]
    R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-3-22 59904]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-8-24 317440]
    R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2012-5-25 29280]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2012-7-25 29280]
    R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-10-22 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-10-22 129752]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-10-22 63704]
    R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2011-5-17 42392]
    S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
    S3 btmaudio;Intel Bluetooth Audio Service;C:\windows\System32\drivers\btmaud.sys [2011-3-8 46592]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\windows\System32\drivers\ew_hwusbdev.sys [2012-7-5 117248]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\windows\System32\drivers\ewusbnet.sys [2012-7-5 256000]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-5-17 34200]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-6-1 340240]
    S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-8-23 471144]
    S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-8-24 166704]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
    S3 usbrndis6;USB RNDIS6 Adapter;C:\windows\System32\drivers\usb80236.sys [2013-5-11 19968]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-5 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2014-10-22 15:49:48 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
    2014-10-22 15:49:14 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
    2014-10-22 15:49:14 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
    2014-10-22 15:49:14 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
    2014-10-22 15:49:14 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-10-22 15:49:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-20 22:31:24 2620928 ----a-w- C:\windows\System32\wucltux.dll
    2014-10-20 22:31:06 97792 ----a-w- C:\windows\System32\wudriver.dll
    2014-10-20 22:31:06 92672 ----a-w- C:\windows\SysWow64\wudriver.dll
    2014-10-20 22:30:49 36864 ----a-w- C:\windows\System32\wuapp.exe
    2014-10-20 22:30:49 33792 ----a-w- C:\windows\SysWow64\wuapp.exe
    2014-10-20 22:30:49 198600 ----a-w- C:\windows\System32\wuwebv.dll
    2014-10-20 22:30:49 179656 ----a-w- C:\windows\SysWow64\wuwebv.dll
    2014-10-20 14:41:52 -------- d-----w- C:\Program Files (x86)\Ask.com
    2014-10-20 14:15:11 -------- d-----w- C:\Users\Dandy\AppData\Roaming\smileyswelove
    2014-10-20 13:58:06 20312 ----a-w- C:\windows\System32\roboot64.exe
    2014-10-20 13:58:04 -------- d-----w- C:\Users\Dandy\AppData\Roaming\systweak
    2014-10-18 13:09:36 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
    2014-10-18 09:44:17 -------- d-----w- C:\Users\Dandy\AppData\Local\globalUpdate
    2014-10-18 09:44:17 -------- d-----w- C:\Program Files (x86)\globalUpdate
    2014-10-18 04:27:37 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2014-10-16 20:57:01 -------- d-----w- C:\Program Files\Elantech
    2014-10-16 20:55:15 5047080 ----a-w- C:\windows\System32\ETDUI.cpl
    2014-10-16 20:30:49 -------- d-----w- C:\Users\Dandy\AppData\Roaming\NVIDIA
    2014-10-16 20:26:16 252712 ----a-w- C:\windows\ETDUninst.dll
    2014-10-16 20:19:55 -------- d-----w- C:\Users\Dandy\AppData\Local\Installer
    2014-10-16 20:09:08 -------- d-----w- C:\Users\Dandy\AppData\Roaming\BandExtend
    2014-10-16 19:46:41 -------- d-----w- C:\Users\Dandy\AppData\Local\Cool_Mirage
    2014-10-16 19:43:08 -------- d-----w- C:\Users\Dandy\AppData\Roaming\WebExtend
    2014-10-16 18:57:55 -------- d-----w- C:\Users\Dandy\AppData\Local\CrashRpt
    2014-10-16 18:52:20 -------- d-----w- C:\Users\Dandy\AppData\Local\calibre-cache
    2014-10-16 18:50:18 -------- d-----w- C:\Users\Dandy\AppData\Roaming\calibre
    2014-10-16 18:36:58 -------- d-----w- C:\Users\Dandy\AppData\Roaming\DawningSoft
    2014-10-16 18:36:55 68096 ----a-w- C:\windows\SysWow64\Itcc.dll
    2014-10-15 08:55:28 180136 ----a-w- C:\windows\System32\drivers\idmwfp.sys
    2014-10-14 03:58:07 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
    2014-10-14 00:04:53 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{083E18CE-489B-4E24-9DFC-12DDA415D8DB}\mpengine.dll
    2014-09-27 06:17:30 -------- d-----w- C:\Users\Dandy\yf
    2014-09-27 04:29:21 -------- d-----w- C:\Users\Dandy\AppData\Local\Your Freedom
    .
    ==================== Find3M ====================
    .
    2014-10-16 21:06:18 407040 ----a-w- C:\windows\HotfixChecker.exe
    2014-10-16 21:06:18 345600 ----a-w- C:\windows\SetLCDStretchMode.exe
    2014-09-15 05:36:02 278152 ------w- C:\windows\System32\MpSigStub.exe
    2012-09-05 10:30:04 2174976 ----a-w- C:\Program Files (x86)\Common Files\atimpenc.dll
    .
    ============= FINISH: 8:11:04.63 ===============

    Step 3 : attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 07/02/2012 03:06:05 AM
    System Uptime: 10/23/2014 06:06:49 AM (2 hours ago)
    .
    Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | 300V3A/300V4A/300V5A/200A4B/200A5B
    Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz | CPU | 2178/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 230 GiB total, 170.621 GiB free.
    D: is FIXED (NTFS) - 112 GiB total, 77.964 GiB free.
    E: is CDROM ()
    G: is FIXED (NTFS) - 112 GiB total, 46.037 GiB free.
    H: is FIXED (NTFS) - 119 GiB total, 1.343 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2A9577BA&0&183F47599ECF_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2A9577BA&0&183F47599ECF_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2A9577BA&0&183F4759A143_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2A9577BA&0&183F4759A143_C00000000
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_C0B6144D&REV_06\4&1A1A1E02&0&00E3
    Manufacturer: Realtek
    Name: Realtek PCIe GBE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_C0B6144D&REV_06\4&1A1A1E02&0&00E3
    Service: RTL8167
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Teredo Tunneling Adapter
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    RP151: 09/27/2014 12:44:05 AM - Scheduled Checkpoint
    RP152: 10/05/2014 01:24:01 AM - Scheduled Checkpoint
    RP153: 10/14/2014 02:34:26 AM - Scheduled Checkpoint
    RP154: 10/14/2014 03:34:35 AM - Windows Update
    RP155: 10/16/2014 10:19:28 PM - Installed calibre 64bit
    RP156: 10/17/2014 12:00:01 AM - Removed User Guide
    RP157: 10/17/2014 12:29:47 AM - Installed User Guide
    RP158: 10/18/2014 01:54:49 PM - Removed Norton Online Backup
    RP159: 10/20/2014 06:09:42 PM - Removed Smileys We Love Toolbar for IE
    RP160: 10/20/2014 06:13:33 PM - Removed Smileys We Love Toolbar for IE
    RP161: 10/20/2014 06:19:36 PM - Removed Smileys We Love Toolbar for IE
    RP162: 10/20/2014 06:20:11 PM - Removed Smileys We Love Toolbar for IE
    RP163: 10/20/2014 06:28:21 PM - Removed Smileys We Love Toolbar for IE
    RP164: 10/20/2014 06:28:41 PM - Removed Smileys We Love Toolbar for IE
    RP165: 10/20/2014 07:23:39 PM - Removed Smileys We Love Toolbar for IE
    RP166: 10/21/2014 01:39:10 AM - Removed MSXML 4.0 SP2 Parser and SDK
    RP167: 10/21/2014 02:00:19 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    ????? Windows Live
    ?????? ??????? ?? Windows Live
    ??????? ??????????? ??? Windows Live
    ???????? ?????????? Windows Live
    ?????????? Windows Live
    ??????????? ?? Windows Live
    بريد Windows Live
    „Windows Live Essentials“
    „Windows Live Mail“
    „Windows Live Messenger“
    „Windows Live“ fotogalerija
    Active@ UNDELETE
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Reader X (10.1.10)
    Agatha Christie - Death on the Nile
    Aostsoft All Document Converter Professional 3.8.4
    Ask Toolbar
    Ask Toolbar Updater
    Bejeweled 2 Deluxe
    Bing Bar
    Build-a-lot
    Canon LBP2900
    Chuzzle Deluxe
    COWON Media Center - jetAudio Basic VX
    CyberLink Media Suite
    CyberLink Media+ Player10
    CyberLink MediaShow
    CyberLink Power2Go
    CyberLink PowerDirector
    CyberLink YouCam
    D3DX10
    Diner Dash 2 Restaurant Rescue
    Easy Content Share
    Easy Migration
    EasyFileShare
    Eco Mode
    ETDWare PS/2-X64 8.0.7.2_WHQL
    Farm Frenzy
    Fotogalerija Windows Live
    Galer?a fotogr?fica de Windows Live
    Galeria de Fotografias do Windows Live
    Galeria fotografii us?ugi Windows Live
    Galerie de photos Windows Live
    Galerie foto Windows Live
    Insaniquarium Deluxe
    Intel PROSet Wireless
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    Intel(R) PROSet/Wireless WiFi Software
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Monitor 2.0
    Intel(R) WiDi
    Intel(R) WiDi Widget
    Intel(R) Wireless Display
    Interactive Guide
    Internet Download Manager
    IsoBuster 3.3
    Java 7 Update 7
    Java Auto Updater
    John Deere Drive Green
    Junk Mail filter update
    K-Lite Mega Codec Pack 10.0.5
    Kaspersky Internet Security 2013
    Malwarebytes Anti-Malware version 2.0.3.1025
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mobile Partner
    Mobinil USB Modem
    Mozilla Firefox 33.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    Multimedia POP
    Nero 8 Lite 8.2.8.0
    Nero Vision
    NVIDIA Display Control Panel
    NVIDIA Graphics Driver 267.54
    NVIDIA Install Application
    NVIDIA Optimus 1.0.21
    NVIDIA Update Components
    ooVoo
    Pavtube Video Converter Ver 4.2.0.4076
    Peggle
    Penguins!
    Plants vs. Zombies
    Po?ta Windows Live
    Poczta us?ugi Windows Live
    Podstawowe programy Windows Live
    Polar Golfer
    Raccolta foto di Windows Live
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Recover My Files
    Samsung AnyWeb Print
    Samsung Control Center
    Samsung Printer Live Update
    Samsung Recovery Solution 5
    Samsung Support Center 1.0
    Samsung Universal Print Driver
    Samsung Universal Scan Driver
    Samsung Update Plus
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
    Skype™ 5.10
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    User Guide
    WD SmartWare
    WebcamMax
    WildTangent Games
    WildTangent ORB Game Console
    Windows Live
    Windows Live ??
    Windows Live ?? ???
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Fot?t?r
    Windows Live Foto-galerija
    Windows Live Foto?raf Galerisi
    Windows Live fotoatt?lu galerija
    Windows Live Fotogalerie
    Windows Live Fotogalleri
    Windows Live Fotogaléria
    Windows Live Galeria de Fotos
    Windows Live Galerija fotografija
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Po?ta
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Temel Parçalar
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Liven asennusty?kalu
    Windows Liven s?hk?posti
    Windows Liven valokuvavalikoima
    Windows Media Player Firefox Plugin
    Windows Mobile Device Center
    WinRAR archiver
    Zuma Deluxe
    معرض صور Windows Live
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/22/2014 06:15:49 PM, Error: Schannel [36887] - The following fatal alert was received: 40.
    10/22/2014 06:04:56 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    10/22/2014 06:04:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/22/2014 06:04:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/22/2014 06:04:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    10/22/2014 06:04:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    10/22/2014 06:04:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/22/2014 06:04:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/22/2014 06:04:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache KLIF KLIM6 kltdi kneps NetBIOS NetBT nsiproxy Psched rdbss SABI spldr tdx VWiFiFlt Wanarpv6 WfpLwf {6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw64
    10/22/2014 06:04:25 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/22/2014 06:04:25 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/22/2014 06:04:25 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    10/22/2014 06:04:25 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/22/2014 06:04:25 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/22/2014 06:04:25 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    10/22/2014 06:04:25 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/22/2014 06:04:25 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/22/2014 06:04:25 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/22/2014 06:04:25 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/20/2014 05:12:17 PM, Error: Service Control Manager [7001] - The WDFMEService service depends on the WDRulesService service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    10/20/2014 05:12:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WDRulesService service to connect.
    10/20/2014 05:12:15 PM, Error: Service Control Manager [7000] - The WDRulesService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/19/2014 12:54:19 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {3519154C-227E-47F3-9CC9-12C3F05817F1}. The error: "5" Happened while starting this command: C:\windows\SysWOW64\DllHost.exe /Processid:{AD3EDBCA-0901-415B-82E9-C16D3B65E38C}
    10/19/2014 02:06:50 PM, Error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
    10/19/2014 02:04:32 PM, Error: Service Control Manager [7022] - The NVIDIA Update Service Daemon service hung on starting.
    10/19/2014 01:39:34 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {06622D85-6856-4460-8DE1-A81921B41C4B}. The error: "5" Happened while starting this command: C:\windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
    10/17/2014 12:47:46 AM, Error: Service Control Manager [7031] - The Update snipsmart service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    10/17/2014 12:47:37 AM, Error: Service Control Manager [7031] - The Util snipsmart service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
    galaxy likes this.
  6. galaxy

    galaxy TS Rookie Topic Starter

    RKreport_DEL_10242014_105823.log:
    RogueKiller V10.0.3.0 [Oct 22 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Dandy [Administrator]
    Mode : Delete -- Date : 10/24/2014 10:58:23

    ¤¤¤ Processes : 1 ¤¤¤
    [Suspicious.Path] mbar-1.07.0.1012.exe -- C:\Users\Dandy\Desktop\mbar-1.07.0.1012.exe[7] -> Killed [TermThr]

    ¤¤¤ Registry : 23 ¤¤¤
    [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ApnUpdater : "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" -> Not selected
    [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Not selected
    [PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 23.253.94.129 8.8.8.8 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 23.253.94.129 8.8.8.8 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 23.253.94.129 8.8.8.8 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0F94A97A-365C-4B64-89C6-92B0743C79DC} | DhcpNameServer : 23.253.94.129 8.8.8.8 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FF553CC1-79B4-4BFC-A997-24F1D3512431} | NameServer : 10.10.66.144 10.10.66.145 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0F94A97A-365C-4B64-89C6-92B0743C79DC} | DhcpNameServer : 23.253.94.129 8.8.8.8 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FF553CC1-79B4-4BFC-A997-24F1D3512431} | NameServer : 10.10.66.144 10.10.66.145 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0F94A97A-365C-4B64-89C6-92B0743C79DC} | DhcpNameServer : 23.253.94.129 8.8.8.8 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{FF553CC1-79B4-4BFC-A997-24F1D3512431} | NameServer : 10.10.66.144 10.10.66.145 -> Not selected
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4152694092-3998405651-1245022814-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4152694092-3998405651-1245022814-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4152694092-3998405651-1245022814-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4152694092-3998405651-1245022814-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 3 ¤¤¤
    [Suspicious.Path] Sk-Enhancer-S-5902107913.job -- c:\programdata\quickset\sk-enhancer\Sk-Enhancer.exe (/schedule /profile "c:\programdata\quickset\sk-enhancer\5902107913.ini") -> Deleted
    [Suspicious.Path] \\GoForFiles Installer Starter -- C:\Users\Dandy\AppData\Local\Temp\GoForFilesuH5mHRg1MC.exe (-startup) -> Deleted
    [Suspicious.Path] \\SimpleFiles Installer Starter -- C:\Users\Dandy\AppData\Local\Temp\SimpleFilesGikKHw54Zc.exe (-startup) -> Deleted

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG HM641JI +++++
    --- User ---
    [MBR] ec0e8732cf467cf784bf082a2316382b
    [BSP] 2868fc16c616f5ad555b61679308ba99 : Kiwi MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 235520 MB
    2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 482551808 | Size: 351614 MB
    3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1202657280 | Size: 23245 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_10242014_105750.log

    mbar-log-2014-10-24 (11-12-11) :
    As you said no malware has been found
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.10.24.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16750
    Dandy :: DANDY-PC [administrator]

    10/24/2014 11:12:11 AM
    mbar-log-2014-10-24 (11-12-11).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 358549
    Time elapsed: 9 minute(s), 55 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    system-log
    :
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16750

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED
    CPU speed: 2.195000 GHz
    Memory total: 6351798272, free: 3540398080

    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16750

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED
    CPU speed: 2.195000 GHz
    Memory total: 6351798272, free: 3396902912

    Downloaded database version: v2014.10.24.03
    Downloaded database version: v2014.10.22.01
    =======================================
    Initializing...
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: F601E4B0

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 482344960

    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 482551808 Numsec = 720105472

    Partition 3 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1202657280 Numsec = 47605760

    Disk Size: 640135028736 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  7. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
    galaxy likes this.
  8. galaxy

    galaxy TS Rookie Topic Starter

    ComboFix.txt:

    ComboFix 14-10-24.01 - Dandy 10/25/2014 8:33.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1256.981.1033.18.6058.4295 [GMT 3.5:30]
    Running from: c:\users\Dandy\Desktop\ComboFix.exe
    AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
    SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Roaming
    c:\windows\wininit.ini
    c:\windows\XSxS
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_DCService.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-09-25 to 2014-10-25 )))))))))))))))))))))))))))))))
    .
    .
    2014-10-25 05:12 . 2014-10-25 05:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2014-10-25 05:12 . 2014-10-25 05:12 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-10-25 05:01 . 2014-10-25 05:01 -------- d-----w- c:\users\Dandy\AppData\Local\CrashDumps
    2014-10-24 07:42 . 2014-10-24 07:57 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-10-24 07:32 . 2014-10-24 07:32 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{083E18CE-489B-4E24-9DFC-12DDA415D8DB}\offreg.dll
    2014-10-24 07:24 . 2014-10-24 07:24 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-10-24 07:23 . 2014-10-24 07:24 -------- d-----w- c:\programdata\RogueKiller
    2014-10-22 15:49 . 2014-10-25 04:58 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-10-22 15:49 . 2014-10-24 07:24 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-10-22 15:49 . 2014-10-22 15:49 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-10-22 15:49 . 2014-10-22 15:49 -------- d-----w- c:\programdata\Malwarebytes
    2014-10-22 15:49 . 2014-10-01 07:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-10-22 15:49 . 2014-10-01 07:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-10-22 14:31 . 2014-10-22 14:31 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2014-10-20 22:31 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
    2014-10-20 22:31 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
    2014-10-20 22:31 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
    2014-10-20 22:31 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
    2014-10-20 22:31 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
    2014-10-20 22:31 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
    2014-10-20 22:31 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
    2014-10-20 22:31 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
    2014-10-20 22:31 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
    2014-10-20 22:31 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
    2014-10-20 22:30 . 2014-05-14 05:53 198600 ----a-w- c:\windows\system32\wuwebv.dll
    2014-10-20 22:30 . 2014-05-14 05:53 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
    2014-10-20 22:30 . 2014-05-14 05:50 36864 ----a-w- c:\windows\system32\wuapp.exe
    2014-10-20 22:30 . 2014-05-14 05:47 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
    2014-10-20 14:41 . 2014-10-22 16:58 -------- d-----w- c:\program files (x86)\Ask.com
    2014-10-20 14:15 . 2014-10-20 14:15 -------- d-----w- c:\users\Dandy\AppData\Roaming\smileyswelove
    2014-10-20 13:58 . 2014-04-25 11:19 20312 ----a-w- c:\windows\system32\roboot64.exe
    2014-10-20 13:58 . 2014-10-22 16:58 -------- d-----w- c:\users\Dandy\AppData\Roaming\systweak
    2014-10-18 13:09 . 2014-10-22 16:58 -------- d-----w- c:\program files (x86)\Internet Download Manager
    2014-10-18 09:44 . 2014-10-22 16:58 -------- d-----w- c:\program files (x86)\globalUpdate
    2014-10-18 09:44 . 2014-10-18 09:44 -------- d-----w- c:\users\Dandy\AppData\Local\globalUpdate
    2014-10-18 04:27 . 2014-10-18 10:24 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
    2014-10-16 20:57 . 2014-10-16 20:57 -------- d-----w- c:\program files\Elantech
    2014-10-16 20:55 . 2014-10-16 20:55 5047080 ----a-w- c:\windows\system32\ETDUI.cpl
    2014-10-16 20:30 . 2014-10-16 20:30 -------- d-----w- c:\users\Dandy\AppData\Roaming\NVIDIA
    2014-10-16 20:26 . 2010-11-12 22:23 252712 ----a-w- c:\windows\ETDUninst.dll
    2014-10-16 20:19 . 2014-10-16 20:19 -------- d-----w- c:\users\Dandy\AppData\Local\Installer
    2014-10-16 20:09 . 2014-10-16 20:09 -------- d-----w- c:\users\Dandy\AppData\Roaming\BandExtend
    2014-10-16 19:46 . 2014-10-16 19:46 -------- d-----w- c:\users\Dandy\AppData\Local\Cool_Mirage
    2014-10-16 19:43 . 2014-10-16 19:43 -------- d-----w- c:\users\Dandy\AppData\Roaming\WebExtend
    2014-10-16 18:57 . 2014-10-16 18:57 -------- d-----w- c:\users\Dandy\AppData\Local\CrashRpt
    2014-10-16 18:52 . 2014-10-16 21:08 -------- d-----w- c:\users\Dandy\AppData\Local\calibre-cache
    2014-10-16 18:50 . 2014-10-16 20:27 -------- d-----w- c:\users\Dandy\AppData\Roaming\calibre
    2014-10-16 18:36 . 2014-10-16 18:36 -------- d-----w- c:\users\Dandy\AppData\Roaming\DawningSoft
    2014-10-16 18:36 . 1997-12-19 10:56 68096 ----a-w- c:\windows\SysWow64\Itcc.dll
    2014-10-15 08:55 . 2014-10-01 06:19 180136 ----a-w- c:\windows\system32\drivers\idmwfp.sys
    2014-10-14 03:58 . 2014-10-14 03:58 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
    2014-10-14 00:04 . 2014-09-14 22:38 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{083E18CE-489B-4E24-9DFC-12DDA415D8DB}\mpengine.dll
    2014-09-27 06:17 . 2014-09-27 06:17 -------- d-----w- c:\users\Dandy\yf
    2014-09-27 04:29 . 2014-09-27 04:29 -------- d-----w- c:\users\Dandy\AppData\Local\Your Freedom
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-10-16 21:06 . 2011-08-23 09:54 345600 ----a-w- c:\windows\SetLCDStretchMode.exe
    2014-10-16 21:06 . 2011-08-23 09:54 407040 ----a-w- c:\windows\HotfixChecker.exe
    2014-09-15 05:36 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe
    2014-09-05 02:35 . 2010-06-24 02:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-09-05 10:30 . 2012-09-05 10:30 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-10-11 356128]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2014-01-28 1721776]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE [2012-11-5 60384]
    WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 4221840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer5"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
    R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
    R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
    R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
    S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
    S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
    S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
    S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
    S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
    S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys;c:\windows\SYSNATIVE\DRIVERS\wcmvcam64.sys [x]
    S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [x]
    S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe;c:\program files\Western Digital\WD SmartWare\WDFME.exe [x]
    S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [x]
    S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
    S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
    S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
    S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-23 16:53]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2014-04-21 10:02 25112 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mDefault_Search_URL = www.google.com
    mDefault_Page_URL = about:blank
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Page = www.google.com
    uInternet Settings,ProxyOverride = local
    IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 23.253.94.129 8.8.8.8
    TCP: Interfaces\{0F94A97A-365C-4B64-89C6-92B0743C79DC}: NameServer = 8.8.8.8,208.67.222.222
    TCP: Interfaces\{7D4CCD51-620C-4141-805A-ED8762DEB07B}: NameServer = 8.8.8.8 4.2.2.4
    TCP: Interfaces\{FF553CC1-79B4-4BFC-A997-24F1D3512431}: NameServer = 10.10.66.144 10.10.66.145
    FF - ProfilePath - c:\users\Dandy\AppData\Roaming\Mozilla\Firefox\Profiles\uj83mbg1.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-DLD.EXE - c:\program files (x86)\Download Direct\DLD.exe
    Wow6432Node-HKCU-Run-YTDownloader - c:\program files (x86)\YTDownloader\YTDownloader.exe
    Wow6432Node-HKLM-Run-YTDownloader - c:\program files (x86)\YTDownloader\YTDownloader.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
    d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
    "{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,
    04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc
    "{11111111-1111-1111-1111-110011221158}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
    15,23,5f,7f,54,6e,07,52,40,14,7c,55,4c
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AA609D72-8482-4076-8991-8CDAE5B93BCB}"=hex:51,66,7a,6c,4c,1d,38,12,1c,9e,73,
    ae,b0,ca,18,05,f6,87,cf,9a,e0,e7,7f,df
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
    e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
    "{E99987AC-6311-4686-B095-EB30B69F9258}"=hex:51,66,7a,6c,4c,1d,38,12,c2,84,8a,
    ed,23,2d,e8,03,cf,83,a8,70,b3,c1,d6,4c
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    "{EEC0F710-38B5-4ABA-99BF-EC87564A4E13}"=hex:51,66,7a,6c,4c,1d,38,12,7e,f4,d3,
    ea,87,76,d4,0f,e6,a9,af,c7,53,14,0a,07
    "{1DAD3AF3-EF2F-4F64-AC4B-11789189FCB6}"=hex:51,66,7a,6c,4c,1d,38,12,9d,39,be,
    19,1d,a1,0a,0a,d3,5d,52,38,94,d7,b8,a2
    "{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}"=hex:51,66,7a,6c,4c,1d,38,12,1d,cf,77,
    51,95,a1,d1,09,ee,9c,1f,b7,fe,e1,bb,5b
    "{73455575-E40C-433C-9784-C78DC7761455}"=hex:51,66,7a,6c,4c,1d,38,12,1b,56,56,
    77,3e,aa,52,06,e8,92,84,cd,c2,28,50,41
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}"=hex:51,66,7a,6c,4c,1d,38,12,4d,0e,7e,
    9a,40,73,fa,0f,d1,09,6e,56,73,7a,a7,cd
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:82,40,c3,0b,7e,ec,cf,01
    .
    [HKEY_USERS\S-1-5-21-4152694092-3998405651-1245022814-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):3a,92,ef,08,64,a0,7f,32,f3,db,0e,a2,77,40,19,21,a6,62,6d,26,d5,
    60,47,20,52,44,8f,d5,26,ef,d0,92,cb,0e,a5,02,7f,e1,38,a1,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    .
    **************************************************************************
    .
    Completion time: 2014-10-25 08:56:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-10-25 05:26
    .
    Pre-Run: 184,188,878,848 bytes free
    Post-Run: 186,303,815,680 bytes free
    .
    - - End Of File - - B52EBB18701F5F23BA871DD5F1B329A7
     
  9. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
    galaxy likes this.
  10. galaxy

    galaxy TS Rookie Topic Starter

    AdwCleaner.txt:
    # AdwCleaner v4.001 - Report created 26/10/2014 at 08:18:45
    # DB v2014-10-23.2
    # Updated 20/10/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Dandy - DANDY-PC
    # Running from : C:\Users\Dandy\Desktop\adwcleaner_4.001.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files (x86)\Ask.com
    Folder Deleted : C:\Users\Dandy\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Public\Documents\baidu
    Folder Deleted : C:\Users\Dandy\AppData\Local\cool_mirage
    Folder Deleted : C:\Program Files (x86)\globalUpdate
    Folder Deleted : C:\Users\Dandy\AppData\Local\globalUpdate
    Folder Deleted : C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
    Folder Deleted : C:\Users\Dandy\Documents\PC Speed Maximizer
    Folder Deleted : C:\ProgramData\QuickSet
    Folder Deleted : C:\Users\Public\Documents\ShopperPro
    Folder Deleted : C:\ProgramData\StarApp
    Folder Deleted : C:\Users\Dandy\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\Dandy\AppData\Roaming\WebExtend
    Folder Deleted : C:\Users\Dandy\AppData\Local\CrashRpt
    File Deleted : C:\windows\System32\roboot64.exe

    ***** [ Scheduled Tasks ] *****

    Task Deleted : Advanced System Protector
    Task Deleted : LaunchSignup
    Task Deleted : YTDownloader

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mozilla-firefox_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192211}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655195511}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666196611}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644194411}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192211}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655195511}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666196611}
    Key Deleted : HKCU\Software\APN
    Key Deleted : HKCU\Software\Ask.com
    Key Deleted : HKCU\Software\Brothersoft
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\GlobalUpdate
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Popajar
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\Vittalia
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKLM\SOFTWARE\APN
    Key Deleted : HKLM\SOFTWARE\AskToolbar
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    Key Deleted : HKLM\SOFTWARE\GoforFiles
    Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
    Key Deleted : HKLM\SOFTWARE\Sk-Enhancer
    Key Deleted : HKLM\SOFTWARE\SP Global
    Key Deleted : HKLM\SOFTWARE\SProtector
    Key Deleted : HKLM\SOFTWARE\systweak
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16750


    -\\ Mozilla Firefox v33.0 (x86 en-US)


    *************************

    AdwCleaner[R0].txt - [12956 octets] - [26/10/2014 08:16:06]
    AdwCleaner[S0].txt - [12610 octets] - [26/10/2014 08:18:45]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12671 octets] ##########

    JRT.txt:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.3 (10.21.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Dandy on Sun 10/26/2014 at 8:26:07.21
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\KMPAskPIPCount_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\KMPAskPIPCount_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\KMPAskPIPCount_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\KMPAskPIPCount_RASMANCS
    Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
    Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Dandy\AppData\Roaming\thinstall"
    Successfully deleted: [Folder] "C:\Users\Dandy\appdata\local\thinstall"
    Successfully deleted: [Empty Folder] C:\Users\Dandy\appdata\local\{07088FAD-C6EE-48DD-AB2D-CA05995BA39C}
    Successfully deleted: [Empty Folder] C:\Users\Dandy\appdata\local\{177B0D34-2C2A-4B1E-8A2C-7402647C7E82}
    Successfully deleted: [Empty Folder] C:\Users\Dandy\appdata\local\{2D7B0F33-0D6D-4503-8E71-9D2BC1C83C80}
    Successfully deleted: [Empty Folder] C:\Users\Dandy\appdata\local\{58B7D203-1E68-4CD2-94A4-0C5FC0C96296}
    Successfully deleted: [Empty Folder] C:\Users\Dandy\appdata\local\{A04E5774-CE61-4316-A0D0-97539EE6FD0B}
    Successfully deleted: [Empty Folder] C:\Users\Dandy\appdata\local\{A30783EA-2807-4187-8724-5D9076058F95}
    Successfully deleted: [Empty Folder] C:\Users\Dandy\appdata\local\{C16D1DD1-8237-4007-B6A0-775A2D9BBEA1}
    Successfully deleted: [Empty Folder] C:\Users\Dandy\appdata\local\{F2241B2C-5DF9-4B2C-BB26-582AD153DEA3}



    ~~~ FireFox

    Emptied folder: C:\Users\Dandy\AppData\Roaming\mozilla\firefox\profiles\uj83mbg1.default\minidumps [2 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 10/26/2014 at 8:28:57.62
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    FRST.txt:
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-10-2014
    Ran by Dandy (administrator) on DANDY-PC on 26-10-2014 08:31:01
    Running from C:\Users\Dandy\Desktop
    Loaded Profiles: UpdatusUser & Dandy (Available profiles: UpdatusUser & Dandy)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 10
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
    (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (CANON INC.) C:\Windows\System32\CNAB4RPD.EXE
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (WDC) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
    (Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
    (Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
    (Samsung Electronics) C:\Program Files (x86)\Samsung\Eco Mode\SmartEco.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
    (Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2014-10-17] (ELAN Microelectronics Corp.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-11] (Kaspersky Lab ZAO)
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-03-07] (NVIDIA Corporation)
    AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [192616 2011-03-07] (NVIDIA Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP2900 Status Window.lnk
    ShortcutTarget: Canon LBP2900 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE (CANON INC.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
    ShortcutTarget: WD Quick View.lnk -> C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
    ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
    BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
    BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
    BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
    BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 23.253.94.129 8.8.8.8
    Tcpip\..\Interfaces\{0F94A97A-365C-4B64-89C6-92B0743C79DC}: [NameServer] 8.8.8.8,208.67.222.222
    Tcpip\..\Interfaces\{7D4CCD51-620C-4141-805A-ED8762DEB07B}: [NameServer] 8.8.8.8 4.2.2.4
    Tcpip\..\Interfaces\{FF553CC1-79B4-4BFC-A997-24F1D3512431}: [NameServer] 10.10.66.144 10.10.66.145

    FireFox:
    ========
    FF ProfilePath: C:\Users\Dandy\AppData\Roaming\Mozilla\Firefox\Profiles\uj83mbg1.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
    FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-05-11]
    FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
    FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-05-11]
    FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
    FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-05-11]
    FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
    FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-05-11]
    FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
    FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-05-11]
    FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Dandy\AppData\Roaming\IDM\idmmzcc5
    FF Extension: IDM CC - C:\Users\Dandy\AppData\Roaming\IDM\idmmzcc5 [2014-10-18]
    FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Dandy\AppData\Roaming\IDM\idmmzcc5
    FF Extension: No Name - mozilla_cc@internetdownloadmanager.com [Not Found]

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-10-15]
    CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
    CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
    CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
    CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
    CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-10-15]
    CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2014-10-15]
    CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]
     
  11. galaxy

    galaxy TS Rookie Topic Starter

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-11] (Kaspersky Lab ZAO)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
    R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [317328 2011-08-01] (WDC)
    R2 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1978256 2011-08-01] (Western Digital )
    R2 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338256 2011-08-01] (Western Digital )

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-12] (Kaspersky Lab ZAO)
    U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-12] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-11] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-11] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-18] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-11] (Kaspersky Lab ZAO)
    S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
    S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-12-02] (Windows (R) 2003 DDK 3790 provider)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-24] ()
    S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
    R2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam64.sys [1071032 2012-04-16] (Windows (R) Win 7 DDK provider)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-26 08:31 - 2014-10-26 08:31 - 00019164 _____ () C:\Users\Dandy\Desktop\FRST.txt
    2014-10-26 08:30 - 2014-10-26 08:31 - 00000000 ____D () C:\FRST
    2014-10-26 08:28 - 2014-10-26 08:28 - 00002513 _____ () C:\Users\Dandy\Desktop\JRT.txt
    2014-10-26 08:26 - 2014-10-26 08:26 - 00000000 ____D () C:\windows\ERUNT
    2014-10-26 08:25 - 2014-10-26 08:25 - 01706144 _____ (Thisisu) C:\Users\Dandy\Desktop\JRT.exe
    2014-10-26 08:16 - 2014-10-26 08:18 - 00000000 ____D () C:\AdwCleaner
    2014-10-26 08:11 - 2014-10-26 08:12 - 02112512 _____ (Farbar) C:\Users\Dandy\Desktop\FRST64.exe
    2014-10-26 08:11 - 2014-10-26 08:11 - 01962496 _____ () C:\Users\Dandy\Desktop\adwcleaner_4.001.exe
    2014-10-25 09:00 - 2014-10-25 09:00 - 00000000 ____H () C:\ProgramData\cm-lock
    2014-10-25 08:56 - 2014-10-25 08:56 - 00027648 _____ () C:\ComboFix.txt
    2014-10-25 08:32 - 2011-06-26 10:15 - 00256000 _____ () C:\windows\PEV.exe
    2014-10-25 08:32 - 2010-11-07 20:50 - 00208896 _____ () C:\windows\MBR.exe
    2014-10-25 08:32 - 2009-04-20 08:26 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
    2014-10-25 08:32 - 2000-08-31 03:30 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
    2014-10-25 08:32 - 2000-08-31 03:30 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
    2014-10-25 08:32 - 2000-08-31 03:30 - 00098816 _____ () C:\windows\sed.exe
    2014-10-25 08:32 - 2000-08-31 03:30 - 00080412 _____ () C:\windows\grep.exe
    2014-10-25 08:32 - 2000-08-31 03:30 - 00068096 _____ () C:\windows\zip.exe
    2014-10-25 08:31 - 2014-10-25 08:57 - 00000000 ____D () C:\Qoobox
    2014-10-25 08:31 - 2014-10-25 08:54 - 00000000 ____D () C:\windows\erdnt
    2014-10-25 08:31 - 2014-10-25 08:31 - 00000000 ____D () C:\Users\Dandy\AppData\Local\CrashDumps
    2014-10-25 08:09 - 2014-10-25 08:10 - 05583977 ____R (Swearware) C:\Users\Dandy\Desktop\ComboFix.exe
    2014-10-24 11:12 - 2014-10-24 11:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-10-24 10:59 - 2014-10-24 10:59 - 00005928 _____ () C:\Users\Dandy\Desktop\RKreport_DEL_10242014_105823.log
    2014-10-24 10:54 - 2014-10-24 11:27 - 00000000 ____D () C:\Users\Dandy\Desktop\mbar
    2014-10-24 10:54 - 2014-10-24 10:54 - 00034808 _____ () C:\windows\system32\Drivers\TrueSight.sys
    2014-10-24 10:53 - 2014-10-24 10:54 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-10-24 10:53 - 2014-10-22 13:01 - 16281688 _____ () C:\Users\Dandy\Desktop\RogueKiller.exe
    2014-10-24 10:53 - 2014-06-07 02:53 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Dandy\Desktop\mbar-1.07.0.1012.exe
    2014-10-24 10:50 - 2014-10-26 08:22 - 00012972 _____ () C:\Users\Dandy\Desktop\New Text Document (2).txt
    2014-10-24 10:01 - 2014-10-26 08:13 - 00001748 _____ () C:\Users\Dandy\Desktop\New Text Document.txt
    2014-10-23 08:11 - 2014-10-23 08:11 - 00024524 _____ () C:\Users\Dandy\Desktop\dds.txt
    2014-10-23 08:11 - 2014-10-23 08:11 - 00019781 _____ () C:\Users\Dandy\Desktop\attach.txt
    2014-10-23 08:09 - 2014-10-23 08:09 - 00688992 ____R (Swearware) C:\Users\Dandy\Desktop\dds.com
    2014-10-22 19:19 - 2014-10-26 08:22 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-10-22 19:19 - 2014-10-24 10:54 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2014-10-22 19:19 - 2014-10-22 19:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-10-22 19:19 - 2014-10-22 19:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-22 19:19 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2014-10-22 19:19 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2014-10-22 18:01 - 2014-10-23 09:21 - 00002041 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-10-22 18:01 - 2014-10-22 18:01 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-10-22 18:01 - 2014-10-22 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-10-22 18:01 - 2014-10-22 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-10-21 02:01 - 2014-05-14 19:53 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
    2014-10-21 02:01 - 2014-05-14 19:53 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
    2014-10-21 02:01 - 2014-05-14 19:53 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
    2014-10-21 02:01 - 2014-05-14 19:53 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
    2014-10-21 02:01 - 2014-05-14 19:53 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
    2014-10-21 02:01 - 2014-05-14 19:53 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
    2014-10-21 02:01 - 2014-05-14 19:53 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
    2014-10-21 02:01 - 2014-05-14 19:51 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
    2014-10-21 02:01 - 2014-05-14 19:50 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
    2014-10-21 02:01 - 2014-05-14 19:47 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
    2014-10-21 02:00 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
    2014-10-21 02:00 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
    2014-10-21 02:00 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
    2014-10-21 02:00 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
    2014-10-20 17:45 - 2014-10-20 17:45 - 00000000 ____D () C:\Users\Dandy\Documents\Add-in Express
    2014-10-20 17:45 - 2014-10-20 17:45 - 00000000 ____D () C:\Users\Dandy\AppData\Roaming\smileyswelove
    2014-10-20 17:21 - 2014-10-20 17:21 - 00000000 ____D () C:\Users\Dandy\Documents\vlc
    2014-10-18 16:39 - 2014-10-22 20:28 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
    2014-10-18 16:39 - 2014-10-18 16:39 - 00000000 ____D () C:\Users\Dandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    2014-10-17 00:27 - 2014-10-17 00:27 - 00000000 ____D () C:\Program Files\Elantech
    2014-10-17 00:25 - 2014-10-17 00:25 - 05047080 _____ (ELAN Microelectronics Corp.) C:\windows\system32\ETDUI.cpl
    2014-10-17 00:03 - 2014-10-17 00:03 - 00003150 _____ () C:\windows\System32\Tasks\{CE11E593-AFAA-4972-8EC7-D1D064C4EAAB}
    2014-10-17 00:00 - 2014-10-17 00:00 - 00000000 ____D () C:\Users\Dandy\AppData\Roaming\NVIDIA
    2014-10-16 23:56 - 2010-11-13 01:53 - 00252712 _____ (ELAN Microelectronics Corp.) C:\windows\ETDUninst.dll
    2014-10-16 23:39 - 2014-10-16 23:39 - 00000000 ____D () C:\Users\Dandy\Documents\Xilisoft
    2014-10-16 23:39 - 2014-10-16 23:39 - 00000000 ____D () C:\Users\Dandy\AppData\Roaming\BandExtend
    2014-10-16 23:20 - 2014-10-16 23:20 - 05723253 _____ (Dawningsoft Inc. ) C:\Users\Dandy\Downloads\pdf2chm_setup.exe
    2014-10-16 22:22 - 2014-10-17 00:38 - 00000000 ____D () C:\Users\Dandy\AppData\Local\calibre-cache
    2014-10-16 22:20 - 2014-10-16 23:57 - 00000000 ____D () C:\Users\Dandy\AppData\Roaming\calibre
    2014-10-16 22:06 - 2014-10-16 22:06 - 00000000 ____D () C:\Users\Dandy\AppData\Roaming\DawningSoft
    2014-10-16 22:06 - 1997-12-19 14:26 - 00068096 _____ (Microsoft Corporation) C:\windows\SysWOW64\Itcc.dll
    2014-10-15 12:25 - 2014-10-01 09:49 - 00180136 _____ (Tonec Inc.) C:\windows\system32\Drivers\idmwfp.sys
    2014-10-14 07:28 - 2014-10-14 07:28 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
    2014-09-27 10:42 - 2014-09-27 10:42 - 00003116 _____ () C:\windows\System32\Tasks\{606697DA-A69E-4E32-9176-CDAB6B620C9E}
    2014-09-27 09:47 - 2014-09-27 09:47 - 00000000 ____D () C:\Users\Dandy\yf
    2014-09-27 07:59 - 2014-09-27 07:59 - 00000000 ____D () C:\Users\Dandy\AppData\Local\Your Freedom
    2014-09-27 07:37 - 2014-09-27 10:39 - 00000600 _____ () C:\Users\Dandy\PUTTY.RND

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-26 08:29 - 2009-07-14 08:15 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-10-26 08:29 - 2009-07-14 08:15 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-10-26 08:25 - 2011-08-24 04:37 - 01276555 _____ () C:\windows\WindowsUpdate.log
    2014-10-26 08:25 - 2009-07-14 08:43 - 00730320 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-10-26 08:23 - 2013-05-11 11:34 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2014-10-26 08:21 - 2009-07-14 08:38 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-10-26 08:20 - 2013-09-13 17:32 - 00050184 _____ () C:\windows\setupact.log
    2014-10-26 08:20 - 2010-11-21 07:17 - 00649354 _____ () C:\windows\PFRO.log
    2014-10-26 08:07 - 2013-09-23 07:56 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-10-25 17:35 - 2012-09-12 21:57 - 00000069 _____ () C:\windows\NeroDigital.ini
    2014-10-25 11:57 - 2012-07-04 20:24 - 00000000 ____D () C:\Users\Dandy\AppData\Roaming\DMCache
    2014-10-25 08:57 - 2009-07-14 06:50 - 00000000 __RHD () C:\Users\Default
    2014-10-25 08:45 - 2009-07-14 06:04 - 00000215 _____ () C:\windows\system.ini
    2014-10-25 08:44 - 2009-07-14 06:04 - 70778880 _____ () C:\windows\system32\config\SOFTWARE.bak
    2014-10-25 08:44 - 2009-07-14 06:04 - 23068672 _____ () C:\windows\system32\config\SYSTEM.bak
    2014-10-25 08:44 - 2009-07-14 06:04 - 00524288 _____ () C:\windows\system32\config\DEFAULT.bak
    2014-10-25 08:44 - 2009-07-14 06:04 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak
    2014-10-25 08:44 - 2009-07-14 06:04 - 00262144 _____ () C:\windows\system32\config\SAM.bak
    2014-10-24 03:52 - 2009-07-14 06:50 - 00000000 ____D () C:\windows\rescache
    2014-10-22 20:29 - 2011-08-24 03:59 - 00000000 ____D () C:\windows\MSetup
    2014-10-22 20:28 - 2013-02-01 02:59 - 00000000 ____D () C:\Program Files\Internet Download Manager
    2014-10-22 20:28 - 2012-07-19 10:24 - 00000000 ____D () C:\Program Files (x86)\WebcamMax
    2014-10-21 01:16 - 2012-07-02 21:28 - 00000000 ____D () C:\Users\Dandy\AppData\Roaming\Mozilla
    2014-10-20 18:12 - 2013-03-07 17:22 - 00000000 ____D () C:\Program Files (x86)\ZAR
    2014-10-18 13:57 - 2011-08-23 13:08 - 00000000 ____D () C:\ProgramData\Norton
    2014-10-17 00:45 - 2009-07-14 06:04 - 00000580 _____ () C:\windows\win.ini
    2014-10-17 00:42 - 2011-08-23 13:32 - 00006164 _____ () C:\windows\LCDStretchMode.log
    2014-10-17 00:38 - 2011-08-23 13:12 - 00002176 _____ () C:\windows\HotFixList.ini
    2014-10-17 00:36 - 2011-08-23 13:24 - 00407040 _____ (Samsung Electronics) C:\windows\HotfixChecker.exe
    2014-10-17 00:36 - 2011-08-23 13:24 - 00345600 _____ (Samsung Electronics Co., Ltd.) C:\windows\SetLCDStretchMode.exe
    2014-10-17 00:34 - 2011-08-23 12:42 - 00000159 _____ () C:\setup.log
    2014-10-17 00:33 - 2011-08-23 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
    2014-10-17 00:30 - 2011-08-23 12:52 - 00000000 ____D () C:\Program Files\Samsung
    2014-10-17 00:30 - 2011-08-23 12:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-10-17 00:28 - 2011-08-23 12:49 - 00000000 ____D () C:\Program Files (x86)\Samsung
    2014-10-17 00:27 - 2011-08-23 12:44 - 00020238 _____ () C:\windows\DPINST.LOG
    2014-10-17 00:07 - 2009-07-14 06:50 - 00000000 ____D () C:\Program Files\Common Files\System
    2014-10-17 00:04 - 2009-07-14 06:50 - 00000000 ___HD () C:\windows\system32\GroupPolicy
    2014-10-17 00:04 - 2009-07-14 06:50 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
    2014-10-16 23:39 - 2014-07-03 17:53 - 00000000 ____D () C:\Users\Dandy\AppData\Roaming\Xilisoft
    2014-10-15 04:35 - 2013-02-01 02:47 - 00000000 ____D () C:\Users\Dandy\AppData\Roaming\IDM
    2014-10-05 16:49 - 2009-07-14 08:38 - 00032644 _____ () C:\windows\Tasks\SCHEDLGU.TXT
    2014-09-27 09:47 - 2012-07-02 02:06 - 00000000 ____D () C:\Users\Dandy

    Files to move or delete:
    ====================
    C:\ProgramData\1doc2pdf.dll


    Some content of TEMP:
    ====================
    C:\Users\Dandy\AppData\Local\Temp\Quarantine.exe
    C:\Users\Dandy\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-10-16 21:13

    ==================== End Of Log ============================

    Addition.txt:
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-10-2014
    Ran by Dandy at 2014-10-26 08:31:33
    Running from C:\Users\Dandy\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Internet Security (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    AS: Kaspersky Internet Security (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Internet Security (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    „Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    „Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
    „Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
    „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Active@ UNDELETE (HKLM-x32\...\{02EEBFC6-BB2E-45BE-96A6-ACCBCEECDD07}) (Version: 8.0.99 - Active Data Recovery Software)
    Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
    Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Aostsoft All Document Converter Professional 3.8.4 (HKLM-x32\...\Aostsoft All Document Converter Professional_is1) (Version: - Aostsoft,Inc.)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
    Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Canon LBP2900 (HKLM\...\Canon LBP2900) (Version: - )
    Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
    COWON Media Center - jetAudio Basic VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.17 - COWON)
    CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
    CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
    CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
    CyberLink Media+ Player10 (x32 Version: 10.0.1110.00 - CyberLink Corp.) Hidden
    CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
    CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.) Hidden
    CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
    CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
    CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
    CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.) Hidden
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
    CyberLink YouCam (x32 Version: 3.1.4013 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
    Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
    EasyFileShare (HKLM-x32\...\{16880765-677F-440B-B16A-BFD9B9C00012}) (Version: 1.0.12 - Samsung)
    Eco Mode (HKLM-x32\...\{9A8E4762-3331-4EDB-8E1F-B11179DDBC00}) (Version: 1.0.0.11 - Samsung Electronics Co., Ltd.)
    ETDWare PS/2-X64 8.0.7.2_WHQL (HKLM\...\Elantech) (Version: 8.0.7.2 - ELAN Microelectronic Corp.)
    Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Intel PROSet Wireless (Version: - ) Hidden
    Intel PROSet Wireless (x32 Version: - ) Hidden
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
    Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}) (Version: 1.1.0.0157 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
    Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
    Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
    Intel(R) WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
    Intel(R) WiDi Widget (HKLM-x32\...\{CF84827D-6048-435B-80CD-4F6CAF5F99CF}) (Version: 1.2.0.0 - Intel Corporation)
    Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
    Interactive Guide (HKLM-x32\...\{CB383BE9-7518-4ABD-826E-8FC4695F7D52}) (Version: 1.1 - )
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    IsoBuster 3.3 (HKLM-x32\...\IsoBuster_is1) (Version: 3.3 - Smart Projects)
    Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
    John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
    Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
    K-Lite Mega Codec Pack 10.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.5 - )
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.003.27.00.03 - Huawei Technologies Co.,Ltd)
    Mobinil USB Modem (HKLM-x32\...\Mobinil USB Modem) (Version: 11.302.09.21.272 - Huawei Technologies Co.,Ltd)
    Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.1 - )
    Nero 8 Lite 8.2.8.0 (HKLM-x32\...\Nero8Lite_is1) (Version: 8.2.8.0 - Updatepack.nl)
    Nero Vision (HKLM-x32\...\Nero Vision) (Version: - )
    NVIDIA Display Control Panel (Version: 6.14.12.6754 - NVIDIA Corporation) Hidden
    NVIDIA Graphics Driver 267.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.54 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.265.39.0 - NVIDIA Corporation) Hidden
    NVIDIA Optimus 1.0.21 (Version: 1.0.21 - NVIDIA Corporation) Hidden
    NVIDIA Update Components (Version: 1.0.21 - NVIDIA Corporation) Hidden
    ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.1071 - ooVoo LLC.)
    Pavtube Video Converter Ver 4.2.0.4076 (HKLM-x32\...\Pavtube Video Converter_is1) (Version: - )
    Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
    Recover My Files (HKLM-x32\...\Recover My Files v5_is1) (Version: 5.1.0.1824 - GetData Pty Ltd)
    Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
    Samsung Control Center (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
    Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: - Samsung Electronics Co., Ltd.)
    Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.3 - Samsung)
    Samsung Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung)
    Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
    Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
    Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
    Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
    WD SmartWare (HKLM\...\{23B47A34-0517-48DA-8B76-015DA8546893}) (Version: 1.5.1 - Western Digital)
    WebcamMax (HKLM-x32\...\WebcamMax) (Version: 7.6.3.6.MultiLanguage - )
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
    WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
    Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    13-10-2014 23:04:26 Scheduled Checkpoint
    14-10-2014 00:04:35 Windows Update
    16-10-2014 18:49:28 Installed calibre 64bit
    16-10-2014 20:30:01 Removed User Guide
    16-10-2014 20:59:47 Installed User Guide
    18-10-2014 10:24:49 Removed Norton Online Backup
    20-10-2014 14:39:42 Removed Smileys We Love Toolbar for IE
    20-10-2014 14:43:33 Removed Smileys We Love Toolbar for IE
    20-10-2014 14:49:36 Removed Smileys We Love Toolbar for IE
    20-10-2014 14:50:11 Removed Smileys We Love Toolbar for IE
    20-10-2014 14:58:21 Removed Smileys We Love Toolbar for IE
    20-10-2014 14:58:41 Removed Smileys We Love Toolbar for IE
    20-10-2014 15:53:39 Removed Smileys We Love Toolbar for IE
    20-10-2014 22:09:10 Removed MSXML 4.0 SP2 Parser and SDK
    20-10-2014 22:30:19 Windows Update
    24-10-2014 07:30:52 Before MBAR

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 06:04 - 2014-10-25 08:45 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1C77B091-2A79-44B0-A018-153F42FBF7B5} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe [2011-06-15] (Samsung Electronics Co., Ltd.)
    Task: {3A806B24-443C-45BD-AA66-8B3BE33E0CBE} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe [2011-06-04] (Samsung Electronics Co., Ltd.)
    Task: {504AD97D-E9B1-4201-B59F-5CA5C727109E} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe [2011-02-16] (Samsung Electronics Co., Ltd.)
    Task: {66E382F3-D66C-407A-8E4E-BA182F5D45F1} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe [2011-06-15] (Samsung Electronics Co., Ltd.)
    Task: {6AE8FDED-87D4-4435-96E3-428F971D50A6} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Samsung Control Center\EBM\EasyBatteryMgr4.exe [2011-05-09] (SAMSUNG Electronics co., LTD.)
    Task: {96EF54EA-6D33-43DA-BF5C-C21FF6AC956B} - System32\Tasks\EcoMode => C:\Program Files (x86)\Samsung\Eco Mode\SmartEco.exe [2011-06-06] (Samsung Electronics)
    Task: {998645F5-29C2-4645-80F9-56BEBF7BB38B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-07] (Adobe Systems Incorporated)
    Task: {BCDCFFF4-83B7-4F8C-AD70-557E04492792} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
    Task: {C318710D-E9D0-4EC8-8FB2-F4D327940F43} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {CBCE8C15-8AE6-47F9-ABF8-14E8F2D3E2E3} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-04-14] (CyberLink)
    Task: {D18E2FBE-76EA-4A5A-BBAF-7283AFBA6C7F} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-03-29] (SEC)
    Task: {E3C7AEDE-4C7C-4E63-86B1-56BDD86AA813} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Samsung Control Center\SCCSpeedBoot.exe [2011-05-18] (Samsung Electronics Co., Ltd.)
    Task: {ECE738B2-B05A-4FF4-B0AC-55840A1FD3C7} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
    Task: {FC790BB4-3652-4925-A41F-805181C74F80} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (whitelisted) =============

    2011-05-31 12:02 - 2011-05-31 12:02 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2011-08-24 03:52 - 2008-06-05 03:23 - 00027648 _____ () C:\windows\System32\spd__l.dll
    2011-08-23 12:59 - 2009-12-01 10:51 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2010-11-02 07:33 - 2010-11-02 07:33 - 01083392 _____ () C:\Program Files\Western Digital\WD SmartWare\System.Data.SQLite.dll
    2011-05-31 12:02 - 2011-05-31 12:02 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
    2011-08-24 03:51 - 2010-12-17 05:07 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
    2011-08-24 03:52 - 2010-10-21 21:52 - 00709632 _____ () C:\windows\system32\SnMinDrv.dll
    2012-08-17 20:39 - 2013-05-11 11:38 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
    2011-08-23 12:41 - 2011-03-07 07:16 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
    2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
    2011-08-23 13:10 - 2006-08-12 07:18 - 00049152 _____ () C:\Program Files (x86)\Samsung\Samsung Control Center\HookDllPS2.dll
    2011-08-23 13:11 - 2011-02-16 19:33 - 00203776 _____ () C:\Program Files (x86)\Samsung\Samsung Control Center\WinCRT.dll
    2009-11-02 08:50 - 2009-11-02 08:50 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    2009-11-02 08:53 - 2009-11-02 08:53 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    2011-08-23 13:11 - 2010-05-07 17:52 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:60466E88

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: WebcamMaxAutoRun => "C:\Program Files (x86)\WebcamMax\wcmmon.exe" -a

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-4152694092-3998405651-1245022814-500 - Administrator - Disabled)
    Dandy (S-1-5-21-4152694092-3998405651-1245022814-1001 - Administrator - Enabled) => C:\Users\Dandy
    Guest (S-1-5-21-4152694092-3998405651-1245022814-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-4152694092-3998405651-1245022814-1003 - Limited - Enabled)
    UpdatusUser (S-1-5-21-4152694092-3998405651-1245022814-1000 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Faulty Device Manager Devices =============

    Name: Bluetooth Peripheral Device
    Description: Bluetooth Peripheral Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Bluetooth Peripheral Device
    Description: Bluetooth Peripheral Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Realtek PCIe GBE Family Controller
    Description: Realtek PCIe GBE Family Controller
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Realtek
    Service: RTL8167
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================
    Error: (05/26/2014 06:22:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 19005 seconds with 12360 seconds of active time. This session ended with a crash.

    Error: (05/19/2014 06:13:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 162 seconds with 120 seconds of active time. This session ended with a crash.

    Error: (05/15/2014 10:31:58 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 4247 seconds with 3480 seconds of active time. This session ended with a crash.


    CodeIntegrity Errors:
    ===================================
    Date: 2014-10-25 08:39:39.920
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-10-25 08:39:39.889
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-10-25 02:54:52.175
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-25 02:54:52.175
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-25 02:54:52.175
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-25 02:54:52.175
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-25 02:54:52.159
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-25 02:54:52.159
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-25 02:54:52.128
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-25 02:54:52.128
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
    Percentage of memory in use: 31%
    Total physical RAM: 6057.55 MB
    Available physical RAM: 4145.34 MB
    Total Pagefile: 12113.27 MB
    Available Pagefile: 9904.43 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:230 GB) (Free:172.45 GB) NTFS
    Drive d: (New Volume) (Fixed) (Total:112.3 GB) (Free:77.32 GB) NTFS
    Drive g: (New Volume) (Fixed) (Total:112.3 GB) (Free:36.98 GB) NTFS
    Drive h: (New Volume) (Fixed) (Total:118.76 GB) (Free:1.34 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 596.2 GB) (Disk ID: F601E4B0)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=230 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=343.4 GB) - (Type=OF Extended)
    Partition 4: (Not Active) - (Size=22.7 GB) - (Type=27)

    ==================== End Of Log ============================
     
  12. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

    galaxy likes this.
  13. galaxy

    galaxy TS Rookie Topic Starter

    Fixlog.txt:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2014
    Ran by Dandy at 2014-10-27 07:47:46 Run:1
    Running from C:\Users\Dandy\Desktop
    Loaded Profiles: UpdatusUser & Dandy & (Available profiles: UpdatusUser & Dandy)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [] => [X]
    FF Extension: No Name - mozilla_cc@internetdownloadmanager.com [Not Found]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    C:\ProgramData\1doc2pdf.dll
    C:\Users\Dandy\AppData\Local\Temp\Quarantine.exe
    C:\Users\Dandy\AppData\Local\Temp\sqlite3.dll
    AlternateDataStreams: C:\ProgramData\Temp:60466E88
    EmptyTemp:

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    FF Extension: No Name - mozilla_cc@internetdownloadmanager.com [Not Found] not found.
    catchme => Service deleted successfully.
    C:\ProgramData\1doc2pdf.dll => Moved successfully.
    C:\Users\Dandy\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Dandy\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    C:\ProgramData\Temp => ":60466E88" ADS removed successfully.
    EmptyTemp: => Removed 237.3 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====
     
  14. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    How is computer doing?

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Internet Explorer users - Click on this link to open ESET OnlineScan.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the [img=[url]http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.[/*]
    • Check "Enable detection of potentially unwanted applications".
    • Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
      Do NOT checkmark "Use custom proxy settings"
    • Click the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats[/*]
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
     
  15. galaxy

    galaxy TS Rookie Topic Starter

    My computer runs flawlessly and its much more rapid. the C:\Users....\Temp\msupdate71 folder has been totally deleted. but I wonder what to do from now on. should I change my passwords or anything else?

    checkup.txt
    Results of screen317's Security Check version 0.99.89
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 10 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Kaspersky Internet Security
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 7 Update 7
    Java version out of Date!
    Adobe Flash Player 12.0.0.70 Flash Player out of Date!
    Adobe Reader 10.1.10 Adobe Reader out of Date!
    Mozilla Firefox (33.0)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

    FSS.txt:
    Farbar Service Scanner Version: 21-07-2014
    Ran by Dandy (administrator) on 28-10-2014 at 08:29:31
    Running from "C:\Users\Dandy\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
    TFC results:
    Getting user folders.
    Stopping running processes.
    Emptying Temp folders.
    User: All Users
    User: Dandy
    ->Temp folder emptied: 1172418 bytes
    ->Temporary Internet Files folder emptied: 2949 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 47848474 bytes
    ->Flash cache emptied: 1210 bytes
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    User: Public
    ->Temp folder emptied: 0 bytes
    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 10220992 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 642 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    Emptying RecycleBin. Do not interrupt.
    RecycleBin emptied: 513241 bytes
    Process complete!
    Total Files Cleaned = 57.00 mb

    ..............................................................................
    ESET scan results:

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\precache.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\SaUpdate.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\UpdateTask.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\Updater\Updater.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined
    C:\Program Files (x86)\Pavtube\Pavtube Video Converter\avconverter.exe a variant of Win32/Packed.Themida.AAN trojan cleaned by deleting - quarantined
    C:\Program Files (x86)\Pavtube\Pavtube Video Converter\AVConverterProcess.exe a variant of Win32/Packed.Themida.AAN trojan cleaned by deleting - quarantined
    C:\Program Files (x86)\Pavtube\Pavtube Video Converter\BD.dll a variant of Win32/Packed.Themida.AAN trojan cleaned by deleting - quarantined
    C:\Program Files (x86)\Pavtube\Pavtube Video Converter\converter.dll a variant of Win32/Packed.Themida.AAN trojan cleaned by deleting - quarantined
    C:\Program Files (x86)\Smart Projects\IsoBuster\Patch.exe a variant of Win32/HackTool.Patcher.T potentially unsafe application deleted - quarantined
    C:\Windows\Installer\b6a0095.msi a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
    D:\Downloads\Kaspersky-2015-v15-0-0-463-Trial-Reset[www-UpData98-iR].rar a variant of Win32/RiskWare.HackAV.OM application deleted - quarantined
    D:\Downloads\FG\fg742p.exe Win32/Freegate.A potentially unsafe application deleted - quarantined
    D:\Downloads\FG\U1103.exe Win32/UltraReach potentially unsafe application deleted - quarantined
    D:\Downloads\Internet.Download.Manager.6.21.Build.14.Final.Retail[www.UpData98.iR]\Patch 2\IDM-6.2.X-Patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application deleted - quarantined
    G:\22\highspeeddownloader-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
    G:\22\Pavtube HD Video Converter 4.2.0.4076_rasekhoon.net.exe a variant of Win32/Packed.Themida.AAN trojan cleaned by deleting - quarantined
    G:\22\[000202].rar Win32/RiskWare.HackAV.NR application deleted - quarantined
    H:\aaaaa\$RESLDIC.exe a variant of Win32/Packed.Themida.AAN trojan cleaned by deleting - quarantined
    H:\aaaaa\D\Root\$RECYCLE.BIN\S-1-5-21-4152694092-3998405651-1245022814-1001\$R0K1UWT.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
    H:\aaaaa\D\Root\$RECYCLE.BIN\S-1-5-21-4152694092-3998405651-1245022814-1001\$RESLDIC.exe a variant of Win32/Packed.Themida.AAN trojan cleaned by deleting - quarantined
    H:\aaaaa\D\Root\$RECYCLE.BIN\S-1-5-21-4152694092-3998405651-1245022814-1001\$RWTRUQM\fg742p.exe Win32/Freegate.A potentially unsafe application deleted - quarantined
    H:\aaaaa\recuva\highspeeddownloader-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
    H:\aaaaa\recuva\Pavtube HD Video Converter 4.2.0.4076_rasekhoon.net.exe a variant of Win32/Packed.Themida.AAN trojan cleaned by deleting - quarantined
    H:\Kasper Int.Sec 2013\Kaspersky.Reset.Trial-v4.0.0.20[www.UpData98.iR]\KRT_4.0.0.20 Setup[www.UpData98.iR].exe a variant of Win32/RiskWare.HackAV.OM application cleaned by deleting - quarantined
    H:\Mob\Ext\backup\Hangman_2.7.6.apk a variant of Android/AdDisplay.AppLovin.A potentially unwanted application deleted - quarantined
    H:\Mob\Ext\backup\Mantano Reader Free_2.0.3.2.apk a variant of Android/Inmobi.A potentially unsafe application deleted - quarantined
    H:\Mob\Ext\backup\PhoneLocator PRO_4.7.apk a variant of Android/Pholoc.C potentially unsafe application deleted - quarantined
    H:\Mob\Ext\backup\SmartTools_1.1.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
    H:\Mob\SD\maverick\temp.gpx Win32/Vittalia.C potentially unwanted application deleted - quarantined
    H:\S2\SD\backup\PhoneLocator PRO_4.7.apk a variant of Android/Pholoc.C potentially unsafe application deleted - quarantined
    H:\S2\SD\backup\Total Recall for Android_1.9.3.7.apk a variant of Android/Torec.C potentially unsafe application deleted - quarantined
    H:\S2\SD\backup\Total Recall S2_1.9.44_playstore.ir_369_1370142498.apk a variant of Android/Torec.C potentially unsafe application deleted - quarantined
     
  16. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Msupdate71 folder was created by a trojan so you must change your sensitive passwords.

    [​IMG] Update Adobe Flash Player: http://get.adobe.com/flashplayer/
    Make sure you UN-check Yes, install McAfee Security Scan Plus

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    [​IMG] Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    [​IMG] Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    ===============================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
    galaxy likes this.
  17. galaxy

    galaxy TS Rookie Topic Starter

    It looks great.Thank you for your sincere help dear Broni.
    I really appreciate your kindness.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Yes!! [​IMG]
    Good luck and stay safe :)
     
    galaxy likes this.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...