TechSpot

Slow laptop - malware maybe

By jon427
Oct 30, 2014
  1. Hi there! I have this problem that probably similar to most. My gf laptop is so slow (Windows 8) that includes booting up, opening a folder or running application. Not really sure what happen, but below are the logs required (pre-req) for solving the issue: - Thanks in advance:

    1. Run antivirus (Kapersky) - no virus or malware found.
    2. Run Malawarebytes and the log is below:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 6/30/2014
    Scan Time: 1:30:00 PM
    Logfile: malawarebytes.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.10.30.12
    Rootkit Database: v2014.10.22.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Farship

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 327232
    Time Elapsed: 9 min, 8 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)​

    3. Run DDS and the results are below:

    DDS.txt
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 10.25.2
    Run by Farship at 14:00:44 on 2014-06-30
    Microsoft Windows 8.1 6.3.9600.0.1252.1.1033.18.8080.5691 [GMT -6:00]
    .
    AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k RPCSS
    C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Classic Shell\ClassicShellService.exe
    C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\WLANExt.exe
    C:\WINDOWS\System32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkDMS.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
    C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
    C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    C:\WINDOWS\system32\dashost.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
    C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\dwm.exe
    C:\Program Files\Classic Shell\ClassicStartMenu.exe
    C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
    C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
    C:\WINDOWS\system32\taskhostex.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
    C:\Program Files (x86)\Samsung\Settings\sSettings.exe
    C:\Windows\System32\skydrive.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
    C:\Windows\System32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe
    C:\istgah_dic\dic_istgah.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Windows\System32\SettingSyncHost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\System32\WUDFHost.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.google.com
    uSearch Bar = Preserve
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
    BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [Quick Starter] C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\Farship\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\istgah Dictionary.lnk - C:\istgah_dic\dic_istgah.exe
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
    IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
    IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{0817CE5A-D0D2-4CEA-BBEA-6689C26D1326} : NameServer = 208.69.150.250,208.69.150.252
    TCP: Interfaces\{5C18A4BF-A235-447E-9184-B72500847B6C} : NameServer = 208.69.150.250,208.69.150.252
    TCP: Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D} : NameServer = 208.69.150.250,208.69.150.252
    TCP: Interfaces\{CD822194-2C6A-40B0-BEC1-07E0404E282E} : NameServer = 208.69.150.250,208.69.150.252
    TCP: Interfaces\{F2B57EF4-9386-4316-9160-275B45B8A16C} : NameServer = 208.69.150.250,208.69.150.252
    TCP: Interfaces\{F2B57EF4-9386-4316-9160-275B45B8A16C} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{FB4A9047-0F8A-4CC6-97B5-599B653FCF6F}\54873656C63796F62733 : DHCPNameServer = 192.168.15.1
    TCP: Interfaces\{FB4A9047-0F8A-4CC6-97B5-599B653FCF6F}\7616475637D27657563747 : NameServer = 208.69.150.250,208.69.150.252
    TCP: Interfaces\{FB4A9047-0F8A-4CC6-97B5-599B653FCF6F}\7616475637D27657563747 : DHCPNameServer = 192.168.3.1
    TCP: Interfaces\{FB4A9047-0F8A-4CC6-97B5-599B653FCF6F}\B61647562777F6F646 : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{FB4A9047-0F8A-4CC6-97B5-599B653FCF6F}\E4F4B4941402C457D6961602932303D213 : DHCPNameServer = 192.168.137.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
    x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
    x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [Samsung Link] "C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe"
    x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
    x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
    x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
    x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
    x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    x64-mPolicies-System: PromptOnSecureDesktop = dword:0
    x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
    x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
    x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Farship\AppData\Roaming\Mozilla\Firefox\Profiles\4qfd6w8x.default\
    FF - plugin: C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
    FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
    FF - plugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll
    FF - plugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPluginUACElevator.dll
    FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
    FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\windows\SysWOW64\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    FF - user.js: extensions.astrmndasr.hmpg - true
    FF - user.js: extensions.astrmndasr.hmpgUrl - hxxp://astromenda.com/?f=1&a=ast_orinteract_14_42_ie&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0C0F0C0CyE0F0ByEyB0DtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0C0AtAyDyE0CtG0FtC0AyEtGzztDzz0BtG0F0CyEtCtGtDtDtAyE0FyEtCtBtDyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBtC0B0F0Bzy0FtG0BtDzztAtGyEtBtDzytGzz0FyEzytG0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
    FF - user.js: extensions.astrmndasr.dfltSrch - true
    FF - user.js: extensions.astrmndasr.srchPrvdr - Astromenda
    FF - user.js: extensions.astrmndasr.dnsErr - true
    FF - user.js: extensions.astrmndasr_i.newTab - true
    FF - user.js: extensions.astrmndasr.newTabUrl - hxxp://astromenda.com/?f=2&a=ast_orinteract_14_42_ie&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0C0F0C0CyE0F0ByEyB0DtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0C0AtAyDyE0CtG0FtC0AyEtGzztDzz0BtG0F0CyEtCtGtDtDtAyE0FyEtCtBtDyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBtC0B0F0Bzy0FtG0BtDzztAtGyEtBtDzytGzz0FyEzytG0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
    FF - user.js: extensions.astrmndasr.tlbrSrchUrl - hxxp://astromenda.com/?f=3&a=ast_orinteract_14_42_ie&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0C0F0C0CyE0F0ByEyB0DtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0C0AtAyDyE0CtG0FtC0AyEtGzztDzz0BtG0F0CyEtCtGtDtDtAyE0FyEtCtBtDyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBtC0B0F0Bzy0FtG0BtDzztAtGyEtBtDzytGzz0FyEzytG0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=&q=
    FF - user.js: extensions.astrmndasr.id - C68508CFCC4FB47D
    FF - user.js: extensions.astrmndasr.instlDay - 16360
    FF - user.js: extensions.astrmndasr.vrsn -
    FF - user.js: extensions.astrmndasr.vrsni -
    FF - user.js: extensions.astrmndasr_i.vrsnTs - 22:3:1
    FF - user.js: extensions.astrmndasr.prtnrId - WSE_Astromenda
    FF - user.js: extensions.astrmndasr.prdct - astrmndasr
    FF - user.js: extensions.astrmndasr.aflt - ast_orinteract_14_42_ie
    FF - user.js: extensions.astrmndasr_i.smplGrp - none
    FF - user.js: extensions.astrmndasr.tlbrId -
    FF - user.js: extensions.astrmndasr.instlRef - 142905_b
    FF - user.js: extensions.astrmndasr.dfltLng -
    FF - user.js: extensions.astrmndasr.appId - {9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
    FF - user.js: extensions.astrmndasr.excTlbr - false
    FF - user.js: extensions.astrmndasr.cr - 2082598172
    FF - user.js: extensions.astrmndasr.cd - 2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0C0F0C0CyE0F0ByEyB0DtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0C0AtAyDyE0CtG0FtC0AyEtGzztDzz0BtG0F0CyEtCtGtDtDtAyE0FyEtCtBtDyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBtC0B0F0Bzy0FtG0BtDzztAtGyEtBtDzytGzz0FyEzytG0EtB0C0Czz0B0C0AtD0DyDtA2Q
    FF - user.js: extensions.astrmndasr.AL - 4
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\WINDOWS\System32\drivers\CSCrySec.sys [2013-10-29 98064]
    R0 dlkmdldr;dlkmdldr;C:\WINDOWS\System32\drivers\dlkmdldr.sys [2014-9-5 18736]
    R0 excsd;ExpressCache Storage Filter Driver;C:\WINDOWS\System32\drivers\excsd.sys [2013-8-20 103248]
    R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-8-7 644968]
    R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2013-12-14 39768]
    R0 nvpciflt;nvpciflt;C:\WINDOWS\System32\drivers\nvpciflt.sys [2014-3-10 32544]
    R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2014-4-18 157016]
    R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2013-8-22 76800]
    R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys [2013-10-29 67344]
    R1 excfs;ExpressCache File System Filter Driver;C:\WINDOWS\System32\drivers\excfs.sys [2013-8-20 23376]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\WINDOWS\System32\drivers\klim6.sys [2012-8-2 30304]
    R1 klwfp;klwfp;C:\WINDOWS\System32\drivers\klwfp.sys [2013-10-29 50448]
    R1 kneps;kneps;C:\WINDOWS\System32\drivers\kneps.sys [2013-10-29 178448]
    R2 AllShare Framework DMS;AllShare Framework DMS;C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe [2013-7-23 404360]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-4-11 772064]
    R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2013-10-29 356128]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-8-26 1137016]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-8-26 1157496]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
    R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]
    R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2014-7-9 10571056]
    R2 Easy Launcher;Easy Launcher;C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2012-11-30 1591176]
    R2 ExpressCache;ExpressCache;C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [2012-8-17 102224]
    R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-11-8 250712]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-3-10 131544]
    R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [2013-9-18 157128]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-3-10 169432]
    R2 Samsung Link Service;Samsung Link Service;C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [2013-8-31 605768]
    R2 SWUpdateService;SW Update Service;C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2013-10-21 3018800]
    R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-4-18 3388144]
    R3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;C:\WINDOWS\System32\drivers\AmpPal.sys [2013-4-11 165344]
    R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2014-4-18 226304]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\WINDOWS\System32\drivers\btmaux.sys [2013-7-22 140600]
    R3 btmhsf;btmhsf;C:\WINDOWS\System32\drivers\btmhsf.sys [2013-9-5 1390904]
    R3 dlkmd;dlkmd;C:\WINDOWS\System32\drivers\dlkmd.sys [2014-9-5 435504]
    R3 iBtFltCoex;iBtFltCoex;C:\WINDOWS\System32\drivers\iBtFltCoex.sys [2013-4-23 69088]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-2-26 169752]
    R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2013-9-9 449528]
    R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2013-9-30 26008]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\WINDOWS\System32\drivers\klkbdflt.sys [2013-10-29 29280]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\WINDOWS\System32\drivers\klmouflt.sys [2013-10-29 29280]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\0E826AB4.sys [2014-6-30 129752]
    R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
    R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2013-8-22 16384]
    R3 NETwNe64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\WINDOWS\System32\drivers\NETwew00.sys [2013-10-8 3345376]
    R3 RadioHIDMini;Radio HID Mini-driver;C:\WINDOWS\System32\drivers\RadioHIDMini.sys [2012-7-30 23408]
    R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\drivers\Rt630x64.sys [2014-3-10 827096]
    R3 usb3Hub;USB-IF USB 3.0 Hub;C:\WINDOWS\System32\drivers\usb3Hub.sys [2012-11-29 47072]
    R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2014-8-22 227840]
    R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\WINDOWS\System32\drivers\xHCIPort.sys [2012-10-9 188896]
    S0 klelam;klelam;C:\WINDOWS\System32\drivers\klelam.sys [2013-11-13 29792]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2013-8-22 782176]
    S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2013-8-22 37768]
    S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2013-8-22 37768]
    S3 bcm;WiMAX Network Adapter;C:\WINDOWS\System32\drivers\drxvi314_64.sys [2014-4-11 363136]
    S3 bcmbusctr;WiMAX Bus Driver;C:\WINDOWS\System32\drivers\BcmBusCtr_64.sys [2014-4-11 62464]
    S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2013-8-22 17624]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2014-1-22 108800]
    S3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;C:\WINDOWS\System32\drivers\DisplayLinkUsbIo_x64_7.6.56275.0.sys [2014-7-10 46384]
    S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2013-8-22 24568]
    S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2013-8-22 99320]
    S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2013-8-22 651248]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2014-6-13 111616]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2013-9-30 39320]
    S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
    S3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-2-28 174368]
    S3 lfsvc;Windows Location Framework Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2013-8-22 37768]
    S3 LSI_SAS3;LSI_SAS3;C:\WINDOWS\System32\drivers\lsi_sas3.sys [2013-8-22 81760]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-4-18 273136]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\WINDOWS\System32\drivers\netaapl64.sys [2013-7-25 23040]
    S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc63.sys [2013-8-22 87040]
    S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2014-4-18 924504]
    S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
    S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2013-12-14 146776]
    S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2013-8-22 37768]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2014-1-22 206080]
    S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2013-11-23 57176]
    S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2013-8-22 26976]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2014-5-14 123224]
    S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2014-5-14 347880]
    S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2013-8-22 37768]
    S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2013-8-22 37768]
    .
    =============== Created Last 30 ================
    .
    2014-10-18 17:04:20 275968 ----a-w- C:\WINDOWS\System32\generaltel.dll
    2014-10-18 17:04:19 678400 ----a-w- C:\WINDOWS\System32\aepdu.dll
    2014-10-18 17:04:17 527360 ----a-w- C:\WINDOWS\System32\aeinv.dll
    2014-10-18 17:04:14 3117568 ----a-w- C:\WINDOWS\SysWow64\msi.dll
    2014-10-18 17:04:14 2779648 ----a-w- C:\WINDOWS\System32\msi.dll
    2014-10-18 17:04:12 921600 ----a-w- C:\WINDOWS\System32\MrmCoreR.dll
    2014-10-18 17:04:12 626688 ----a-w- C:\WINDOWS\SysWow64\MrmCoreR.dll
    2014-10-18 17:04:11 118272 ----a-w- C:\WINDOWS\System32\winbici.dll
    2014-10-18 16:49:12 76288 ----a-w- C:\WINDOWS\System32\packager.dll
    2014-10-18 16:49:12 68608 ----a-w- C:\WINDOWS\SysWow64\packager.dll
    2014-10-18 16:48:33 4183040 ----a-w- C:\WINDOWS\System32\win32k.sys
    2014-10-18 16:45:35 590336 ----a-w- C:\WINDOWS\System32\rastls.dll
    2014-10-18 16:45:35 514048 ----a-w- C:\WINDOWS\SysWow64\rastls.dll
    2014-10-18 04:13:34 1664 ----a-w- C:\WINDOWS\System32\ASOROSet.bin
    2014-10-18 04:03:02 -------- d-----w- C:\Users\Farship\AppData\Roaming\ASP
    2014-10-18 04:02:53 -------- d-----w- C:\Users\Farship\AppData\Roaming\Systweak
    2014-10-18 04:02:49 -------- d-----w- C:\Users\Farship\AppData\Roaming\Windows Essentials Codec Pack
    2014-10-18 04:02:49 -------- d-----w- C:\Program Files (x86)\Windows Essentials Codec Pack
    2014-10-18 04:02:44 20296 ----a-w- C:\WINDOWS\System32\roboot64.exe
    2014-10-04 21:38:11 -------- d-----w- C:\ProgramData\Intel(R) Update Manager
    2014-09-21 01:21:59 621056 ----a-w- C:\WINDOWS\System32\comdlg32.dll
    2014-09-20 19:14:15 706016 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
    2014-09-20 19:14:15 105440 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
    2014-09-20 18:58:32 3231696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dcompiler_46.dll
    2014-09-20 04:50:42 299520 ----a-w- C:\WINDOWS\System32\WSDMon.dll
    2014-09-20 04:50:42 205824 ----a-w- C:\WINDOWS\System32\tcpmon.dll
    2014-09-20 04:50:40 796672 ----a-w- C:\WINDOWS\System32\uDWM.dll
    2014-09-20 04:50:40 2374784 ----a-w- C:\WINDOWS\explorer.exe
    2014-09-20 04:50:40 2084520 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
    2014-09-20 04:50:38 13423104 ----a-w- C:\WINDOWS\System32\twinui.dll
    2014-09-20 04:50:37 11818496 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
    2014-09-20 04:50:36 2860032 ----a-w- C:\WINDOWS\System32\actxprxy.dll
    2014-09-20 04:50:36 1038336 ----a-w- C:\WINDOWS\SysWow64\actxprxy.dll
    2014-09-20 04:50:35 68096 ----a-w- C:\WINDOWS\System32\UXInit.dll
    2014-09-20 04:50:35 50176 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll
    2014-09-20 04:49:51 146752 ----a-w- C:\WINDOWS\System32\drivers\msgpioclx.sys
    2014-09-20 04:38:09 97280 ----a-w- C:\WINDOWS\System32\aepic.dll
    2014-09-20 04:36:38 1212928 ----a-w- C:\WINDOWS\System32\schedsvc.dll
    2014-09-20 04:36:15 875688 ----a-w- C:\WINDOWS\SysWow64\msvcr120_clr0400.dll
    2014-09-20 04:36:15 869544 ----a-w- C:\WINDOWS\System32\msvcr120_clr0400.dll
    2014-09-06 03:46:26 435504 ----a-w- C:\WINDOWS\System32\drivers\dlkmd.sys
    2014-09-06 03:46:26 18736 ----a-w- C:\WINDOWS\System32\drivers\dlkmdldr.sys
    2014-09-05 05:32:56 1336624 ----a-w- C:\WINDOWS\System32\gdi32.dll
    2014-09-05 05:32:56 1064448 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
    2014-08-25 02:08:56 -------- d-----r- C:\Users\Farship\Music
    2014-08-24 05:53:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware old
    2014-08-23 04:31:01 26419488 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2014-08-23 04:31:00 25693720 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2014-08-23 04:29:31 710144 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
    2014-08-23 04:29:31 1273184 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
    2014-08-23 04:25:59 402432 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb.sys
    2014-08-23 04:24:57 356352 ----a-w- C:\WINDOWS\System32\msihnd.dll
    2014-08-23 04:24:57 281088 ----a-w- C:\WINDOWS\SysWow64\msihnd.dll
    2014-08-23 04:24:57 114520 ----a-w- C:\WINDOWS\System32\consent.exe
    2014-08-23 04:24:52 623616 ----a-w- C:\WINDOWS\System32\MDMAgent.exe
    2014-08-23 04:24:52 418816 ----a-w- C:\WINDOWS\System32\wbem\MDMSettingsProv.dll
    2014-08-23 04:24:52 161792 ----a-w- C:\WINDOWS\System32\wbem\MDMAppProv.dll
    2014-07-12 04:25:37 1018880 ----a-w- C:\WINDOWS\System32\termsrv.dll
    2014-07-12 04:23:58 -------- d-s---w- C:\WINDOWS\System32\CompatTel
    2014-07-10 13:28:16 46384 ----a-w- C:\WINDOWS\System32\drivers\DisplayLinkUsbIo_x64_7.6.56275.0.sys
    2014-07-10 13:28:08 1017344 ----a-w- C:\WINDOWS\System32\DisplayLinkUsbCo64_7.6.56275.0.dll
    2014-07-09 14:52:38 1469744 ----a-w- C:\WINDOWS\System32\dlumd9.dll
    2014-07-09 14:52:38 1469744 ----a-w- C:\WINDOWS\System32\dlumd64.dll
    2014-07-09 14:52:38 1469744 ----a-w- C:\WINDOWS\System32\dlumd11.dll
    2014-07-09 14:52:38 1469744 ----a-w- C:\WINDOWS\System32\dlumd10.dll
    2014-07-09 14:52:35 1146672 ----a-w- C:\WINDOWS\SysWow64\dlumd9.dll
    2014-07-09 14:52:35 1146672 ----a-w- C:\WINDOWS\SysWow64\dlumd32.dll
    2014-07-09 14:52:35 1146672 ----a-w- C:\WINDOWS\SysWow64\dlumd11.dll
    2014-07-09 14:52:35 1146672 ----a-w- C:\WINDOWS\SysWow64\dlumd10.dll
    2014-07-09 06:08:26 966144 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
    2014-07-09 06:08:24 563200 ----a-w- C:\WINDOWS\System32\drivers\afd.sys
    2014-07-09 06:08:23 735232 ----a-w- C:\WINDOWS\SysWow64\adtschema.dll
    2014-07-09 06:08:23 735232 ----a-w- C:\WINDOWS\System32\adtschema.dll
    2014-07-09 06:08:23 565576 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
    2014-07-09 06:03:25 79872 ----a-w- C:\WINDOWS\System32\WSReset.exe
    2014-06-30 19:29:51 129752 ----a-w- C:\WINDOWS\System32\drivers\0E826AB4.sys
    2014-06-30 19:29:40 129752 ----a-w- C:\WINDOWS\System32\drivers\40A96A90.sys
    2014-06-30 19:29:34 93400 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    2014-06-30 19:29:34 64216 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
    2014-06-30 19:29:34 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
    2014-06-30 19:24:55 129752 ----a-w- C:\WINDOWS\System32\drivers\02A966EE.sys
    2014-06-30 19:24:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-06-28 01:48:21 -------- d-----r- C:\Users\Farship\Documents
    2014-06-14 03:56:46 7173120 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
    2014-06-14 03:55:32 98816 ----a-w- C:\WINDOWS\SysWow64\drvinst.exe
    2014-06-14 03:55:32 57856 ----a-w- C:\WINDOWS\System32\drvcfg.exe
    2014-06-14 03:55:32 110592 ----a-w- C:\WINDOWS\System32\drvinst.exe
    2014-06-14 03:55:23 1975296 ----a-w- C:\WINDOWS\System32\DWrite.dll
    2014-06-14 03:55:23 1345536 ----a-w- C:\WINDOWS\System32\FntCache.dll
    2014-06-14 03:55:22 1509888 ----a-w- C:\WINDOWS\SysWow64\DWrite.dll
    2014-06-14 03:30:44 55328 ----a-w- C:\WINDOWS\System32\drivers\wpcfltr.sys
    2014-06-14 03:30:44 2834944 ----a-w- C:\WINDOWS\System32\wpccpl.dll
    2014-06-14 03:29:46 53248 ----a-w- C:\WINDOWS\SysWow64\tsgqec.dll
    2014-06-12 04:49:02 18636480 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
    .
    ==================== Find3M ====================
    .
    2014-09-25 22:32:04 2017280 ----a-w- C:\WINDOWS\SysWow64\inetcpl.cpl
    2014-09-25 22:31:02 2108416 ----a-w- C:\WINDOWS\System32\inetcpl.cpl
    2014-09-20 19:01:30 2724864 ----a-w- C:\WINDOWS\System32\mshtml.tlb
    2014-09-20 19:01:28 48640 ----a-w- C:\WINDOWS\System32\ieetwproxystub.dll
    2014-09-20 19:01:28 4096 ----a-w- C:\WINDOWS\System32\ieetwcollectorres.dll
    2014-09-20 19:01:28 139264 ----a-w- C:\WINDOWS\System32\ieUnatt.exe
    2014-09-20 19:01:28 111616 ----a-w- C:\WINDOWS\System32\ieetwcollector.exe
    2014-09-20 19:01:27 66048 ----a-w- C:\WINDOWS\System32\iesetup.dll
    2014-09-19 01:40:03 547328 ----a-w- C:\WINDOWS\System32\vbscript.dll
    2014-09-19 01:38:27 83968 ----a-w- C:\WINDOWS\System32\MshtmlDac.dll
    2014-09-19 01:36:57 5829632 ----a-w- C:\WINDOWS\System32\jscript9.dll
    2014-09-19 01:25:12 4201472 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
    2014-09-19 01:25:09 758272 ----a-w- C:\WINDOWS\System32\jscript9diag.dll
    2014-09-19 01:02:07 454656 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
    2014-09-19 00:59:40 61952 ----a-w- C:\WINDOWS\SysWow64\MshtmlDac.dll
    2014-09-19 00:33:18 2309632 ----a-w- C:\WINDOWS\System32\wininet.dll
    2014-09-18 23:59:11 1810944 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
    2014-09-08 00:08:35 35328 ----a-w- C:\WINDOWS\System32\wuapp.exe
    2014-09-08 00:07:59 137728 ----a-w- C:\WINDOWS\System32\wuwebv.dll
    2014-09-08 00:04:52 388608 ----a-w- C:\WINDOWS\System32\WUSettingsProvider.dll
    2014-09-08 00:04:20 93696 ----a-w- C:\WINDOWS\System32\wudriver.dll
    2014-09-08 00:03:50 1702400 ----a-w- C:\WINDOWS\System32\wucltux.dll
    2014-09-07 23:59:31 31232 ----a-w- C:\WINDOWS\SysWow64\wuapp.exe
    2014-09-07 23:59:15 123904 ----a-w- C:\WINDOWS\SysWow64\wuwebv.dll
    2014-09-07 23:56:51 80896 ----a-w- C:\WINDOWS\SysWow64\wudriver.dll
    2014-08-29 01:58:52 109568 ----a-w- C:\WINDOWS\System32\appinfo.dll
    2014-08-28 23:56:41 2646016 ----a-w- C:\WINDOWS\System32\authui.dll
    2014-08-28 23:47:55 2321920 ----a-w- C:\WINDOWS\SysWow64\authui.dll
    2014-08-16 04:08:38 1507648 ----a-w- C:\WINDOWS\System32\propsys.dll
    2014-08-16 04:01:48 1710184 ----a-w- C:\WINDOWS\System32\ntdll.dll
    2014-08-16 03:58:45 1112512 ----a-w- C:\WINDOWS\System32\KernelBase.dll
    2014-08-16 03:57:37 2498880 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
    2014-08-16 03:57:36 428864 ----a-w- C:\WINDOWS\System32\drivers\FWPKCLNT.SYS
    2014-08-16 03:16:37 1205976 ----a-w- C:\WINDOWS\SysWow64\propsys.dll
    2014-08-16 03:03:51 1467384 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
    2014-08-16 02:55:32 2407936 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
    2014-08-16 01:31:16 838144 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
    2014-08-16 01:25:28 72704 ----a-w- C:\WINDOWS\System32\JavaScriptCollectionAgent.dll
    2014-08-16 01:11:26 597504 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
    2014-08-16 01:04:21 359424 ----a-w- C:\WINDOWS\System32\Wldap32.dll
    2014-08-16 00:58:45 60416 ----a-w- C:\WINDOWS\SysWow64\JavaScriptCollectionAgent.dll
    2014-08-16 00:58:35 287744 ----a-w- C:\WINDOWS\System32\SystemEventsBrokerServer.dll
    2014-08-16 00:53:32 118272 ----a-w- C:\WINDOWS\System32\httpprxm.dll
    2014-08-16 00:46:38 290816 ----a-w- C:\WINDOWS\System32\ProximityService.dll
    2014-08-16 00:45:51 267776 ----a-w- C:\WINDOWS\System32\bisrv.dll
    2014-08-16 00:43:38 75776 ----a-w- C:\WINDOWS\System32\adhsvc.dll
    2014-08-16 00:43:25 321024 ----a-w- C:\WINDOWS\SysWow64\Wldap32.dll
    2014-08-16 00:31:57 286208 ----a-w- C:\WINDOWS\System32\pcsvDevice.dll
    2014-08-16 00:31:07 914432 ----a-w- C:\WINDOWS\System32\iphlpsvc.dll
    2014-08-16 00:29:54 249344 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-08-16 00:23:10 1106432 ----a-w- C:\WINDOWS\System32\SearchFolder.dll
    2014-08-16 00:22:56 717824 ----a-w- C:\WINDOWS\System32\SkyDriveTelemetry.dll
    2014-08-16 00:22:06 286208 ----a-w- C:\WINDOWS\System32\SkyDriveShell.dll
    2014-08-16 00:19:42 189952 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-08-16 00:18:36 4758528 ----a-w- C:\WINDOWS\System32\SyncEngine.dll
    2014-08-16 00:17:51 8757760 ----a-w- C:\WINDOWS\System32\Windows.UI.Search.dll
    2014-08-16 00:14:34 265216 ----a-w- C:\WINDOWS\SysWow64\SkyDriveShell.dll
    2014-08-16 00:13:50 6649344 ----a-w- C:\WINDOWS\System32\mstscax.dll
    2014-08-16 00:13:17 5902848 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
    2014-08-16 00:13:14 840192 ----a-w- C:\WINDOWS\SysWow64\SearchFolder.dll
    2014-08-16 00:11:08 920064 ----a-w- C:\WINDOWS\System32\WSShared.dll
    2014-08-16 00:10:35 1120768 ----a-w- C:\WINDOWS\System32\SkyDrive.exe
    2014-08-16 00:08:48 5777408 ----a-w- C:\WINDOWS\SysWow64\mstscax.dll
    2014-08-16 00:07:01 756224 ----a-w- C:\WINDOWS\SysWow64\WSShared.dll
    2014-07-24 15:28:38 468288 -c--a-w- C:\WINDOWS\System32\drivers\USBHUB3.SYS
    2014-07-24 15:28:38 419648 -c--a-w- C:\WINDOWS\System32\drivers\usbhub.sys
    2014-07-24 15:28:38 412992 -c--a-w- C:\WINDOWS\System32\drivers\spaceport.sys
    2014-07-24 15:28:38 143680 -c--a-w- C:\WINDOWS\System32\drivers\usbccgp.sys
    2014-07-24 15:28:35 280384 -c--a-w- C:\WINDOWS\System32\drivers\pci.sys
    2014-07-24 15:23:21 1519488 ----a-w- C:\WINDOWS\System32\user32.dll
    2014-07-24 15:23:21 125472 ----a-w- C:\WINDOWS\System32\dwmapi.dll
    2014-07-24 15:20:37 645592 ----a-w- C:\WINDOWS\System32\SHCore.dll
    2014-07-24 15:20:37 263400 ----a-w- C:\WINDOWS\System32\SystemSettingsAdminFlows.exe
    2014-07-24 15:16:25 2574208 ----a-w- C:\WINDOWS\System32\WMVDECOD.DLL
    2014-07-24 15:16:24 211216 ----a-w- C:\WINDOWS\System32\SndVol.exe
    2014-07-24 15:07:53 7424320 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
    2014-07-24 15:07:52 2009920 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
    2014-07-24 15:05:56 1660048 ----a-w- C:\WINDOWS\System32\winload.efi
    2014-07-24 15:05:56 1519560 ----a-w- C:\WINDOWS\System32\winload.exe
    2014-07-24 15:05:56 1488008 ----a-w- C:\WINDOWS\System32\winresume.efi
    2014-07-24 15:05:56 1356840 ----a-w- C:\WINDOWS\System32\winresume.exe
    2014-07-24 15:03:56 882136 ----a-w- C:\WINDOWS\System32\mfplat.dll
    2014-07-24 15:03:55 818624 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
    2014-07-24 15:03:55 233888 ----a-w- C:\WINDOWS\System32\mfps.dll
    2014-07-24 15:03:54 2141920 ----a-w- C:\WINDOWS\System32\mfcore.dll
    2014-07-24 15:03:53 360480 ----a-w- C:\WINDOWS\System32\mfreadwrite.dll
    2014-07-24 15:03:53 205512 ----a-w- C:\WINDOWS\System32\mftranscode.dll
    2014-07-24 14:57:08 475968 ----a-w- C:\WINDOWS\System32\drivers\netio.sys
    2014-07-24 13:50:07 98048 ----a-w- C:\WINDOWS\SysWow64\dwmapi.dll
    2014-07-24 13:48:15 2410976 ----a-w- C:\WINDOWS\SysWow64\WMVDECOD.DLL
    2014-07-24 13:48:15 180208 ----a-w- C:\WINDOWS\SysWow64\SndVol.exe
    2014-07-24 13:46:50 477200 ----a-w- C:\WINDOWS\SysWow64\SHCore.dll
    2014-07-24 13:36:22 707536 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll
    2014-07-24 13:36:22 674512 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
    2014-07-24 13:36:20 355800 ----a-w- C:\WINDOWS\SysWow64\mfreadwrite.dll
    2014-07-24 13:36:20 2145472 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
    2014-07-24 13:36:20 180720 ----a-w- C:\WINDOWS\SysWow64\mftranscode.dll
    2014-07-24 11:51:24 7168 ----a-w- C:\WINDOWS\System32\KBDYAK.DLL
    2014-07-24 11:51:22 7168 ----a-w- C:\WINDOWS\System32\KBDTT102.DLL
    2014-07-24 11:51:18 8192 ----a-w- C:\WINDOWS\System32\KBDRUM.DLL
    .
    ============= FINISH: 14:03:16.58 ===============
     
  2. jon427

    jon427 TS Rookie Topic Starter

    Continuation of the first post:


    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8.1
    Boot Device: \Device\HarddiskVolume3
    Install Date: 11/23/2013 3:19:08 PM
    System Uptime: 6/29/2014 6:26:38 PM (20 hours ago)
    .
    Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | SAMSUNG_NP1234567890
    Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz | SOCKET 0 | 2401/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 905 GiB total, 800.913 GiB free.
    D: is FIXED (NTFS) - 7 GiB total, 7.397 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP48: 9/20/2014 12:57:27 PM - Windows Update
    RP49: 10/6/2014 12:45:04 PM - Windows Update
    RP50: 10/17/2014 10:06:05 PM - RCP Fri, Oct 17, 14 22:06
    RP51: 10/29/2014 2:59:23 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 15 Plugin
    Adobe Reader XI (11.0.06)
    AllShare Framework DMS
    AllSharePlayLink
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Classic Shell
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DisplayLink Core Software
    DisplayLink Graphics
    Elevated Installer
    ExpressCache
    Garmin Express
    Garmin Express Tray
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    Intel(R) Rapid Storage Technology
    Intel(R) Update Manager
    Intel(R) WiDi
    Intel® PROSet/Wireless Software
    Intel® PROSet/Wireless WiFi Software
    Intel® Trusted Connect Service Client
    iTunes
    Java 7 Update 25
    Java 7 Update 9 (64-bit)
    Java Auto Updater
    Kaspersky PURE 3.0
    Linkey
    Malwarebytes Anti-Malware version 2.0.3.1025
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 32.0.3 (x86 en-US)
    Mozilla Maintenance Service
    NVIDIA Control Panel 327.68
    NVIDIA Graphics Driver 327.68
    NVIDIA Install Application
    Quick Starter
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    S Agent
    Samsung Link 1.6.0.1307241933
    Search Protect
    Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2883013) 32-Bit Edition
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
    Settings
    Skype™ 6.11
    SW Update
    System Requirements Lab for Intel
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
    Update for Microsoft en-us Dictionary
    Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
    Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
    Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
    Veetle TV
    Windows Essentials Codec Pack 5.0
    WinRAR 5.01 (64-bit)
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/20/2014 1:09:43 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The service has not been started.
    9/20/2014 1:08:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045B: Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2972213).
    9/20/2014 1:07:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045B: Security Update for Windows 8.1 for x64-based Systems (KB2988948).
    9/20/2014 1:07:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045B: Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2894852).
    8/24/2014 8:58:54 PM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4.
    8/22/2014 9:59:53 PM, Error: Service Control Manager [7000] - The Device Setup Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/22/2014 9:53:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wercplsupport service.
    8/22/2014 10:18:18 PM, Error: Service Control Manager [7030] - The DisplayLinkManager service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    8/22/2014 10:04:07 PM, Error: Microsoft-Windows-DistributedCOM [10029] - The activation of the CLSID {E60687F7-01A1-40AA-86AC-DB1CBF673334} timed out waiting for the service wuauserv to stop.
    8/22/2014 10:03:39 PM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/30/2014 2:02:54 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume ??. The exact nature of the corruption is unknown. The file system structures need to be scanned online.
    6/29/2014 9:23:47 PM, Error: Schannel [36887] - A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
    10/4/2014 2:50:51 PM, Error: Service Control Manager [7022] - The Intel(R) Management and Security Application Local Management Service service hung on starting.
    10/4/2014 2:38:45 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    10/4/2014 2:34:10 PM, Error: Service Control Manager [7000] - The Problem Reports and Solutions Control Panel Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/4/2014 2:34:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wercplsupport with arguments "Unavailable" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
    10/29/2014 2:34:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ExpressCache service.
    10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
    10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub System service which failed to start because of the following error: A device attached to the system is not functioning.
    10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI Proxy Service Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
    10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/17/2014 10:28:41 PM, Error: Service Control Manager [7034] - The Computer Backup (MyPC Backup) service terminated unexpectedly. It has done this 1 time(s).
    10/17/2014 10:21:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SWUpdateService service.
    10/17/2014 10:17:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
    10/17/2014 10:17:57 PM, Error: Service Control Manager [7000] - The Garmin Core Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/17/2014 10:16:47 PM, Error: volmgr [46] - Crash dump initialization failed!
    10/16/2014 8:56:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Samsung\Farship SID (S-1-5-21-2098230245-2096821238-529503728-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    10/16/2014 8:55:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
    10/16/2014 8:55:28 PM, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/16/2014 8:53:09 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    10/15/2014 10:05:03 PM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
    10/1/2014 5:08:37 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/1/2014 5:08:33 PM, Error: Service Control Manager [7000] - The Microsoft Account Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/1/2014 5:07:49 PM, Error: Service Control Manager [7046] - The following service has repeatedly stopped responding to service control requests: Shell Hardware Detection Contact the service vendor or the system administrator about whether to disable this service until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.
    10/1/2014 5:07:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
    10/1/2014 5:06:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    10/1/2014 5:06:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
    10/1/2014 5:05:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
    10/1/2014 5:05:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
    10/1/2014 5:04:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
    10/1/2014 5:03:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  4. jon427

    jon427 TS Rookie Topic Starter

    Below is the RKreport:

    RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : Farship [Administrator]
    Mode : Delete -- Date : 10/31/2014 08:53:45

    ¤¤¤ Processes : 1 ¤¤¤
    [Suspicious.Path] (SVC) SWUpdateService -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe /SERVICE[-] -> Stopped

    ¤¤¤ Registry : 23 ¤¤¤
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SBIOSIO (\??\C:\Users\Farship\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SWUpdateService (C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe /SERVICE) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SBIOSIO (\??\C:\Users\Farship\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWUpdateService (C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe /SERVICE) -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2098230245-2096821238-529503728-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2098230245-2096821238-529503728-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0817CE5A-D0D2-4CEA-BBEA-6689C26D1326} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C18A4BF-A235-447E-9184-B72500847B6C} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD822194-2C6A-40B0-BEC1-07E0404E282E} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F2B57EF4-9386-4316-9160-275B45B8A16C} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0817CE5A-D0D2-4CEA-BBEA-6689C26D1326} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5C18A4BF-A235-447E-9184-B72500847B6C} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CD822194-2C6A-40B0-BEC1-07E0404E282E} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F2B57EF4-9386-4316-9160-275B45B8A16C} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)] -> Not selected
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 2 ¤¤¤
    [Suspicious.Path] PennyBee.job -- C:\Users\Farship\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE (/Check) -> Deleted
    [Suspicious.Path] \\PennyBee -- C:\Users\Farship\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE (/Check) -> Deleted

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUP][FIREFX:Addon] 4qfd6w8x.default : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
    --- User ---
    [MBR] 32a43a1e2b6a38415caa8f0ca78c46f6
    [BSP] 5bee8f1af9a6faca844d2bcd2a36cb5f : Empty MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: SanDisk SSD i100 8GB +++++
    --- User ---
    [MBR] 0bbd8768089def2568ff5708850138ea
    [BSP] 8c2a6c50d0e85f935bef5ad87584a6b5 : Compressed BootMgr MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1920221984 | Size: 886821 MB
    1 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1936028192 | Size: 953932 MB
    3 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 27722122 | Size: 0 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: Generic Flash Disk USB Device +++++
    --- User ---
    [MBR] 16f244391169468f0b11d214c6b53f7a
    [BSP] c7935bf757247cd2f0994bdd8fea4bcf : Unknown MBR Code
    Partition table:
    0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 872 | Size: 3865 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )


    ============================================
    RKreport_SCN_10312014_085248.log





    Here is the information for the MALAWARE ANITI_ROOT KIT

    Mbar-log-2014-10-31 (08-59-55)

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.10.31.07

    Windows 8.1 x64 NTFS
    Internet Explorer 11.0.9600.17351
    Farship :: SAMSUNG [administrator]

    10/31/2014 8:59:55 AM
    mbar-log-2014-10-31 (08-59-55).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 327769
    Time elapsed: 10 minute(s), 53 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  5. jon427

    jon427 TS Rookie Topic Starter

    And below is the system-log information:

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.3.9200 Windows 8.1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17351

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.395000 GHz
    Memory total: 8472920064, free: 5568380928

    Downloaded database version: v2014.10.31.07
    Downloaded database version: v2014.10.22.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    10/31/2014 08:59:49
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kd.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\System32\drivers\werkernel.sys
    \SystemRoot\System32\drivers\CLFS.SYS
    \SystemRoot\System32\drivers\tm.sys
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CI.dll
    \SystemRoot\System32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\System32\Drivers\acpiex.sys
    \SystemRoot\System32\Drivers\WppRecorder.sys
    \SystemRoot\System32\drivers\ACPI.sys
    \SystemRoot\System32\drivers\WMILIB.SYS
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\system32\DRIVERS\kl1.sys
    \SystemRoot\System32\drivers\msisadrv.sys
    \SystemRoot\System32\drivers\pci.sys
    \SystemRoot\System32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\pdc.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\excsd.sys
    \SystemRoot\system32\DRIVERS\CSCrySec.sys
    \SystemRoot\System32\drivers\spaceport.sys
    \SystemRoot\System32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\System32\drivers\iaStorA.sys
    \SystemRoot\System32\drivers\storport.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\System32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Wof.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\wfplwfs.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\System32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\system32\DRIVERS\nvpciflt.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\intelpep.sys
    \SystemRoot\system32\drivers\dlkmdldr.sys
    \SystemRoot\System32\drivers\disk.sys
    \SystemRoot\System32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\drivers\cdrom.sys
    \SystemRoot\system32\DRIVERS\klif.sys
    \SystemRoot\system32\DRIVERS\klflt.sys
    \SystemRoot\system32\DRIVERS\excfs.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\BasicRender.sys
    \SystemRoot\system32\drivers\dlkmd.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\System32\drivers\BasicDisplay.sys
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\klwfp.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\klim6.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\drivers\npsvctrig.sys
    \SystemRoot\System32\drivers\mssmbios.sys
    \SystemRoot\system32\DRIVERS\kneps.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\CSVirtualDiskDrv.sys
    \SystemRoot\system32\DRIVERS\ahcache.sys
    \SystemRoot\System32\drivers\XHCIPort.sys
    \SystemRoot\System32\drivers\USBD.SYS
    \SystemRoot\System32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\kdnic.sys
    \SystemRoot\System32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\USBXHCI.SYS
    \SystemRoot\System32\drivers\ucx01000.sys
    \SystemRoot\system32\DRIVERS\TeeDriverx64.sys
    \SystemRoot\System32\drivers\usbehci.sys
    \SystemRoot\System32\drivers\USBPORT.SYS
    \SystemRoot\System32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Netwew00.sys
    \SystemRoot\System32\drivers\vwifibus.sys
    \SystemRoot\system32\DRIVERS\Rt630x64.sys
    \SystemRoot\System32\drivers\i8042prt.sys
    \SystemRoot\system32\DRIVERS\klkbdflt.sys
    \SystemRoot\System32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\klmouflt.sys
    \SystemRoot\System32\drivers\mouclass.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\System32\drivers\wmiacpi.sys
    \SystemRoot\System32\drivers\CmBatt.sys
    \SystemRoot\System32\drivers\BATTC.SYS
    \SystemRoot\System32\drivers\RadioHIDMini.sys
    \SystemRoot\System32\drivers\mshidkmdf.sys
    \SystemRoot\System32\drivers\HIDCLASS.SYS
    \SystemRoot\System32\drivers\HIDPARSE.SYS
    \SystemRoot\System32\drivers\intelppm.sys
    \SystemRoot\System32\drivers\NdisVirtualBus.sys
    \SystemRoot\System32\drivers\swenum.sys
    \SystemRoot\System32\drivers\ks.sys
    \SystemRoot\System32\drivers\iwdbus.sys
    \SystemRoot\System32\drivers\rdpbus.sys
    \SystemRoot\System32\drivers\AMPPAL.sys
    \SystemRoot\System32\drivers\usbhub.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\System32\drivers\usb3Hub.sys
    \SystemRoot\System32\drivers\UsbHub3.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\System32\drivers\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\iBtFltCoex.sys
    \SystemRoot\system32\DRIVERS\btmhsf.sys
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_iaStorA.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\drivers\BthLEEnum.sys
    \SystemRoot\System32\drivers\rfcomm.sys
    \SystemRoot\System32\drivers\BthEnum.sys
    \SystemRoot\System32\drivers\bthpan.sys
    \SystemRoot\System32\drivers\BthAvrcpTg.sys
    \SystemRoot\System32\drivers\btampm.sys
    \SystemRoot\system32\DRIVERS\btmaux.sys
    \SystemRoot\System32\drivers\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\System32\drivers\condrv.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\drivers\Ndu.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\0E826AB4.sys
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffe001d3969060
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000038\
    Lower Device Object: 0xffffe001d0622060
    Lower Device Driver Name: \Driver\iaStorA\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffe001d27cf060
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000037\
    Lower Device Object: 0xffffe001d0636060
    Lower Device Driver Name: \Driver\iaStorA\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffe001d27cf060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffe001d27cfb20, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffe001d27ce060, DeviceName: \Device\excsd0\, DriverName: \Driver\excsd\
    DevicePointer: 0xffffe001d27cf060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xffffe001d0622c40, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffe001d0636060, DeviceName: \Device\00000037\, DriverName: \Driver\iaStorA\
    ------------ End ----------
    Alternate DeviceName: \Device\excsd0\, DriverName: \Driver\excsd\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    This drive is a GPT Drive.
    MBR Signature: 55AA
    Disk Signature: BA8B0834

    GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 573597528
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34 LastUsableLba 1953525134
    GPT Header Guid 4a27ce4e-8fe2-4de0-b33-c033d9f4a3a3
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 573597528
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
    Backup GPT header Guid 4a27ce4e-8fe2-4de0-b33-c033d9f4a3a3
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 322f0ec4-988-4f18-84a3-531149af547
    FirstLBA 34 Last LBA 262177
    Attributes 0
    Partition Name

    Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 4a2f09e1-2a72-4c2b-baec-32d3c139f480
    FirstLBA 264192 Last LBA 1288191
    Attributes 0
    Partition Name

    Partition 2 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 8e00b819-7072-4927-9726-59cb49f1081
    FirstLBA 1288192 Last LBA 1902591
    Attributes 0
    Partition Name

    GPT Partition 2 is bootable
    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID d5393056-5714-499a-bf33-146199e2eec6
    FirstLBA 1902592 Last LBA 1899683839
    Attributes 0
    Partition Name

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 90e47c36-9d18-44e1-a4eb-5eae8a3808b
    FirstLBA 1899683840 Last LBA 1900400639
    Attributes 1
    Partition Name

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 449b1508-b827-42c4-9eb-85b4e4e58d6f
    FirstLBA 1900400640 Last LBA 1951426559
    Attributes 0
    Partition Name

    Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 65a76ba3-542b-4cbc-a5a2-a0876b186f8
    FirstLBA 1951426560 Last LBA 1953523711
    Attributes 0
    Partition Name

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffe001d3969060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffe001d3969b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffe001d3989060, DeviceName: \Device\excsd1\, DriverName: \Driver\excsd\
    DevicePointer: 0xffffe001d3969060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    DevicePointer: 0xffffe001d0636e50, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffe001d0622060, DeviceName: \Device\00000038\, DriverName: \Driver\iaStorA\
    ------------ End ----------
    Alternate DeviceName: \Device\excsd1\, DriverName: \Driver\excsd\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 73736572

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1920221984 Numsec = 1816210284

    Partition 1 type is Other (0x6c)
    Partition is INVALID!!!
    Partition starts at LBA: 1936028192 Numsec = 1953653108

    Partition 2 type is Empty (0x0)
    Partition is INVALID!!!
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 27722122 Numsec = 447

    Disk Size: 8012390400 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished


    Thank you very much for helping me out in this case. I can see that the system is now responding faster previous to starting the cleanup. But I think it can be better. Btw, the malaware did not find anything suspicious.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  7. jon427

    jon427 TS Rookie Topic Starter

    Contents of ADwCleaner posted below (AdwCleaner[S)].txt


    # AdwCleaner v3.311 - Report created 31/10/2014 at 15:12:11
    # Updated 30/09/2014 by Xplode
    # Operating System : Windows 8.1 (64 bits)
    # Username : Farship - SAMSUNG
    # Running from : C:\Users\Farship\Desktop\adwcleaner_3.311.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\ParetoLogic
    Folder Deleted : C:\Program Files (x86)\Settings Manager
    Folder Deleted : C:\WINDOWS\SysWOW64\SearchProtect
    Folder Deleted : C:\Users\Farship\AppData\Local\genienext
    Folder Deleted : C:\Users\Farship\AppData\Local\Mobogenie
    Folder Deleted : C:\Users\Farship\AppData\Roaming\ASP
    Folder Deleted : C:\Users\Farship\AppData\Roaming\DriverCure
    Folder Deleted : C:\Users\Farship\AppData\Roaming\ParetoLogic
    Folder Deleted : C:\Users\Farship\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\Farship\Documents\Optimizer Pro
    Folder Deleted : C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
    File Deleted : C:\WINDOWS\System32\roboot64.exe
    File Deleted : C:\Users\Farship\daemonprocess.txt

    ***** [ Scheduled Tasks ] *****

    Task Deleted : ASP
    Task Deleted : LaunchSignup

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Classes\pokki
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
    Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
    Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
    Key Deleted : HKCU\Software\BRS
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Linkey
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\ParetoLogic
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\InstallCore
    Key Deleted : HKLM\SOFTWARE\Linkey
    Key Deleted : HKLM\SOFTWARE\ParetoLogic
    Key Deleted : HKLM\SOFTWARE\PerformerSoft
    Key Deleted : HKLM\SOFTWARE\systweak
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Deleted : [x64] HKLM\SOFTWARE\Linkey

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17344


    -\\ Mozilla Firefox v32.0.3 (x86 en-US)

    [ File : C:\Users\Farship\AppData\Roaming\Mozilla\Firefox\Profiles\yib21sht.default-1414772734461\prefs.js ]


    -\\ Google Chrome v38.0.2125.111

    [ File : C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [5919 octets] - [31/10/2014 15:04:48]
    AdwCleaner[S0].txt - [5094 octets] - [31/10/2014 15:12:11]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5154 octets] ##########


    Contents of JRT.txt

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.3 (10.21.2014:1)
    OS: Windows 8.1 x64
    Ran by Farship on Fri 10/31/2014 at 15:18:58.22
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6FC98E18-43D1-42B1-84D0-E232D18B6951}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CF857FB6-5013-457A-B7E0-9DE0EC389032}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
    Successfully deleted: [Folder] "C:\Users\Farship\AppData\Roaming\sparktrust"



    ~~~ Chrome

    Successfully deleted: [Folder] C:\Users\Farship\appdata\local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 10/31/2014 at 15:21:02.36
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  8. jon427

    jon427 TS Rookie Topic Starter

    Cont:

    Contents of Farbar (FRST.txt)

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01
    Ran by Farship (administrator) on SAMSUNG on 31-10-2014 15:26:33
    Running from C:\Users\Farship\Desktop
    Loaded Profile: Farship (Available profiles: Farship)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
    (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
    (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkDMS.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    (Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
    (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
    (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
    (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
    () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
    (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
    (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (istgah) C:\istgah_dic\dic_istgah.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [597576 2013-07-24] (Copyright 2013 SAMSUNG)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
    HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe [24256 2013-10-29] (Kaspersky Lab ZAO)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2098230245-2096821238-529503728-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-11-08] (Garmin Ltd or its subsidiaries)
    HKU\S-1-5-21-2098230245-2096821238-529503728-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
    HKU\S-1-5-21-2098230245-2096821238-529503728-1001\...\Run: [Quick Starter] => C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe [2336048 2014-02-24] (Samsung Electronics CO., LTD.)
    HKU\S-1-5-21-2098230245-2096821238-529503728-1001\...\MountPoints2: {29b253b7-bf63-11e3-beb7-c48508cfcc53} - "F:\Setup.exe"
    Startup: C:\Users\Farship\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\istgah Dictionary.lnk
    ShortcutTarget: istgah Dictionary.lnk -> C:\istgah_dic\dic_istgah.exe (istgah)
    ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO)
    ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
    ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)
    ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM - {6FC98E18-43D1-42B1-84D0-E232D18B6951} URL = http://astromenda.com/results.php?f...G0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
    SearchScopes: HKLM-x32 - {6FC98E18-43D1-42B1-84D0-E232D18B6951} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
    SearchScopes: HKCU - 252382C611B34CA5B517F6AE9E8A9FE6 URL = http://search.conduit.com/Results.a...-40CD-880B-88400DD8C910&q={searchTerms}&SSPV=
    BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
    BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
    BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
    BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{0817CE5A-D0D2-4CEA-BBEA-6689C26D1326}: [NameServer] 208.69.150.250,208.69.150.252
    Tcpip\..\Interfaces\{5C18A4BF-A235-447E-9184-B72500847B6C}: [NameServer] 208.69.150.250,208.69.150.252
    Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 208.69.150.250,208.69.150.252
    Tcpip\..\Interfaces\{CD822194-2C6A-40B0-BEC1-07E0404E282E}: [NameServer] 208.69.150.250,208.69.150.252
    Tcpip\..\Interfaces\{F2B57EF4-9386-4316-9160-275B45B8A16C}: [NameServer] 208.69.150.250,208.69.150.252

    FireFox:
    ========
    FF ProfilePath: C:\Users\Farship\AppData\Roaming\Mozilla\Firefox\Profiles\yib21sht.default-1414772734461
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
    FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
    FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2013-10-29]
    FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
    FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2013-10-29]
    FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
    FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2013-10-29]
    FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
    FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2013-10-29]
    FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
    FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2013-10-29]
    FF StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_orinteract_14_42_ie&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0C0F0C0CyE0F0ByEyB0DtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0C0AtAyDyE0CtG0FtC0AyEtGzztDzz0BtG0F0CyEtCtGtDtDtAyE0FyEtCtBtDyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBtC0B0F0Bzy0FtG0BtDzztAtGyEtBtDzytGzz0FyEzytG0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
    CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_orinteract_14_42_ie&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0C0F0C0CyE0F0ByEyB0DtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0C0AtAyDyE0CtG0FtC0AyEtGzztDzz0BtG0F0CyEtCtGtDtDtAyE0FyEtCtBtDyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBtC0B0F0Bzy0FtG0BtDzztAtGyEtBtDzytGzz0FyEzytG0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir="
    CHR DefaultSearchKeyword: Default -> astromenda.com_
    CHR DefaultSearchURL: Default -> http://astromenda.com/results.php?f...G0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    CHR Profile: C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-16]
    CHR Extension: (Google Drive) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-16]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-13]
    CHR Extension: (YouTube) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-16]
    CHR Extension: (Google Search) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-16]
    CHR Extension: (Kaspersky URL Advisor) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-10-31]
    CHR Extension: (Safe Money) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-10-31]
    CHR Extension: (Content Blocker) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-10-31]
    CHR Extension: (Virtual Keyboard) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-10-31]
    CHR Extension: (Google Wallet) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
    CHR Extension: (Gmail) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-16]
    CHR Extension: (Anti-Banner) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-10-31]
    CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-01-09]
    CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-01-09]
    CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-10-29]
    CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-10-29]
    CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2013-10-29]
    CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-01-09]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe [404360 2013-07-23] (Samsung) [File not signed]
    R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-10-29] (Kaspersky Lab ZAO)
    R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-13] (IvoSoft) [File not signed]
    R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
    R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [10571056 2014-07-09] (DisplayLink Corp.)
    R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.) [File not signed]
    R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)
    R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
    R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
    S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
    S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
    S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
    S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
    R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [605768 2013-07-24] (Copyright 2013 SAMSUNG)
    S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
    S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
    R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 bcm; C:\Windows\system32\DRIVERS\drxvi314_64.sys [363136 2010-08-20] (Beceem communications pvt ltd.)
    S3 bcmbusctr; C:\Windows\System32\drivers\BcmBusCtr_64.sys [62464 2010-08-20] (Beceem communications pvt ltd.)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
    R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
    R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98064 2012-12-10] (Infowatch)
    R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67344 2012-12-10] (Infowatch)
    S3 DisplayLinkUsbIo_x64; C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.6.56275.0.sys [46384 2014-07-10] ()
    R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)
    R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-04-11] (Kaspersky Lab ZAO)
    S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-11-13] (Kaspersky Lab)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [627264 2014-06-12] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-04-11] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-29] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-29] (Kaspersky Lab ZAO)
    R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-10-29] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2013-10-29] (Kaspersky Lab ZAO)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
    R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
    R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-30] (Windows (R) Win 7 DDK provider)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-31] ()
    R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
    R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
    S3 SBIOSIO; \??\C:\Users\Farship\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-31 15:26 - 2014-10-31 15:27 - 00029497 _____ () C:\Users\Farship\Desktop\FRST.txt
    2014-10-31 15:26 - 2014-10-31 15:26 - 00000000 ____D () C:\FRST
    2014-10-31 15:26 - 2014-10-31 15:25 - 02113536 _____ (Farbar) C:\Users\Farship\Desktop\FRST64.exe
    2014-10-31 15:21 - 2014-10-31 15:21 - 00001215 _____ () C:\Users\Farship\Desktop\JRT.txt
    2014-10-31 15:18 - 2014-10-31 15:18 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-10-31 15:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
    2014-10-31 15:04 - 2014-10-31 15:12 - 00000000 ____D () C:\AdwCleaner
    2014-10-31 15:04 - 2014-10-31 15:01 - 01706144 _____ (Thisisu) C:\Users\Farship\Desktop\JRT.exe
    2014-10-31 15:04 - 2014-10-31 15:01 - 01375089 _____ () C:\Users\Farship\Desktop\adwcleaner_3.311.exe
    2014-10-31 10:25 - 2014-10-31 10:25 - 00000000 ____D () C:\Users\Farship\Desktop\Old Firefox Data
    2014-10-31 08:59 - 2014-10-31 09:49 - 00000000 ____D () C:\Users\Farship\Desktop\mbar
    2014-10-31 08:59 - 2014-10-31 09:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-10-31 08:55 - 2014-10-31 08:55 - 00006768 _____ () C:\Users\Farship\Desktop\RKreport_DEL_10312014_085345.log
    2014-10-31 08:47 - 2014-10-31 15:17 - 00000000 ____D () C:\Users\Farship\AppData\Local\CrashDumps
    2014-10-31 08:46 - 2014-10-31 08:46 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
    2014-10-31 08:46 - 2014-10-31 08:46 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-10-31 08:46 - 2014-10-31 08:43 - 14670424 _____ () C:\Users\Farship\Desktop\RogueKiller.exe
    2014-10-31 08:46 - 2014-10-31 08:43 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Farship\Desktop\mbar-1.07.0.1012.exe
    2014-10-29 17:45 - 2014-06-30 13:42 - 00001053 _____ () C:\Users\Farship\Desktop\malawarebytes.txt
    2014-10-18 11:04 - 2014-10-09 16:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
    2014-10-18 11:04 - 2014-10-08 16:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2014-10-18 11:04 - 2014-09-18 19:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2014-10-18 11:04 - 2014-09-13 00:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2014-10-18 11:04 - 2014-09-12 23:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2014-10-18 11:04 - 2014-09-03 18:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
    2014-10-18 11:04 - 2014-09-03 17:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
    2014-10-18 11:04 - 2014-09-03 17:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
    2014-10-18 10:50 - 2014-08-28 19:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
    2014-10-18 10:50 - 2014-08-28 17:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2014-10-18 10:50 - 2014-08-28 17:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2014-10-18 10:50 - 2014-08-15 22:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2014-10-18 10:50 - 2014-08-15 22:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
    2014-10-18 10:50 - 2014-08-15 22:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2014-10-18 10:50 - 2014-08-15 21:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2014-10-18 10:50 - 2014-08-15 21:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2014-10-18 10:50 - 2014-08-15 21:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2014-10-18 10:50 - 2014-08-15 21:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2014-10-18 10:50 - 2014-08-15 21:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
    2014-10-18 10:50 - 2014-08-15 21:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2014-10-18 10:50 - 2014-08-15 19:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2014-10-18 10:50 - 2014-08-15 19:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
    2014-10-18 10:50 - 2014-08-15 18:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
    2014-10-18 10:50 - 2014-08-15 18:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
    2014-10-18 10:50 - 2014-08-15 18:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
    2014-10-18 10:50 - 2014-08-15 18:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2014-10-18 10:50 - 2014-08-15 18:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
    2014-10-18 10:50 - 2014-08-15 18:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
    2014-10-18 10:50 - 2014-08-15 18:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
    2014-10-18 10:50 - 2014-08-15 18:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
    2014-10-18 10:50 - 2014-08-15 18:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-10-18 10:50 - 2014-08-15 18:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
    2014-10-18 10:50 - 2014-08-15 18:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
    2014-10-18 10:50 - 2014-08-15 18:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
    2014-10-18 10:50 - 2014-08-15 18:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-10-18 10:50 - 2014-08-15 18:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
    2014-10-18 10:50 - 2014-08-15 18:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
    2014-10-18 10:50 - 2014-08-15 18:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
    2014-10-18 10:50 - 2014-08-15 18:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2014-10-18 10:50 - 2014-08-15 18:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
    2014-10-18 10:50 - 2014-08-15 18:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
    2014-10-18 10:50 - 2014-08-15 18:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
    2014-10-18 10:50 - 2014-08-15 18:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
    2014-10-18 10:50 - 2014-08-15 18:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2014-10-18 10:50 - 2014-08-15 18:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
    2014-10-18 10:50 - 2014-07-31 17:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
    2014-10-18 10:49 - 2014-09-13 00:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
    2014-10-18 10:49 - 2014-09-12 23:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
    2014-10-18 10:48 - 2014-09-27 16:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2014-10-18 10:48 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-10-18 10:47 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-10-18 10:47 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2014-10-18 10:47 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2014-10-18 10:47 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2014-10-18 10:47 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2014-10-18 10:47 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2014-10-18 10:47 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-10-18 10:47 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-10-18 10:47 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2014-10-18 10:47 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
    2014-10-18 10:47 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2014-10-18 10:47 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2014-10-18 10:47 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2014-10-18 10:47 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2014-10-18 10:47 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2014-10-18 10:47 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2014-10-18 10:47 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2014-10-18 10:47 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2014-10-18 10:47 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-10-18 10:47 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2014-10-18 10:47 - 2014-09-18 18:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2014-10-18 10:47 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-10-18 10:47 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2014-10-18 10:47 - 2014-09-18 18:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2014-10-18 10:47 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-10-18 10:47 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2014-10-18 10:47 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2014-10-18 10:47 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2014-10-18 10:47 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2014-10-18 10:45 - 2014-09-03 18:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2014-10-18 10:45 - 2014-09-03 18:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2014-10-18 10:43 - 2014-09-07 21:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2014-10-18 10:43 - 2014-09-07 19:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2014-10-18 10:43 - 2014-09-07 19:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2014-10-18 10:43 - 2014-09-07 18:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2014-10-18 10:43 - 2014-09-07 18:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2014-10-18 10:43 - 2014-09-07 18:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2014-10-18 10:43 - 2014-09-07 18:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
    2014-10-18 10:43 - 2014-09-07 18:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2014-10-18 10:43 - 2014-09-07 18:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2014-10-18 10:43 - 2014-09-07 18:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2014-10-18 10:43 - 2014-09-07 17:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2014-10-18 10:43 - 2014-09-07 17:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2014-10-18 10:43 - 2014-09-07 17:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2014-10-18 10:43 - 2014-09-07 17:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2014-10-17 22:13 - 2014-10-17 22:16 - 00001664 _____ () C:\WINDOWS\system32\ASOROSet.bin
    2014-10-17 22:13 - 2014-10-17 22:14 - 00000000 ____D () C:\WINDOWS\system32\config\RCCBakup
    2014-10-17 22:02 - 2014-10-17 22:02 - 00000000 ____D () C:\Users\Farship\AppData\Roaming\Windows Essentials Codec Pack
    2014-10-17 22:02 - 2014-10-17 22:02 - 00000000 ____D () C:\Users\Farship\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Essentials Codec Pack
    2014-10-17 22:02 - 2014-10-17 22:02 - 00000000 ____D () C:\Program Files (x86)\Windows Essentials Codec Pack
    2014-10-16 16:09 - 2014-10-16 16:09 - 00000000 ____D () C:\Users\Farship\Documents\Fax
    2014-10-16 00:09 - 2014-10-16 00:10 - 00000000 ____D () C:\Users\Farship\Desktop\Technical
    2014-10-15 21:15 - 2014-10-15 21:15 - 00000001 _____ () C:\Users\Farship\AppData\Local\DSI.DAT
    2014-10-14 23:01 - 2014-10-14 23:41 - 00000000 ____D () C:\Users\Farship\Desktop\3 Arbour Meadows
    2014-10-13 12:12 - 2014-10-17 21:12 - 00000128 _____ () C:\Users\Farship\AppData\Roaming\WB.CFG
    2014-10-13 11:12 - 2014-10-17 22:03 - 00000270 _____ () C:\Users\Farship\Desktop\Cut the Rope.url
    2014-10-04 15:38 - 2014-10-04 16:13 - 00003718 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
    2014-10-04 15:38 - 2014-10-04 15:38 - 00003476 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
    2014-10-04 15:38 - 2014-10-04 15:38 - 00000000 ____D () C:\ProgramData\Intel(R) Update Manager
     
  9. jon427

    jon427 TS Rookie Topic Starter

    continuation of FRST.xt

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-31 15:26 - 2013-06-16 11:28 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-10-31 15:21 - 2013-06-16 11:23 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2098230245-2096821238-529503728-1001
    2014-10-31 15:17 - 2013-11-23 16:22 - 00000000 ___DO () C:\Users\Farship\SkyDrive
    2014-10-31 15:17 - 2013-06-19 19:28 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2014-10-31 15:17 - 2013-06-16 11:45 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-10-31 15:14 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-10-31 15:13 - 2013-09-29 21:55 - 00360924 _____ () C:\WINDOWS\PFRO.log
    2014-10-31 15:13 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2014-10-31 15:12 - 2013-11-23 03:23 - 01361436 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-10-31 15:12 - 2013-11-23 03:10 - 00000000 ____D () C:\Users\Farship
    2014-10-31 15:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2014-10-31 15:00 - 2013-06-16 11:45 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-10-31 14:57 - 2013-11-23 23:36 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{12767704-A92A-431D-B190-5B5ED77AF184}
    2014-10-31 08:59 - 2014-06-30 13:29 - 00128728 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\0E826AB4.sys
    2014-10-31 08:59 - 2014-06-30 13:29 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-10-30 15:59 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache
    2014-10-30 13:51 - 2014-06-30 13:51 - 00688992 ____R (Swearware) C:\Users\Farship\Desktop\dds.com
    2014-10-30 13:22 - 2014-08-23 23:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware old
    2014-10-30 11:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2014-10-29 18:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
    2014-10-29 18:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\FileManager
    2014-10-29 18:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Camera
    2014-10-29 16:13 - 2013-06-16 11:46 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-10-29 15:18 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2014-10-29 15:17 - 2013-07-24 17:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-10-29 15:13 - 2013-06-20 16:16 - 00000000 ____D () C:\Users\Farship\AppData\Local\Samsung
    2014-10-29 15:03 - 2013-06-16 12:19 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-10-29 15:02 - 2014-07-11 22:23 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
    2014-10-29 14:49 - 2013-06-16 11:16 - 00000000 ____D () C:\Users\Farship\AppData\Local\VirtualStore
    2014-10-29 14:21 - 2013-08-22 08:44 - 00481176 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-10-23 22:55 - 2013-06-16 11:45 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-10-23 22:55 - 2013-06-16 11:45 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-10-19 20:16 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ToastData
    2014-10-19 20:16 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\WinStore
    2014-10-18 11:01 - 2013-08-20 19:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-10-17 22:31 - 2013-06-16 11:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-10-17 22:16 - 2013-08-22 07:25 - 82313216 _____ () C:\WINDOWS\system32\config\SOFTWARE.bak
    2014-10-17 22:16 - 2013-08-22 07:25 - 13631488 _____ () C:\WINDOWS\system32\config\SYSTEM.bak
    2014-10-17 22:16 - 2013-08-22 07:25 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
    2014-10-17 22:14 - 2013-08-22 07:25 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.bak
    2014-10-17 22:03 - 2013-06-16 11:42 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-10-16 20:54 - 2013-06-16 11:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-10-13 11:15 - 2013-07-07 15:20 - 00000000 ____D () C:\Users\Farship\AppData\Local\Adobe
    2014-10-04 16:13 - 2012-09-10 17:42 - 00000000 ____D () C:\ProgramData\Intel
    2014-10-04 15:38 - 2014-02-26 00:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2014-10-04 15:38 - 2013-11-23 03:06 - 00000000 ____D () C:\Program Files (x86)\Intel
    2014-10-04 14:36 - 2013-09-29 21:51 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-10-04 14:36 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
    2014-10-04 14:36 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-10-04 14:36 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-10-04 14:36 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
    2014-10-04 14:36 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
    2014-10-04 14:36 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\setup
    2014-10-04 14:36 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
    2014-10-01 11:11 - 2014-06-30 13:29 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2014-10-01 11:11 - 2014-06-30 13:29 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

    Files to move or delete:
    ====================
    C:\ProgramData\MakeMarkerFile.exe


    Some content of TEMP:
    ====================
    C:\Users\Farship\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Farship\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-10-31 09:11

    ==================== End Of Log ============================


    Contents of Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014 01
    Ran by Farship at 2014-10-31 15:27:15
    Running from C:\Users\Farship\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky PURE 3.0 (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Kaspersky PURE 3.0 (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky PURE 3.0 (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    AllShare Framework DMS (HKLM\...\{8168F918-4749-4482-A23A-D5E709CF7856}) (Version: 1.3.15 - Samsung)
    AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Classic Shell (HKLM\...\{7F34ADBE-77C0-47A0-BBC6-B3DA16CE8E68}) (Version: 3.6.7 - IvoSoft)
    DisplayLink Core Software (HKLM\...\{89E40591-0404-4769-88E7-F649C95AE151}) (Version: 7.6.56275.0 - DisplayLink Corp.)
    DisplayLink Graphics (HKLM\...\{C790E802-DB1C-402A-92FB-858AB2925BF6}) (Version: 7.4.51587.0 - DisplayLink Corp.)
    Elevated Installer (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
    ExpressCache (HKLM\...\{3EA6AB5D-D434-4ACA-9609-48F1319518EF}) (Version: 1.0.94 - Condusiv Technologies)
    Garmin Express (HKLM-x32\...\{6f60b921-2ae3-43fe-a6fb-ad849bd91451}) (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
    Intel(R) WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{e6d17d96-ddaa-476f-bb07-db601024ffb1}) (Version: 15.8.0 - Intel Corporation)
    iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
    Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
    Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
    Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
    Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    NVIDIA Graphics Driver 327.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.68 - NVIDIA Corporation)
    Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.2 - Samsung Electronics CO., LTD.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7055 - Realtek Semiconductor Corp.)
    S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden
    Samsung Link 1.6.0.1307241933 (HKLM\...\8474-7877-9059-0204) (Version: 1.6.0.1307241933 - Copyright 2013 SAMSUNG)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)
    System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
    Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
    Windows Essentials Codec Pack 5.0 (HKLM-x32\...\Windows Essentials Codec Pack) (Version: 5.0 - Windows Essentials Codec Pack)
    WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
    Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
    Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
    Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    06-10-2014 18:45:04 Windows Update
    18-10-2014 04:06:05 RCP Fri, Oct 17, 14 22:06
    29-10-2014 20:59:23 Windows Update
    31-10-2014 14:57:28 RestorePointOct312014

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-25 23:26 - 2013-06-16 12:16 - 00449637 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {00E7B3F6-E174-4EAD-ACEE-C7FCE5D7BC3C} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
    Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
    Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {1A6C3D3E-BC87-4E50-9994-FF5A3D1ACECB} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)
    Task: {1F9179C9-6627-452B-A7B7-E2F7157D8D88} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-19] (Adobe Systems Incorporated)
    Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {22F36E81-AE17-49DC-A912-1ADE6630ED12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-16] (Google Inc.)
    Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)
    Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
    Task: {494A048E-B0AA-47F4-A0CA-C62348353892} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
    Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
    Task: {55738F04-3B59-4F03-B4F9-2971678C3683} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
    Task: {57A59BAF-6EEA-4B14-BF4C-7019ACD7C715} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
    Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
    Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
    Task: {724E177E-1DE8-4E73-94ED-EE0B35769134} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
    Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {748F8C67-ABD9-40FE-818D-3E6CDC71871F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-29] (Microsoft Corporation)
    Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {8460738F-07A9-49E9-8221-0E9FC67A5ED3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
    Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
    Task: {8D0AA648-CF0F-4B92-A1DC-E91FE640C3BE} - System32\Tasks\{DB8B6DD1-F6CC-40F1-9AA8-0ED5AF6D634B} => Chrome.exe http://ui.skype.com/ui/0/6.11.0.102/en/abandoninstall?page=tsMain
    Task: {975D1FD2-1FFF-41F3-AA84-B07F42D2F9BF} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
    Task: {9BC32FD6-148F-49E6-B38F-E6942F3CBCE4} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
    Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
    Task: {A830AB29-2A44-43AF-A470-14F512EBDD68} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-09-30] (Realtek Semiconductor)
    Task: {AB1C154B-41A5-45E8-BE4E-19EE5F94FD31} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
    Task: {CE7E85F2-65F0-4C56-821C-BCC65E1F72B7} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
    Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
    Task: {D190FE85-A0A2-4825-9A1D-F37EEC587E27} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.)
    Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
    Task: {E5D00DA6-2103-471B-953D-778A900E5A70} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
    Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
    Task: {FB6DB2A2-5C57-4F9B-89AE-40AA9471CC17} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-16] (Google Inc.)
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-03-10 20:02 - 2013-11-11 04:27 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
    2013-08-31 13:51 - 2013-07-24 19:33 - 00012800 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
    2013-11-23 03:19 - 2013-11-23 03:19 - 00515584 _____ () C:\Windows\Temp\sqlite-3.7.2-sqlitejdbc.dll
    2013-08-31 13:51 - 2013-07-24 19:33 - 01320448 _____ () C:\Program Files\Samsung\Samsung Link\SecProxyJNI.dll
    2013-08-31 13:51 - 2013-07-24 19:33 - 01367040 _____ () C:\Program Files\Samsung\Samsung Link\SecStubJNI.dll
    2013-08-31 13:51 - 2013-07-24 19:33 - 01588736 _____ () C:\Program Files\Samsung\Samsung Link\SppAgentSvc.dll
    2013-07-23 15:21 - 2013-07-23 15:21 - 00036864 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\64bit\JNIInterface.dll
    2013-07-23 15:21 - 2013-07-23 15:21 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\64bit\ASFAPI.dll
    2013-07-23 15:23 - 2013-07-23 15:23 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\64bit\MediaDB_Manager.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00030720 _____ () C:\WINDOWS\SYSTEM32\MediaDB64.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00905216 _____ () C:\WINDOWS\SYSTEM32\ContentDirectoryPresenter64.dll
    2013-07-23 15:22 - 2013-07-23 15:22 - 00521728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\64bit\DMS_Manager.dll
    2013-07-22 19:02 - 2013-07-22 19:02 - 00049152 _____ () C:\WINDOWS\SYSTEM32\boost_date_time-vc90-mt-1_47.dll
    2013-07-22 19:02 - 2013-07-22 19:02 - 00016896 _____ () C:\WINDOWS\SYSTEM32\boost_system-vc90-mt-1_47.dll
    2013-07-22 19:02 - 2013-07-22 19:02 - 00058880 _____ () C:\WINDOWS\SYSTEM32\boost_thread-vc90-mt-1_47.dll
    2013-07-22 19:02 - 2013-07-22 19:02 - 00299520 _____ () C:\WINDOWS\SYSTEM32\boost_serialization-vc90-mt-1_47.dll
    2012-11-30 16:26 - 2012-11-30 16:26 - 00082312 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
    2013-08-31 13:51 - 2013-07-24 19:33 - 00042496 _____ () C:\Program Files\Samsung\Samsung Link\JniIO.dll
    2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2013-04-21 22:44 - 2013-04-21 22:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-04-21 22:44 - 2013-04-21 22:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-07-23 13:26 - 2013-07-23 13:26 - 01112064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\DMSManager.dll
    2013-06-26 14:16 - 2013-06-26 14:16 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\boost_serialization-vc90-mt-1_47.dll
    2013-06-26 14:16 - 2013-06-26 14:16 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\boost_date_time-vc90-mt-1_47.dll
    2013-06-26 14:16 - 2013-06-26 14:16 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\boost_system-vc90-mt-1_47.dll
    2013-06-26 14:16 - 2013-06-26 14:16 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\boost_thread-vc90-mt-1_47.dll
    2013-07-22 17:16 - 2013-07-22 17:16 - 00704000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\ContentDirectoryPresenter.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\DCMCDP.dll
    2013-07-22 17:16 - 2013-07-22 17:16 - 00101376 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\FolderCDP.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\Autobackup.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\RosettaAllShare.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\MetadataFramework.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\sqlite3.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\MoodExtractor.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\DCMImgExtractor.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AutoChaptering.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AudioExtractor.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\VideoExtractor.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\ImageExtractor.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\TextExtractor.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\libexpat.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\VideoThumb.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\ID3Driver.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\RichInfoDriver.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\ThumbnailMaker.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00133632 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\VideoMetadataDriver.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\SECMetaDriver.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\photoDriver.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\avcodec-52.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\avformat-52.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\avutil-50.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\swscale-0.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\tag.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\libThumbnail.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 01033216 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\ImageMagickWrapper.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\libKeyFrame.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\libexif-12.dll.dll
    2013-06-27 13:37 - 2013-06-27 13:37 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\us.dll
    2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
    2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
    2012-11-30 16:26 - 2012-11-30 16:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
    2012-11-30 16:26 - 2012-11-30 16:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
    2012-11-30 16:26 - 2012-11-30 16:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
    2012-11-30 16:26 - 2012-11-30 16:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
    2012-11-30 16:26 - 2012-11-30 16:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
    2012-11-30 16:26 - 2012-11-30 16:26 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
    2012-11-30 16:26 - 2012-11-30 16:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
    2012-11-30 16:26 - 2012-11-30 16:26 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
    2012-11-30 16:26 - 2012-11-30 16:26 - 00103032 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
    2014-03-10 20:52 - 2013-09-16 12:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Farship\SkyDrive:ms-properties
    AlternateDataStreams: C:\Users\Farship\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pirates: Tides of Fortune.lnk

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
    HKCU\...\StartupApproved\Run: => "GarminExpressTrayApp"
    HKCU\...\StartupApproved\Run: => "Skype"

    ========================= Accounts: ==========================

    admin (S-1-5-21-2098230245-2096821238-529503728-1004 - Limited - Enabled)
    Administrator (S-1-5-21-2098230245-2096821238-529503728-500 - Administrator - Disabled)
    Farship (S-1-5-21-2098230245-2096821238-529503728-1001 - Administrator - Enabled) => C:\Users\Farship
    Guest (S-1-5-21-2098230245-2096821238-529503728-501 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-05-09 22:39:37.160
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

    Date: 2014-05-09 22:39:37.082
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

    Date: 2014-05-03 23:26:29.103
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

    Date: 2014-05-03 23:26:29.009
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

    Date: 2014-05-03 15:06:04.187
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

    Date: 2014-05-03 15:06:04.109
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

    Date: 2014-05-02 23:24:51.866
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

    Date: 2014-05-02 23:24:51.710
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
    Percentage of memory in use: 23%
    Total physical RAM: 8080.41 MB
    Available physical RAM: 6185.76 MB
    Total Pagefile: 9360.41 MB
    Available Pagefile: 6998.38 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.78 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:904.93 GB) (Free:801.99 GB) NTFS
    Drive d: () (Fixed) (Total:7.46 GB) (Free:7.4 GB) NTFS
    Drive f: () (Removable) (Total:3.77 GB) (Free:3.71 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: BA8B0834)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 1 (Size: 7.5 GB) (Disk ID: 73736572)
    Partition 1: (Not Active) - (Size=866 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931.6 GB) - (Type=6C)
    Partition 00: (Not Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit.
    Partition 3: (Not Active) - (Size=224 KB) - (Type=00)

    ========================================================
    Disk: 2 (Size: 3.8 GB) (Disk ID: CE2C86F2)
    Partition 1: (Not Active) - (Size=3.8 GB) - (Type=0B)

    ==================== End Of Log ============================
     
  10. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  11. jon427

    jon427 TS Rookie Topic Starter

    Contents of fixlist.txt

    HKU\S-1-5-21-2098230245-2096821238-529503728-1001\...\MountPoints2: {29b253b7-bf63-11e3-beb7-c48508cfcc53} - "F:\Setup.exe"
    SearchScopes: HKLM - {6FC98E18-43D1-42B1-84D0-E232D18B6951} URL = http://astromenda.com/results.php?f...G0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
    SearchScopes: HKCU - 252382C611B34CA5B517F6AE9E8A9FE6 URL = http://search.conduit.com/Results.a...-40CD-880B-88400DD8C910&q={searchTerms}&SSPV=
    Tcpip\..\Interfaces\{0817CE5A-D0D2-4CEA-BBEA-6689C26D1326}: [NameServer] 208.69.150.250,208.69.150.252
    Tcpip\..\Interfaces\{5C18A4BF-A235-447E-9184-B72500847B6C}: [NameServer] 208.69.150.250,208.69.150.252
    Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 208.69.150.250,208.69.150.252
    Tcpip\..\Interfaces\{CD822194-2C6A-40B0-BEC1-07E0404E282E}: [NameServer] 208.69.150.250,208.69.150.252
    Tcpip\..\Interfaces\{F2B57EF4-9386-4316-9160-275B45B8A16C}: [NameServer] 208.69.150.250,208.69.150.252
    CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_orinteract_14_42_ie&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0C0F0C0CyE0F0ByEyB0DtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0C0AtAyDyE0CtG0FtC0AyEtGzztDzz0BtG0F0CyEtCtGtDtDtAyE0FyEtCtBtDyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBtC0B0F0Bzy0FtG0BtDzztAtGyEtBtDzytGzz0FyEzytG0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
    CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_orinteract_14_42_ie&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0C0F0C0CyE0F0ByEyB0DtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0C0AtAyDyE0CtG0FtC0AyEtGzztDzz0BtG0F0CyEtCtGtDtDtAyE0FyEtCtBtDyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBtC0B0F0Bzy0FtG0BtDzztAtGyEtBtDzytGzz0FyEzytG0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir="
    CHR DefaultSearchKeyword: Default -> astromenda.com_
    CHR DefaultSearchURL: Default -> http://astromenda.com/results.php?f...G0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
    S3 SBIOSIO; \??\C:\Users\Farship\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
    C:\ProgramData\MakeMarkerFile.exe
    C:\Users\Farship\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Farship\AppData\Local\Temp\Quarantine.exe
    AlternateDataStreams: C:\Users\Farship\SkyDrive:ms-properties
    AlternateDataStreams: C:\Users\Farship\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pirates: Tides of Fortune.lnk
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    You just posted content of my fixlist file.
    Please re-read my instructions carefully and redo.
     
  13. jon427

    jon427 TS Rookie Topic Starter

    Sorry about that, my error...

    below are the contents of fixlog.txt


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014 01
    Ran by Farship at 2014-10-31 17:14:36 Run:1
    Running from C:\Users\Farship\Desktop
    Loaded Profile: Farship (Available profiles: Farship)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKU\S-1-5-21-2098230245-2096821238-529503728-1001\...\MountPoints2: {29b253b7-bf63-11e3-beb7-c48508cfcc53} - "F:\Setup.exe"
    SearchScopes: HKLM - {6FC98E18-43D1-42B1-84D0-E232D18B6951} URL = http://astromenda.com/results.php?f...G0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
    SearchScopes: HKCU - 252382C611B34CA5B517F6AE9E8A9FE6 URL = http://search.conduit.com/Results.a...-40CD-880B-88400DD8C910&q={searchTerms}&SSPV=
    Tcpip\..\Interfaces\{0817CE5A-D0D2-4CEA-BBEA-6689C26D1326}: [NameServer] 208.69.150.250,208.69.150.252
    Tcpip\..\Interfaces\{5C18A4BF-A235-447E-9184-B72500847B6C}: [NameServer] 208.69.150.250,208.69.150.252
    Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 208.69.150.250,208.69.150.252
    Tcpip\..\Interfaces\{CD822194-2C6A-40B0-BEC1-07E0404E282E}: [NameServer] 208.69.150.250,208.69.150.252
    Tcpip\..\Interfaces\{F2B57EF4-9386-4316-9160-275B45B8A16C}: [NameServer] 208.69.150.250,208.69.150.252
    CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_orinteract_14_42_ie&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0C0F0C0CyE0F0ByEyB0DtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0C0AtAyDyE0CtG0FtC0AyEtGzztDzz0BtG0F0CyEtCtGtDtDtAyE0FyEtCtBtDyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBtC0B0F0Bzy0FtG0BtDzztAtGyEtBtDzytGzz0FyEzytG0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
    CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_orinteract_14_42_ie&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0C0F0C0CyE0F0ByEyB0DtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0C0AtAyDyE0CtG0FtC0AyEtGzztDzz0BtG0F0CyEtCtGtDtDtAyE0FyEtCtBtDyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBtC0B0F0Bzy0FtG0BtDzztAtGyEtBtDzytGzz0FyEzytG0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir="
    CHR DefaultSearchKeyword: Default -> astromenda.com_
    CHR DefaultSearchURL: Default -> http://astromenda.com/results.php?f...G0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
    S3 SBIOSIO; \??\C:\Users\Farship\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
    C:\ProgramData\MakeMarkerFile.exe
    C:\Users\Farship\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Farship\AppData\Local\Temp\Quarantine.exe
    AlternateDataStreams: C:\Users\Farship\SkyDrive:ms-properties
    AlternateDataStreams: C:\Users\Farship\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pirates: Tides of Fortune.lnk

    *****************

    "HKU\S-1-5-21-2098230245-2096821238-529503728-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29b253b7-bf63-11e3-beb7-c48508cfcc53}" => Key deleted successfully.
    "HKCR\CLSID\{29b253b7-bf63-11e3-beb7-c48508cfcc53}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6FC98E18-43D1-42B1-84D0-E232D18B6951}" => Key deleted successfully.
    "HKCR\CLSID\{6FC98E18-43D1-42B1-84D0-E232D18B6951}" => Key not found.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\252382C611B34CA5B517F6AE9E8A9FE6" => Key deleted successfully.
    "HKCR\CLSID\252382C611B34CA5B517F6AE9E8A9FE6" => Key not found.
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0817CE5A-D0D2-4CEA-BBEA-6689C26D1326}\\NameServer => value deleted successfully.
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C18A4BF-A235-447E-9184-B72500847B6C}\\NameServer => value deleted successfully.
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}\\NameServer => value deleted successfully.
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD822194-2C6A-40B0-BEC1-07E0404E282E}\\NameServer => value deleted successfully.
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F2B57EF4-9386-4316-9160-275B45B8A16C}\\NameServer => value deleted successfully.
    Chrome HomePage deleted successfully.
    Chrome StartupUrls deleted successfully.
    Chrome DefaultSearchKeyword deleted successfully.
    Chrome DefaultSearchURL deleted successfully.
    C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll not found.
    C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll not found.
    C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll not found.
    SBIOSIO => Service deleted successfully.
    C:\ProgramData\MakeMarkerFile.exe => Moved successfully.
    C:\Users\Farship\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
    C:\Users\Farship\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Farship\SkyDrive => ":ms-properties" ADS removed successfully.
    C:\Users\Farship\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pirates => ": Tides of Fortune.lnk" ADS removed successfully.

    ==== End of Fixlog ====
     
  14. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    How is computer doing?

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Internet Explorer users - Click on this link to open ESET OnlineScan.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the [img=[url]http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Check "Enable detection of potentially unwanted applications".
    • Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
      Do NOT checkmark "Use custom proxy settings"
    • Click the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
     
  15. jon427

    jon427 TS Rookie Topic Starter

    Broni,

    The laptop is running better, thanks for your help so far. Its really been great!

    Below are the contents of the checkup.txt file:

    Results of screen317's Security Check version 0.99.89
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Kaspersky PURE 3.0
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    Java 7 Update 25
    Java version out of Date!
    Adobe Flash Player 15.0.0.152
    Adobe Reader XI
    Mozilla Firefox 32.0.3 Firefox out of Date!
    Google Chrome 38.0.2125.104
    Google Chrome 38.0.2125.111
    ````````Process Check: objlist.exe by Laurent````````
    Kaspersky Lab Kaspersky PURE 3.0 avp.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    Below are the contents of the FSS.txt file:

    Farbar Service Scanner Version: 21-07-2014
    Ran by Farship (administrator) on 03-11-2014 at 15:51:49
    Running from "C:\Users\Farship\Desktop"
    Microsoft Windows 8.1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****


    Below are the contents of the ESETScan.txt file:

    C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\KMPlayer_3-8-0-122.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF10.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF11.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF12.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF13.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF14.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF15.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF16.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF17.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF18.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF19.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF2.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF20.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF21.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF22.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF23.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF24.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF25.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF26.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF27.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF28.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF29.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF4.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF5.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF6.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF7.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF8.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
    C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF9.dll Win32/Toolbar.SearchSuite potentially unwanted application deleted - quarantined
    C:\Users\Farship\Downloads\SkypeSetup(1).exe Win32/InstallCore.DP potentially unwanted application deleted - quarantined
    C:\Users\Farship\Downloads\SkypeSetup.exe Win32/InstallCore.DP potentially unwanted application deleted - quarantined
     
  16. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    [​IMG] Update Firefox to the current 33.0.2 version.

    [​IMG] Update Adobe Flash Player: http://get.adobe.com/flashplayer/
    Make sure you UN-check Yes, install McAfee Security Scan Plus

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    [​IMG] Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    =========================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  17. jon427

    jon427 TS Rookie Topic Starter

    Thanks Bronin. Before I run the final instructions you listed above, should I delete/fix the issues that the ESET Scan found. As per your instruction, it was not mentioned to fix/delete the items found by the ESET. There were about 31 items that the scanner found.

    Cheers!
     
  18. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    All items were "deleted - quarantined".
    You can empty quarantine folder if you wish.
     
  19. jon427

    jon427 TS Rookie Topic Starter

    I cannot thank you enough for all the help you provided. I have updated the Java, firefox, etc... to their latest editions and the laptop is really running smoothly since last night. The boot up is fast and opening the files or internet is fast too. I am already thinking of wiping the system before, good thing that I stumbled upon this site and able to get help from experts like you.

    Cheers and again thank you for all your help.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...