Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

External Hard Disk Is Infected


  • This topic is locked This topic is locked
8 replies to this topic

#1 han8

han8

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 10 January 2015 - 07:38 AM

All the folders in my external hard disk becomes shortcut. When I scanned the hard disk with avast! the action taken was to "Move To Chest" and I did. All the files in the hard disk is now gone but according to the available memory space I'm sure my files are still in the hard disk.

 

This is the DDS log generated:-

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.7600.17267  BrowserJavaVersion: 10.5.1
Run by use at 20:21:48 on 2015-01-10
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.60.1033.18.2931.745 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Users\use\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Users\use\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Users\use\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\use\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\windows\system32\conhost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\use\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\use\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\use\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\vssvc.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\system32\taskeng.exe
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?trackid=sp-006
uSearch Bar = hxxps://www.google.com/?trackid=sp-006
uSearch Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
mStart Page = hxxps://www.google.com/?trackid=sp-006
mSearch Bar = hxxps://www.google.com/?trackid=sp-006
mSearch Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - <orphaned>
BHO: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - c:\program files\toshiba\toshiba media controller plug-in\TOSHIBAMediaControllerIE.dll
BHO: {F942C7CE-6BAE-E00D-8894-7A4BF9C0D500} - <orphaned>
BHO: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - <orphaned>
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\use\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [Samsung Link] "c:\program files\samsung\samsung link\Samsung Link Tray Agent.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\java\jre7\bin\jusched.exe"
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9517A6C7-027D-48F6-9D64-36724615D0E1} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9517A6C7-027D-48F6-9D64-36724615D0E1}\14352514D41435D4B4440324 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9517A6C7-027D-48F6-9D64-36724615D0E1}\35240502140513 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9517A6C7-027D-48F6-9D64-36724615D0E1}\35240502140533 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9517A6C7-027D-48F6-9D64-36724615D0E1}\95563743D4F454F524 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9517A6C7-027D-48F6-9D64-36724615D0E1}\A514B45514E4F575946494 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{9517A6C7-027D-48F6-9D64-36724615D0E1}\C696262656274716D6F50313 : DHCPNameServer = 10.10.13.254 8.8.8.8 202.188.0.133
TCP: Interfaces\{B66BBD9F-E553-40FD-9742-1E788CCE7B8C} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{CCC4D592-14C9-4E8E-94EE-B8D62B56C02A} : DHCPNameServer = 192.168.42.129
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-12-30 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-12-30 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-12-30 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-12-30 423784]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-12-30 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-12-30 70384]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-12-30 91496]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-27 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-2-3 232960]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-12-30 23256]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-12-30 51928]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2014-9-25 26032]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2014-1-22 88576]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-4-20 133744]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2015-01-10 12:17:50 9054624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e6c1d47c-36d8-41e8-8171-66cf396985f6}\mpengine.dll
2015-01-05 14:08:01 -------- d-----w- c:\windows\system32\SPReview
2015-01-04 16:52:57 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2015-01-04 15:39:37 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{29198197-6725-4460-9600-75b5ababb8cf}\offreg.dll
2015-01-03 05:51:45 9054624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{29198197-6725-4460-9600-75b5ababb8cf}\mpengine.dll
2014-12-30 23:40:34 -------- d-----w- C:\acd72197e4daabec7bccd8032f
2014-12-30 15:58:44 -------- d-----w- c:\program files\ESET
2014-12-30 15:40:23 0 ---ha-w- c:\users\use\appdata\local\BITFC86.tmp
2014-12-30 14:31:55 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-30 14:30:32 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-30 14:30:32 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-30 14:30:32 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-30 14:30:30 -------- d-----w- c:\programdata\Malwarebytes
2014-12-30 14:30:30 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-12-30 12:53:15 -------- d-----w- c:\users\use\appdata\roaming\Dropbox
2014-12-30 12:49:23 -------- d-----w- c:\users\use\appdata\roaming\AVAST Software
2014-12-30 12:45:42 91496 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-12-30 12:45:42 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-12-30 12:45:42 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-12-30 12:45:42 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-12-30 12:45:42 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-12-30 12:45:42 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-12-30 12:45:42 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-12-30 12:45:29 43152 ----a-w- c:\windows\avastSS.scr
2014-12-30 12:20:56 -------- d-----w- c:\program files\AVAST Software
2014-12-30 12:19:17 -------- d-----w- c:\programdata\AVAST Software
2014-12-24 11:42:48 -------- d-----w- c:\users\use\appdata\local\Opera Software
2014-12-24 11:42:42 -------- d-----w- c:\users\use\appdata\roaming\Opera Software
2014-12-23 15:06:05 -------- d-----w- c:\windows\system32\EventProviders
2014-12-23 10:52:24 -------- d-----w- c:\windows\system32\appraiser
2014-12-22 14:55:15 -------- d-----w- c:\users\use\appdata\local\Apple Computer
2014-12-22 14:54:37 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-12-22 14:52:14 -------- d-----w- c:\program files\iPod
2014-12-22 14:52:09 -------- d-----w- c:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-22 14:52:09 -------- d-----w- c:\program files\iTunes
2014-12-22 14:48:11 -------- d-----w- c:\users\use\appdata\local\Apple
2014-12-22 14:46:51 -------- d-----w- c:\program files\Bonjour
2014-12-22 13:36:16 89088 ----a-w- c:\windows\system32\atl71.dll
2014-12-22 13:36:16 503808 ----a-w- c:\windows\system32\msvcp71.dll
2014-12-22 13:36:16 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2014-12-22 13:36:15 -------- d-----w- c:\program files\Musicmatch
2014-12-22 13:35:21 -------- d-----w- c:\users\use\appdata\local\Musicmatch
2014-12-22 13:00:48 -------- d-----w- c:\program files\Mp3tag
2014-12-22 12:47:04 1160872 ----a-w- c:\windows\system32\aitstatic.exe
2014-12-22 12:47:03 873984 ----a-w- c:\windows\system32\aeinv.dll
2014-12-22 12:47:03 728576 ----a-w- c:\windows\system32\appraiser.dll
2014-12-22 12:47:03 159744 ----a-w- c:\windows\system32\aepic.dll
2014-12-22 12:47:02 610304 ----a-w- c:\windows\system32\invagent.dll
2014-12-22 12:47:00 337920 ----a-w- c:\windows\system32\generaltel.dll
2014-12-22 12:47:00 315392 ----a-w- c:\windows\system32\devinv.dll
2014-12-22 12:46:59 202752 ----a-w- c:\windows\system32\aepdu.dll
.
==================== Find3M  ====================
.
2015-01-05 20:36:02 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-11-16 08:44:20 6000640 ----a-w- c:\program files\GUTEEF.tmp
2014-11-06 02:30:07 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
============= FINISH: 20:29:13.18 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:10 AM

Posted 10 January 2015 - 10:54 AM

Hey my friend, :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 han8

han8
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 12 January 2015 - 10:03 AM

Hi,

 

This is the log generated:-

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 01
Ran by use (administrator) on USE-PC on 12-01-2015 22:47:57
Running from C:\Users\use\Downloads
Loaded Profile: use (Available profiles: use & Guest)
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Google Inc.) C:\Users\use\AppData\Local\Google\Chrome\Application\chrome.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Google Inc.) C:\Users\use\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\use\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\use\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [575328 2014-12-16] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre7\bin\jusched.exe"
HKLM\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\0d676082-02c8-4ffc-ac0e-aa580f199f0c.exe [183232 2015-01-12] (AVAST Software)
HKU\S-1-5-19\...\Run: [Exetender] => C:\Program Files\Free Ride Games\GPlayer.exe [4862384 2011-09-01] (Exent Technologies Ltd.)
HKU\S-1-5-20\...\Run: [Exetender] => C:\Program Files\Free Ride Games\GPlayer.exe [4862384 2011-09-01] (Exent Technologies Ltd.)
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [399224 2011-03-14] (BitTorrent, Inc.)
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Run: [Google Update] => C:\Users\use\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {12f251b8-ed2a-11df-8bb6-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {12f251bc-ed2a-11df-8bb6-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {47edd1a3-ff87-11df-a4f6-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {85c2fda5-f9ea-11df-bc65-88ae1d4ad165} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {92241059-aea6-11e0-b484-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {92241060-aea6-11e0-b484-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {94e31211-fb8a-11df-8814-88ae1d4ad165} - D:\MPESetup.exe
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {cfb19c37-eaf9-11df-bf7f-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {cfb19c3e-eaf9-11df-bf7f-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {d1a7625b-b11b-11e0-90bc-88ae1d4ad165} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {d1a7625e-b11b-11e0-90bc-88ae1d4ad165} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-18\...\Run: [Exetender] => C:\Program Files\Free Ride Games\GPlayer.exe [4862384 2011-09-01] (Exent Technologies Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1220349763-83145152-3743730176-1004 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1220349763-83145152-3743730176-1004 -> {1B3EB50B-703B-48FC-9284-717EE5C314D0} URL = http://searchya.com/?chnl=dcom-100&s=1&cr=1492685760&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDtBtCyE&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1220349763-83145152-3743730176-1004 -> {3F943AC2-ACC8-4122-A508-C4CACEC59158} URL = http://my.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_my&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1220349763-83145152-3743730176-1004 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6OyCCQtXxC&i=26
SearchScopes: HKU\S-1-5-21-1220349763-83145152-3743730176-1004 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1220349763-83145152-3743730176-1004 -> {EA7882AD-4C65-4a40-B45D-9315C5D97138} URL = http://search.speedbit.com/searchresults.asp?src=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1220349763-83145152-3743730176-1004 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
BHO: No Name -> {3017FB3E-9A77-4396-88C5-0EC9548FB42F} ->  No File
BHO: No Name -> {389943B0-C3A2-4E69-82CB-8596A84CB3DC} ->  No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO: No Name -> {F942C7CE-6BAE-E00D-8894-7A4BF9C0D500} ->  No File
BHO: No Name -> {FF7C3CF0-4B15-11D1-ABED-709549C10000} ->  No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File
Toolbar: HKU\S-1-5-21-1220349763-83145152-3743730176-1004 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-1220349763-83145152-3743730176-1004 -> No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.5.1 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1220349763-83145152-3743730176-1004: @talk.google.com/GoogleTalkPlugin -> C:\Users\use\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1220349763-83145152-3743730176-1004: @talk.google.com/O1DPlugin -> C:\Users\use\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1220349763-83145152-3743730176-1004: @tools.google.com/Google Update;version=3 -> C:\Users\use\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1220349763-83145152-3743730176-1004: @tools.google.com/Google Update;version=9 -> C:\Users\use\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1220349763-83145152-3743730176-1004: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\use\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\use\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\use\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2010-11-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-30]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2010-11-26]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://rocket-find.com/?f=1&a=rckt_md_14_27_ch&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCyCtC0C0B0Czz0CtD0CtN0D0Tzu0SzytCtAtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtBtD0FtA0FzzyDtGzzyCyB0AtGtBtBzyzztGyCyB0DyDtGtBtDyE0BtBtByBtAtByD0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzytDtB0FyCtC0AtGyDzyzyzytGtDtD0DtAtGyD0DtAzytGtD0EtAzy0FyEtAzztByD0A0E2Q&cr=899185847&ir=
CHR Profile: C:\Users\use\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\use\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\use\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2013-09-12]
CHR Extension: (Avast SafePrice) - C:\Users\use\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-01-05]
CHR Extension: (Hola Better Internet) - C:\Users\use\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-04-15]
CHR Extension: (ChromeTheme) - C:\Users\use\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehainnnojhapdmhekpgbhmefehnfemd [2012-08-23]
CHR Extension: (Google Wallet) - C:\Users\use\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - No Path
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-30]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-30]
CHR HKLM\...\Chrome\Extension: [ngokbggljahdngljifpfkabjkjkpnpdj] - C:\ProgramData\Bcool\ngokbggljahdngljifpfkabjkjkpnpdj.crx [2012-05-22]
CHR HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - No Path
CHR StartMenuInternet: Google Chrome - chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [401800 2013-12-21] (Samsung) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-30] (AVAST Software)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2010-01-29] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LMS; C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29263712 2008-11-25] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-25] (Microsoft Corporation)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [581984 2014-12-16] (Copyright 2013 SAMSUNG)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [652800 2010-01-26] (Nokia) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-07] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [189808 2010-04-07] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2010-02-06] (TOSHIBA Corporation)
S3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2010-04-01] (TOSHIBA Corporation)
R2 UNS; C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Apowersoft_AudioDevice; C:\windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2014-04-09] (Wondershare)
R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2014-12-30] ()
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [70384 2014-12-30] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2014-12-30] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-12-30] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [787800 2014-12-30] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [423784 2014-12-30] (AVAST Software)
S2 aswStm; C:\windows\system32\drivers\aswStm.sys [91496 2014-12-30] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [206248 2014-12-30] ()
R0 LPCFilter; C:\windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-31] (COMPAL ELECTRONIC INC.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
S3 usbrndis6; C:\windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
R2 X6XSEx; C:\Program Files\Free Ride Games\X6XSEx.Sys [46184 2010-11-22] (Exent Technologies Ltd.)
S0 PxHelp20; System32\Drivers\PxHelp20.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-12 22:47 - 2015-01-12 22:51 - 00025303 _____ () C:\Users\use\Downloads\FRST.txt
2015-01-12 22:47 - 2015-01-12 22:48 - 00000000 ____D () C:\FRST
2015-01-12 22:41 - 2015-01-12 22:43 - 01115648 _____ (Farbar) C:\Users\use\Downloads\FRST.exe
2015-01-11 00:03 - 2015-01-11 00:03 - 00000000 ____D () C:\windows\system32\SPReview
2015-01-10 20:29 - 2015-01-10 20:31 - 00015299 _____ () C:\Users\use\Desktop\dds.txt
2015-01-10 20:29 - 2015-01-10 20:31 - 00007342 _____ () C:\Users\use\Desktop\attach.txt
2015-01-10 20:19 - 2015-01-10 20:20 - 00688992 ____R (Swearware) C:\Users\use\Downloads\dds.com
2015-01-05 01:04 - 2015-01-05 01:04 - 00146928 _____ () C:\windows\Minidump\010515-32432-01.dmp
2015-01-05 00:55 - 2015-01-05 00:55 - 00146928 _____ () C:\windows\Minidump\010515-37253-01.dmp
2015-01-05 00:52 - 2015-01-05 00:53 - 00002560 _____ () C:\windows\_MSRSTRT.EXE
2014-12-31 21:19 - 2014-12-31 21:20 - 00448512 _____ (OldTimer Tools) C:\Users\use\Downloads\TFC.exe
2014-12-31 07:43 - 2014-12-31 07:43 - 00146928 _____ () C:\windows\Minidump\123114-31933-01.dmp
2014-12-31 07:40 - 2014-12-31 07:40 - 00000000 ____D () C:\acd72197e4daabec7bccd8032f
2014-12-31 07:36 - 2014-12-31 07:36 - 00001806 _____ () C:\Users\use\Desktop\ESETScan.txt
2014-12-30 23:58 - 2014-12-30 23:58 - 00000000 ____D () C:\Program Files\ESET
2014-12-30 23:57 - 2014-12-30 23:58 - 02347384 _____ (ESET) C:\Users\use\Downloads\esetsmartinstaller_enu.exe
2014-12-30 23:42 - 2014-12-30 23:43 - 00146928 _____ () C:\windows\Minidump\123014-111213-01.dmp
2014-12-30 23:40 - 2014-12-30 23:40 - 00000000 ____H () C:\Users\use\AppData\Local\BITFC86.tmp
2014-12-30 23:40 - 2014-12-30 23:40 - 00000000 _____ () C:\Users\use\AppData\Local\{52560775-8EC9-4390-B1CB-D2EA7E7A2D45}
2014-12-30 22:31 - 2015-01-12 22:43 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 22:31 - 2014-12-30 22:31 - 00001031 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-30 22:31 - 2014-12-30 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-30 22:30 - 2014-12-30 22:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-30 22:30 - 2014-12-30 22:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-30 22:30 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-30 22:30 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-30 22:30 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-30 22:23 - 2014-12-30 22:23 - 00041268 _____ () C:\Users\use\Desktop\Result.txt
2014-12-30 22:20 - 2014-12-30 22:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\use\Desktop\abc123.exe
2014-12-30 22:11 - 2014-12-30 22:14 - 00041268 _____ () C:\Users\use\Downloads\Result.txt
2014-12-30 22:10 - 2014-12-30 22:10 - 00401920 _____ (Farbar) C:\Users\use\Downloads\MiniToolBox.exe
2014-12-30 20:53 - 2014-12-30 20:53 - 00000000 ____D () C:\Users\use\AppData\Roaming\Dropbox
2014-12-30 20:49 - 2014-12-30 20:49 - 00000000 ____D () C:\Users\use\AppData\Roaming\AVAST Software
2014-12-30 20:46 - 2014-12-30 20:46 - 00002088 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-30 20:46 - 2014-12-30 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-30 20:45 - 2014-12-30 20:46 - 00787800 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-12-30 20:45 - 2014-12-30 20:46 - 00423784 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-12-30 20:45 - 2014-12-30 20:45 - 00291352 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-12-30 20:45 - 2014-12-30 20:45 - 00206248 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-12-30 20:45 - 2014-12-30 20:45 - 00091496 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-12-30 20:45 - 2014-12-30 20:45 - 00081768 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-12-30 20:45 - 2014-12-30 20:45 - 00070384 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-12-30 20:45 - 2014-12-30 20:45 - 00049944 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-12-30 20:45 - 2014-12-30 20:45 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-12-30 20:45 - 2014-12-30 20:45 - 00024184 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-12-30 20:20 - 2014-12-30 20:20 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-30 20:19 - 2014-12-30 20:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-30 20:14 - 2014-12-30 20:15 - 05006864 _____ (AVAST Software) C:\Users\use\Downloads\avast_free_antivirus_setup_online.exe
2014-12-30 20:14 - 2014-12-30 20:15 - 05006864 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-12-24 19:42 - 2014-12-24 19:42 - 00000000 ____D () C:\Users\use\AppData\Roaming\Opera Software
2014-12-24 19:42 - 2014-12-24 19:42 - 00000000 ____D () C:\Users\use\AppData\Local\Opera Software
2014-12-23 23:06 - 2014-12-23 23:06 - 00000000 ____D () C:\windows\system32\EventProviders
2014-12-23 18:52 - 2014-12-23 18:52 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-22 22:55 - 2014-12-22 22:55 - 00000000 ____D () C:\Users\use\AppData\Roaming\Apple Computer
2014-12-22 22:55 - 2014-12-22 22:55 - 00000000 ____D () C:\Users\use\AppData\Local\Apple Computer
2014-12-22 22:54 - 2014-12-22 22:54 - 00001724 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-22 22:54 - 2014-12-22 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-22 22:54 - 2012-10-03 16:14 - 00026840 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys
2014-12-22 22:52 - 2014-12-22 22:54 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-22 22:52 - 2014-12-22 22:54 - 00000000 ____D () C:\Program Files\iTunes
2014-12-22 22:52 - 2014-12-22 22:52 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-12-22 22:52 - 2014-12-22 22:52 - 00000000 ____D () C:\Program Files\iPod
2014-12-22 22:48 - 2014-12-22 22:48 - 00000000 ____D () C:\Users\use\AppData\Local\Apple
2014-12-22 22:47 - 2014-12-22 22:47 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-12-22 22:47 - 2014-12-22 22:47 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-12-22 22:46 - 2014-12-22 22:47 - 00000000 ____D () C:\Program Files\Bonjour
2014-12-22 22:45 - 2014-12-22 22:52 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-22 22:45 - 2014-12-22 22:47 - 00000000 ____D () C:\ProgramData\Apple
2014-12-22 22:44 - 2014-12-22 22:44 - 68097263 _____ () C:\Users\use\Downloads\갓세븐 (GOT7) – GOT♡ (Got Love).rar
2014-12-22 22:37 - 2014-12-22 23:05 - 49549272 _____ () C:\Users\use\Downloads\GOT7 - Got It [www.bamsaranghaee.blogspot.zip
2014-12-22 22:27 - 2014-12-22 22:27 - 92029902 _____ () C:\Users\use\Downloads\[www.K2Ost.com] GOT7 Identify [FULL 1st Album].rar
2014-12-22 22:18 - 2014-12-22 22:43 - 109829936 _____ (Apple Inc.) C:\Users\use\Downloads\iTunesSetup.exe
2014-12-22 21:36 - 2014-12-26 22:49 - 00000000 ____D () C:\Program Files\Musicmatch
2014-12-22 21:36 - 2014-12-22 21:36 - 00000000 ____D () C:\Users\use\AppData\Roaming\Musicmatch
2014-12-22 21:36 - 2005-05-11 00:04 - 01093632 ____N (Sonic Solutions) C:\windows\system32\pxsfs.dll
2014-12-22 21:36 - 2005-05-11 00:04 - 01047552 _____ (Microsoft Corporation) C:\windows\system32\mfc71u.dll
2014-12-22 21:36 - 2005-05-11 00:04 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\msvcp71.dll
2014-12-22 21:36 - 2005-05-11 00:04 - 00397312 ____N (Sonic Solutions) C:\windows\system32\pxdrv.dll
2014-12-22 21:36 - 2005-05-11 00:04 - 00360448 ____N (Sonic Solutions) C:\windows\system32\px.dll
2014-12-22 21:36 - 2005-05-11 00:04 - 00339968 ____N (Sonic Solutions) C:\windows\system32\pxwave.dll
2014-12-22 21:36 - 2005-05-11 00:04 - 00155648 ____N (Sonic Solutions) C:\windows\system32\pxmas.dll
2014-12-22 21:36 - 2005-05-11 00:04 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\atl71.dll
2014-12-22 21:35 - 2014-12-22 21:46 - 00000000 ____D () C:\Users\use\AppData\Local\Musicmatch
2014-12-22 21:17 - 2014-12-22 21:17 - 00001064 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-12-22 21:17 - 2014-12-22 21:17 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-12-22 21:09 - 2014-12-22 21:51 - 00000000 ____D () C:\Program Files\Opera
2014-12-22 21:00 - 2014-12-22 21:06 - 00000000 ____D () C:\Program Files\Mp3tag
2014-12-22 20:47 - 2014-12-04 10:20 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-22 20:47 - 2014-12-04 10:20 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-22 20:47 - 2014-12-04 10:20 - 00337920 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-22 20:47 - 2014-12-04 10:20 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-22 20:47 - 2014-12-04 10:20 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-22 20:47 - 2014-12-04 10:17 - 00873984 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-22 20:47 - 2014-12-02 07:27 - 01160872 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-22 20:46 - 2014-12-04 10:20 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-22 20:44 - 2014-12-22 20:45 - 01933154 _____ (Sergey Serkov ) C:\Users\use\Downloads\tagscan5.1.657setup.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-12 22:52 - 2011-02-25 21:32 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-12 22:48 - 2011-03-14 15:06 - 00000000 ____D () C:\Users\use\AppData\Roaming\uTorrent
2015-01-12 22:42 - 2010-11-20 02:19 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220349763-83145152-3743730176-1004UA.job
2015-01-12 22:41 - 2010-10-05 05:55 - 01479347 _____ () C:\windows\WindowsUpdate.log
2015-01-12 22:40 - 2009-07-14 12:34 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-12 22:40 - 2009-07-14 12:34 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-12 22:28 - 2014-07-01 20:21 - 00000284 _____ () C:\windows\Tasks\Rocket Updater.job
2015-01-12 22:28 - 2011-02-25 21:32 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-12 22:28 - 2009-07-14 12:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-12 22:28 - 2009-07-14 12:39 - 00200192 _____ () C:\windows\setupact.log
2015-01-10 20:23 - 2010-04-14 18:31 - 00857936 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-06 04:36 - 2010-11-09 15:03 - 00249488 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-01-05 01:04 - 2013-01-22 16:18 - 00000000 ____D () C:\windows\Minidump
2015-01-05 01:03 - 2013-01-22 16:18 - 373796054 _____ () C:\windows\MEMORY.DMP
2015-01-05 00:55 - 2010-10-05 06:23 - 00293308 _____ () C:\windows\PFRO.log
2015-01-05 00:53 - 2010-11-20 03:10 - 00000000 ____D () C:\Program Files\DAP
2015-01-05 00:50 - 2010-11-08 14:35 - 00000000 ____D () C:\Users\use\AppData\Local\Google
2015-01-04 23:40 - 2010-11-20 03:10 - 00000000 ____D () C:\ProgramData\SpeedBit
2015-01-04 23:37 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-31 20:39 - 2011-10-25 15:54 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-31 20:39 - 2011-10-25 15:54 - 00000000 ____D () C:\Program Files\Adobe
2014-12-31 20:34 - 2010-04-14 18:29 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-31 20:33 - 2010-11-25 16:52 - 00000000 ____D () C:\Users\use\AppData\Local\Adobe
2014-12-31 20:02 - 2014-03-19 09:36 - 00000000 ____D () C:\Users\use\Documents\Stories
2014-12-31 19:41 - 2010-11-20 02:19 - 00000848 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220349763-83145152-3743730176-1004Core.job
2014-12-31 15:49 - 2010-11-20 03:10 - 00000000 ____D () C:\Program Files\SearchPredict
2014-12-31 02:56 - 2012-05-22 19:18 - 00000000 ____D () C:\ProgramData\Bcool
2014-12-30 23:37 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\AppCompat
2014-12-30 23:35 - 2014-07-01 20:21 - 00000000 ____D () C:\Users\use\AppData\Roaming\RocketUpdater
2014-12-30 22:20 - 2010-11-20 03:11 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-27 17:49 - 2014-10-15 14:40 - 00000000 ____D () C:\Users\use\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-27 17:49 - 2013-10-12 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-27 17:49 - 2010-11-07 12:27 - 00000000 ____D () C:\Users\use
2014-12-26 21:22 - 2011-04-28 20:42 - 00000000 ____D () C:\Users\use\AppData\Local\CrashDumps
2014-12-23 18:52 - 2014-07-11 03:20 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-23 00:12 - 2013-08-20 20:37 - 00000000 ____D () C:\windows\system32\MRT
2014-12-22 23:08 - 2010-11-26 19:00 - 109818608 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-22 21:36 - 2010-04-14 18:20 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-27 16:28
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 01
Ran by use at 2015-01-12 22:53:23
Running from C:\Users\use\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - )
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
AllShare Framework DMS (HKLM\...\{1C2A409B-3D00-4EE7-B13C-3C70AB8704B0}) (Version: 1.3.23 - Samsung)
Any Video Converter 3.4.0 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arduino (HKLM\...\Arduino) (Version: 1.0.5-r2 - Arduino LLC)
Audacity 1.3.14 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.2.0.7 - )
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.10(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.42 - Broadcom Corporation)
Bundled software uninstaller (HKLM\...\bi_uninstaller) (Version:  - ) <==== ATTENTION
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Delicious - Emily's Tea Garden 1.00 (HKLM\...\Delicious - Emily's Tea Garden 1.00) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Farm Craft FINAL 1.00 (HKLM\...\Farm Craft FINAL 1.00) (Version:  - )
Fitness Dash FINAL 1.0.0.127 (HKLM\...\Fitness Dash FINAL 1.0.0.127) (Version:  - )
Fix-it-up - Kate's Adventure 1.00 (HKLM\...\Fix-it-up - Kate's Adventure 1.00) (Version:  - )
Free Ride Games Player (HKLM\...\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}) (Version:  - ) <==== ATTENTION
Garden Dash 1.00 (HKLM\...\Garden Dash 1.00) (Version:  - )
Gemini Lost (HKLM\...\Gemini Lost1.0.0.125) (Version: 1.0.0.125 - Adnan_Boy 2008)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Hotel Dash Suite Success (HKLM\...\Hotel Dash Suite Success1.0) (Version: 1.0 - AllSmartGames)
HP Deskjet Ink Adv 2060 K110 Basic Device Software (HKLM\...\{51BA435B-D119-4A1B-966C-673D382B260A}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet Ink Adv 2060 K110 Help (HKLM\...\{261A4762-744B-4C71-81D2-57FA5038DC7B}) (Version: 140.0.2.2 - Hewlett Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java™ 7 Update 5 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.42.3 - JMicron Technology Corp.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Karaoke Anything! (HKLM\...\Karaoke Anything!1.0) (Version:  - )
Kelly Green Garden Queen 1.00 (HKLM\...\Kelly Green Garden Queen 1.00) (Version:  - )
K-Lite Codec Pack 7.1.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Magic Farm Ultimate Flower 1.00 (HKLM\...\Magic Farm Ultimate Flower 1.00) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marine Park Empire (HKLM\...\InstallShield_{977CD9E4-2CE7-46AC-BBEC-FC2B9696464B}) (Version: 1.00 - Enlight Software)
Marine Park Empire (Version: 1.00 - Enlight Software) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Language Interface Pack 2007 - bahasa Melayu (HKLM\...\{95120000-00FF-043E-0000-0000000FF1CE}) (Version: 12.0.4518.1082 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{56B4002F-671C-49F4-984C-C760FE3806B5}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MyFreeCodec) (Version:  - )
Nanny Mania 2 Hollywood 1.00 (HKLM\...\Nanny Mania 2 Hollywood 1.00) (Version:  - )
Nokia Connectivity Cable Driver (HKLM\...\{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}) (Version: 7.1.27.0 - Nokia)
Nokia Ovi Suite (HKLM\...\Nokia Ovi Suite) (Version: 2.1.0.87 - Nokia)
Nokia Ovi Suite (Version: 2.1.0.87 - Nokia) Hidden
Norton Internet Security (Version: 17.5.0.127 - Symantec Corporation) Hidden
Opera Stable 26.0.1656.60 (HKLM\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
Ovi Desktop Sync Engine (Version: 1.2.254.0 - Nokia) Hidden
OviMPlatform (Version: 2.6.86.0 - Nokia) Hidden
PC Connectivity Solution (HKLM\...\{481C9A00-91AC-4065-870C-BD4E28186E5A}) (Version: 10.5.1.0 - Nokia)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6072 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Link 2.0.0.1412161531 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1412161531 - Copyright 2013 SAMSUNG)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Soap Opera Dash (HKLM\...\Soap Opera Dash1.0) (Version: 1.0 - AllSmartGames)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Top Chef 1.00 (HKLM\...\Top Chef 1.00) (Version:  - )
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.13 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM\...\InstallShield_{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}) (Version: 1.6.07.32 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM\...\{607BE7BF-7C28-4ADB-A4A0-385962B901C3}) (Version: 8.0.28 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.2.11.0 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.3.32 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.22C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.80.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.1.0 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM\...\InstallShield_{B894522E-C079-4DC8-A305-30BA6E2F4459}) (Version: 1.6.06.32 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.3.3 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
Turtle Odyssey 1.00 (HKLM\...\Turtle Odyssey 1.00) (Version:  - )
Utility Common Driver (Version: 1.0.52.1C - TOSHIBA) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\use\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Users\use\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\use\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\use\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Users\use\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\use\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\use\AppData\Local\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{6CE4B8A6-4DB5-4F63-8013-1197503692EF}\InprocServer32 -> C:\Users\use\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\YBPAddon_2.9.8.dll (Yahoo! Inc.)
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Users\use\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Users\use\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\use\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1220349763-83145152-3743730176-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\use\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
 
==================== Restore Points  =========================
 
31-12-2014 20:50:52 Windows 7 Service Pack 1
03-01-2015 14:59:24 Windows Update
05-01-2015 20:10:42 Windows Update
05-01-2015 22:05:53 Windows Update
10-01-2015 20:14:39 Windows Update
11-01-2015 00:00:12 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {174CF04C-957F-45F2-96DF-F6F49F3BBAAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {1FBF47E7-4243-4C1B-8B1C-7FF11D5A68D5} - System32\Tasks\{0AFE174E-F8D8-44F4-A208-1C341EC02739} => pcalua.exe -a G:\setup.exe -d G:\
Task: {2176B80F-25D7-4651-B6D2-7310334433A1} - \Rocket Updater No Task File <==== ATTENTION
Task: {246BB85F-3937-40DC-908C-933F2991C95D} - System32\Tasks\Opera scheduled Autoupdate 1419254214 => C:\Program Files\Opera\launcher.exe [2014-12-16] (Opera Software)
Task: {2F51019E-A8D6-401F-B3DE-AD9A7B334B70} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3D3E7590-31FA-4BFB-9A85-EAC9EA16373D} - System32\Tasks\{AFD79995-A4F9-454A-B420-4C660FEB1605} => pcalua.exe -a "C:\Remote Programs\Treasures of Montezuma\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=466550;name=The Treasures of Montezuma;dir=C:\Remote Programs\Treasures of Montezuma\;prvid=143;cmdid=1;prvdir=Default
Task: {3EB6DA35-7A75-4D92-B13E-15E0C558D4D1} - System32\Tasks\AdobeAAMUpdater-1.0-use-PC-use => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {531B7914-6CD2-4E32-BF61-5F58A6A4B42E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-30] (AVAST Software)
Task: {5B1B2367-7A0D-40CA-B9D2-810CA3B50920} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1220349763-83145152-3743730176-1004Core => C:\Users\use\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {6039125B-F62E-4314-857E-BCAA7F390DC5} - System32\Tasks\avastBCLRestartS-1-5-21-1220349763-83145152-3743730176-1004 => Chrome.exe 
Task: {618C12B7-9DF9-46FD-89E1-AB0F2DB31BF5} - System32\Tasks\{0DFE0DED-BE99-4331-B5C7-6CB947430B97} => pcalua.exe -a "C:\Users\use\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9W1LGZ4N\dap10i_ya1b_setup[1].exe" -d C:\Users\use\Desktop
Task: {6DA07D29-A87C-4747-B5B9-6E85E86AB1D4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1220349763-83145152-3743730176-1004UA => C:\Users\use\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {75853FDF-D7FB-4B8A-BB79-B4AF5F9B6B6A} - System32\Tasks\{F8ADC5ED-EE14-4E68-9D58-BEEFB3A6A3ED} => pcalua.exe -a "C:\Users\use\Documents\Games\Bowling Mania\Bowling Mania.exe" -d "C:\Users\use\Documents\Games\Bowling Mania"
Task: {862E4F73-2F95-42EC-AAFF-20BD51B2651F} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-23] (TOSHIBA CORPORATION)
Task: {997CD9E4-36E9-4BD4-830F-71DA68A9F8D8} - System32\Tasks\{E2CBDCDD-9105-415D-9401-2DC8EA09DC21} => Chrome.exe http://ui.skype.com/ui/0/5.8.0.158/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {CA560905-0BBC-4C47-B487-9EC41053DAED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {EE7151F2-25BD-44F4-868A-CD5F917350DE} - System32\Tasks\{0E36FE84-828D-4FDB-A9FB-71C5C13752FF} => pcalua.exe -a C:\windows\iun6002.exe -c "C:\Program Files\Karaoke Anything!\irunin.ini"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220349763-83145152-3743730176-1004Core.job => C:\Users\use\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220349763-83145152-3743730176-1004UA.job => C:\Users\use\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Rocket Updater.job => C:\Users\use\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2015-01-10 20:05 - 2015-01-10 20:05 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011000\algo.dll
2015-01-12 22:32 - 2015-01-12 22:32 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011200\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-15 14:39 - 2014-12-16 15:31 - 00022016 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2014-10-15 14:39 - 2014-12-16 15:31 - 00041472 _____ () C:\Program Files\Samsung\Samsung Link\JniIO.dll
2013-12-21 11:15 - 2013-12-21 11:15 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\JNIInterface.dll
2013-12-21 11:15 - 2013-12-21 11:15 - 00119296 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ASFAPI.dll
2013-12-21 11:17 - 2013-12-21 11:17 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MediaDB_Manager.dll
2013-10-01 09:46 - 2013-10-01 09:46 - 00025600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MediaDB.dll
2013-10-22 09:48 - 2013-10-22 09:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll
2013-12-21 11:17 - 2013-12-21 11:17 - 00589824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMS_Manager.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\windows\system32\boost_serialization-vc90-mt-1_47.dll
2014-12-30 20:45 - 2014-12-30 20:45 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-15 14:39 - 2014-12-16 15:31 - 01893888 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2014-10-15 14:39 - 2014-12-16 15:31 - 01840128 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2014-10-15 14:41 - 2014-10-15 14:41 - 00640512 _____ () C:\Windows\Temp\sqlite-3.7.151-x86-sqlitejdbc.dll
2013-10-12 17:23 - 2013-10-12 17:23 - 01931264 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\359de6ae593d48924f55679829b0e19f\Kies.UI.ni.dll
2013-10-12 17:23 - 2013-10-12 17:23 - 00079360 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\472cebc657ac83d6274ced5e25508c32\Kies.MVVM.ni.dll
2013-10-12 17:24 - 2013-10-12 17:24 - 00189952 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\13a1bed38288c7f63f7e5414839202c7\Kies.Common.DeviceServiceLib.Interface.ni.dll
2013-10-12 17:31 - 2013-10-12 17:31 - 00367104 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\b39c9ff266b3bf418e776eefb4cf5713\DevicePhoto.ni.dll
2013-10-12 17:31 - 2013-10-12 17:31 - 00301568 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\3ce069717c82bfa956a4b50663d78e18\DeviceVideo.ni.dll
2013-10-12 17:31 - 2013-10-12 17:31 - 00616448 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\4205c2d823d59e46651f18c5925c752b\DevicePodcast.ni.dll
2013-10-12 17:31 - 2013-10-12 17:31 - 00307200 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\1cc8adcbbf73a8159206e665f0048c48\DummyStorePlugin.ni.dll
2013-10-12 17:31 - 2013-10-12 17:31 - 14972928 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\6d4fe7bb5a9313ece850af1dc736d1ee\Kies.Theme.ni.dll
2013-10-12 17:29 - 2013-10-12 17:29 - 00581632 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2049ec69c68f0d30ab197c0a238cbe64\Kies.Common.DeviceServiceLib.FileService.ni.dll
2013-10-12 17:28 - 2013-10-12 17:28 - 00046592 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\4be9d5416b7a0280cd91118793d33d46\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
2013-10-12 17:29 - 2013-10-12 17:29 - 01002496 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\ac68377a9298ff1f08b8450a3fbc955a\DeviceCommonLib.ni.dll
2013-10-12 17:30 - 2013-10-12 17:30 - 00232960 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\d30dd594f264c0bdcc68e2bbff360cfd\ASF_cSharpAPI.ni.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll
2013-10-25 19:49 - 2013-10-25 19:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll
2013-04-19 16:38 - 2013-04-19 16:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll
2014-12-22 20:36 - 2014-12-06 09:50 - 01077064 _____ () C:\Users\use\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-22 20:36 - 2014-12-06 09:50 - 00211272 _____ () C:\Users\use\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-22 20:36 - 2014-12-06 09:50 - 09009480 _____ () C:\Users\use\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-22 20:36 - 2014-12-06 09:50 - 01677128 _____ () C:\Users\use\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:073139EC
AlternateDataStreams: C:\ProgramData\TEMP:260575F1
AlternateDataStreams: C:\ProgramData\TEMP:2B11E0DF
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:38091CBB
AlternateDataStreams: C:\ProgramData\TEMP:49EB0FDC
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:6B86037F
AlternateDataStreams: C:\ProgramData\TEMP:6E1F359F
AlternateDataStreams: C:\ProgramData\TEMP:9485E512
AlternateDataStreams: C:\ProgramData\TEMP:ED9B661E
AlternateDataStreams: C:\ProgramData\TEMP:F1F85068
AlternateDataStreams: C:\ProgramData\TEMP:F81E7082
AlternateDataStreams: C:\ProgramData\TEMP:FC60E0F8
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\windows\pss\Bluetooth Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^use^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: DownloadAccelerator => "C:\Program Files\DAP\DAP.EXE" /STARTUP
MSCONFIG\startupreg: Exetender => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
MSCONFIG\startupreg: Facebook Update => "C:\Users\use\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\use\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: googletalk => C:\Users\use\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: HWSetup => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: KeNotify => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NokiaMServer => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TSleepSrv => %ProgramFiles%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
MSCONFIG\startupreg: TWebCamera => "C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: uTorrent => "C:\Program Files\uTorrent\uTorrent.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1220349763-83145152-3743730176-500 - Administrator - Disabled)
Guest (S-1-5-21-1220349763-83145152-3743730176-501 - Limited - Disabled) => C:\Users\Guest
use (S-1-5-21-1220349763-83145152-3743730176-1004 - Administrator - Enabled) => C:\Users\use
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/04/2015 08:35:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 460: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (01/04/2015 08:35:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (12/29/2014 09:49:09 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3be6b349-c2ec-4cd1-b0e2-f65b6cedb542}
 
Error: (12/27/2014 04:33:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/27/2014 04:33:25 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (12/27/2014 04:33:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/27/2014 04:32:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/26/2014 09:23:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {585c0bfb-d9f5-4c07-b7ec-3c5cfa48c018}
 
Error: (12/26/2014 09:22:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wuauclt.exe, version: 7.6.7600.256, time stamp: 0x4fca8fc1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1be4
Faulting application start time: 0xwuauclt.exe0
Faulting application path: wuauclt.exe1
Faulting module path: wuauclt.exe2
Report Id: wuauclt.exe3
 
Error: (12/24/2014 08:53:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (01/12/2015 10:29:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
PxHelp20
 
Error: (01/11/2015 00:19:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows 7 Service Pack 1 (KB976932).
 
Error: (01/10/2015 08:56:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
PxHelp20
 
Error: (01/10/2015 08:55:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:44:01 PM on ‎10/‎1/‎2015 was unexpected.
 
Error: (01/10/2015 08:04:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%1053
 
Error: (01/10/2015 08:04:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
 
Error: (01/10/2015 07:59:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
PxHelp20
 
Error: (01/10/2015 07:58:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:12:55 PM on ‎10/‎1/‎2015 was unexpected.
 
Error: (01/10/2015 07:10:46 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (01/10/2015 06:38:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}
 
 
Microsoft Office Sessions:
=========================
Error: (05/26/2014 06:28:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5723 seconds with 2460 seconds of active time.  This session ended with a crash.
 
Error: (02/14/2012 09:27:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 28 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/14/2012 09:27:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1176 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error: (01/29/2012 08:28:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 140 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error: (01/27/2012 00:19:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1507 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error: (01/26/2012 11:54:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3337 seconds with 2520 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU U5400 @ 1.20GHz
Percentage of memory in use: 76%
Total physical RAM: 2930.67 MB
Available physical RAM: 694.26 MB
Total Pagefile: 5859.62 MB
Available Pagefile: 3232.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.02 MB
 
==================== Drives ================================
 
Drive c: (S3A8859D002) (Fixed) (Total:285.93 GB) (Free:178.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (My Passport) (Fixed) (Total:931.48 GB) (Free:729.79 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 8E1CEA06)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=285.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.7 GB) - (Type=17)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:10 AM

Posted 12 January 2015 - 10:11 AM

Hey,
please move FRST to your Desktop. ;)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 han8

han8
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 13 January 2015 - 12:08 PM

Hi,

 

So the first ADWCleaner.. There's 2 logs in the folder i.e. RO and SO.. The below is SO:-

 

# AdwCleaner v4.107 - Report created 13/01/2015 at 22:38:38
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Home Premium  (32 bits)
# Username : use - USE-PC
# Running from : C:\Users\use\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Free Ride Games
Folder Deleted : C:\ProgramData\iWin
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Bcool
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bcool
Folder Deleted : C:\Program Files\Free Ride Games
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\SearchPredict
Folder Deleted : C:\Program Files\Speedbit Video Downloader
Folder Deleted : C:\users\use\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\users\use\AppData\Local\PackageAware
Folder Deleted : C:\users\use\AppData\Local\Rocket
Folder Deleted : C:\users\use\AppData\LocalLow\Conduit
Folder Deleted : C:\users\use\AppData\LocalLow\Ironsource
Folder Deleted : C:\users\use\AppData\LocalLow\Toolbar4
Folder Deleted : C:\users\use\AppData\LocalLow\Bcool
Folder Deleted : C:\users\use\AppData\Roaming\BabSolution
Folder Deleted : C:\users\use\AppData\Roaming\Babylon
Folder Deleted : C:\users\use\AppData\Roaming\iWin
Folder Deleted : C:\users\use\AppData\Roaming\NCH Software
Folder Deleted : C:\users\use\AppData\Roaming\PerformerSoft
Folder Deleted : C:\users\use\AppData\Roaming\RocketUpdater
Folder Deleted : C:\Users\use\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
File Deleted : C:\Program Files\Mozilla Firefox\user.js
File Deleted : C:\Users\use\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\use\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Deleted : C:\Users\use\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Rocket Updater
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\use\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player\Uninstall.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Key Deleted : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj
Key Deleted : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj.1
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\f57d68cbc6fec12
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1B3EB50B-703B-48FC-9284-717EE5C314D0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EA7882AD-4C65-4a40-B45D-9315C5D97138}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\Rocket Browser
Key Deleted : HKCU\Software\RocketUpdater
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\FlvPlayer
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Web Assistant
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\incredibar.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7600.17267
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v
 
 
-\\ Opera v26.0.1656.60
 
 
*************************
 
AdwCleaner[R0].txt - [9980 octets] - [13/01/2015 22:24:55]
AdwCleaner[S0].txt - [10265 octets] - [13/01/2015 22:38:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10326 octets] ##########
 
2) From Malwarebytes:-
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 13/1/2015
Scan Time: 11:29:41 PM
Logfile: mbamscanlog.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.13.11
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x86
File System: NTFS
User: use
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357990
Time Elapsed: 56 min, 16 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.SearchPredict.A, HKU\S-1-5-21-1220349763-83145152-3743730176-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}, Quarantined, [dcbc80743b4efc3a2fd6a53f788a10f0], 
PUP.Optional.SearchPredict.A, HKU\S-1-5-21-1220349763-83145152-3743730176-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}, Quarantined, [dcbc80743b4efc3a2fd6a53f788a10f0], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
3) From JRT:-
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x86
Ran by use on Wed 14/01/2015 at  0:49:08.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3F943AC2-ACC8-4122-A508-C4CACEC59158}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F942C7CE-6BAE-E00D-8894-7A4BF9C0D500}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{F942C7CE-6BAE-E00D-8894-7A4BF9C0D500}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\use\appdata\local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 14/01/2015 at  1:00:19.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
4) Lastly, FRST:-
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 01
Ran by use (administrator) on USE-PC on 14-01-2015 01:01:59
Running from C:\Users\use\Desktop
Loaded Profile: use (Available profiles: use & Guest)
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Users\use\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\use\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\use\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\use\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\use\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [575328 2014-12-16] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre7\bin\jusched.exe"
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [399224 2011-03-14] (BitTorrent, Inc.)
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Run: [Google Update] => C:\Users\use\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {12f251b8-ed2a-11df-8bb6-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {12f251bc-ed2a-11df-8bb6-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {47edd1a3-ff87-11df-a4f6-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {85c2fda5-f9ea-11df-bc65-88ae1d4ad165} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {92241059-aea6-11e0-b484-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {92241060-aea6-11e0-b484-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {94e31211-fb8a-11df-8814-88ae1d4ad165} - D:\MPESetup.exe
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {cfb19c37-eaf9-11df-bf7f-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {cfb19c3e-eaf9-11df-bf7f-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {d1a7625b-b11b-11e0-90bc-88ae1d4ad165} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {d1a7625e-b11b-11e0-90bc-88ae1d4ad165} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1220349763-83145152-3743730176-1004 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1220349763-83145152-3743730176-1004 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files\Free Ride Games\npExentCtl.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.5.1 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1220349763-83145152-3743730176-1004: @talk.google.com/GoogleTalkPlugin -> C:\Users\use\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1220349763-83145152-3743730176-1004: @talk.google.com/O1DPlugin -> C:\Users\use\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1220349763-83145152-3743730176-1004: @tools.google.com/Google Update;version=3 -> C:\Users\use\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1220349763-83145152-3743730176-1004: @tools.google.com/Google Update;version=9 -> C:\Users\use\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1220349763-83145152-3743730176-1004: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\use\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\use\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\use\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2010-11-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-30]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2010-11-26]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://rocket-find.com/?f=1&a=rckt_md_14_27_ch&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCyCtC0C0B0Czz0CtD0CtN0D0Tzu0SzytCtAtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtBtD0FtA0FzzyDtGzzyCyB0AtGtBtBzyzztGyCyB0DyDtGtBtDyE0BtBtByBtAtByD0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzytDtB0FyCtC0AtGyDzyzyzytGtDtD0DtAtGyD0DtAzytGtD0EtAzy0FyEtAzztByD0A0E2Q&cr=899185847&ir=
CHR Profile: C:\Users\use\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\use\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\use\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2013-09-12]
CHR Extension: (ChromeTheme) - C:\Users\use\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehainnnojhapdmhekpgbhmefehnfemd [2012-08-23]
CHR Extension: (Google Wallet) - C:\Users\use\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-30]
CHR HKLM\...\Chrome\Extension: [ngokbggljahdngljifpfkabjkjkpnpdj] - C:\ProgramData\Bcool\ngokbggljahdngljifpfkabjkjkpnpdj.crx [Not Found]
CHR StartMenuInternet: Google Chrome - chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [401800 2013-12-21] (Samsung) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-30] (AVAST Software)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2010-01-29] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LMS; C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29263712 2008-11-25] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-25] (Microsoft Corporation)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [581984 2014-12-16] (Copyright 2013 SAMSUNG)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [652800 2010-01-26] (Nokia) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-07] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [189808 2010-04-07] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2010-02-06] (TOSHIBA Corporation)
S3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2010-04-01] (TOSHIBA Corporation)
R2 UNS; C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Apowersoft_AudioDevice; C:\windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2014-04-09] (Wondershare)
R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2014-12-30] ()
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [70384 2014-12-30] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2014-12-30] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-12-30] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [787800 2014-12-30] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [423784 2014-12-30] (AVAST Software)
S2 aswStm; C:\windows\system32\drivers\aswStm.sys [91496 2014-12-30] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [206248 2014-12-30] ()
R0 LPCFilter; C:\windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-31] (COMPAL ELECTRONIC INC.)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-14] (Malwarebytes Corporation)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
S3 usbrndis6; C:\windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
S0 PxHelp20; System32\Drivers\PxHelp20.sys [X]
S2 X6XSEx; \??\C:\Program Files\Free Ride Games\X6XSEx.Sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-14 01:00 - 2015-01-14 01:00 - 00001866 _____ () C:\Users\use\Desktop\JRT.txt
2015-01-14 00:49 - 2015-01-14 00:49 - 00000000 ____D () C:\windows\ERUNT
2015-01-14 00:42 - 2015-01-14 00:47 - 01707939 _____ (Thisisu) C:\Users\use\Desktop\JRT.exe
2015-01-13 22:53 - 2015-01-13 23:24 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\use\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-13 22:23 - 2015-01-13 22:39 - 00000000 ____D () C:\AdwCleaner
2015-01-13 22:15 - 2015-01-13 22:19 - 02191360 _____ () C:\Users\use\Desktop\AdwCleaner.exe
2015-01-12 23:24 - 2015-01-12 23:24 - 00000000 ____D () C:\windows\system32\SPReview
2015-01-12 23:04 - 2015-01-14 01:01 - 00020961 _____ () C:\Users\use\Desktop\FRST.txt
2015-01-12 23:03 - 2015-01-12 23:03 - 00053151 _____ () C:\Users\use\Desktop\Addition.txt
2015-01-12 22:53 - 2015-01-12 23:20 - 00052612 _____ () C:\Users\use\Downloads\Addition.txt
2015-01-12 22:47 - 2015-01-14 01:02 - 00000000 ____D () C:\FRST
2015-01-12 22:47 - 2015-01-12 23:20 - 00039850 _____ () C:\Users\use\Downloads\FRST.txt
2015-01-12 22:41 - 2015-01-12 22:43 - 01115648 _____ (Farbar) C:\Users\use\Desktop\FRST.exe
2015-01-10 20:29 - 2015-01-10 20:31 - 00015299 _____ () C:\Users\use\Desktop\dds.txt
2015-01-10 20:29 - 2015-01-10 20:31 - 00007342 _____ () C:\Users\use\Desktop\attach.txt
2015-01-10 20:19 - 2015-01-10 20:20 - 00688992 ____R (Swearware) C:\Users\use\Downloads\dds.com
2015-01-05 01:04 - 2015-01-05 01:04 - 00146928 _____ () C:\windows\Minidump\010515-32432-01.dmp
2015-01-05 00:55 - 2015-01-05 00:55 - 00146928 _____ () C:\windows\Minidump\010515-37253-01.dmp
2015-01-05 00:52 - 2015-01-05 00:53 - 00002560 _____ () C:\windows\_MSRSTRT.EXE
2014-12-31 21:19 - 2014-12-31 21:20 - 00448512 _____ (OldTimer Tools) C:\Users\use\Downloads\TFC.exe
2014-12-31 07:43 - 2014-12-31 07:43 - 00146928 _____ () C:\windows\Minidump\123114-31933-01.dmp
2014-12-31 07:40 - 2014-12-31 07:40 - 00000000 ____D () C:\acd72197e4daabec7bccd8032f
2014-12-31 07:36 - 2014-12-31 07:36 - 00001806 _____ () C:\Users\use\Desktop\ESETScan.txt
2014-12-30 23:58 - 2014-12-30 23:58 - 00000000 ____D () C:\Program Files\ESET
2014-12-30 23:57 - 2014-12-30 23:58 - 02347384 _____ (ESET) C:\Users\use\Downloads\esetsmartinstaller_enu.exe
2014-12-30 23:42 - 2014-12-30 23:43 - 00146928 _____ () C:\windows\Minidump\123014-111213-01.dmp
2014-12-30 23:40 - 2014-12-30 23:40 - 00000000 ____H () C:\Users\use\AppData\Local\BITFC86.tmp
2014-12-30 23:40 - 2014-12-30 23:40 - 00000000 _____ () C:\Users\use\AppData\Local\{52560775-8EC9-4390-B1CB-D2EA7E7A2D45}
2014-12-30 22:31 - 2015-01-14 00:36 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 22:31 - 2015-01-13 23:27 - 00001031 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-30 22:31 - 2015-01-13 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-30 22:30 - 2015-01-13 23:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-30 22:30 - 2014-12-30 22:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-30 22:30 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-30 22:30 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-30 22:30 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-30 22:23 - 2014-12-30 22:23 - 00041268 _____ () C:\Users\use\Desktop\Result.txt
2014-12-30 22:20 - 2014-12-30 22:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\use\Desktop\abc123.exe
2014-12-30 22:11 - 2014-12-30 22:14 - 00041268 _____ () C:\Users\use\Downloads\Result.txt
2014-12-30 22:10 - 2014-12-30 22:10 - 00401920 _____ (Farbar) C:\Users\use\Downloads\MiniToolBox.exe
2014-12-30 20:53 - 2014-12-30 20:53 - 00000000 ____D () C:\Users\use\AppData\Roaming\Dropbox
2014-12-30 20:49 - 2014-12-30 20:49 - 00000000 ____D () C:\Users\use\AppData\Roaming\AVAST Software
2014-12-30 20:46 - 2014-12-30 20:46 - 00002088 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-30 20:46 - 2014-12-30 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-30 20:45 - 2014-12-30 20:46 - 00787800 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-12-30 20:45 - 2014-12-30 20:46 - 00423784 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-12-30 20:45 - 2014-12-30 20:45 - 00291352 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-12-30 20:45 - 2014-12-30 20:45 - 00206248 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-12-30 20:45 - 2014-12-30 20:45 - 00091496 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-12-30 20:45 - 2014-12-30 20:45 - 00081768 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-12-30 20:45 - 2014-12-30 20:45 - 00070384 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-12-30 20:45 - 2014-12-30 20:45 - 00049944 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-12-30 20:45 - 2014-12-30 20:45 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-12-30 20:45 - 2014-12-30 20:45 - 00024184 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-12-30 20:20 - 2014-12-30 20:20 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-30 20:19 - 2014-12-30 20:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-30 20:14 - 2014-12-30 20:15 - 05006864 _____ (AVAST Software) C:\Users\use\Downloads\avast_free_antivirus_setup_online.exe
2014-12-30 20:14 - 2014-12-30 20:15 - 05006864 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-12-24 19:42 - 2014-12-24 19:42 - 00000000 ____D () C:\Users\use\AppData\Roaming\Opera Software
2014-12-24 19:42 - 2014-12-24 19:42 - 00000000 ____D () C:\Users\use\AppData\Local\Opera Software
2014-12-23 23:06 - 2014-12-23 23:06 - 00000000 ____D () C:\windows\system32\EventProviders
2014-12-23 18:52 - 2014-12-23 18:52 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-22 22:55 - 2014-12-22 22:55 - 00000000 ____D () C:\Users\use\AppData\Roaming\Apple Computer
2014-12-22 22:55 - 2014-12-22 22:55 - 00000000 ____D () C:\Users\use\AppData\Local\Apple Computer
2014-12-22 22:54 - 2014-12-22 22:54 - 00001724 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-22 22:54 - 2014-12-22 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-22 22:54 - 2012-10-03 16:14 - 00026840 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys
2014-12-22 22:52 - 2014-12-22 22:54 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-22 22:52 - 2014-12-22 22:54 - 00000000 ____D () C:\Program Files\iTunes
2014-12-22 22:52 - 2014-12-22 22:52 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-12-22 22:52 - 2014-12-22 22:52 - 00000000 ____D () C:\Program Files\iPod
2014-12-22 22:48 - 2014-12-22 22:48 - 00000000 ____D () C:\Users\use\AppData\Local\Apple
2014-12-22 22:47 - 2014-12-22 22:47 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-12-22 22:47 - 2014-12-22 22:47 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-12-22 22:46 - 2014-12-22 22:47 - 00000000 ____D () C:\Program Files\Bonjour
2014-12-22 22:45 - 2014-12-22 22:52 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-22 22:45 - 2014-12-22 22:47 - 00000000 ____D () C:\ProgramData\Apple
2014-12-22 22:18 - 2014-12-22 22:43 - 109829936 _____ (Apple Inc.) C:\Users\use\Downloads\iTunesSetup.exe
2014-12-22 21:36 - 2014-12-26 22:49 - 00000000 ____D () C:\Program Files\Musicmatch
2014-12-22 21:36 - 2014-12-22 21:36 - 00000000 ____D () C:\Users\use\AppData\Roaming\Musicmatch
2014-12-22 21:36 - 2005-05-11 00:04 - 01093632 ____N (Sonic Solutions) C:\windows\system32\pxsfs.dll
2014-12-22 21:36 - 2005-05-11 00:04 - 01047552 _____ (Microsoft Corporation) C:\windows\system32\mfc71u.dll
2014-12-22 21:36 - 2005-05-11 00:04 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\msvcp71.dll
2014-12-22 21:36 - 2005-05-11 00:04 - 00397312 ____N (Sonic Solutions) C:\windows\system32\pxdrv.dll
2014-12-22 21:36 - 2005-05-11 00:04 - 00360448 ____N (Sonic Solutions) C:\windows\system32\px.dll
2014-12-22 21:36 - 2005-05-11 00:04 - 00339968 ____N (Sonic Solutions) C:\windows\system32\pxwave.dll
2014-12-22 21:36 - 2005-05-11 00:04 - 00155648 ____N (Sonic Solutions) C:\windows\system32\pxmas.dll
2014-12-22 21:36 - 2005-05-11 00:04 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\atl71.dll
2014-12-22 21:35 - 2014-12-22 21:46 - 00000000 ____D () C:\Users\use\AppData\Local\Musicmatch
2014-12-22 21:17 - 2014-12-22 21:17 - 00001064 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-12-22 21:17 - 2014-12-22 21:17 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-12-22 21:09 - 2014-12-22 21:51 - 00000000 ____D () C:\Program Files\Opera
2014-12-22 21:00 - 2014-12-22 21:06 - 00000000 ____D () C:\Program Files\Mp3tag
2014-12-22 20:47 - 2014-12-04 10:20 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-22 20:47 - 2014-12-04 10:20 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-22 20:47 - 2014-12-04 10:20 - 00337920 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-22 20:47 - 2014-12-04 10:20 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-22 20:47 - 2014-12-04 10:20 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-22 20:47 - 2014-12-04 10:17 - 00873984 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-22 20:47 - 2014-12-02 07:27 - 01160872 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-22 20:46 - 2014-12-04 10:20 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-22 20:44 - 2014-12-22 20:45 - 01933154 _____ (Sergey Serkov ) C:\Users\use\Downloads\tagscan5.1.657setup.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-14 01:04 - 2011-03-14 15:06 - 00000000 ____D () C:\Users\use\AppData\Roaming\uTorrent
2015-01-14 00:52 - 2011-02-25 21:32 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-14 00:42 - 2009-07-14 12:34 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 00:42 - 2009-07-14 12:34 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 00:41 - 2010-11-20 02:19 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220349763-83145152-3743730176-1004UA.job
2015-01-14 00:33 - 2011-02-25 21:32 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-14 00:33 - 2009-07-14 12:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-14 00:33 - 2009-07-14 12:39 - 00200360 _____ () C:\windows\setupact.log
2015-01-14 00:31 - 2010-10-05 05:55 - 01694673 _____ () C:\windows\WindowsUpdate.log
2015-01-13 22:46 - 2010-10-05 06:23 - 00293622 _____ () C:\windows\PFRO.log
2015-01-13 22:39 - 2013-08-18 20:43 - 00000000 ____D () C:\Users\use\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2015-01-13 22:39 - 2012-02-14 16:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-10 20:23 - 2010-04-14 18:31 - 00857936 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-06 04:36 - 2010-11-09 15:03 - 00249488 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-01-05 01:04 - 2013-01-22 16:18 - 00000000 ____D () C:\windows\Minidump
2015-01-05 01:03 - 2013-01-22 16:18 - 373796054 _____ () C:\windows\MEMORY.DMP
2015-01-05 00:53 - 2010-11-20 03:10 - 00000000 ____D () C:\Program Files\DAP
2015-01-05 00:50 - 2010-11-08 14:35 - 00000000 ____D () C:\Users\use\AppData\Local\Google
2015-01-04 23:40 - 2010-11-20 03:10 - 00000000 ____D () C:\ProgramData\SpeedBit
2015-01-04 23:37 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-31 20:39 - 2011-10-25 15:54 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-31 20:39 - 2011-10-25 15:54 - 00000000 ____D () C:\Program Files\Adobe
2014-12-31 20:34 - 2010-04-14 18:29 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-31 20:33 - 2010-11-25 16:52 - 00000000 ____D () C:\Users\use\AppData\Local\Adobe
2014-12-31 20:02 - 2014-03-19 09:36 - 00000000 ____D () C:\Users\use\Documents\Stories
2014-12-31 19:41 - 2010-11-20 02:19 - 00000848 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220349763-83145152-3743730176-1004Core.job
2014-12-30 23:37 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\AppCompat
2014-12-30 22:20 - 2010-11-20 03:11 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-27 17:49 - 2014-10-15 14:40 - 00000000 ____D () C:\Users\use\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-27 17:49 - 2013-10-12 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-27 17:49 - 2010-11-07 12:27 - 00000000 ____D () C:\Users\use
2014-12-26 21:22 - 2011-04-28 20:42 - 00000000 ____D () C:\Users\use\AppData\Local\CrashDumps
2014-12-23 18:52 - 2014-07-11 03:20 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-23 00:12 - 2013-08-20 20:37 - 00000000 ____D () C:\windows\system32\MRT
2014-12-22 23:08 - 2010-11-26 19:00 - 109818608 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-22 21:36 - 2010-04-14 18:20 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
 
Some content of TEMP:
====================
C:\Users\use\AppData\Local\Temp\Quarantine.exe
C:\Users\use\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-27 16:28
 
==================== End Of Log ============================


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:10 AM

Posted 14 January 2015 - 10:26 AM

Hey,
sorry for the delay. :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {12f251b8-ed2a-11df-8bb6-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {12f251bc-ed2a-11df-8bb6-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {47edd1a3-ff87-11df-a4f6-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {85c2fda5-f9ea-11df-bc65-88ae1d4ad165} - D:\setup_vmc_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {92241059-aea6-11e0-b484-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {92241060-aea6-11e0-b484-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {94e31211-fb8a-11df-8814-88ae1d4ad165} - D:\MPESetup.exe
    HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {cfb19c37-eaf9-11df-bf7f-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {cfb19c3e-eaf9-11df-bf7f-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {d1a7625b-b11b-11e0-90bc-88ae1d4ad165} - D:\setup_vmc_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {d1a7625e-b11b-11e0-90bc-88ae1d4ad165} - D:\setup_vmc_lite.exe /checkApplicationPresence
    HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    FF Plugin: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files\Free Ride Games\npExentCtl.dll No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    CHR HKLM\...\Chrome\Extension: [ngokbggljahdngljifpfkabjkjkpnpdj] - C:\ProgramData\Bcool\ngokbggljahdngljifpfkabjkjkpnpdj.crx [Not Found]
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 han8

han8
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 15 January 2015 - 06:35 PM

Hi,

 

This is the Fixlog:-

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-01-2015 01
Ran by use at 2015-01-15 21:16:18 Run:1
Running from C:\Users\use\Desktop
Loaded Profile: use (Available profiles: use & Guest)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {12f251b8-ed2a-11df-8bb6-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {12f251bc-ed2a-11df-8bb6-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {47edd1a3-ff87-11df-a4f6-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {85c2fda5-f9ea-11df-bc65-88ae1d4ad165} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {92241059-aea6-11e0-b484-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {92241060-aea6-11e0-b484-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {94e31211-fb8a-11df-8814-88ae1d4ad165} - D:\MPESetup.exe
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {cfb19c37-eaf9-11df-bf7f-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {cfb19c3e-eaf9-11df-bf7f-e839df161cbc} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {d1a7625b-b11b-11e0-90bc-88ae1d4ad165} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\MountPoints2: {d1a7625e-b11b-11e0-90bc-88ae1d4ad165} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files\Free Ride Games\npExentCtl.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR HKLM\...\Chrome\Extension: [ngokbggljahdngljifpfkabjkjkpnpdj] - C:\ProgramData\Bcool\ngokbggljahdngljifpfkabjkjkpnpdj.crx [Not Found]
EmptyTemp:
 
*****************
 
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-1220349763-83145152-3743730176-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12f251b8-ed2a-11df-8bb6-e839df161cbc}" => Key deleted successfully.
HKCR\CLSID\{12f251b8-ed2a-11df-8bb6-e839df161cbc} => Key not found. 
"HKU\S-1-5-21-1220349763-83145152-3743730176-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12f251bc-ed2a-11df-8bb6-e839df161cbc}" => Key deleted successfully.
HKCR\CLSID\{12f251bc-ed2a-11df-8bb6-e839df161cbc} => Key not found. 
"HKU\S-1-5-21-1220349763-83145152-3743730176-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47edd1a3-ff87-11df-a4f6-e839df161cbc}" => Key deleted successfully.
HKCR\CLSID\{47edd1a3-ff87-11df-a4f6-e839df161cbc} => Key not found. 
"HKU\S-1-5-21-1220349763-83145152-3743730176-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85c2fda5-f9ea-11df-bc65-88ae1d4ad165}" => Key deleted successfully.
HKCR\CLSID\{85c2fda5-f9ea-11df-bc65-88ae1d4ad165} => Key not found. 
"HKU\S-1-5-21-1220349763-83145152-3743730176-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92241059-aea6-11e0-b484-e839df161cbc}" => Key deleted successfully.
HKCR\CLSID\{92241059-aea6-11e0-b484-e839df161cbc} => Key not found. 
"HKU\S-1-5-21-1220349763-83145152-3743730176-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92241060-aea6-11e0-b484-e839df161cbc}" => Key deleted successfully.
HKCR\CLSID\{92241060-aea6-11e0-b484-e839df161cbc} => Key not found. 
"HKU\S-1-5-21-1220349763-83145152-3743730176-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94e31211-fb8a-11df-8814-88ae1d4ad165}" => Key deleted successfully.
HKCR\CLSID\{94e31211-fb8a-11df-8814-88ae1d4ad165} => Key not found. 
"HKU\S-1-5-21-1220349763-83145152-3743730176-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfb19c37-eaf9-11df-bf7f-e839df161cbc}" => Key deleted successfully.
HKCR\CLSID\{cfb19c37-eaf9-11df-bf7f-e839df161cbc} => Key not found. 
"HKU\S-1-5-21-1220349763-83145152-3743730176-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfb19c3e-eaf9-11df-bf7f-e839df161cbc}" => Key deleted successfully.
HKCR\CLSID\{cfb19c3e-eaf9-11df-bf7f-e839df161cbc} => Key not found. 
"HKU\S-1-5-21-1220349763-83145152-3743730176-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1a7625b-b11b-11e0-90bc-88ae1d4ad165}" => Key deleted successfully.
HKCR\CLSID\{d1a7625b-b11b-11e0-90bc-88ae1d4ad165} => Key not found. 
"HKU\S-1-5-21-1220349763-83145152-3743730176-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1a7625e-b11b-11e0-90bc-88ae1d4ad165}" => Key deleted successfully.
HKCR\CLSID\{d1a7625e-b11b-11e0-90bc-88ae1d4ad165} => Key not found. 
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ngokbggljahdngljifpfkabjkjkpnpdj" => Key deleted successfully.
EmptyTemp: => Removed 833.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 21:17:20 ====
 
This is from FRST:-
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 01
Ran by use (administrator) on USE-PC on 15-01-2015 21:31:02
Running from C:\Users\use\Desktop
Loaded Profile: use (Available profiles: use & Guest)
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Users\use\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\use\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\use\AppData\Local\Google\Chrome\Application\chrome.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\use\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Users\use\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [575328 2014-12-16] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre7\bin\jusched.exe"
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [399224 2011-03-14] (BitTorrent, Inc.)
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Run: [Google Update] => C:\Users\use\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1220349763-83145152-3743730176-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1220349763-83145152-3743730176-1004 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1220349763-83145152-3743730176-1004 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.5.1 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1220349763-83145152-3743730176-1004: @talk.google.com/GoogleTalkPlugin -> C:\Users\use\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1220349763-83145152-3743730176-1004: @talk.google.com/O1DPlugin -> C:\Users\use\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1220349763-83145152-3743730176-1004: @tools.google.com/Google Update;version=3 -> C:\Users\use\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1220349763-83145152-3743730176-1004: @tools.google.com/Google Update;version=9 -> C:\Users\use\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1220349763-83145152-3743730176-1004: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\use\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\use\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\use\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2010-11-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-30]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2010-11-26]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://rocket-find.com/?f=1&a=rckt_md_14_27_ch&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCyCtC0C0B0Czz0CtD0CtN0D0Tzu0SzytCtAtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtBtD0FtA0FzzyDtGzzyCyB0AtGtBtBzyzztGyCyB0DyDtGtBtDyE0BtBtByBtAtByD0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzytDtB0FyCtC0AtGyDzyzyzytGtDtD0DtAtGyD0DtAzytGtD0EtAzy0FyEtAzztByD0A0E2Q&cr=899185847&ir=
CHR Profile: C:\Users\use\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\use\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\use\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2013-09-12]
CHR Extension: (ChromeTheme) - C:\Users\use\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehainnnojhapdmhekpgbhmefehnfemd [2012-08-23]
CHR Extension: (Google Wallet) - C:\Users\use\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-30]
CHR StartMenuInternet: Google Chrome - chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [401800 2013-12-21] (Samsung) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-30] (AVAST Software)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2010-01-29] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LMS; C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29263712 2008-11-25] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-25] (Microsoft Corporation)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [581984 2014-12-16] (Copyright 2013 SAMSUNG)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [652800 2010-01-26] (Nokia) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-07] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [189808 2010-04-07] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2010-02-06] (TOSHIBA Corporation)
S3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2010-04-01] (TOSHIBA Corporation)
R2 UNS; C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Apowersoft_AudioDevice; C:\windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2014-04-09] (Wondershare)
R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2014-12-30] ()
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [70384 2014-12-30] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2014-12-30] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-12-30] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [787800 2014-12-30] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [423784 2014-12-30] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [91496 2014-12-30] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [206248 2014-12-30] ()
R0 LPCFilter; C:\windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-31] (COMPAL ELECTRONIC INC.)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-14] (Malwarebytes Corporation)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
S3 usbrndis6; C:\windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
S0 PxHelp20; System32\Drivers\PxHelp20.sys [X]
S2 X6XSEx; \??\C:\Program Files\Free Ride Games\X6XSEx.Sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-14 01:12 - 2015-01-14 01:12 - 00000000 ____D () C:\windows\system32\SPReview
2015-01-14 01:00 - 2015-01-14 01:00 - 00001866 _____ () C:\Users\use\Desktop\JRT.txt
2015-01-14 00:49 - 2015-01-14 00:49 - 00000000 ____D () C:\windows\ERUNT
2015-01-14 00:42 - 2015-01-14 00:47 - 01707939 _____ (Thisisu) C:\Users\use\Desktop\JRT.exe
2015-01-13 22:53 - 2015-01-13 23:24 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\use\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-13 22:23 - 2015-01-13 22:39 - 00000000 ____D () C:\AdwCleaner
2015-01-13 22:15 - 2015-01-13 22:19 - 02191360 _____ () C:\Users\use\Desktop\AdwCleaner.exe
2015-01-12 23:04 - 2015-01-15 21:31 - 00018348 _____ () C:\Users\use\Desktop\FRST.txt
2015-01-12 23:03 - 2015-01-12 23:03 - 00053151 _____ () C:\Users\use\Desktop\Addition.txt
2015-01-12 22:53 - 2015-01-12 23:20 - 00052612 _____ () C:\Users\use\Downloads\Addition.txt
2015-01-12 22:47 - 2015-01-15 21:31 - 00000000 ____D () C:\FRST
2015-01-12 22:47 - 2015-01-12 23:20 - 00039850 _____ () C:\Users\use\Downloads\FRST.txt
2015-01-12 22:41 - 2015-01-12 22:43 - 01115648 _____ (Farbar) C:\Users\use\Desktop\FRST.exe
2015-01-10 20:29 - 2015-01-10 20:31 - 00015299 _____ () C:\Users\use\Desktop\dds.txt
2015-01-10 20:29 - 2015-01-10 20:31 - 00007342 _____ () C:\Users\use\Desktop\attach.txt
2015-01-10 20:19 - 2015-01-10 20:20 - 00688992 ____R (Swearware) C:\Users\use\Downloads\dds.com
2015-01-05 01:04 - 2015-01-05 01:04 - 00146928 _____ () C:\windows\Minidump\010515-32432-01.dmp
2015-01-05 00:55 - 2015-01-05 00:55 - 00146928 _____ () C:\windows\Minidump\010515-37253-01.dmp
2015-01-05 00:52 - 2015-01-05 00:53 - 00002560 _____ () C:\windows\_MSRSTRT.EXE
2014-12-31 21:19 - 2014-12-31 21:20 - 00448512 _____ (OldTimer Tools) C:\Users\use\Downloads\TFC.exe
2014-12-31 07:43 - 2014-12-31 07:43 - 00146928 _____ () C:\windows\Minidump\123114-31933-01.dmp
2014-12-31 07:40 - 2014-12-31 07:40 - 00000000 ____D () C:\acd72197e4daabec7bccd8032f
2014-12-31 07:36 - 2014-12-31 07:36 - 00001806 _____ () C:\Users\use\Desktop\ESETScan.txt
2014-12-30 23:58 - 2014-12-30 23:58 - 00000000 ____D () C:\Program Files\ESET
2014-12-30 23:57 - 2014-12-30 23:58 - 02347384 _____ (ESET) C:\Users\use\Downloads\esetsmartinstaller_enu.exe
2014-12-30 23:42 - 2014-12-30 23:43 - 00146928 _____ () C:\windows\Minidump\123014-111213-01.dmp
2014-12-30 23:40 - 2014-12-30 23:40 - 00000000 ____H () C:\Users\use\AppData\Local\BITFC86.tmp
2014-12-30 23:40 - 2014-12-30 23:40 - 00000000 _____ () C:\Users\use\AppData\Local\{52560775-8EC9-4390-B1CB-D2EA7E7A2D45}
2014-12-30 22:31 - 2015-01-14 00:36 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 22:31 - 2015-01-13 23:27 - 00001031 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-30 22:31 - 2015-01-13 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-30 22:30 - 2015-01-13 23:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-30 22:30 - 2014-12-30 22:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-30 22:30 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-30 22:30 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-30 22:30 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-30 22:23 - 2014-12-30 22:23 - 00041268 _____ () C:\Users\use\Desktop\Result.txt
2014-12-30 22:20 - 2014-12-30 22:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\use\Desktop\abc123.exe
2014-12-30 22:11 - 2014-12-30 22:14 - 00041268 _____ () C:\Users\use\Downloads\Result.txt
2014-12-30 22:10 - 2014-12-30 22:10 - 00401920 _____ (Farbar) C:\Users\use\Downloads\MiniToolBox.exe
2014-12-30 20:53 - 2014-12-30 20:53 - 00000000 ____D () C:\Users\use\AppData\Roaming\Dropbox
2014-12-30 20:49 - 2014-12-30 20:49 - 00000000 ____D () C:\Users\use\AppData\Roaming\AVAST Software
2014-12-30 20:46 - 2014-12-30 20:46 - 00002088 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-30 20:46 - 2014-12-30 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-30 20:45 - 2014-12-30 20:46 - 00787800 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-12-30 20:45 - 2014-12-30 20:46 - 00423784 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-12-30 20:45 - 2014-12-30 20:45 - 00291352 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-12-30 20:45 - 2014-12-30 20:45 - 00206248 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-12-30 20:45 - 2014-12-30 20:45 - 00091496 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-12-30 20:45 - 2014-12-30 20:45 - 00081768 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-12-30 20:45 - 2014-12-30 20:45 - 00070384 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-12-30 20:45 - 2014-12-30 20:45 - 00049944 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-12-30 20:45 - 2014-12-30 20:45 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-12-30 20:45 - 2014-12-30 20:45 - 00024184 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-12-30 20:20 - 2014-12-30 20:20 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-30 20:19 - 2014-12-30 20:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-30 20:14 - 2014-12-30 20:15 - 05006864 _____ (AVAST Software) C:\Users\use\Downloads\avast_free_antivirus_setup_online.exe
2014-12-30 20:14 - 2014-12-30 20:15 - 05006864 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-12-24 19:42 - 2014-12-24 19:42 - 00000000 ____D () C:\Users\use\AppData\Roaming\Opera Software
2014-12-24 19:42 - 2014-12-24 19:42 - 00000000 ____D () C:\Users\use\AppData\Local\Opera Software
2014-12-23 23:06 - 2014-12-23 23:06 - 00000000 ____D () C:\windows\system32\EventProviders
2014-12-23 18:52 - 2014-12-23 18:52 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-22 22:55 - 2014-12-22 22:55 - 00000000 ____D () C:\Users\use\AppData\Roaming\Apple Computer
2014-12-22 22:55 - 2014-12-22 22:55 - 00000000 ____D () C:\Users\use\AppData\Local\Apple Computer
2014-12-22 22:54 - 2014-12-22 22:54 - 00001724 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-22 22:54 - 2014-12-22 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-22 22:54 - 2012-10-03 16:14 - 00026840 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys
2014-12-22 22:52 - 2014-12-22 22:54 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-22 22:52 - 2014-12-22 22:54 - 00000000 ____D () C:\Program Files\iTunes
2014-12-22 22:52 - 2014-12-22 22:52 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-12-22 22:52 - 2014-12-22 22:52 - 00000000 ____D () C:\Program Files\iPod
2014-12-22 22:48 - 2014-12-22 22:48 - 00000000 ____D () C:\Users\use\AppData\Local\Apple
2014-12-22 22:47 - 2014-12-22 22:47 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-12-22 22:47 - 2014-12-22 22:47 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-12-22 22:46 - 2014-12-22 22:47 - 00000000 ____D () C:\Program Files\Bonjour
2014-12-22 22:45 - 2014-12-22 22:52 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-22 22:45 - 2014-12-22 22:47 - 00000000 ____D () C:\ProgramData\Apple
2014-12-22 22:18 - 2014-12-22 22:43 - 109829936 _____ (Apple Inc.) C:\Users\use\Downloads\iTunesSetup.exe
2014-12-22 21:36 - 2014-12-26 22:49 - 00000000 ____D () C:\Program Files\Musicmatch
2014-12-22 21:36 - 2014-12-22 21:36 - 00000000 ____D () C:\Users\use\AppData\Roaming\Musicmatch
2014-12-22 21:36 - 2005-05-11 00:04 - 01093632 ____N (Sonic Solutions) C:\windows\system32\pxsfs.dll
2014-12-22 21:36 - 2005-05-11 00:04 - 01047552 _____ (Microsoft Corporation) C:\windows\system32\mfc71u.dll
2014-12-22 21:36 - 2005-05-11 00:04 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\msvcp71.dll
2014-12-22 21:36 - 2005-05-11 00:04 - 00397312 ____N (Sonic Solutions) C:\windows\system32\pxdrv.dll
2014-12-22 21:36 - 2005-05-11 00:04 - 00360448 ____N (Sonic Solutions) C:\windows\system32\px.dll
2014-12-22 21:36 - 2005-05-11 00:04 - 00339968 ____N (Sonic Solutions) C:\windows\system32\pxwave.dll
2014-12-22 21:36 - 2005-05-11 00:04 - 00155648 ____N (Sonic Solutions) C:\windows\system32\pxmas.dll
2014-12-22 21:36 - 2005-05-11 00:04 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\atl71.dll
2014-12-22 21:35 - 2014-12-22 21:46 - 00000000 ____D () C:\Users\use\AppData\Local\Musicmatch
2014-12-22 21:17 - 2014-12-22 21:17 - 00001064 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-12-22 21:17 - 2014-12-22 21:17 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-12-22 21:09 - 2014-12-22 21:51 - 00000000 ____D () C:\Program Files\Opera
2014-12-22 21:00 - 2014-12-22 21:06 - 00000000 ____D () C:\Program Files\Mp3tag
2014-12-22 20:47 - 2014-12-04 10:20 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-22 20:47 - 2014-12-04 10:20 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-22 20:47 - 2014-12-04 10:20 - 00337920 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-22 20:47 - 2014-12-04 10:20 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-22 20:47 - 2014-12-04 10:20 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-22 20:47 - 2014-12-04 10:17 - 00873984 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-22 20:47 - 2014-12-02 07:27 - 01160872 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-22 20:46 - 2014-12-04 10:20 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-22 20:44 - 2014-12-22 20:45 - 01933154 _____ (Sergey Serkov ) C:\Users\use\Downloads\tagscan5.1.657setup.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 21:30 - 2011-03-14 15:06 - 00000000 ____D () C:\Users\use\AppData\Roaming\uTorrent
2015-01-15 21:27 - 2009-07-14 12:34 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 21:27 - 2009-07-14 12:34 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 21:20 - 2011-02-25 21:32 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 21:20 - 2009-07-14 12:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-15 21:19 - 2010-10-05 06:23 - 00294768 _____ () C:\windows\PFRO.log
2015-01-15 21:19 - 2009-07-14 12:39 - 00200472 _____ () C:\windows\setupact.log
2015-01-15 21:18 - 2010-10-05 05:55 - 01864256 _____ () C:\windows\WindowsUpdate.log
2015-01-14 00:52 - 2011-02-25 21:32 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-14 00:41 - 2010-11-20 02:19 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220349763-83145152-3743730176-1004UA.job
2015-01-13 22:39 - 2013-08-18 20:43 - 00000000 ____D () C:\Users\use\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2015-01-13 22:39 - 2012-02-14 16:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-10 20:23 - 2010-04-14 18:31 - 00857936 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-06 04:36 - 2010-11-09 15:03 - 00249488 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-01-05 01:04 - 2013-01-22 16:18 - 00000000 ____D () C:\windows\Minidump
2015-01-05 01:03 - 2013-01-22 16:18 - 373796054 _____ () C:\windows\MEMORY.DMP
2015-01-05 00:53 - 2010-11-20 03:10 - 00000000 ____D () C:\Program Files\DAP
2015-01-05 00:50 - 2010-11-08 14:35 - 00000000 ____D () C:\Users\use\AppData\Local\Google
2015-01-04 23:40 - 2010-11-20 03:10 - 00000000 ____D () C:\ProgramData\SpeedBit
2015-01-04 23:37 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-31 20:39 - 2011-10-25 15:54 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-31 20:39 - 2011-10-25 15:54 - 00000000 ____D () C:\Program Files\Adobe
2014-12-31 20:34 - 2010-04-14 18:29 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-31 20:33 - 2010-11-25 16:52 - 00000000 ____D () C:\Users\use\AppData\Local\Adobe
2014-12-31 20:02 - 2014-03-19 09:36 - 00000000 ____D () C:\Users\use\Documents\Stories
2014-12-31 19:41 - 2010-11-20 02:19 - 00000848 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220349763-83145152-3743730176-1004Core.job
2014-12-30 23:37 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\AppCompat
2014-12-30 22:20 - 2010-11-20 03:11 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-27 17:49 - 2014-10-15 14:40 - 00000000 ____D () C:\Users\use\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-27 17:49 - 2013-10-12 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-27 17:49 - 2010-11-07 12:27 - 00000000 ____D () C:\Users\use
2014-12-26 21:22 - 2011-04-28 20:42 - 00000000 ____D () C:\Users\use\AppData\Local\CrashDumps
2014-12-23 18:52 - 2014-07-11 03:20 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-23 00:12 - 2013-08-20 20:37 - 00000000 ____D () C:\windows\system32\MRT
2014-12-22 23:08 - 2010-11-26 19:00 - 109818608 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-22 21:36 - 2010-04-14 18:20 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-27 16:28
 
==================== End Of Log ============================

 

And this is from ESET:-

 

E:\RECYCLER\0xFFD12566.exe a variant of Win32/Injector.UZI trojan cleaned by deleting - quarantined

 
I opened my external hard disk but the folders still did not appear :(


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:10 AM

Posted 16 January 2015 - 07:58 AM

I think they may be gone due to Malware. :(

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:10 AM

Posted 20 January 2015 - 11:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users