Solved Slow laptop - malware maybe

[jon427]

Hi there! I have this problem that probably similar to most. My gf laptop is so slow (Windows 8) that includes booting up, opening a folder or running application. Not really sure what happen, but below are the logs required (pre-req) for solving the issue: - Thanks in advance:

1. Run antivirus (Kapersky) - no virus or malware found.
2. Run Malawarebytes and the log is below:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/30/2014
Scan Time: 1:30:00 PM
Logfile: malawarebytes.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.30.12
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Farship

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327232
Time Elapsed: 9 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)​

3. Run DDS and the results are below:

DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 10.25.2
Run by Farship at 14:00:44 on 2014-06-30
Microsoft Windows 8.1 6.3.9600.0.1252.1.1033.18.8080.5691 [GMT -6:00]
.
AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkDMS.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dwm.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Windows\System32\skydrive.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
C:\Windows\System32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe
C:\istgah_dic\dic_istgah.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\SettingSyncHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Quick Starter] C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Farship\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\istgah Dictionary.lnk - C:\istgah_dic\dic_istgah.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0817CE5A-D0D2-4CEA-BBEA-6689C26D1326} : NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{5C18A4BF-A235-447E-9184-B72500847B6C} : NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D} : NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{CD822194-2C6A-40B0-BEC1-07E0404E282E} : NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{F2B57EF4-9386-4316-9160-275B45B8A16C} : NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{F2B57EF4-9386-4316-9160-275B45B8A16C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FB4A9047-0F8A-4CC6-97B5-599B653FCF6F}\54873656C63796F62733 : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{FB4A9047-0F8A-4CC6-97B5-599B653FCF6F}\7616475637D27657563747 : NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{FB4A9047-0F8A-4CC6-97B5-599B653FCF6F}\7616475637D27657563747 : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{FB4A9047-0F8A-4CC6-97B5-599B653FCF6F}\B61647562777F6F646 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{FB4A9047-0F8A-4CC6-97B5-599B653FCF6F}\E4F4B4941402C457D6961602932303D213 : DHCPNameServer = 192.168.137.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Samsung Link] "C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe"
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Farship\AppData\Roaming\Mozilla\Firefox\Profiles\4qfd6w8x.default\
FF - plugin: C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll
FF - plugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPluginUACElevator.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.astrmndasr.hmpg - true
FF - user.js: extensions.astrmndasr.hmpgUrl - hxxp://astromenda.com/?f=1&a=ast_orinteract_14_42_ie&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0C0F0C0CyE0F0ByEyB0DtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0C0AtAyDyE0CtG0FtC0AyEtGzztDzz0BtG0F0CyEtCtGtDtDtAyE0FyEtCtBtDyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBtC0B0F0Bzy0FtG0BtDzztAtGyEtBtDzytGzz0FyEzytG0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
FF - user.js: extensions.astrmndasr.dfltSrch - true
FF - user.js: extensions.astrmndasr.srchPrvdr - Astromenda
FF - user.js: extensions.astrmndasr.dnsErr - true
FF - user.js: extensions.astrmndasr_i.newTab - true
FF - user.js: extensions.astrmndasr.newTabUrl - hxxp://astromenda.com/?f=2&a=ast_orinteract_14_42_ie&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0C0F0C0CyE0F0ByEyB0DtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0C0AtAyDyE0CtG0FtC0AyEtGzztDzz0BtG0F0CyEtCtGtDtDtAyE0FyEtCtBtDyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBtC0B0F0Bzy0FtG0BtDzztAtGyEtBtDzytGzz0FyEzytG0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
FF - user.js: extensions.astrmndasr.tlbrSrchUrl - hxxp://astromenda.com/?f=3&a=ast_orinteract_14_42_ie&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0C0F0C0CyE0F0ByEyB0DtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0C0AtAyDyE0CtG0FtC0AyEtGzztDzz0BtG0F0CyEtCtGtDtDtAyE0FyEtCtBtDyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBtC0B0F0Bzy0FtG0BtDzztAtGyEtBtDzytGzz0FyEzytG0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=&q=
FF - user.js: extensions.astrmndasr.id - C68508CFCC4FB47D
FF - user.js: extensions.astrmndasr.instlDay - 16360
FF - user.js: extensions.astrmndasr.vrsn -
FF - user.js: extensions.astrmndasr.vrsni -
FF - user.js: extensions.astrmndasr_i.vrsnTs - 22:3:1
FF - user.js: extensions.astrmndasr.prtnrId - WSE_Astromenda
FF - user.js: extensions.astrmndasr.prdct - astrmndasr
FF - user.js: extensions.astrmndasr.aflt - ast_orinteract_14_42_ie
FF - user.js: extensions.astrmndasr_i.smplGrp - none
FF - user.js: extensions.astrmndasr.tlbrId -
FF - user.js: extensions.astrmndasr.instlRef - 142905_b
FF - user.js: extensions.astrmndasr.dfltLng -
FF - user.js: extensions.astrmndasr.appId - {9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
FF - user.js: extensions.astrmndasr.excTlbr - false
FF - user.js: extensions.astrmndasr.cr - 2082598172
FF - user.js: extensions.astrmndasr.cd - 2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0C0F0C0CyE0F0ByEyB0DtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0C0AtAyDyE0CtG0FtC0AyEtGzztDzz0BtG0F0CyEtCtGtDtDtAyE0FyEtCtBtDyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBtC0B0F0Bzy0FtG0BtDzztAtGyEtBtDzytGzz0FyEzytG0EtB0C0Czz0B0C0AtD0DyDtA2Q
FF - user.js: extensions.astrmndasr.AL - 4
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\WINDOWS\System32\drivers\CSCrySec.sys [2013-10-29 98064]
R0 dlkmdldr;dlkmdldr;C:\WINDOWS\System32\drivers\dlkmdldr.sys [2014-9-5 18736]
R0 excsd;ExpressCache Storage Filter Driver;C:\WINDOWS\System32\drivers\excsd.sys [2013-8-20 103248]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-8-7 644968]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2013-12-14 39768]
R0 nvpciflt;nvpciflt;C:\WINDOWS\System32\drivers\nvpciflt.sys [2014-3-10 32544]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2014-4-18 157016]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2013-8-22 76800]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys [2013-10-29 67344]
R1 excfs;ExpressCache File System Filter Driver;C:\WINDOWS\System32\drivers\excfs.sys [2013-8-20 23376]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\WINDOWS\System32\drivers\klim6.sys [2012-8-2 30304]
R1 klwfp;klwfp;C:\WINDOWS\System32\drivers\klwfp.sys [2013-10-29 50448]
R1 kneps;kneps;C:\WINDOWS\System32\drivers\kneps.sys [2013-10-29 178448]
R2 AllShare Framework DMS;AllShare Framework DMS;C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe [2013-7-23 404360]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-4-11 772064]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2013-10-29 356128]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-8-26 1137016]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-8-26 1157496]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2014-7-9 10571056]
R2 Easy Launcher;Easy Launcher;C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2012-11-30 1591176]
R2 ExpressCache;ExpressCache;C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [2012-8-17 102224]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-11-8 250712]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-3-10 131544]
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [2013-9-18 157128]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-3-10 169432]
R2 Samsung Link Service;Samsung Link Service;C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [2013-8-31 605768]
R2 SWUpdateService;SW Update Service;C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2013-10-21 3018800]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-4-18 3388144]
R3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;C:\WINDOWS\System32\drivers\AmpPal.sys [2013-4-11 165344]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2014-4-18 226304]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\WINDOWS\System32\drivers\btmaux.sys [2013-7-22 140600]
R3 btmhsf;btmhsf;C:\WINDOWS\System32\drivers\btmhsf.sys [2013-9-5 1390904]
R3 dlkmd;dlkmd;C:\WINDOWS\System32\drivers\dlkmd.sys [2014-9-5 435504]
R3 iBtFltCoex;iBtFltCoex;C:\WINDOWS\System32\drivers\iBtFltCoex.sys [2013-4-23 69088]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-2-26 169752]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2013-9-9 449528]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2013-9-30 26008]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\WINDOWS\System32\drivers\klkbdflt.sys [2013-10-29 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\WINDOWS\System32\drivers\klmouflt.sys [2013-10-29 29280]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\0E826AB4.sys [2014-6-30 129752]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2013-8-22 16384]
R3 NETwNe64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\WINDOWS\System32\drivers\NETwew00.sys [2013-10-8 3345376]
R3 RadioHIDMini;Radio HID Mini-driver;C:\WINDOWS\System32\drivers\RadioHIDMini.sys [2012-7-30 23408]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\drivers\Rt630x64.sys [2014-3-10 827096]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\WINDOWS\System32\drivers\usb3Hub.sys [2012-11-29 47072]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2014-8-22 227840]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\WINDOWS\System32\drivers\xHCIPort.sys [2012-10-9 188896]
S0 klelam;klelam;C:\WINDOWS\System32\drivers\klelam.sys [2013-11-13 29792]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2013-8-22 782176]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2013-8-22 37768]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2013-8-22 37768]
S3 bcm;WiMAX Network Adapter;C:\WINDOWS\System32\drivers\drxvi314_64.sys [2014-4-11 363136]
S3 bcmbusctr;WiMAX Bus Driver;C:\WINDOWS\System32\drivers\BcmBusCtr_64.sys [2014-4-11 62464]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2013-8-22 17624]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;C:\WINDOWS\System32\drivers\DisplayLinkUsbIo_x64_7.6.56275.0.sys [2014-7-10 46384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2013-8-22 24568]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2013-8-22 99320]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2013-8-22 651248]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2014-6-13 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2013-9-30 39320]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-2-28 174368]
S3 lfsvc;Windows Location Framework Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2013-8-22 37768]
S3 LSI_SAS3;LSI_SAS3;C:\WINDOWS\System32\drivers\lsi_sas3.sys [2013-8-22 81760]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-4-18 273136]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\WINDOWS\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc63.sys [2013-8-22 87040]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2014-4-18 924504]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2013-12-14 146776]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2013-8-22 37768]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2013-11-23 57176]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2013-8-22 26976]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2014-5-14 123224]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2014-5-14 347880]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2013-8-22 37768]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2013-8-22 37768]
.
=============== Created Last 30 ================
.
2014-10-18 17:04:20 275968 ----a-w- C:\WINDOWS\System32\generaltel.dll
2014-10-18 17:04:19 678400 ----a-w- C:\WINDOWS\System32\aepdu.dll
2014-10-18 17:04:17 527360 ----a-w- C:\WINDOWS\System32\aeinv.dll
2014-10-18 17:04:14 3117568 ----a-w- C:\WINDOWS\SysWow64\msi.dll
2014-10-18 17:04:14 2779648 ----a-w- C:\WINDOWS\System32\msi.dll
2014-10-18 17:04:12 921600 ----a-w- C:\WINDOWS\System32\MrmCoreR.dll
2014-10-18 17:04:12 626688 ----a-w- C:\WINDOWS\SysWow64\MrmCoreR.dll
2014-10-18 17:04:11 118272 ----a-w- C:\WINDOWS\System32\winbici.dll
2014-10-18 16:49:12 76288 ----a-w- C:\WINDOWS\System32\packager.dll
2014-10-18 16:49:12 68608 ----a-w- C:\WINDOWS\SysWow64\packager.dll
2014-10-18 16:48:33 4183040 ----a-w- C:\WINDOWS\System32\win32k.sys
2014-10-18 16:45:35 590336 ----a-w- C:\WINDOWS\System32\rastls.dll
2014-10-18 16:45:35 514048 ----a-w- C:\WINDOWS\SysWow64\rastls.dll
2014-10-18 04:13:34 1664 ----a-w- C:\WINDOWS\System32\ASOROSet.bin
2014-10-18 04:03:02 -------- d-----w- C:\Users\Farship\AppData\Roaming\ASP
2014-10-18 04:02:53 -------- d-----w- C:\Users\Farship\AppData\Roaming\Systweak
2014-10-18 04:02:49 -------- d-----w- C:\Users\Farship\AppData\Roaming\Windows Essentials Codec Pack
2014-10-18 04:02:49 -------- d-----w- C:\Program Files (x86)\Windows Essentials Codec Pack
2014-10-18 04:02:44 20296 ----a-w- C:\WINDOWS\System32\roboot64.exe
2014-10-04 21:38:11 -------- d-----w- C:\ProgramData\Intel(R) Update Manager
2014-09-21 01:21:59 621056 ----a-w- C:\WINDOWS\System32\comdlg32.dll
2014-09-20 19:14:15 706016 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2014-09-20 19:14:15 105440 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2014-09-20 18:58:32 3231696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dcompiler_46.dll
2014-09-20 04:50:42 299520 ----a-w- C:\WINDOWS\System32\WSDMon.dll
2014-09-20 04:50:42 205824 ----a-w- C:\WINDOWS\System32\tcpmon.dll
2014-09-20 04:50:40 796672 ----a-w- C:\WINDOWS\System32\uDWM.dll
2014-09-20 04:50:40 2374784 ----a-w- C:\WINDOWS\explorer.exe
2014-09-20 04:50:40 2084520 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2014-09-20 04:50:38 13423104 ----a-w- C:\WINDOWS\System32\twinui.dll
2014-09-20 04:50:37 11818496 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2014-09-20 04:50:36 2860032 ----a-w- C:\WINDOWS\System32\actxprxy.dll
2014-09-20 04:50:36 1038336 ----a-w- C:\WINDOWS\SysWow64\actxprxy.dll
2014-09-20 04:50:35 68096 ----a-w- C:\WINDOWS\System32\UXInit.dll
2014-09-20 04:50:35 50176 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll
2014-09-20 04:49:51 146752 ----a-w- C:\WINDOWS\System32\drivers\msgpioclx.sys
2014-09-20 04:38:09 97280 ----a-w- C:\WINDOWS\System32\aepic.dll
2014-09-20 04:36:38 1212928 ----a-w- C:\WINDOWS\System32\schedsvc.dll
2014-09-20 04:36:15 875688 ----a-w- C:\WINDOWS\SysWow64\msvcr120_clr0400.dll
2014-09-20 04:36:15 869544 ----a-w- C:\WINDOWS\System32\msvcr120_clr0400.dll
2014-09-06 03:46:26 435504 ----a-w- C:\WINDOWS\System32\drivers\dlkmd.sys
2014-09-06 03:46:26 18736 ----a-w- C:\WINDOWS\System32\drivers\dlkmdldr.sys
2014-09-05 05:32:56 1336624 ----a-w- C:\WINDOWS\System32\gdi32.dll
2014-09-05 05:32:56 1064448 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
2014-08-25 02:08:56 -------- d-----r- C:\Users\Farship\Music
2014-08-24 05:53:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware old
2014-08-23 04:31:01 26419488 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-08-23 04:31:00 25693720 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-08-23 04:29:31 710144 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
2014-08-23 04:29:31 1273184 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2014-08-23 04:25:59 402432 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb.sys
2014-08-23 04:24:57 356352 ----a-w- C:\WINDOWS\System32\msihnd.dll
2014-08-23 04:24:57 281088 ----a-w- C:\WINDOWS\SysWow64\msihnd.dll
2014-08-23 04:24:57 114520 ----a-w- C:\WINDOWS\System32\consent.exe
2014-08-23 04:24:52 623616 ----a-w- C:\WINDOWS\System32\MDMAgent.exe
2014-08-23 04:24:52 418816 ----a-w- C:\WINDOWS\System32\wbem\MDMSettingsProv.dll
2014-08-23 04:24:52 161792 ----a-w- C:\WINDOWS\System32\wbem\MDMAppProv.dll
2014-07-12 04:25:37 1018880 ----a-w- C:\WINDOWS\System32\termsrv.dll
2014-07-12 04:23:58 -------- d-s---w- C:\WINDOWS\System32\CompatTel
2014-07-10 13:28:16 46384 ----a-w- C:\WINDOWS\System32\drivers\DisplayLinkUsbIo_x64_7.6.56275.0.sys
2014-07-10 13:28:08 1017344 ----a-w- C:\WINDOWS\System32\DisplayLinkUsbCo64_7.6.56275.0.dll
2014-07-09 14:52:38 1469744 ----a-w- C:\WINDOWS\System32\dlumd9.dll
2014-07-09 14:52:38 1469744 ----a-w- C:\WINDOWS\System32\dlumd64.dll
2014-07-09 14:52:38 1469744 ----a-w- C:\WINDOWS\System32\dlumd11.dll
2014-07-09 14:52:38 1469744 ----a-w- C:\WINDOWS\System32\dlumd10.dll
2014-07-09 14:52:35 1146672 ----a-w- C:\WINDOWS\SysWow64\dlumd9.dll
2014-07-09 14:52:35 1146672 ----a-w- C:\WINDOWS\SysWow64\dlumd32.dll
2014-07-09 14:52:35 1146672 ----a-w- C:\WINDOWS\SysWow64\dlumd11.dll
2014-07-09 14:52:35 1146672 ----a-w- C:\WINDOWS\SysWow64\dlumd10.dll
2014-07-09 06:08:26 966144 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-09 06:08:24 563200 ----a-w- C:\WINDOWS\System32\drivers\afd.sys
2014-07-09 06:08:23 735232 ----a-w- C:\WINDOWS\SysWow64\adtschema.dll
2014-07-09 06:08:23 735232 ----a-w- C:\WINDOWS\System32\adtschema.dll
2014-07-09 06:08:23 565576 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2014-07-09 06:03:25 79872 ----a-w- C:\WINDOWS\System32\WSReset.exe
2014-06-30 19:29:51 129752 ----a-w- C:\WINDOWS\System32\drivers\0E826AB4.sys
2014-06-30 19:29:40 129752 ----a-w- C:\WINDOWS\System32\drivers\40A96A90.sys
2014-06-30 19:29:34 93400 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2014-06-30 19:29:34 64216 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2014-06-30 19:29:34 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2014-06-30 19:24:55 129752 ----a-w- C:\WINDOWS\System32\drivers\02A966EE.sys
2014-06-30 19:24:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 01:48:21 -------- d-----r- C:\Users\Farship\Documents
2014-06-14 03:56:46 7173120 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2014-06-14 03:55:32 98816 ----a-w- C:\WINDOWS\SysWow64\drvinst.exe
2014-06-14 03:55:32 57856 ----a-w- C:\WINDOWS\System32\drvcfg.exe
2014-06-14 03:55:32 110592 ----a-w- C:\WINDOWS\System32\drvinst.exe
2014-06-14 03:55:23 1975296 ----a-w- C:\WINDOWS\System32\DWrite.dll
2014-06-14 03:55:23 1345536 ----a-w- C:\WINDOWS\System32\FntCache.dll
2014-06-14 03:55:22 1509888 ----a-w- C:\WINDOWS\SysWow64\DWrite.dll
2014-06-14 03:30:44 55328 ----a-w- C:\WINDOWS\System32\drivers\wpcfltr.sys
2014-06-14 03:30:44 2834944 ----a-w- C:\WINDOWS\System32\wpccpl.dll
2014-06-14 03:29:46 53248 ----a-w- C:\WINDOWS\SysWow64\tsgqec.dll
2014-06-12 04:49:02 18636480 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
==================== Find3M ====================
.
2014-09-25 22:32:04 2017280 ----a-w- C:\WINDOWS\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\WINDOWS\System32\inetcpl.cpl
2014-09-20 19:01:30 2724864 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2014-09-20 19:01:28 48640 ----a-w- C:\WINDOWS\System32\ieetwproxystub.dll
2014-09-20 19:01:28 4096 ----a-w- C:\WINDOWS\System32\ieetwcollectorres.dll
2014-09-20 19:01:28 139264 ----a-w- C:\WINDOWS\System32\ieUnatt.exe
2014-09-20 19:01:28 111616 ----a-w- C:\WINDOWS\System32\ieetwcollector.exe
2014-09-20 19:01:27 66048 ----a-w- C:\WINDOWS\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\WINDOWS\System32\vbscript.dll
2014-09-19 01:38:27 83968 ----a-w- C:\WINDOWS\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\WINDOWS\System32\jscript9.dll
2014-09-19 01:25:12 4201472 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\WINDOWS\System32\jscript9diag.dll
2014-09-19 01:02:07 454656 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2014-09-19 00:59:40 61952 ----a-w- C:\WINDOWS\SysWow64\MshtmlDac.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\WINDOWS\System32\wininet.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2014-09-08 00:08:35 35328 ----a-w- C:\WINDOWS\System32\wuapp.exe
2014-09-08 00:07:59 137728 ----a-w- C:\WINDOWS\System32\wuwebv.dll
2014-09-08 00:04:52 388608 ----a-w- C:\WINDOWS\System32\WUSettingsProvider.dll
2014-09-08 00:04:20 93696 ----a-w- C:\WINDOWS\System32\wudriver.dll
2014-09-08 00:03:50 1702400 ----a-w- C:\WINDOWS\System32\wucltux.dll
2014-09-07 23:59:31 31232 ----a-w- C:\WINDOWS\SysWow64\wuapp.exe
2014-09-07 23:59:15 123904 ----a-w- C:\WINDOWS\SysWow64\wuwebv.dll
2014-09-07 23:56:51 80896 ----a-w- C:\WINDOWS\SysWow64\wudriver.dll
2014-08-29 01:58:52 109568 ----a-w- C:\WINDOWS\System32\appinfo.dll
2014-08-28 23:56:41 2646016 ----a-w- C:\WINDOWS\System32\authui.dll
2014-08-28 23:47:55 2321920 ----a-w- C:\WINDOWS\SysWow64\authui.dll
2014-08-16 04:08:38 1507648 ----a-w- C:\WINDOWS\System32\propsys.dll
2014-08-16 04:01:48 1710184 ----a-w- C:\WINDOWS\System32\ntdll.dll
2014-08-16 03:58:45 1112512 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2014-08-16 03:57:37 2498880 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2014-08-16 03:57:36 428864 ----a-w- C:\WINDOWS\System32\drivers\FWPKCLNT.SYS
2014-08-16 03:16:37 1205976 ----a-w- C:\WINDOWS\SysWow64\propsys.dll
2014-08-16 03:03:51 1467384 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2014-08-16 02:55:32 2407936 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2014-08-16 01:31:16 838144 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2014-08-16 01:25:28 72704 ----a-w- C:\WINDOWS\System32\JavaScriptCollectionAgent.dll
2014-08-16 01:11:26 597504 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2014-08-16 01:04:21 359424 ----a-w- C:\WINDOWS\System32\Wldap32.dll
2014-08-16 00:58:45 60416 ----a-w- C:\WINDOWS\SysWow64\JavaScriptCollectionAgent.dll
2014-08-16 00:58:35 287744 ----a-w- C:\WINDOWS\System32\SystemEventsBrokerServer.dll
2014-08-16 00:53:32 118272 ----a-w- C:\WINDOWS\System32\httpprxm.dll
2014-08-16 00:46:38 290816 ----a-w- C:\WINDOWS\System32\ProximityService.dll
2014-08-16 00:45:51 267776 ----a-w- C:\WINDOWS\System32\bisrv.dll
2014-08-16 00:43:38 75776 ----a-w- C:\WINDOWS\System32\adhsvc.dll
2014-08-16 00:43:25 321024 ----a-w- C:\WINDOWS\SysWow64\Wldap32.dll
2014-08-16 00:31:57 286208 ----a-w- C:\WINDOWS\System32\pcsvDevice.dll
2014-08-16 00:31:07 914432 ----a-w- C:\WINDOWS\System32\iphlpsvc.dll
2014-08-16 00:29:54 249344 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-16 00:23:10 1106432 ----a-w- C:\WINDOWS\System32\SearchFolder.dll
2014-08-16 00:22:56 717824 ----a-w- C:\WINDOWS\System32\SkyDriveTelemetry.dll
2014-08-16 00:22:06 286208 ----a-w- C:\WINDOWS\System32\SkyDriveShell.dll
2014-08-16 00:19:42 189952 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-16 00:18:36 4758528 ----a-w- C:\WINDOWS\System32\SyncEngine.dll
2014-08-16 00:17:51 8757760 ----a-w- C:\WINDOWS\System32\Windows.UI.Search.dll
2014-08-16 00:14:34 265216 ----a-w- C:\WINDOWS\SysWow64\SkyDriveShell.dll
2014-08-16 00:13:50 6649344 ----a-w- C:\WINDOWS\System32\mstscax.dll
2014-08-16 00:13:17 5902848 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
2014-08-16 00:13:14 840192 ----a-w- C:\WINDOWS\SysWow64\SearchFolder.dll
2014-08-16 00:11:08 920064 ----a-w- C:\WINDOWS\System32\WSShared.dll
2014-08-16 00:10:35 1120768 ----a-w- C:\WINDOWS\System32\SkyDrive.exe
2014-08-16 00:08:48 5777408 ----a-w- C:\WINDOWS\SysWow64\mstscax.dll
2014-08-16 00:07:01 756224 ----a-w- C:\WINDOWS\SysWow64\WSShared.dll
2014-07-24 15:28:38 468288 -c--a-w- C:\WINDOWS\System32\drivers\USBHUB3.SYS
2014-07-24 15:28:38 419648 -c--a-w- C:\WINDOWS\System32\drivers\usbhub.sys
2014-07-24 15:28:38 412992 -c--a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2014-07-24 15:28:38 143680 -c--a-w- C:\WINDOWS\System32\drivers\usbccgp.sys
2014-07-24 15:28:35 280384 -c--a-w- C:\WINDOWS\System32\drivers\pci.sys
2014-07-24 15:23:21 1519488 ----a-w- C:\WINDOWS\System32\user32.dll
2014-07-24 15:23:21 125472 ----a-w- C:\WINDOWS\System32\dwmapi.dll
2014-07-24 15:20:37 645592 ----a-w- C:\WINDOWS\System32\SHCore.dll
2014-07-24 15:20:37 263400 ----a-w- C:\WINDOWS\System32\SystemSettingsAdminFlows.exe
2014-07-24 15:16:25 2574208 ----a-w- C:\WINDOWS\System32\WMVDECOD.DLL
2014-07-24 15:16:24 211216 ----a-w- C:\WINDOWS\System32\SndVol.exe
2014-07-24 15:07:53 7424320 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2014-07-24 15:07:52 2009920 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2014-07-24 15:05:56 1660048 ----a-w- C:\WINDOWS\System32\winload.efi
2014-07-24 15:05:56 1519560 ----a-w- C:\WINDOWS\System32\winload.exe
2014-07-24 15:05:56 1488008 ----a-w- C:\WINDOWS\System32\winresume.efi
2014-07-24 15:05:56 1356840 ----a-w- C:\WINDOWS\System32\winresume.exe
2014-07-24 15:03:56 882136 ----a-w- C:\WINDOWS\System32\mfplat.dll
2014-07-24 15:03:55 818624 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2014-07-24 15:03:55 233888 ----a-w- C:\WINDOWS\System32\mfps.dll
2014-07-24 15:03:54 2141920 ----a-w- C:\WINDOWS\System32\mfcore.dll
2014-07-24 15:03:53 360480 ----a-w- C:\WINDOWS\System32\mfreadwrite.dll
2014-07-24 15:03:53 205512 ----a-w- C:\WINDOWS\System32\mftranscode.dll
2014-07-24 14:57:08 475968 ----a-w- C:\WINDOWS\System32\drivers\netio.sys
2014-07-24 13:50:07 98048 ----a-w- C:\WINDOWS\SysWow64\dwmapi.dll
2014-07-24 13:48:15 2410976 ----a-w- C:\WINDOWS\SysWow64\WMVDECOD.DLL
2014-07-24 13:48:15 180208 ----a-w- C:\WINDOWS\SysWow64\SndVol.exe
2014-07-24 13:46:50 477200 ----a-w- C:\WINDOWS\SysWow64\SHCore.dll
2014-07-24 13:36:22 707536 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll
2014-07-24 13:36:22 674512 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2014-07-24 13:36:20 355800 ----a-w- C:\WINDOWS\SysWow64\mfreadwrite.dll
2014-07-24 13:36:20 2145472 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2014-07-24 13:36:20 180720 ----a-w- C:\WINDOWS\SysWow64\mftranscode.dll
2014-07-24 11:51:24 7168 ----a-w- C:\WINDOWS\System32\KBDYAK.DLL
2014-07-24 11:51:22 7168 ----a-w- C:\WINDOWS\System32\KBDTT102.DLL
2014-07-24 11:51:18 8192 ----a-w- C:\WINDOWS\System32\KBDRUM.DLL
.
============= FINISH: 14:03:16.58 ===============

 

[jon427]

Continuation of the first post:


Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8.1
Boot Device: \Device\HarddiskVolume3
Install Date: 11/23/2013 3:19:08 PM
System Uptime: 6/29/2014 6:26:38 PM (20 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | SAMSUNG_NP1234567890
Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz | SOCKET 0 | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 905 GiB total, 800.913 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 7.397 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP48: 9/20/2014 12:57:27 PM - Windows Update
RP49: 10/6/2014 12:45:04 PM - Windows Update
RP50: 10/17/2014 10:06:05 PM - RCP Fri, Oct 17, 14 22:06
RP51: 10/29/2014 2:59:23 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.06)
AllShare Framework DMS
AllSharePlayLink
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Classic Shell
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DisplayLink Core Software
DisplayLink Graphics
Elevated Installer
ExpressCache
Garmin Express
Garmin Express Tray
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) Rapid Storage Technology
Intel(R) Update Manager
Intel(R) WiDi
Intel® PROSet/Wireless Software
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 25
Java 7 Update 9 (64-bit)
Java Auto Updater
Kaspersky PURE 3.0
Linkey
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 32.0.3 (x86 en-US)
Mozilla Maintenance Service
NVIDIA Control Panel 327.68
NVIDIA Graphics Driver 327.68
NVIDIA Install Application
Quick Starter
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
S Agent
Samsung Link 1.6.0.1307241933
Search Protect
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2883013) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Settings
Skype™ 6.11
SW Update
System Requirements Lab for Intel
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft en-us Dictionary
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Veetle TV
Windows Essentials Codec Pack 5.0
WinRAR 5.01 (64-bit)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
9/20/2014 1:09:43 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The service has not been started.
9/20/2014 1:08:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045B: Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2972213).
9/20/2014 1:07:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045B: Security Update for Windows 8.1 for x64-based Systems (KB2988948).
9/20/2014 1:07:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045B: Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2894852).
8/24/2014 8:58:54 PM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4.
8/22/2014 9:59:53 PM, Error: Service Control Manager [7000] - The Device Setup Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/22/2014 9:53:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wercplsupport service.
8/22/2014 10:18:18 PM, Error: Service Control Manager [7030] - The DisplayLinkManager service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/22/2014 10:04:07 PM, Error: Microsoft-Windows-DistributedCOM [10029] - The activation of the CLSID {E60687F7-01A1-40AA-86AC-DB1CBF673334} timed out waiting for the service wuauserv to stop.
8/22/2014 10:03:39 PM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/30/2014 2:02:54 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume ??. The exact nature of the corruption is unknown. The file system structures need to be scanned online.
6/29/2014 9:23:47 PM, Error: Schannel [36887] - A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
10/4/2014 2:50:51 PM, Error: Service Control Manager [7022] - The Intel(R) Management and Security Application Local Management Service service hung on starting.
10/4/2014 2:38:45 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
10/4/2014 2:34:10 PM, Error: Service Control Manager [7000] - The Problem Reports and Solutions Control Panel Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/4/2014 2:34:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wercplsupport with arguments "Unavailable" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
10/29/2014 2:34:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ExpressCache service.
10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub System service which failed to start because of the following error: A device attached to the system is not functioning.
10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI Proxy Service Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/29/2014 2:19:41 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/17/2014 10:28:41 PM, Error: Service Control Manager [7034] - The Computer Backup (MyPC Backup) service terminated unexpectedly. It has done this 1 time(s).
10/17/2014 10:21:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SWUpdateService service.
10/17/2014 10:17:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
10/17/2014 10:17:57 PM, Error: Service Control Manager [7000] - The Garmin Core Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/17/2014 10:16:47 PM, Error: volmgr [46] - Crash dump initialization failed!
10/16/2014 8:56:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Samsung\Farship SID (S-1-5-21-2098230245-2096821238-529503728-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
10/16/2014 8:55:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
10/16/2014 8:55:28 PM, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/16/2014 8:53:09 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
10/15/2014 10:05:03 PM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
10/1/2014 5:08:37 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/1/2014 5:08:33 PM, Error: Service Control Manager [7000] - The Microsoft Account Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/1/2014 5:07:49 PM, Error: Service Control Manager [7046] - The following service has repeatedly stopped responding to service control requests: Shell Hardware Detection Contact the service vendor or the system administrator about whether to disable this service until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.
10/1/2014 5:07:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
10/1/2014 5:06:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
10/1/2014 5:06:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
10/1/2014 5:05:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
10/1/2014 5:05:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
10/1/2014 5:04:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
10/1/2014 5:03:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download

Malwarebytes Anti-Rootkit to your desktop.

• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
• Double click on downloaded file. OK self extracting prompt.
• MBAR will start. Click "Next" to continue.
• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next" and click "Scan".
• When the scan is finished and no malware has been found select "Exit".
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
• Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

 

[jon427]

Below is the RKreport:

RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Farship [Administrator]
Mode : Delete -- Date : 10/31/2014 08:53:45

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] (SVC) SWUpdateService -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe /SERVICE[-] -> Stopped

¤¤¤ Registry : 23 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SBIOSIO (\??\C:\Users\Farship\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SWUpdateService (C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe /SERVICE) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SBIOSIO (\??\C:\Users\Farship\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWUpdateService (C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe /SERVICE) -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2098230245-2096821238-529503728-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2098230245-2096821238-529503728-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0817CE5A-D0D2-4CEA-BBEA-6689C26D1326} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C18A4BF-A235-447E-9184-B72500847B6C} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD822194-2C6A-40B0-BEC1-07E0404E282E} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F2B57EF4-9386-4316-9160-275B45B8A16C} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0817CE5A-D0D2-4CEA-BBEA-6689C26D1326} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5C18A4BF-A235-447E-9184-B72500847B6C} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CD822194-2C6A-40B0-BEC1-07E0404E282E} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F2B57EF4-9386-4316-9160-275B45B8A16C} | NameServer : 208.69.150.250,208.69.150.252 [UNITED STATES (US)] -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] PennyBee.job -- C:\Users\Farship\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE (/Check) -> Deleted
[Suspicious.Path] \\PennyBee -- C:\Users\Farship\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE (/Check) -> Deleted

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUP][FIREFX:Addon] 4qfd6w8x.default : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 32a43a1e2b6a38415caa8f0ca78c46f6
[BSP] 5bee8f1af9a6faca844d2bcd2a36cb5f : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SanDisk SSD i100 8GB +++++
--- User ---
[MBR] 0bbd8768089def2568ff5708850138ea
[BSP] 8c2a6c50d0e85f935bef5ad87584a6b5 : Compressed BootMgr MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1920221984 | Size: 886821 MB
1 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1936028192 | Size: 953932 MB
3 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 27722122 | Size: 0 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Generic Flash Disk USB Device +++++
--- User ---
[MBR] 16f244391169468f0b11d214c6b53f7a
[BSP] c7935bf757247cd2f0994bdd8fea4bcf : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 872 | Size: 3865 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_10312014_085248.log





Here is the information for the MALAWARE ANITI_ROOT KIT

Mbar-log-2014-10-31 (08-59-55)

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.10.31.07

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17351
Farship :: SAMSUNG [administrator]

10/31/2014 8:59:55 AM
mbar-log-2014-10-31 (08-59-55).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 327769
Time elapsed: 10 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

[jon427]

And below is the system-log information:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17351

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 8472920064, free: 5568380928

Downloaded database version: v2014.10.31.07
Downloaded database version: v2014.10.22.01
=======================================
Initializing...
------------ Kernel report ------------
10/31/2014 08:59:49
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\excsd.sys
\SystemRoot\system32\DRIVERS\CSCrySec.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\dlkmdldr.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\SystemRoot\system32\DRIVERS\excfs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\system32\drivers\dlkmd.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\klwfp.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\kneps.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CSVirtualDiskDrv.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\XHCIPort.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Netwew00.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\klkbdflt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\RadioHIDMini.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\AMPPAL.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\usb3Hub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\drivers\BthAvrcpTg.sys
\SystemRoot\System32\drivers\btampm.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\0E826AB4.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffe001d3969060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000038\
Lower Device Object: 0xffffe001d0622060
Lower Device Driver Name: \Driver\iaStorA\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffe001d27cf060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000037\
Lower Device Object: 0xffffe001d0636060
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe001d27cf060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001d27cfb20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001d27ce060, DeviceName: \Device\excsd0\, DriverName: \Driver\excsd\
DevicePointer: 0xffffe001d27cf060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe001d0622c40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe001d0636060, DeviceName: \Device\00000037\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\excsd0\, DriverName: \Driver\excsd\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: BA8B0834

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 573597528
GPT Header CurrentLba = 1 BackupLba 1953525167
GPT Header FirstUsableLba 34 LastUsableLba 1953525134
GPT Header Guid 4a27ce4e-8fe2-4de0-b33-c033d9f4a3a3
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 573597528
Backup GPT header CurrentLba = 1953525167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
Backup GPT header Guid 4a27ce4e-8fe2-4de0-b33-c033d9f4a3a3
Backup GPT header Contains 128 partition entries starting at LBA 1953525135
Backup GPT header Partition entry size = 128

Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 322f0ec4-988-4f18-84a3-531149af547
FirstLBA 34 Last LBA 262177
Attributes 0
Partition Name

Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 4a2f09e1-2a72-4c2b-baec-32d3c139f480
FirstLBA 264192 Last LBA 1288191
Attributes 0
Partition Name

Partition 2 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 8e00b819-7072-4927-9726-59cb49f1081
FirstLBA 1288192 Last LBA 1902591
Attributes 0
Partition Name

GPT Partition 2 is bootable
Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID d5393056-5714-499a-bf33-146199e2eec6
FirstLBA 1902592 Last LBA 1899683839
Attributes 0
Partition Name

Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 90e47c36-9d18-44e1-a4eb-5eae8a3808b
FirstLBA 1899683840 Last LBA 1900400639
Attributes 1
Partition Name

Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 449b1508-b827-42c4-9eb-85b4e4e58d6f
FirstLBA 1900400640 Last LBA 1951426559
Attributes 0
Partition Name

Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 65a76ba3-542b-4cbc-a5a2-a0876b186f8
FirstLBA 1951426560 Last LBA 1953523711
Attributes 0
Partition Name

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffe001d3969060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001d3969b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001d3989060, DeviceName: \Device\excsd1\, DriverName: \Driver\excsd\
DevicePointer: 0xffffe001d3969060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffe001d0636e50, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe001d0622060, DeviceName: \Device\00000038\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\excsd1\, DriverName: \Driver\excsd\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 73736572

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1920221984 Numsec = 1816210284

Partition 1 type is Other (0x6c)
Partition is INVALID!!!
Partition starts at LBA: 1936028192 Numsec = 1953653108

Partition 2 type is Empty (0x0)
Partition is INVALID!!!
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 27722122 Numsec = 447

Disk Size: 8012390400 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished


Thank you very much for helping me out in this case. I can see that the system is now responding faster previous to starting the cleanup. But I think it can be better. Btw, the malaware did not find anything suspicious.

 

[Broni]

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

 

[jon427]

Contents of ADwCleaner posted below (AdwCleaner[S)].txt


# AdwCleaner v3.311 - Report created 31/10/2014 at 15:12:11
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Farship - SAMSUNG
# Running from : C:\Users\Farship\Desktop\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files (x86)\Settings Manager
Folder Deleted : C:\WINDOWS\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Farship\AppData\Local\genienext
Folder Deleted : C:\Users\Farship\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Farship\AppData\Roaming\ASP
Folder Deleted : C:\Users\Farship\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Farship\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Farship\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Farship\Documents\Optimizer Pro
Folder Deleted : C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
File Deleted : C:\WINDOWS\System32\roboot64.exe
File Deleted : C:\Users\Farship\daemonprocess.txt

***** [ Scheduled Tasks ] *****

Task Deleted : ASP
Task Deleted : LaunchSignup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : HKCU\Software\BRS
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\Linkey
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\PerformerSoft
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : [x64] HKLM\SOFTWARE\Linkey

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\Farship\AppData\Roaming\Mozilla\Firefox\Profiles\yib21sht.default-1414772734461\prefs.js ]


-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5919 octets] - [31/10/2014 15:04:48]
AdwCleaner[S0].txt - [5094 octets] - [31/10/2014 15:12:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5154 octets] ##########


Contents of JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 8.1 x64
Ran by Farship on Fri 10/31/2014 at 15:18:58.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6FC98E18-43D1-42B1-84D0-E232D18B6951}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CF857FB6-5013-457A-B7E0-9DE0EC389032}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\Users\Farship\AppData\Roaming\sparktrust"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Farship\appdata\local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/31/2014 at 15:21:02.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[jon427]

Cont:

Contents of Farbar (FRST.txt)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01
Ran by Farship (administrator) on SAMSUNG on 31-10-2014 15:26:33
Running from C:\Users\Farship\Desktop
Loaded Profile: Farship (Available profiles: Farship)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkDMS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(istgah) C:\istgah_dic\dic_istgah.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [597576 2013-07-24] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe [24256 2013-10-29] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2098230245-2096821238-529503728-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-11-08] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2098230245-2096821238-529503728-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2098230245-2096821238-529503728-1001\...\Run: [Quick Starter] => C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe [2336048 2014-02-24] (Samsung Electronics CO., LTD.)
HKU\S-1-5-21-2098230245-2096821238-529503728-1001\...\MountPoints2: {29b253b7-bf63-11e3-beb7-c48508cfcc53} - "F:\Setup.exe"
Startup: C:\Users\Farship\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\istgah Dictionary.lnk
ShortcutTarget: istgah Dictionary.lnk -> C:\istgah_dic\dic_istgah.exe (istgah)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {6FC98E18-43D1-42B1-84D0-E232D18B6951} URL = http://astromenda.com/results.php?f...G0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
SearchScopes: HKLM-x32 - {6FC98E18-43D1-42B1-84D0-E232D18B6951} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - 252382C611B34CA5B517F6AE9E8A9FE6 URL = http://search.conduit.com/Results.a...-40CD-880B-88400DD8C910&q={searchTerms}&SSPV=
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0817CE5A-D0D2-4CEA-BBEA-6689C26D1326}: [NameServer] 208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{5C18A4BF-A235-447E-9184-B72500847B6C}: [NameServer] 208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{CD822194-2C6A-40B0-BEC1-07E0404E282E}: [NameServer] 208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{F2B57EF4-9386-4316-9160-275B45B8A16C}: [NameServer] 208.69.150.250,208.69.150.252

FireFox:
========
FF ProfilePath: C:\Users\Farship\AppData\Roaming\Mozilla\Firefox\Profiles\yib21sht.default-1414772734461
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2013-10-29]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_orinteract_14_42_ie&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0C0F0C0CyE0F0ByEyB0DtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0C0AtAyDyE0CtG0FtC0AyEtGzztDzz0BtG0F0CyEtCtGtDtDtAyE0FyEtCtBtDyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBtC0B0F0Bzy0FtG0BtDzztAtGyEtBtDzytGzz0FyEzytG0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_orinteract_14_42_ie&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0C0F0C0CyE0F0ByEyB0DtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0C0AtAyDyE0CtG0FtC0AyEtGzztDzz0BtG0F0CyEtCtGtDtDtAyE0FyEtCtBtDyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBtC0B0F0Bzy0FtG0BtDzztAtGyEtBtDzytGzz0FyEzytG0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir="
CHR DefaultSearchKeyword: Default -> astromenda.com_
CHR DefaultSearchURL: Default -> http://astromenda.com/results.php?f...G0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Profile: C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-16]
CHR Extension: (Google Drive) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-13]
CHR Extension: (YouTube) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-16]
CHR Extension: (Google Search) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-16]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-10-31]
CHR Extension: (Safe Money) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-10-31]
CHR Extension: (Content Blocker) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-10-31]
CHR Extension: (Virtual Keyboard) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-10-31]
CHR Extension: (Google Wallet) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-16]
CHR Extension: (Anti-Banner) - C:\Users\Farship\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-10-31]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-01-09]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-01-09]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-10-29]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-10-29]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2013-10-29]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-01-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AllShareFrameworkManagerDMS.exe [404360 2013-07-23] (Samsung) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-10-29] (Kaspersky Lab ZAO)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-13] (IvoSoft) [File not signed]
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [10571056 2014-07-09] (DisplayLink Corp.)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.) [File not signed]
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [605768 2013-07-24] (Copyright 2013 SAMSUNG)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcm; C:\Windows\system32\DRIVERS\drxvi314_64.sys [363136 2010-08-20] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\Windows\System32\drivers\BcmBusCtr_64.sys [62464 2010-08-20] (Beceem communications pvt ltd.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98064 2012-12-10] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67344 2012-12-10] (Infowatch)
S3 DisplayLinkUsbIo_x64; C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.6.56275.0.sys [46384 2014-07-10] ()
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-04-11] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-11-13] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [627264 2014-06-12] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-04-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-29] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-29] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-10-29] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2013-10-29] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-30] (Windows (R) Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-31] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 SBIOSIO; \??\C:\Users\Farship\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-31 15:26 - 2014-10-31 15:27 - 00029497 _____ () C:\Users\Farship\Desktop\FRST.txt
2014-10-31 15:26 - 2014-10-31 15:26 - 00000000 ____D () C:\FRST
2014-10-31 15:26 - 2014-10-31 15:25 - 02113536 _____ (Farbar) C:\Users\Farship\Desktop\FRST64.exe
2014-10-31 15:21 - 2014-10-31 15:21 - 00001215 _____ () C:\Users\Farship\Desktop\JRT.txt
2014-10-31 15:18 - 2014-10-31 15:18 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-10-31 15:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-10-31 15:04 - 2014-10-31 15:12 - 00000000 ____D () C:\AdwCleaner
2014-10-31 15:04 - 2014-10-31 15:01 - 01706144 _____ (Thisisu) C:\Users\Farship\Desktop\JRT.exe
2014-10-31 15:04 - 2014-10-31 15:01 - 01375089 _____ () C:\Users\Farship\Desktop\adwcleaner_3.311.exe
2014-10-31 10:25 - 2014-10-31 10:25 - 00000000 ____D () C:\Users\Farship\Desktop\Old Firefox Data
2014-10-31 08:59 - 2014-10-31 09:49 - 00000000 ____D () C:\Users\Farship\Desktop\mbar
2014-10-31 08:59 - 2014-10-31 09:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-31 08:55 - 2014-10-31 08:55 - 00006768 _____ () C:\Users\Farship\Desktop\RKreport_DEL_10312014_085345.log
2014-10-31 08:47 - 2014-10-31 15:17 - 00000000 ____D () C:\Users\Farship\AppData\Local\CrashDumps
2014-10-31 08:46 - 2014-10-31 08:46 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-10-31 08:46 - 2014-10-31 08:46 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-31 08:46 - 2014-10-31 08:43 - 14670424 _____ () C:\Users\Farship\Desktop\RogueKiller.exe
2014-10-31 08:46 - 2014-10-31 08:43 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Farship\Desktop\mbar-1.07.0.1012.exe
2014-10-29 17:45 - 2014-06-30 13:42 - 00001053 _____ () C:\Users\Farship\Desktop\malawarebytes.txt
2014-10-18 11:04 - 2014-10-09 16:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-10-18 11:04 - 2014-10-08 16:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-10-18 11:04 - 2014-09-18 19:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-10-18 11:04 - 2014-09-13 00:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-18 11:04 - 2014-09-12 23:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-18 11:04 - 2014-09-03 18:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-18 11:04 - 2014-09-03 17:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-18 11:04 - 2014-09-03 17:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-18 10:50 - 2014-08-28 19:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-18 10:50 - 2014-08-28 17:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-18 10:50 - 2014-08-28 17:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-18 10:50 - 2014-08-15 22:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-18 10:50 - 2014-08-15 22:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-10-18 10:50 - 2014-08-15 22:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-18 10:50 - 2014-08-15 21:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-10-18 10:50 - 2014-08-15 21:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-18 10:50 - 2014-08-15 21:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-18 10:50 - 2014-08-15 21:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-18 10:50 - 2014-08-15 21:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-10-18 10:50 - 2014-08-15 21:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-18 10:50 - 2014-08-15 19:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-18 10:50 - 2014-08-15 19:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-10-18 10:50 - 2014-08-15 18:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-18 10:50 - 2014-08-15 18:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-10-18 10:50 - 2014-08-15 18:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-10-18 10:50 - 2014-08-15 18:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-10-18 10:50 - 2014-08-15 18:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-18 10:50 - 2014-08-15 18:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-10-18 10:50 - 2014-08-15 18:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-10-18 10:50 - 2014-08-15 18:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-10-18 10:50 - 2014-08-15 18:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-18 10:50 - 2014-08-15 18:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-10-18 10:50 - 2014-08-15 18:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-18 10:50 - 2014-08-15 18:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-18 10:50 - 2014-08-15 18:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-18 10:50 - 2014-08-15 18:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-10-18 10:50 - 2014-08-15 18:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-18 10:50 - 2014-08-15 18:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-18 10:50 - 2014-08-15 18:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-18 10:50 - 2014-08-15 18:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-18 10:50 - 2014-08-15 18:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-18 10:50 - 2014-08-15 18:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-18 10:50 - 2014-08-15 18:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-10-18 10:50 - 2014-08-15 18:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-18 10:50 - 2014-08-15 18:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-18 10:50 - 2014-07-31 17:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-18 10:49 - 2014-09-13 00:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-18 10:49 - 2014-09-12 23:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-18 10:48 - 2014-09-27 16:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-18 10:48 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-18 10:47 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-18 10:47 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-18 10:47 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-18 10:47 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-18 10:47 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-18 10:47 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-18 10:47 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-18 10:47 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-18 10:47 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-18 10:47 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-18 10:47 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-18 10:47 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-18 10:47 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-18 10:47 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-18 10:47 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-18 10:47 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-18 10:47 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-18 10:47 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-18 10:47 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-18 10:47 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-18 10:47 - 2014-09-18 18:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-18 10:47 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-18 10:47 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-18 10:47 - 2014-09-18 18:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-18 10:47 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-18 10:47 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-18 10:47 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-18 10:47 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-18 10:47 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-18 10:45 - 2014-09-03 18:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-18 10:45 - 2014-09-03 18:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-18 10:43 - 2014-09-07 21:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-18 10:43 - 2014-09-07 19:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-18 10:43 - 2014-09-07 19:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-18 10:43 - 2014-09-07 18:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-18 10:43 - 2014-09-07 18:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-18 10:43 - 2014-09-07 18:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-18 10:43 - 2014-09-07 18:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-18 10:43 - 2014-09-07 18:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-18 10:43 - 2014-09-07 18:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-18 10:43 - 2014-09-07 18:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-18 10:43 - 2014-09-07 17:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-18 10:43 - 2014-09-07 17:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-18 10:43 - 2014-09-07 17:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-18 10:43 - 2014-09-07 17:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-17 22:13 - 2014-10-17 22:16 - 00001664 _____ () C:\WINDOWS\system32\ASOROSet.bin
2014-10-17 22:13 - 2014-10-17 22:14 - 00000000 ____D () C:\WINDOWS\system32\config\RCCBakup
2014-10-17 22:02 - 2014-10-17 22:02 - 00000000 ____D () C:\Users\Farship\AppData\Roaming\Windows Essentials Codec Pack
2014-10-17 22:02 - 2014-10-17 22:02 - 00000000 ____D () C:\Users\Farship\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Essentials Codec Pack
2014-10-17 22:02 - 2014-10-17 22:02 - 00000000 ____D () C:\Program Files (x86)\Windows Essentials Codec Pack
2014-10-16 16:09 - 2014-10-16 16:09 - 00000000 ____D () C:\Users\Farship\Documents\Fax
2014-10-16 00:09 - 2014-10-16 00:10 - 00000000 ____D () C:\Users\Farship\Desktop\Technical
2014-10-15 21:15 - 2014-10-15 21:15 - 00000001 _____ () C:\Users\Farship\AppData\Local\DSI.DAT
2014-10-14 23:01 - 2014-10-14 23:41 - 00000000 ____D () C:\Users\Farship\Desktop\3 Arbour Meadows
2014-10-13 12:12 - 2014-10-17 21:12 - 00000128 _____ () C:\Users\Farship\AppData\Roaming\WB.CFG
2014-10-13 11:12 - 2014-10-17 22:03 - 00000270 _____ () C:\Users\Farship\Desktop\Cut the Rope.url
2014-10-04 15:38 - 2014-10-04 16:13 - 00003718 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2014-10-04 15:38 - 2014-10-04 15:38 - 00003476 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2014-10-04 15:38 - 2014-10-04 15:38 - 00000000 ____D () C:\ProgramData\Intel(R) Update Manager

 

[jon427]

continuation of FRST.xt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-31 15:26 - 2013-06-16 11:28 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-31 15:21 - 2013-06-16 11:23 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2098230245-2096821238-529503728-1001
2014-10-31 15:17 - 2013-11-23 16:22 - 00000000 ___DO () C:\Users\Farship\SkyDrive
2014-10-31 15:17 - 2013-06-19 19:28 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-31 15:17 - 2013-06-16 11:45 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-31 15:14 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-31 15:13 - 2013-09-29 21:55 - 00360924 _____ () C:\WINDOWS\PFRO.log
2014-10-31 15:13 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-31 15:12 - 2013-11-23 03:23 - 01361436 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-31 15:12 - 2013-11-23 03:10 - 00000000 ____D () C:\Users\Farship
2014-10-31 15:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-31 15:00 - 2013-06-16 11:45 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-31 14:57 - 2013-11-23 23:36 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{12767704-A92A-431D-B190-5B5ED77AF184}
2014-10-31 08:59 - 2014-06-30 13:29 - 00128728 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\0E826AB4.sys
2014-10-31 08:59 - 2014-06-30 13:29 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-30 15:59 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-30 13:51 - 2014-06-30 13:51 - 00688992 ____R (Swearware) C:\Users\Farship\Desktop\dds.com
2014-10-30 13:22 - 2014-08-23 23:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware old
2014-10-30 11:09 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-29 18:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-29 18:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-29 18:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-29 16:13 - 2013-06-16 11:46 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-29 15:18 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-29 15:17 - 2013-07-24 17:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-29 15:13 - 2013-06-20 16:16 - 00000000 ____D () C:\Users\Farship\AppData\Local\Samsung
2014-10-29 15:03 - 2013-06-16 12:19 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-29 15:02 - 2014-07-11 22:23 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-10-29 14:49 - 2013-06-16 11:16 - 00000000 ____D () C:\Users\Farship\AppData\Local\VirtualStore
2014-10-29 14:21 - 2013-08-22 08:44 - 00481176 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-23 22:55 - 2013-06-16 11:45 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-23 22:55 - 2013-06-16 11:45 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-19 20:16 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-19 20:16 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-18 11:01 - 2013-08-20 19:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 22:31 - 2013-06-16 11:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-17 22:16 - 2013-08-22 07:25 - 82313216 _____ () C:\WINDOWS\system32\config\SOFTWARE.bak
2014-10-17 22:16 - 2013-08-22 07:25 - 13631488 _____ () C:\WINDOWS\system32\config\SYSTEM.bak
2014-10-17 22:16 - 2013-08-22 07:25 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-10-17 22:14 - 2013-08-22 07:25 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-10-17 22:03 - 2013-06-16 11:42 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-16 20:54 - 2013-06-16 11:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-13 11:15 - 2013-07-07 15:20 - 00000000 ____D () C:\Users\Farship\AppData\Local\Adobe
2014-10-04 16:13 - 2012-09-10 17:42 - 00000000 ____D () C:\ProgramData\Intel
2014-10-04 15:38 - 2014-02-26 00:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-10-04 15:38 - 2013-11-23 03:06 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-10-04 14:36 - 2013-09-29 21:51 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-04 14:36 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-10-04 14:36 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-04 14:36 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-04 14:36 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-10-04 14:36 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
2014-10-04 14:36 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-10-04 14:36 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-10-01 11:11 - 2014-06-30 13:29 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2014-06-30 13:29 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe


Some content of TEMP:
====================
C:\Users\Farship\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Farship\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-31 09:11

==================== End Of Log ============================


Contents of Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014 01
Ran by Farship at 2014-10-31 15:27:15
Running from C:\Users\Farship\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky PURE 3.0 (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky PURE 3.0 (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AllShare Framework DMS (HKLM\...\{8168F918-4749-4482-A23A-D5E709CF7856}) (Version: 1.3.15 - Samsung)
AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Classic Shell (HKLM\...\{7F34ADBE-77C0-47A0-BBC6-B3DA16CE8E68}) (Version: 3.6.7 - IvoSoft)
DisplayLink Core Software (HKLM\...\{89E40591-0404-4769-88E7-F649C95AE151}) (Version: 7.6.56275.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{C790E802-DB1C-402A-92FB-858AB2925BF6}) (Version: 7.4.51587.0 - DisplayLink Corp.)
Elevated Installer (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
ExpressCache (HKLM\...\{3EA6AB5D-D434-4ACA-9609-48F1319518EF}) (Version: 1.0.94 - Condusiv Technologies)
Garmin Express (HKLM-x32\...\{6f60b921-2ae3-43fe-a6fb-ad849bd91451}) (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{e6d17d96-ddaa-476f-bb07-db601024ffb1}) (Version: 15.8.0 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA Graphics Driver 327.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.68 - NVIDIA Corporation)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.2 - Samsung Electronics CO., LTD.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7055 - Realtek Semiconductor Corp.)
S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden
Samsung Link 1.6.0.1307241933 (HKLM\...\8474-7877-9059-0204) (Version: 1.6.0.1307241933 - Copyright 2013 SAMSUNG)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
Windows Essentials Codec Pack 5.0 (HKLM-x32\...\Windows Essentials Codec Pack) (Version: 5.0 - Windows Essentials Codec Pack)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

06-10-2014 18:45:04 Windows Update
18-10-2014 04:06:05 RCP Fri, Oct 17, 14 22:06
29-10-2014 20:59:23 Windows Update
31-10-2014 14:57:28 RestorePointOct312014

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 23:26 - 2013-06-16 12:16 - 00449637 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00E7B3F6-E174-4EAD-ACEE-C7FCE5D7BC3C} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1A6C3D3E-BC87-4E50-9994-FF5A3D1ACECB} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)
Task: {1F9179C9-6627-452B-A7B7-E2F7157D8D88} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {22F36E81-AE17-49DC-A912-1ADE6630ED12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-16] (Google Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {494A048E-B0AA-47F4-A0CA-C62348353892} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {55738F04-3B59-4F03-B4F9-2971678C3683} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {57A59BAF-6EEA-4B14-BF4C-7019ACD7C715} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {724E177E-1DE8-4E73-94ED-EE0B35769134} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {748F8C67-ABD9-40FE-818D-3E6CDC71871F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-29] (Microsoft Corporation)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {8460738F-07A9-49E9-8221-0E9FC67A5ED3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8D0AA648-CF0F-4B92-A1DC-E91FE640C3BE} - System32\Tasks\{DB8B6DD1-F6CC-40F1-9AA8-0ED5AF6D634B} => Chrome.exe http://ui.skype.com/ui/0/6.11.0.102/en/abandoninstall?page=tsMain
Task: {975D1FD2-1FFF-41F3-AA84-B07F42D2F9BF} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {9BC32FD6-148F-49E6-B38F-E6942F3CBCE4} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A830AB29-2A44-43AF-A470-14F512EBDD68} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-09-30] (Realtek Semiconductor)
Task: {AB1C154B-41A5-45E8-BE4E-19EE5F94FD31} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {CE7E85F2-65F0-4C56-821C-BCC65E1F72B7} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D190FE85-A0A2-4825-9A1D-F37EEC587E27} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E5D00DA6-2103-471B-953D-778A900E5A70} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FB6DB2A2-5C57-4F9B-89AE-40AA9471CC17} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-16] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-10 20:02 - 2013-11-11 04:27 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-08-31 13:51 - 2013-07-24 19:33 - 00012800 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2013-11-23 03:19 - 2013-11-23 03:19 - 00515584 _____ () C:\Windows\Temp\sqlite-3.7.2-sqlitejdbc.dll
2013-08-31 13:51 - 2013-07-24 19:33 - 01320448 _____ () C:\Program Files\Samsung\Samsung Link\SecProxyJNI.dll
2013-08-31 13:51 - 2013-07-24 19:33 - 01367040 _____ () C:\Program Files\Samsung\Samsung Link\SecStubJNI.dll
2013-08-31 13:51 - 2013-07-24 19:33 - 01588736 _____ () C:\Program Files\Samsung\Samsung Link\SppAgentSvc.dll
2013-07-23 15:21 - 2013-07-23 15:21 - 00036864 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\64bit\JNIInterface.dll
2013-07-23 15:21 - 2013-07-23 15:21 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\64bit\ASFAPI.dll
2013-07-23 15:23 - 2013-07-23 15:23 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\64bit\MediaDB_Manager.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00030720 _____ () C:\WINDOWS\SYSTEM32\MediaDB64.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00905216 _____ () C:\WINDOWS\SYSTEM32\ContentDirectoryPresenter64.dll
2013-07-23 15:22 - 2013-07-23 15:22 - 00521728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\64bit\DMS_Manager.dll
2013-07-22 19:02 - 2013-07-22 19:02 - 00049152 _____ () C:\WINDOWS\SYSTEM32\boost_date_time-vc90-mt-1_47.dll
2013-07-22 19:02 - 2013-07-22 19:02 - 00016896 _____ () C:\WINDOWS\SYSTEM32\boost_system-vc90-mt-1_47.dll
2013-07-22 19:02 - 2013-07-22 19:02 - 00058880 _____ () C:\WINDOWS\SYSTEM32\boost_thread-vc90-mt-1_47.dll
2013-07-22 19:02 - 2013-07-22 19:02 - 00299520 _____ () C:\WINDOWS\SYSTEM32\boost_serialization-vc90-mt-1_47.dll
2012-11-30 16:26 - 2012-11-30 16:26 - 00082312 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2013-08-31 13:51 - 2013-07-24 19:33 - 00042496 _____ () C:\Program Files\Samsung\Samsung Link\JniIO.dll
2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-21 22:44 - 2013-04-21 22:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 22:44 - 2013-04-21 22:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-07-23 13:26 - 2013-07-23 13:26 - 01112064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\DMSManager.dll
2013-06-26 14:16 - 2013-06-26 14:16 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\boost_serialization-vc90-mt-1_47.dll
2013-06-26 14:16 - 2013-06-26 14:16 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\boost_date_time-vc90-mt-1_47.dll
2013-06-26 14:16 - 2013-06-26 14:16 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\boost_system-vc90-mt-1_47.dll
2013-06-26 14:16 - 2013-06-26 14:16 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\boost_thread-vc90-mt-1_47.dll
2013-07-22 17:16 - 2013-07-22 17:16 - 00704000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\ContentDirectoryPresenter.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\DCMCDP.dll
2013-07-22 17:16 - 2013-07-22 17:16 - 00101376 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\FolderCDP.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\Autobackup.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\RosettaAllShare.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\MetadataFramework.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\sqlite3.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\MoodExtractor.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\DCMImgExtractor.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AutoChaptering.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\AudioExtractor.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\VideoExtractor.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\ImageExtractor.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\TextExtractor.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\libexpat.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\VideoThumb.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\ID3Driver.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\RichInfoDriver.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\ThumbnailMaker.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00133632 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\VideoMetadataDriver.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\SECMetaDriver.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\photoDriver.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\avcodec-52.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\avformat-52.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\avutil-50.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\swscale-0.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\tag.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\libThumbnail.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 01033216 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\ImageMagickWrapper.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\libKeyFrame.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\libexif-12.dll.dll
2013-06-27 13:37 - 2013-06-27 13:37 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.15\us.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2012-11-30 16:26 - 2012-11-30 16:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-11-30 16:26 - 2012-11-30 16:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-11-30 16:26 - 2012-11-30 16:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-11-30 16:26 - 2012-11-30 16:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-11-30 16:26 - 2012-11-30 16:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-11-30 16:26 - 2012-11-30 16:26 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-11-30 16:26 - 2012-11-30 16:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-11-30 16:26 - 2012-11-30 16:26 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-11-30 16:26 - 2012-11-30 16:26 - 00103032 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2014-03-10 20:52 - 2013-09-16 12:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Farship\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Farship\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pirates: Tides of Fortune.lnk

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKCU\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKCU\...\StartupApproved\Run: => "Skype"

========================= Accounts: ==========================

admin (S-1-5-21-2098230245-2096821238-529503728-1004 - Limited - Enabled)
Administrator (S-1-5-21-2098230245-2096821238-529503728-500 - Administrator - Disabled)
Farship (S-1-5-21-2098230245-2096821238-529503728-1001 - Administrator - Enabled) => C:\Users\Farship
Guest (S-1-5-21-2098230245-2096821238-529503728-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-05-09 22:39:37.160
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-05-09 22:39:37.082
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-05-03 23:26:29.103
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-05-03 23:26:29.009
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-05-03 15:06:04.187
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-05-03 15:06:04.109
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-05-02 23:24:51.866
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-05-02 23:24:51.710
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 23%
Total physical RAM: 8080.41 MB
Available physical RAM: 6185.76 MB
Total Pagefile: 9360.41 MB
Available Pagefile: 6998.38 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:904.93 GB) (Free:801.99 GB) NTFS
Drive d: () (Fixed) (Total:7.46 GB) (Free:7.4 GB) NTFS
Drive f: () (Removable) (Total:3.77 GB) (Free:3.71 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: BA8B0834)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 73736572)
Partition 1: (Not Active) - (Size=866 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.6 GB) - (Type=6C)
Partition 00: (Not Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit.
Partition 3: (Not Active) - (Size=224 KB) - (Type=00)

========================================================
Disk: 2 (Size: 3.8 GB) (Disk ID: CE2C86F2)
Partition 1: (Not Active) - (Size=3.8 GB) - (Type=0B)

==================== End Of Log ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[jon427]

Contents of fixlist.txt

HKU\S-1-5-21-2098230245-2096821238-529503728-1001\...\MountPoints2: {29b253b7-bf63-11e3-beb7-c48508cfcc53} - "F:\Setup.exe"
SearchScopes: HKLM - {6FC98E18-43D1-42B1-84D0-E232D18B6951} URL = http://astromenda.com/results.php?f...G0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
SearchScopes: HKCU - 252382C611B34CA5B517F6AE9E8A9FE6 URL = http://search.conduit.com/Results.a...-40CD-880B-88400DD8C910&q={searchTerms}&SSPV=
Tcpip\..\Interfaces\{0817CE5A-D0D2-4CEA-BBEA-6689C26D1326}: [NameServer] 208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{5C18A4BF-A235-447E-9184-B72500847B6C}: [NameServer] 208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{CD822194-2C6A-40B0-BEC1-07E0404E282E}: [NameServer] 208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{F2B57EF4-9386-4316-9160-275B45B8A16C}: [NameServer] 208.69.150.250,208.69.150.252
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_orinteract_14_42_ie&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0C0F0C0CyE0F0ByEyB0DtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0C0AtAyDyE0CtG0FtC0AyEtGzztDzz0BtG0F0CyEtCtGtDtDtAyE0FyEtCtBtDyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBtC0B0F0Bzy0FtG0BtDzztAtGyEtBtDzytGzz0FyEzytG0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_orinteract_14_42_ie&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0C0F0C0CyE0F0ByEyB0DtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0C0AtAyDyE0CtG0FtC0AyEtGzztDzz0BtG0F0CyEtCtGtDtDtAyE0FyEtCtBtDyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBtC0B0F0Bzy0FtG0BtDzztAtGyEtBtDzytGzz0FyEzytG0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir="
CHR DefaultSearchKeyword: Default -> astromenda.com_
CHR DefaultSearchURL: Default -> http://astromenda.com/results.php?f...G0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
S3 SBIOSIO; \??\C:\Users\Farship\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
C:\ProgramData\MakeMarkerFile.exe
C:\Users\Farship\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Farship\AppData\Local\Temp\Quarantine.exe
AlternateDataStreams: C:\Users\Farship\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Farship\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pirates: Tides of Fortune.lnk

 

[Broni]

You just posted content of my fixlist file.
Please re-read my instructions carefully and redo.

 

[jon427]

Sorry about that, my error...

below are the contents of fixlog.txt


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014 01
Ran by Farship at 2014-10-31 17:14:36 Run:1
Running from C:\Users\Farship\Desktop
Loaded Profile: Farship (Available profiles: Farship)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2098230245-2096821238-529503728-1001\...\MountPoints2: {29b253b7-bf63-11e3-beb7-c48508cfcc53} - "F:\Setup.exe"
SearchScopes: HKLM - {6FC98E18-43D1-42B1-84D0-E232D18B6951} URL = http://astromenda.com/results.php?f...G0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
SearchScopes: HKCU - 252382C611B34CA5B517F6AE9E8A9FE6 URL = http://search.conduit.com/Results.a...-40CD-880B-88400DD8C910&q={searchTerms}&SSPV=
Tcpip\..\Interfaces\{0817CE5A-D0D2-4CEA-BBEA-6689C26D1326}: [NameServer] 208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{5C18A4BF-A235-447E-9184-B72500847B6C}: [NameServer] 208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{CD822194-2C6A-40B0-BEC1-07E0404E282E}: [NameServer] 208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{F2B57EF4-9386-4316-9160-275B45B8A16C}: [NameServer] 208.69.150.250,208.69.150.252
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_orinteract_14_42_ie&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0C0F0C0CyE0F0ByEyB0DtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0C0AtAyDyE0CtG0FtC0AyEtGzztDzz0BtG0F0CyEtCtGtDtDtAyE0FyEtCtBtDyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBtC0B0F0Bzy0FtG0BtDzztAtGyEtBtDzytGzz0FyEzytG0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_orinteract_14_42_ie&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0C0F0C0CyE0F0ByEyB0DtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0C0AtAyDyE0CtG0FtC0AyEtGzztDzz0BtG0F0CyEtCtGtDtDtAyE0FyEtCtBtDyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBtC0B0F0Bzy0FtG0BtDzztAtGyEtBtDzytGzz0FyEzytG0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir="
CHR DefaultSearchKeyword: Default -> astromenda.com_
CHR DefaultSearchURL: Default -> http://astromenda.com/results.php?f...G0EtB0C0Czz0B0C0AtD0DyDtA2Q&cr=2082598172&ir=
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
S3 SBIOSIO; \??\C:\Users\Farship\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
C:\ProgramData\MakeMarkerFile.exe
C:\Users\Farship\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Farship\AppData\Local\Temp\Quarantine.exe
AlternateDataStreams: C:\Users\Farship\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Farship\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pirates: Tides of Fortune.lnk

*****************

"HKU\S-1-5-21-2098230245-2096821238-529503728-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29b253b7-bf63-11e3-beb7-c48508cfcc53}" => Key deleted successfully.
"HKCR\CLSID\{29b253b7-bf63-11e3-beb7-c48508cfcc53}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6FC98E18-43D1-42B1-84D0-E232D18B6951}" => Key deleted successfully.
"HKCR\CLSID\{6FC98E18-43D1-42B1-84D0-E232D18B6951}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\252382C611B34CA5B517F6AE9E8A9FE6" => Key deleted successfully.
"HKCR\CLSID\252382C611B34CA5B517F6AE9E8A9FE6" => Key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0817CE5A-D0D2-4CEA-BBEA-6689C26D1326}\\NameServer => value deleted successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C18A4BF-A235-447E-9184-B72500847B6C}\\NameServer => value deleted successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}\\NameServer => value deleted successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD822194-2C6A-40B0-BEC1-07E0404E282E}\\NameServer => value deleted successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F2B57EF4-9386-4316-9160-275B45B8A16C}\\NameServer => value deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll not found.
C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll not found.
SBIOSIO => Service deleted successfully.
C:\ProgramData\MakeMarkerFile.exe => Moved successfully.
C:\Users\Farship\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Farship\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Farship\SkyDrive => ":ms-properties" ADS removed successfully.
C:\Users\Farship\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pirates => ": Tides of Fortune.lnk" ADS removed successfully.

==== End of Fixlog ====

 

[Broni]

How is computer doing?

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Internet Explorer users - Click on this link to open ESET OnlineScan.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
    [/LIST]
    [*]Check [I]"YES, I accept the Terms of Use."[/I]
    [*]Click the [b]Start[/b] button.
    [*]Accept any security warnings from your browser.
    [*]Check [I]"Enable detection of potentially unwanted applications"[/I].
    [*]Click [I]Advanced settings[/I] and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
    Do NOT checkmark [I]"Use custom proxy settings"[/I]
    [*]Click the [b]Start[/b] button.
    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    [*]When the scan completes, click [b]List Threats[/b]
    [*]Click [b]Export[/b], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    [*]Click the [b]Back[/b] button.
    [*]Click the [b]Finish[/b] button.
    [/LIST]

 

[jon427]

Broni,

The laptop is running better, thanks for your help so far. Its really been great!

Below are the contents of the checkup.txt file:

Results of screen317's Security Check version 0.99.89
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Kaspersky PURE 3.0
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Java 7 Update 25
Java version out of Date!
Adobe Flash Player 15.0.0.152
Adobe Reader XI
Mozilla Firefox 32.0.3 Firefox out of Date!
Google Chrome 38.0.2125.104
Google Chrome 38.0.2125.111
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky PURE 3.0 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


Below are the contents of the FSS.txt file:

Farbar Service Scanner Version: 21-07-2014
Ran by Farship (administrator) on 03-11-2014 at 15:51:49
Running from "C:\Users\Farship\Desktop"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


Below are the contents of the ESETScan.txt file:

C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\KMPlayer_3-8-0-122.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF10.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF11.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF12.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF13.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF14.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF15.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF16.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF17.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF18.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF19.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF2.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF20.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF21.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF22.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF23.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF24.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF25.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF26.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF27.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF28.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF29.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF4.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF5.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF6.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF7.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF8.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\Farship\Desktop\Old Firefox Data\4qfd6w8x.default\extensions\{18D63913-1600-1A60-CAA3-13A60D86A1B1}\components\SystemKHlpFF9.dll Win32/Toolbar.SearchSuite potentially unwanted application deleted - quarantined
C:\Users\Farship\Downloads\SkypeSetup(1).exe Win32/InstallCore.DP potentially unwanted application deleted - quarantined
C:\Users\Farship\Downloads\SkypeSetup.exe Win32/InstallCore.DP potentially unwanted application deleted - quarantined

 

[Broni]

Update Firefox to the current 33.0.2 version.

Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

=========================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[jon427]

Thanks Bronin. Before I run the final instructions you listed above, should I delete/fix the issues that the ESET Scan found. As per your instruction, it was not mentioned to fix/delete the items found by the ESET. There were about 31 items that the scanner found.

Cheers!

 

[Broni]

All items were "deleted - quarantined".
You can empty quarantine folder if you wish.

 

[jon427]

I cannot thank you enough for all the help you provided. I have updated the Java, firefox, etc... to their latest editions and the laptop is really running smoothly since last night. The boot up is fast and opening the files or internet is fast too. I am already thinking of wiping the system before, good thing that I stumbled upon this site and able to get help from experts like you.

Cheers and again thank you for all your help.

 

[Broni]

Way to go!!
Good luck and stay safe