Sometimes I am being redirected to particular pages, and since I am not a technical computer girl I would like some advices from smarter people on what should/could be done. I would appreciate all the help. Thanks!
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Samsung (administrator) on SAMSUNG-PC on 30-03-2015 14:00:45
Running from C:\Users\Samsung\Desktop
Loaded Profiles: Samsung (Available profiles: Samsung)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Lietuvių (Lietuva)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(„Google Inc.“) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(„Atheros Communications“) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Spotify Ltd) C:\Users\Samsung\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Samsung\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Samsung\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Samsung\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Samsung\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\slui.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-06-06] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1021056 2012-03-09] („Atheros Communications“)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800896 2012-03-09] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916112 2012-06-06] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [YouCam Service] => "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\Run: [Facebook Update] => C:\Users\Samsung\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-06] („Google Inc.“)
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\Run: [uTorrent] => C:\Users\Samsung\AppData\Roaming\uTorrent\uTorrent.exe [1377872 2015-01-23] (BitTorrent Inc.)
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\Run: [Spotify Web Helper] => C:\Users\Samsung\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-25] (Spotify Ltd)
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-21] (Piriform Ltd)
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\Run: [Spotify] => C:\Users\Samsung\AppData\Roaming\Spotify\Spotify.exe [6701624 2015-03-25] (Spotify Ltd)
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\MountPoints2: {0a4c49bb-8010-11e2-94d0-806e6f6e6963} - E:\SecSWMgrGuide.exe
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\MountPoints2: {d61335a9-84f1-11e2-8cd7-50b7c34c9aa7} - F:\NokiaPCIA_Autorun.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Samsung\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.coolsearches.info/...&hid=1981506380966936178&lg=EN&cc=LT&unqvl=85
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?...0A9E384_J1120021CXMAUACXMAUAX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?...0A9E384_J1120021CXMAUACXMAUAX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?...0A9E384_J1120021CXMAUACXMAUAX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?...0A9E384_J1120021CXMAUACXMAUAX&q={searchTerms}
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.coolsearches.info/...&hid=1981506380966936178&lg=EN&cc=LT&unqvl=85
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coolsearches.info/...&hid=1981506380966936178&lg=EN&cc=LT&unqvl=85
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coolsearches.info/...&hid=1981506380966936178&lg=EN&cc=LT&unqvl=85
SearchScopes: HKU\S-1-5-21-8880672-3241115651-1778361105-1000 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coolsearches.info/...&hid=1981506380966936178&lg=EN&cc=LT&unqvl=85
SearchScopes: HKU\S-1-5-21-8880672-3241115651-1778361105-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://yandex.ru/yandsearch?win=75&clid=1969032&text={searchTerms}
SearchScopes: HKU\S-1-5-21-8880672-3241115651-1778361105-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-8880672-3241115651-1778361105-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ie...H001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-8880672-3241115651-1778361105-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coolsearches.info/...&hid=1981506380966936178&lg=EN&cc=LT&unqvl=85
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Toolbar: HKU\S-1-5-21-8880672-3241115651-1778361105-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 217.9.240.102 213.226.131.131 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type...HitachiXHTS547550A9E384_J1120021CXMAUACXMAUAX
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-04-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-04-18] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-12] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-8880672-3241115651-1778361105-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Samsung\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1422806075&from=obw&uid=HitachiXHTS547550A9E384_J1120021CXMAUACXMAUAX"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (IntelĀ® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (IntelĀ® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Profile: C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-28]
CHR Extension: (Google Drive) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-28]
CHR Extension: (YouTube) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-28]
CHR Extension: (Google Search) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-28]
CHR Extension: (SaveRExtensiounn) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdkndflaceljipfmjfonemljgadhjkmi [2015-02-16]
CHR Extension: (Google Wallet) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Gmail) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-28]
CHR Extension: (AVG PrivacyFix) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni [2014-05-10]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 2e2c67c9; c:\Program Files (x86)\SegmentSystem\SegmentSystem.dll [1575424 2015-02-25] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [107648 2012-03-09] (Atheros Commnucations) [File not signed]
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-02-28] („Google Inc.“)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-02-28] („Google Inc.“)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-06-06] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [164184 2012-06-06] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2879176 2012-12-27] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-02-01] (SysTool PasSame LIMITED) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] („Microsoft Corporation“)
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] („Microsoft Corporation“)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-03-09] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R1 {4889ddce-7a83-45e6-afc9-1e4f1149fff4}Gw64; C:\Windows\System32\drivers\{4889ddce-7a83-45e6-afc9-1e4f1149fff4}Gw64.sys [48832 2015-01-31] (StdLib)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-30 14:00 - 2015-03-30 14:03 - 00025853 _____ () C:\Users\Samsung\Desktop\FRST.txt
2015-03-30 14:00 - 2015-03-30 14:00 - 00000000 ____D () C:\FRST
2015-03-30 13:59 - 2015-03-30 13:59 - 02095616 _____ (Farbar) C:\Users\Samsung\Desktop\FRST64.exe
2015-03-30 12:46 - 2015-03-30 12:46 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-30 12:46 - 2015-03-30 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-30 12:44 - 2015-03-30 12:46 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-30 12:44 - 2015-03-30 12:46 - 00000000 ____D () C:\Program Files\iTunes
2015-03-30 12:44 - 2015-03-30 12:44 - 00000000 ____D () C:\Program Files\iPod
2015-03-30 12:44 - 2015-03-30 12:44 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-28 22:54 - 2015-03-28 22:54 - 00000049 _____ () C:\Windows\SysWOW64\ScrRecX.log
2015-03-28 22:54 - 2015-03-28 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2015-03-28 22:54 - 2008-08-18 19:18 - 00077824 _____ (Fox Magic Software) C:\Windows\SysWOW64\fmcodec.DLL
2015-03-28 22:49 - 2015-03-29 12:50 - 00000020 _____ () C:\Users\Samsung\AppData\Roaming\appdataFr3.bin
2015-03-28 22:47 - 2015-03-28 22:47 - 00000000 ___RD () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-03-28 22:47 - 2015-03-28 22:47 - 00000000 ____D () C:\Users\Samsung\Documents\Bluetooth Folder
2015-03-28 21:33 - 2015-03-28 21:37 - 16490312 _____ (DsNET Corp ) C:\Users\Samsung\Downloads\aTube_Catcher_SOMOTO_8004.exe
2015-03-28 17:19 - 2015-03-28 17:19 - 00110312 _____ () C:\Users\Samsung\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-28 17:14 - 2015-03-28 17:14 - 00011770 _____ () C:\Users\Samsung\Downloads\31AD2CAA316AA80ED154F6541EC5CCD48A84BB2C.torrent
2015-03-28 17:14 - 2015-03-28 17:14 - 00011428 _____ () C:\Users\Samsung\Downloads\The.Imitation.Game.2014.BRRip.x264.AC3.LT.EN.mkv.torrent
2015-03-27 00:45 - 2015-03-27 00:46 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Samsung\Downloads\procexp.exe
2015-03-26 16:24 - 2015-03-26 16:24 - 05034736 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-25 20:56 - 2015-03-25 20:56 - 00000000 _____ () C:\Users\Samsung\agent.log
2015-03-25 09:57 - 2015-03-25 11:50 - 00007070 _____ () C:\Windows\DPINST.LOG
2015-03-21 13:13 - 2015-03-21 13:13 - 00001945 _____ () C:\Users\Public\Desktop\EZDownloader.lnk
2015-03-21 13:13 - 2015-03-21 13:13 - 00000000 ____D () C:\Windows\SysWOW64\X86
2015-03-21 13:13 - 2015-03-21 13:13 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2015-03-21 13:13 - 2015-03-21 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
2015-03-21 13:11 - 2015-03-26 10:13 - 00000000 ____D () C:\Program Files (x86)\SalePluus
2015-03-21 13:09 - 2015-03-21 13:09 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\EZDownloader
2015-03-21 13:08 - 2015-03-21 13:13 - 00000000 ____D () C:\Program Files (x86)\EZDownloader
2015-03-21 13:05 - 2015-03-21 13:05 - 00000000 ____D () C:\Program Files (x86)\SoalePLus
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Samsung (administrator) on SAMSUNG-PC on 30-03-2015 14:00:45
Running from C:\Users\Samsung\Desktop
Loaded Profiles: Samsung (Available profiles: Samsung)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Lietuvių (Lietuva)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(„Google Inc.“) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(„Atheros Communications“) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Spotify Ltd) C:\Users\Samsung\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Samsung\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Samsung\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Samsung\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Samsung\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\slui.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-06-06] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1021056 2012-03-09] („Atheros Communications“)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800896 2012-03-09] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916112 2012-06-06] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [YouCam Service] => "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\Run: [Facebook Update] => C:\Users\Samsung\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-06] („Google Inc.“)
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\Run: [uTorrent] => C:\Users\Samsung\AppData\Roaming\uTorrent\uTorrent.exe [1377872 2015-01-23] (BitTorrent Inc.)
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\Run: [Spotify Web Helper] => C:\Users\Samsung\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-25] (Spotify Ltd)
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-21] (Piriform Ltd)
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\Run: [Spotify] => C:\Users\Samsung\AppData\Roaming\Spotify\Spotify.exe [6701624 2015-03-25] (Spotify Ltd)
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\MountPoints2: {0a4c49bb-8010-11e2-94d0-806e6f6e6963} - E:\SecSWMgrGuide.exe
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\...\MountPoints2: {d61335a9-84f1-11e2-8cd7-50b7c34c9aa7} - F:\NokiaPCIA_Autorun.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Samsung\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.coolsearches.info/...&hid=1981506380966936178&lg=EN&cc=LT&unqvl=85
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?...0A9E384_J1120021CXMAUACXMAUAX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?...0A9E384_J1120021CXMAUACXMAUAX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?...0A9E384_J1120021CXMAUACXMAUAX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?...0A9E384_J1120021CXMAUACXMAUAX&q={searchTerms}
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-8880672-3241115651-1778361105-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.coolsearches.info/...&hid=1981506380966936178&lg=EN&cc=LT&unqvl=85
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coolsearches.info/...&hid=1981506380966936178&lg=EN&cc=LT&unqvl=85
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coolsearches.info/...&hid=1981506380966936178&lg=EN&cc=LT&unqvl=85
SearchScopes: HKU\S-1-5-21-8880672-3241115651-1778361105-1000 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coolsearches.info/...&hid=1981506380966936178&lg=EN&cc=LT&unqvl=85
SearchScopes: HKU\S-1-5-21-8880672-3241115651-1778361105-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://yandex.ru/yandsearch?win=75&clid=1969032&text={searchTerms}
SearchScopes: HKU\S-1-5-21-8880672-3241115651-1778361105-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-8880672-3241115651-1778361105-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ie...H001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-8880672-3241115651-1778361105-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coolsearches.info/...&hid=1981506380966936178&lg=EN&cc=LT&unqvl=85
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Toolbar: HKU\S-1-5-21-8880672-3241115651-1778361105-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 217.9.240.102 213.226.131.131 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type...HitachiXHTS547550A9E384_J1120021CXMAUACXMAUAX
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-04-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-04-18] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-12] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-8880672-3241115651-1778361105-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Samsung\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1422806075&from=obw&uid=HitachiXHTS547550A9E384_J1120021CXMAUACXMAUAX"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (IntelĀ® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (IntelĀ® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Profile: C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-28]
CHR Extension: (Google Drive) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-28]
CHR Extension: (YouTube) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-28]
CHR Extension: (Google Search) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-28]
CHR Extension: (SaveRExtensiounn) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdkndflaceljipfmjfonemljgadhjkmi [2015-02-16]
CHR Extension: (Google Wallet) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Gmail) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-28]
CHR Extension: (AVG PrivacyFix) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni [2014-05-10]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 2e2c67c9; c:\Program Files (x86)\SegmentSystem\SegmentSystem.dll [1575424 2015-02-25] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [107648 2012-03-09] (Atheros Commnucations) [File not signed]
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-02-28] („Google Inc.“)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-02-28] („Google Inc.“)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-06-06] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [164184 2012-06-06] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2879176 2012-12-27] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-02-01] (SysTool PasSame LIMITED) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] („Microsoft Corporation“)
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] („Microsoft Corporation“)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-03-09] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R1 {4889ddce-7a83-45e6-afc9-1e4f1149fff4}Gw64; C:\Windows\System32\drivers\{4889ddce-7a83-45e6-afc9-1e4f1149fff4}Gw64.sys [48832 2015-01-31] (StdLib)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-30 14:00 - 2015-03-30 14:03 - 00025853 _____ () C:\Users\Samsung\Desktop\FRST.txt
2015-03-30 14:00 - 2015-03-30 14:00 - 00000000 ____D () C:\FRST
2015-03-30 13:59 - 2015-03-30 13:59 - 02095616 _____ (Farbar) C:\Users\Samsung\Desktop\FRST64.exe
2015-03-30 12:46 - 2015-03-30 12:46 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-30 12:46 - 2015-03-30 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-30 12:44 - 2015-03-30 12:46 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-30 12:44 - 2015-03-30 12:46 - 00000000 ____D () C:\Program Files\iTunes
2015-03-30 12:44 - 2015-03-30 12:44 - 00000000 ____D () C:\Program Files\iPod
2015-03-30 12:44 - 2015-03-30 12:44 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-28 22:54 - 2015-03-28 22:54 - 00000049 _____ () C:\Windows\SysWOW64\ScrRecX.log
2015-03-28 22:54 - 2015-03-28 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2015-03-28 22:54 - 2008-08-18 19:18 - 00077824 _____ (Fox Magic Software) C:\Windows\SysWOW64\fmcodec.DLL
2015-03-28 22:49 - 2015-03-29 12:50 - 00000020 _____ () C:\Users\Samsung\AppData\Roaming\appdataFr3.bin
2015-03-28 22:47 - 2015-03-28 22:47 - 00000000 ___RD () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-03-28 22:47 - 2015-03-28 22:47 - 00000000 ____D () C:\Users\Samsung\Documents\Bluetooth Folder
2015-03-28 21:33 - 2015-03-28 21:37 - 16490312 _____ (DsNET Corp ) C:\Users\Samsung\Downloads\aTube_Catcher_SOMOTO_8004.exe
2015-03-28 17:19 - 2015-03-28 17:19 - 00110312 _____ () C:\Users\Samsung\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-28 17:14 - 2015-03-28 17:14 - 00011770 _____ () C:\Users\Samsung\Downloads\31AD2CAA316AA80ED154F6541EC5CCD48A84BB2C.torrent
2015-03-28 17:14 - 2015-03-28 17:14 - 00011428 _____ () C:\Users\Samsung\Downloads\The.Imitation.Game.2014.BRRip.x264.AC3.LT.EN.mkv.torrent
2015-03-27 00:45 - 2015-03-27 00:46 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Samsung\Downloads\procexp.exe
2015-03-26 16:24 - 2015-03-26 16:24 - 05034736 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-25 20:56 - 2015-03-25 20:56 - 00000000 _____ () C:\Users\Samsung\agent.log
2015-03-25 09:57 - 2015-03-25 11:50 - 00007070 _____ () C:\Windows\DPINST.LOG
2015-03-21 13:13 - 2015-03-21 13:13 - 00001945 _____ () C:\Users\Public\Desktop\EZDownloader.lnk
2015-03-21 13:13 - 2015-03-21 13:13 - 00000000 ____D () C:\Windows\SysWOW64\X86
2015-03-21 13:13 - 2015-03-21 13:13 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2015-03-21 13:13 - 2015-03-21 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
2015-03-21 13:11 - 2015-03-26 10:13 - 00000000 ____D () C:\Program Files (x86)\SalePluus
2015-03-21 13:09 - 2015-03-21 13:09 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\EZDownloader
2015-03-21 13:08 - 2015-03-21 13:13 - 00000000 ____D () C:\Program Files (x86)\EZDownloader
2015-03-21 13:05 - 2015-03-21 13:05 - 00000000 ____D () C:\Program Files (x86)\SoalePLus