Hi. webssearches browser hijacked. Here's my files. Thanks in advance.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 03
Ran by Samsung (administrator) on SAMSUNG-PC on 17-11-2014 17:55:09
Running from C:\Users\Samsung\Desktop
Loaded Profiles: Samsung & UpdatusUser (Available profiles: Samsung & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Flux Software LLC) C:\Users\Samsung\AppData\Local\FluxSoftware\Flux\flux.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
(Microsoft) C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bincom <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binpif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binexe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *** <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binscr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lastpass\lastpassbroker.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lastpass\wlandecrypt.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lastpass\lastpassbroker.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\lastpass\wlandecrypt.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lastpass\wlandecrypt.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lastpass\lastpassbroker.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lastpass\wlandecrypt.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\lastpass\lastpassbroker.exe <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\...\Run: [f.lux] => C:\Users\Samsung\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059
HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5E886DA294B0CF01
HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: WinServices -> {70C53538-9F82-42BC-A327-74F7A46E700C} -> C:\Program Files (x86)\WinServices\ScriptHost.dll (WinServices)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "https://www.google.co.uk/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-05]
CHR Extension: (Google Drive) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-05]
CHR Extension: (YouTube) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-05]
CHR Extension: (Adblock Plus) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-08]
CHR Extension: (Google Search) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-21]
CHR Extension: (Google Wallet) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-05]
CHR Extension: (Gmail) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-05]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-17] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-17] (globalUpdate) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-11-17] (Cherished Technololgy LIMITED)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [490640 2014-11-17] (Fuyu LIMITED)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-10-28] (Intel Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [206336 2011-03-02] (SMI)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 17:55 - 2014-11-17 17:55 - 00028723 _____ () C:\Users\Samsung\Desktop\FRST.txt
2014-11-17 17:54 - 2014-11-17 17:55 - 00000000 ____D () C:\FRST
2014-11-17 17:53 - 2014-11-17 17:53 - 02117120 _____ (Farbar) C:\Users\Samsung\Desktop\FRST64.exe
2014-11-17 17:16 - 2014-11-17 17:16 - 00003162 _____ () C:\Windows\System32\Tasks\{80298132-AA8A-4F0E-86FD-04D68B5B6ECC}
2014-11-17 17:09 - 2014-11-17 17:09 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-11-17 17:08 - 2014-11-17 17:09 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-11-17 17:08 - 2014-11-17 17:09 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-11-17 17:07 - 2014-11-17 17:07 - 00004034 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-11-17 17:07 - 2014-11-17 17:07 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\VOPackage
2014-11-17 17:07 - 2014-11-17 17:07 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-11-17 17:05 - 2014-11-17 17:10 - 00000954 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-11-17 17:05 - 2014-11-17 17:10 - 00000950 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-11-17 17:05 - 2014-11-17 17:05 - 00003952 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-11-17 17:05 - 2014-11-17 17:05 - 00003698 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-11-17 17:03 - 2014-11-17 17:03 - 00000000 ____D () C:\Program Files (x86)\WinServices
2014-11-17 17:00 - 2014-11-17 17:00 - 00667648 _____ () C:\Users\Samsung\AppData\Roaming\~vsgqcnp.exe
2014-11-17 17:00 - 2014-11-17 17:00 - 00003188 _____ () C:\Windows\System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC
2014-11-14 10:50 - 2014-11-14 10:50 - 00511623 _____ () C:\Users\Samsung\Desktop\Outlook.com.zip
2014-11-11 19:06 - 2014-11-07 19:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 19:06 - 2014-11-07 19:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 19:06 - 2014-11-06 04:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 19:06 - 2014-11-06 04:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 19:06 - 2014-11-06 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 19:06 - 2014-11-06 03:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 19:06 - 2014-11-06 03:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 19:06 - 2014-11-06 03:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 19:06 - 2014-11-06 03:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 19:06 - 2014-11-06 03:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 19:06 - 2014-11-06 03:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 19:06 - 2014-11-06 03:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 19:06 - 2014-11-06 03:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 19:06 - 2014-11-06 03:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 19:06 - 2014-11-06 03:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 19:06 - 2014-11-06 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 19:06 - 2014-11-06 02:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 19:06 - 2014-11-06 02:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 19:06 - 2014-11-06 02:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 19:06 - 2014-11-06 02:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 19:06 - 2014-11-06 02:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 19:06 - 2014-11-06 02:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 19:06 - 2014-11-06 02:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 19:06 - 2014-11-06 02:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 19:06 - 2014-11-06 02:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 19:06 - 2014-11-06 02:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 19:06 - 2014-11-06 02:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 19:06 - 2014-11-06 01:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 19:06 - 2014-11-06 01:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 19:06 - 2014-11-05 17:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 19:06 - 2014-11-05 17:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 19:06 - 2014-11-05 17:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 19:06 - 2014-10-14 02:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 19:06 - 2014-10-14 02:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 19:06 - 2014-10-14 02:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 19:06 - 2014-10-14 02:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 19:06 - 2014-10-14 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 19:06 - 2014-10-14 01:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 19:06 - 2014-10-14 01:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 19:06 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 19:06 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 19:05 - 2014-11-06 04:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 19:05 - 2014-11-06 03:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 19:05 - 2014-11-06 03:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 19:05 - 2014-11-06 03:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 19:05 - 2014-11-06 03:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 19:05 - 2014-11-06 03:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 19:05 - 2014-11-06 03:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 19:05 - 2014-11-06 03:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 19:05 - 2014-11-06 03:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 19:05 - 2014-11-06 03:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 19:05 - 2014-11-06 03:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 19:05 - 2014-11-06 03:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 19:05 - 2014-11-06 03:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 19:05 - 2014-11-06 03:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 19:05 - 2014-11-06 03:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 19:05 - 2014-11-06 03:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 19:05 - 2014-11-06 02:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 19:05 - 2014-11-06 02:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 19:05 - 2014-11-06 02:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 19:05 - 2014-11-06 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 19:05 - 2014-11-06 02:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 19:05 - 2014-11-06 02:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 19:05 - 2014-11-06 02:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 19:05 - 2014-11-06 02:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 19:05 - 2014-11-06 02:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 19:05 - 2014-11-06 01:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 19:05 - 2014-11-06 01:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 19:04 - 2014-10-25 01:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 19:04 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 19:04 - 2014-10-03 02:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 19:04 - 2014-10-03 02:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 19:04 - 2014-10-03 02:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 19:04 - 2014-10-03 02:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 19:04 - 2014-10-03 02:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 19:04 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 19:04 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 19:04 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 19:04 - 2014-09-19 09:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-11 19:04 - 2014-09-19 09:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 19:04 - 2014-09-19 09:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 19:04 - 2014-09-19 09:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 19:04 - 2014-09-19 09:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 19:04 - 2014-09-19 09:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 19:04 - 2014-09-19 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 19:04 - 2014-09-19 09:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-11 19:04 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 19:04 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 19:04 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 19:04 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 19:04 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 19:04 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 19:04 - 2014-08-21 06:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 19:04 - 2014-08-21 06:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 19:04 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 19:04 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 19:04 - 2014-08-12 02:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 19:04 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 19:03 - 2014-10-18 02:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 19:03 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 19:03 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 19:03 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 19:03 - 2014-10-10 00:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 17:02 - 2014-11-17 17:05 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-11-11 17:02 - 2014-11-11 17:02 - 00000000 ____D () C:\Users\Samsung\AppData\Local\globalUpdate
2014-10-31 17:15 - 2014-10-31 17:15 - 00002340 _____ () C:\Users\Samsung\Desktop\P1030137 - Shortcut.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 17:48 - 2014-08-05 20:31 - 00000189 _____ () C:\Users\Samsung\Desktop\BETS.txt
2014-11-17 17:41 - 2014-08-06 19:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-17 17:30 - 2014-08-04 12:45 - 01952517 _____ () C:\Windows\WindowsUpdate.log
2014-11-17 17:16 - 2014-08-14 16:20 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-11-17 17:14 - 2014-08-05 10:09 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-17 17:09 - 2014-08-06 17:48 - 00003320 _____ () C:\Windows\System32\Tasks\WIN-statsAdmin
2014-11-17 17:08 - 2014-08-08 13:50 - 00001637 _____ () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-17 17:08 - 2014-08-05 10:11 - 00002406 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-17 16:37 - 2014-08-07 23:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-17 11:23 - 2014-08-05 10:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-17 06:48 - 2009-07-14 04:51 - 00049683 _____ () C:\Windows\setupact.log
2014-11-15 09:00 - 2009-07-14 04:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-15 09:00 - 2009-07-14 04:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-15 08:52 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-15 08:51 - 2011-04-12 08:28 - 00000000 ____D () C:\Windows\ShellNew
2014-11-15 08:51 - 2010-11-21 03:47 - 00037734 _____ () C:\Windows\PFRO.log
2014-11-15 08:09 - 2014-08-05 10:09 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 08:09 - 2014-08-05 10:09 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 18:17 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 08:14 - 2009-07-14 04:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 08:13 - 2014-08-05 11:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 07:52 - 2013-12-12 10:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 07:40 - 2013-12-12 10:45 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 18:49 - 2014-08-04 12:47 - 00000000 ____D () C:\Users\Samsung
2014-11-11 18:48 - 2014-08-05 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-11 18:48 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2014-11-08 20:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-11-01 21:00 - 2009-07-14 05:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-31 08:46 - 2009-07-14 05:08 - 00032528 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-30 11:25 - 2010-11-21 03:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\ProgramData\uninstall_Winservices.exe


Some content of TEMP:
====================
C:\Users\Samsung\AppData\Local\Temp\OnlineBackup.exe
C:\Users\Samsung\AppData\Local\Temp\unzip.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 19:36

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2014 03
Ran by Samsung at 2014-11-17 17:56:36
Running from C:\Users\Samsung\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\...\uTorrent) (Version: 3.4.2.33080 - BitTorrent Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{41042E28-CCA1-4147-869F-9E928B38F04C}) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CryptoPrevent v6.1.5 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
f.lux (HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\...\Flux) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Installer (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{7E59919F-564E-3FB5-B1FC-884251B18B06}) (Version: 4.5.51078 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
NVIDIA Graphics Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
qBittorrent 3.1.10 (HKLM-x32\...\qBittorrent) (Version: 3.1.10 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
SopCast 3.9.2 (HKLM-x32\...\SopCast) (Version: 3.9.2 - www.sopcast.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebCam SC-0311139N (HKLM\...\{FD7041D8-C40A-47fb-97FF-ABA9AD0FEB81}) (Version: 5.66.1.0 - Silicon Motion)
webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version: - webssearches) <==== ATTENTION
WindowsMangerProtect20.0.0.1270 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1270 - WindowsProtect LIMITED) <==== ATTENTION
Winservices (HKLM-x32\...\WinServices) (Version: 1.0.0.0 - Kreapixel inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

26-10-2014 12:57:10 Windows Update
30-10-2014 08:01:03 Windows Update
02-11-2014 08:34:32 Windows Update
05-11-2014 20:37:37 Windows Update
09-11-2014 19:15:04 Windows Update
11-11-2014 18:45:56 Restore Operation
11-11-2014 19:06:35 Windows Update
12-11-2014 07:36:22 Windows Modules Installer
14-11-2014 19:42:32 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2BA6ECE8-569B-4E78-9D5D-C50C369ED6FF} - System32\Tasks\WIN-statsAdmin => C:\Users\Samsung\AppData\Local\Microsoft\WinU\~gzsbogc.exe [2014-08-06] () <==== ATTENTION
Task: {395242E7-CA44-45E3-ADDD-DEA94CB630EF} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {406AFAE0-2B4D-4383-B461-1C7FBD44A325} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-05] (Google Inc.)
Task: {558D95E1-0AF5-46EB-BB3A-F72AFCED6972} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6A72BFB3-659D-46FD-9B7C-1B4E68A0D80D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-05] (Google Inc.)
Task: {738263A6-2377-4E34-8B3A-3D594ED649F2} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-11-17] (globalUpdate) <==== ATTENTION
Task: {75B127CC-F3FA-44B1-BE4C-5C76E86C1275} - System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC => C:\Users\Samsung\AppData\Roaming\~vsgqcnp.exe [2014-11-17] ()
Task: {7D98A246-9FEF-450A-9791-2AB055E92229} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-11-17] (globalUpdate) <==== ATTENTION
Task: {8C2A2370-619C-4B26-99A8-2D37B3C1C2E9} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {A0E9C08F-D486-4332-B33D-4E85C2B09DD5} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {DD7CDC09-80F3-4109-95B4-1D447719A7EE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {E27999E8-82C2-4BBD-A33A-DF6F8E1325A9} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {E9BA53DC-7457-4B1F-84CC-AA8D523080AE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {ED691586-E838-46AE-AD91-B65BA97B8282} - System32\Tasks\WIN-statsSystem => C:\Users\Samsung\AppData\Local\Microsoft\WinU\~eodpahy.exe
Task: {EFE6006B-F585-4858-823A-EC177681F73C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {FE1D3C38-3772-4C27-9127-370580E31D39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-06] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-21 12:33 - 2014-11-17 17:09 - 00106376 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll
2014-08-04 12:55 - 2013-11-11 15:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-04 12:52 - 2013-10-31 18:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-21 12:32 - 2014-11-17 17:09 - 00733576 _____ () C:\Program Files (x86)\SupTab\HpUI.exe
2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-21 12:33 - 2014-11-17 17:09 - 00023944 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
2014-08-04 12:57 - 2010-05-05 11:46 - 00317440 _____ () C:\Windows\system32\370prop.ax
2014-10-29 12:21 - 2014-10-22 04:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-29 12:21 - 2014-10-22 04:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-29 12:21 - 2014-10-22 04:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-29 12:21 - 2014-10-22 04:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1893469449-2281273183-1111418718-500 - Administrator - Disabled)
Guest (S-1-5-21-1893469449-2281273183-1111418718-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1893469449-2281273183-1111418718-1003 - Limited - Enabled)
Samsung (S-1-5-21-1893469449-2281273183-1111418718-1000 - Administrator - Enabled) => C:\Users\Samsung
UpdatusUser (S-1-5-21-1893469449-2281273183-1111418718-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Toshiba RFBUS Driver
Description: Toshiba RFBUS Driver
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2014 05:05:15 PM) (Source: MsiInstaller) (EventID: 11309) (User: Samsung-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.

Error: (11/15/2014 08:53:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 07:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1997

Error: (11/14/2014 07:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1997

Error: (11/14/2014 07:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/14/2014 07:27:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2014 07:14:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4072

Error: (11/13/2014 07:14:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4072

Error: (11/13/2014 07:14:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/13/2014 07:14:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3073


System errors:
=============
Error: (11/17/2014 06:48:36 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (11/13/2014 02:37:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 14:35:57 on ‎13/‎11/‎2014 was unexpected.

Error: (11/11/2014 06:49:34 PM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Signatures Attempted: %24

Error Code: 0x80070002

Error description: The system cannot find the file specified.

Signature version: 0.0.0.0;0.0.0.0

Engine version: %600

Error: (11/11/2014 08:12:39 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (11/02/2014 08:24:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%1053

Error: (11/02/2014 08:24:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (10/28/2014 07:38:34 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 01:23:37 on ‎28/‎10/‎2014 was unexpected.

Error: (10/24/2014 01:23:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/20/2014 07:26:47 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NVIDIA Update Service Daemon service hung on starting.

Error: (10/16/2014 07:40:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 20:38:54 on ‎16/‎10/‎2014 was unexpected.


Microsoft Office Sessions:
=========================
Error: (11/17/2014 05:05:15 PM) (Source: MsiInstaller) (EventID: 11309) (User: Samsung-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/15/2014 08:53:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 07:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1997

Error: (11/14/2014 07:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1997

Error: (11/14/2014 07:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/14/2014 07:27:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2014 07:14:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4072

Error: (11/13/2014 07:14:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4072

Error: (11/13/2014 07:14:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/13/2014 07:14:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3073


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 34%
Total physical RAM: 6057.55 MB
Available physical RAM: 3953.93 MB
Total Pagefile: 12113.27 MB
Available Pagefile: 9662.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.42 GB) (Free:347.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 964863EB)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-11-17 18:03:11
-----------------------------
18:03:11.095 OS Version: Windows x64 6.1.7601 Service Pack 1
18:03:11.095 Number of processors: 4 586 0x2A07
18:03:11.095 ComputerName: SAMSUNG-PC UserName: Samsung
18:03:12.135 Initialize success
18:03:12.225 VM: initialized successfully
18:03:12.235 VM: Intel CPU supported
18:03:14.729 VM: disk I/O iaStorA.sys
18:07:31.360 AVAST engine defs: 14111700
18:07:37.936 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
18:07:37.936 Disk 0 Vendor: ST500LM0 2AR1 Size: 476940MB BusType: 11
18:07:38.170 Disk 0 MBR read successfully
18:07:38.170 Disk 0 MBR scan
18:07:38.264 Disk 0 Windows 7 default MBR code
18:07:38.279 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 2048
18:07:38.295 Disk 0 Boot: NTFS code=1
18:07:38.373 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476588 MB offset 718848
18:07:38.576 Disk 0 scanning C:\Windows\system32\drivers
18:08:04.267 Service scanning
18:08:57.210 Modules scanning
18:08:57.225 Disk 0 trace - called modules:
18:08:57.288 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
18:08:57.288 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008aa9060]
18:08:57.303 3 CLASSPNP.SYS[fffff88001da543f] -> nt!IofCallDriver -> [0xfffffa800891ac50]
18:08:57.319 5 iaStorF.sys[fffff88001d41f84] -> nt!IofCallDriver -> \Device\00000063[0xfffffa80057729c0]
18:08:58.910 AVAST engine scan C:\Windows
18:09:03.391 AVAST engine scan C:\Windows\system32
18:17:17.206 AVAST engine scan C:\Windows\system32\drivers
18:17:47.081 AVAST engine scan C:\Users\Samsung
18:20:24.624 File: C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 **INFECTED** Win32:Adware-gen [Adw]
18:22:02.983 File: C:\Users\Samsung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7VTN9ZF\service[1].exe **INFECTED** Win32:Adware-gen [Adw]
18:22:18.536 File: C:\Users\Samsung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YV8OV1TC\maj[1].exe **INFECTED** Win32:Adware-gen [Adw]
18:22:24.441 File: C:\Users\Samsung\AppData\Local\Microsoft\WinU\~tflnaet.exe **INFECTED** Win32:Malware-gen
18:24:03.370 File: C:\Users\Samsung\AppData\Roaming\~vsgqcnp.exe **INFECTED** Win32:Adware-gen [Adw]
18:25:11.362 AVAST engine scan C:\ProgramData
18:38:32.011 File: C:\ProgramData\uninstall_Winservices.exe **INFECTED** Win32:Malware-gen
18:38:32.500 Disk 0 statistics 3759744/0/0 @ 3.82 MB/s
18:38:32.510 Scan finished successfully
18:41:06.081 Disk 0 MBR has been saved successfully to "C:\Users\Samsung\Desktop\MBR.dat"
18:41:06.209 The log file has been saved successfully to "C:\Users\Samsung\Desktop\aswMBR.txt"

Hi jackwil,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) P2P - (Peer to Peer)

I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page (http://malwareremoval.com/p2pindex.php) will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

uTorrent
If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Security Check

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



Start
CloseProcesses:
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bincom <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binpif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binexe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *** <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binscr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lastpass\lastpassbroker.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lastpass\wlandecrypt.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lastpass\lastpassbroker.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\lastpass\wlandecrypt.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lastpass\wlandecrypt.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lastpass\lastpassbroker.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lastpass\wlandecrypt.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\lastpass\lastpassbroker.exe <====== ATTENTION
HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type...S2RSJ9AC130059
HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type...S2RSJ9AC130059
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type...S2RSJ9AC130059
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type...S2RSJ9AC130059
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type...S2RSJ9AC130059
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type...S2RSJ9AC130059
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type...S2RSJ9AC130059
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type...S2RSJ9AC130059
Installer (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version: - webssearches) <==== ATTENTION
WindowsMangerProtect20.0.0.1270 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1270 - WindowsProtect LIMITED) <==== ATTENTION
Task: {2BA6ECE8-569B-4E78-9D5D-C50C369ED6FF} - System32\Tasks\WIN-statsAdmin => C:\Users\Samsung\AppData\Local\Microsoft\WinU\~gzsbogc.exe [2014-08-06] () <==== ATTENTION
Task: {395242E7-CA44-45E3-ADDD-DEA94CB630EF} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
EmptyTemp:
CMD: Hosts
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

checkup.txt
Fixlog.txt
new FRST.txt
How is the computer running at the moment?

Results of screen317's Security Check version 0.99.90
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome (38.0.2125.104)
Google Chrome (38.0.2125.111)
Google Chrome (38.0.2125.122)
Google Chrome (chrome.exe..)
Google Chrome (debug.log..)
Google Chrome (Dictionaries...)
Google Chrome (extensions...)
Google Chrome (master_preferences...)
Google Chrome (old_chrome.exe..)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-11-2014 03
Ran by Samsung at 2014-11-19 08:11:16 Run:1
Running from C:\Users\Samsung\Desktop
Loaded Profiles: Samsung & UpdatusUser (Available profiles: Samsung & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bincom <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binpif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binexe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *** <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binscr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lastpass\lastpassbroker.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lastpass\wlandecrypt.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lastpass\lastpassbroker.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\lastpass\wlandecrypt.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lastpass\wlandecrypt.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lastpass\lastpassbroker.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lastpass\wlandecrypt.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\lastpass\lastpassbroker.exe <====== ATTENTION
HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type...S2RSJ9AC130059
HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type...S2RSJ9AC130059
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type...S2RSJ9AC130059
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type...S2RSJ9AC130059
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type...S2RSJ9AC130059
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type...S2RSJ9AC130059
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type...S2RSJ9AC130059
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type...S2RSJ9AC130059
Installer (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version: - webssearches) <==== ATTENTION
WindowsMangerProtect20.0.0.1270 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1270 - WindowsProtect LIMITED) <==== ATTENTION
Task: {2BA6ECE8-569B-4E78-9D5D-C50C369ED6FF} - System32\Tasks\WIN-statsAdmin => C:\Users\Samsung\AppData\Local\Microsoft\WinU\~gzsbogc.exe [2014-08-06] () <==== ATTENTION
Task: {395242E7-CA44-45E3-ADDD-DEA94CB630EF} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
EmptyTemp:
CMD: Hosts
End
*****************

Processes closed successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
"HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
"HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
Installer (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION => Error: No automatic fix found for this entry.
webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version: - webssearches) <==== ATTENTION => Error: No automatic fix found for this entry.
WindowsMangerProtect20.0.0.1270 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1270 - WindowsProtect LIMITED) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2BA6ECE8-569B-4E78-9D5D-C50C369ED6FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BA6ECE8-569B-4E78-9D5D-C50C369ED6FF}" => Key deleted successfully.
C:\Windows\System32\Tasks\WIN-statsAdmin => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WIN-statsAdmin" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{395242E7-CA44-45E3-ADDD-DEA94CB630EF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{395242E7-CA44-45E3-ADDD-DEA94CB630EF}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job not found.

========= Hosts =========

'Hosts' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

EmptyTemp: => Removed 1.6 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 03
Ran by Samsung (administrator) on SAMSUNG-PC on 19-11-2014 08:28:35
Running from C:\Users\Samsung\Desktop
Loaded Profiles: Samsung & UpdatusUser (Available profiles: Samsung & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Flux Software LLC) C:\Users\Samsung\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\...\Run: [f.lux] => C:\Users\Samsung\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5E886DA294B0CF01
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: WinServices -> {70C53538-9F82-42BC-A327-74F7A46E700C} -> C:\Program Files (x86)\WinServices\ScriptHost.dll (WinServices)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "https://www.google.co.uk/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-05]
CHR Extension: (Google Drive) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-05]
CHR Extension: (YouTube) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-05]
CHR Extension: (Adblock Plus) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-08]
CHR Extension: (Google Search) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-21]
CHR Extension: (Google Wallet) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-05]
CHR Extension: (Gmail) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-11-17] (Cherished Technololgy LIMITED)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [490640 2014-11-17] (Fuyu LIMITED)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-10-28] (Intel Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-19] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [206336 2011-03-02] (SMI)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 08:23 - 2014-11-19 08:23 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\winservices
2014-11-19 08:22 - 2014-11-19 08:22 - 00854414 _____ () C:\Users\Samsung\Desktop\SecurityCheck (1).exe
2014-11-19 07:53 - 2014-11-19 07:53 - 00854414 _____ () C:\Users\Samsung\Desktop\SecurityCheck.exe
2014-11-17 18:41 - 2014-11-17 18:41 - 00002948 _____ () C:\Users\Samsung\Desktop\aswMBR.txt
2014-11-17 18:02 - 2014-11-17 18:03 - 05198336 _____ (AVAST Software) C:\Users\Samsung\Desktop\aswMBR.exe
2014-11-17 17:56 - 2014-11-17 17:58 - 00020688 _____ () C:\Users\Samsung\Desktop\Addition.txt
2014-11-17 17:55 - 2014-11-19 08:28 - 00010473 _____ () C:\Users\Samsung\Desktop\FRST.txt
2014-11-17 17:54 - 2014-11-19 08:28 - 00000000 ____D () C:\FRST
2014-11-17 17:53 - 2014-11-17 17:53 - 02117120 _____ (Farbar) C:\Users\Samsung\Desktop\FRST64.exe
2014-11-17 17:16 - 2014-11-17 17:16 - 00003162 _____ () C:\Windows\System32\Tasks\{80298132-AA8A-4F0E-86FD-04D68B5B6ECC}
2014-11-17 17:09 - 2014-11-17 17:09 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-11-17 17:08 - 2014-11-17 17:09 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-11-17 17:08 - 2014-11-17 17:09 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-11-17 17:07 - 2014-11-17 17:07 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\VOPackage
2014-11-17 17:07 - 2014-11-17 17:07 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-11-17 17:03 - 2014-11-17 17:03 - 00000000 ____D () C:\Program Files (x86)\WinServices
2014-11-17 17:00 - 2014-11-17 17:00 - 00667648 _____ () C:\Users\Samsung\AppData\Roaming\~vsgqcnp.exe
2014-11-17 17:00 - 2014-11-17 17:00 - 00003188 _____ () C:\Windows\System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC
2014-11-14 10:50 - 2014-11-14 10:50 - 00511623 _____ () C:\Users\Samsung\Desktop\Outlook.com.zip
2014-11-11 19:06 - 2014-11-07 19:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 19:06 - 2014-11-07 19:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 19:06 - 2014-11-06 04:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 19:06 - 2014-11-06 04:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 19:06 - 2014-11-06 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 19:06 - 2014-11-06 03:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 19:06 - 2014-11-06 03:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 19:06 - 2014-11-06 03:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 19:06 - 2014-11-06 03:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 19:06 - 2014-11-06 03:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 19:06 - 2014-11-06 03:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 19:06 - 2014-11-06 03:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 19:06 - 2014-11-06 03:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 19:06 - 2014-11-06 03:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 19:06 - 2014-11-06 03:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 19:06 - 2014-11-06 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 19:06 - 2014-11-06 02:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 19:06 - 2014-11-06 02:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 19:06 - 2014-11-06 02:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 19:06 - 2014-11-06 02:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 19:06 - 2014-11-06 02:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 19:06 - 2014-11-06 02:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 19:06 - 2014-11-06 02:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 19:06 - 2014-11-06 02:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 19:06 - 2014-11-06 02:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 19:06 - 2014-11-06 02:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 19:06 - 2014-11-06 02:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 19:06 - 2014-11-06 01:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 19:06 - 2014-11-06 01:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 19:06 - 2014-11-05 17:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 19:06 - 2014-11-05 17:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 19:06 - 2014-11-05 17:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 19:06 - 2014-10-14 02:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 19:06 - 2014-10-14 02:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 19:06 - 2014-10-14 02:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 19:06 - 2014-10-14 02:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 19:06 - 2014-10-14 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 19:06 - 2014-10-14 01:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 19:06 - 2014-10-14 01:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 19:06 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 19:06 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 19:05 - 2014-11-06 04:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 19:05 - 2014-11-06 03:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 19:05 - 2014-11-06 03:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 19:05 - 2014-11-06 03:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 19:05 - 2014-11-06 03:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 19:05 - 2014-11-06 03:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 19:05 - 2014-11-06 03:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 19:05 - 2014-11-06 03:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 19:05 - 2014-11-06 03:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 19:05 - 2014-11-06 03:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 19:05 - 2014-11-06 03:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 19:05 - 2014-11-06 03:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 19:05 - 2014-11-06 03:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 19:05 - 2014-11-06 03:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 19:05 - 2014-11-06 03:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 19:05 - 2014-11-06 03:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 19:05 - 2014-11-06 02:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 19:05 - 2014-11-06 02:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 19:05 - 2014-11-06 02:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 19:05 - 2014-11-06 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 19:05 - 2014-11-06 02:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 19:05 - 2014-11-06 02:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 19:05 - 2014-11-06 02:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 19:05 - 2014-11-06 02:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 19:05 - 2014-11-06 02:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 19:05 - 2014-11-06 01:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 19:05 - 2014-11-06 01:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 19:04 - 2014-10-25 01:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 19:04 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 19:04 - 2014-10-03 02:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 19:04 - 2014-10-03 02:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 19:04 - 2014-10-03 02:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 19:04 - 2014-10-03 02:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 19:04 - 2014-10-03 02:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 19:04 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 19:04 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 19:04 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 19:04 - 2014-09-19 09:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-11 19:04 - 2014-09-19 09:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 19:04 - 2014-09-19 09:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 19:04 - 2014-09-19 09:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 19:04 - 2014-09-19 09:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 19:04 - 2014-09-19 09:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 19:04 - 2014-09-19 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 19:04 - 2014-09-19 09:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-11 19:04 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 19:04 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 19:04 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 19:04 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 19:04 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 19:04 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 19:04 - 2014-08-21 06:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 19:04 - 2014-08-21 06:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 19:04 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 19:04 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 19:04 - 2014-08-12 02:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 19:04 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 19:03 - 2014-10-18 02:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 19:03 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 19:03 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 19:03 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 19:03 - 2014-10-10 00:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 17:02 - 2014-11-17 23:10 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-11-11 17:02 - 2014-11-11 17:02 - 00000000 ____D () C:\Users\Samsung\AppData\Local\globalUpdate
2014-10-31 17:15 - 2014-10-31 17:15 - 00002340 _____ () C:\Users\Samsung\Desktop\P1030137 - Shortcut.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 08:28 - 2014-08-07 23:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-19 08:20 - 2009-07-14 04:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-19 08:20 - 2009-07-14 04:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-19 08:17 - 2014-08-04 12:45 - 02054954 _____ () C:\Windows\WindowsUpdate.log
2014-11-19 08:14 - 2014-08-05 10:09 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-19 08:14 - 2014-08-05 10:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-19 08:13 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-19 08:13 - 2009-07-14 04:51 - 00049851 _____ () C:\Windows\setupact.log
2014-11-18 07:41 - 2014-08-06 19:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-18 07:23 - 2010-11-21 03:47 - 00040080 _____ () C:\Windows\PFRO.log
2014-11-17 17:48 - 2014-08-05 20:31 - 00000189 _____ () C:\Users\Samsung\Desktop\BETS.txt
2014-11-17 17:16 - 2014-08-14 16:20 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-11-17 17:08 - 2014-08-08 13:50 - 00001637 _____ () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-17 17:08 - 2014-08-05 10:11 - 00002406 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-15 08:51 - 2011-04-12 08:28 - 00000000 ____D () C:\Windows\ShellNew
2014-11-15 08:09 - 2014-08-05 10:09 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 08:09 - 2014-08-05 10:09 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 18:17 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 08:14 - 2009-07-14 04:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 08:13 - 2014-08-05 11:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 07:52 - 2013-12-12 10:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 07:40 - 2013-12-12 10:45 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 18:49 - 2014-08-04 12:47 - 00000000 ____D () C:\Users\Samsung
2014-11-11 18:48 - 2014-08-05 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-11 18:48 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2014-11-08 20:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-11-01 21:00 - 2009-07-14 05:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-31 08:46 - 2009-07-14 05:08 - 00032528 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-30 11:25 - 2010-11-21 03:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\ProgramData\uninstall_Winservices.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 19:36

==================== End Of Log ============================

Webssearches still opens when I open Google Chrome.

Hi jackwil,

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

Installer
webssearches uninstall
WindowsMangerProtect20.0.0.1270

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



Start
CloseProcesses:
2014-11-17 17:08 - 2014-11-17 17:09 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
C:\ProgramData\uninstall_Winservices.exe
EmptyTemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Delete cache and other browser data in Chrome

Click the Chrome menu http://i1269.photobucket.com/albums/jj590/OCD-WTT/chromebrowsertoolbar.png on the browser toolbar.
Select Tools.
Select Clear browsing data.
In the dialogue that appears, select the highlighted check-boxes for the types of information that you want to remove.

Clear browsing history
Clear download history
Empty the cache
Delete cookies and other site and plug-in data
Clear saved passwords
Clear saved Autofill form data
Clear data from hosted apps
Deauthorize content licenses

Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
Click Clear browsing data.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re- run AdwCleaner

It should be on your desktop

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Junkware Removal Tool

Download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Shut down your protection software now to avoid potential conflicts.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

Fixlog.txt
AdwCleaner[S0].txt
JRT.txt
new FRST.txt
Update of performance

webssearches has gone and it seems faster too, thanks.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-11-2014 03
Ran by Samsung at 2014-11-19 15:44:33 Run:2
Running from C:\Users\Samsung\Desktop
Loaded Profiles: Samsung & UpdatusUser (Available profiles: Samsung & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
2014-11-17 17:08 - 2014-11-17 17:09 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
C:\ProgramData\uninstall_Winservices.exe
EmptyTemp:
End
*****************

Processes closed successfully.
C:\ProgramData\WindowsMangerProtect => Moved successfully.
C:\ProgramData\uninstall_Winservices.exe => Moved successfully.
EmptyTemp: => Removed 238.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====


# AdwCleaner v4.101 - Report created 19/11/2014 at 16:06:36
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Samsung - SAMSUNG-PC
# Running from : C:\Users\Samsung\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[x] Not Deleted : IePluginServices

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\winservices
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Samsung\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Samsung\AppData\Roaming\ap_logs
Folder Deleted : C:\Users\Samsung\AppData\Roaming\rightbackup
Folder Deleted : C:\Users\Samsung\AppData\Roaming\Store
Folder Deleted : C:\Users\Samsung\AppData\Roaming\winservices
File Deleted : C:\Users\Samsung\AppData\Roaming\WindApp.boostrap.log
File Deleted : C:\Users\Samsung\AppData\Roaming\Bubble Dock.installation.log
File Deleted : C:\Users\Samsung\AppData\Roaming\WindApp.installation.log
File Deleted : C:\Users\Samsung\AppData\Roaming\~vsgqcnp.exe

***** [ Scheduled Tasks ] *****

Task Deleted : System Speedup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\Classes\keepmysearch
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70C53538-9F82-42BC-A327-74F7A46E700C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{861A4A3E-EC88-4BD1-B09E-C9DA95130969}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A74D0C30-5CE2-4E3E-9C35-99ABEC75BE51}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F91870ED-0B2A-4044-903F-19675DCF609D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{15471168-82D3-49F9-A16B-2F455C1AD4BF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{85CD8584-3403-4489-B826-CA6FCE6E1694}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{97D91814-80A6-444F-AD27-551657E99C94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A719A841-028A-427B-807E-667359D91C96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70C53538-9F82-42BC-A327-74F7A46E700C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Store
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
Key Deleted : [x64] HKLM\SOFTWARE\AllDaySavings
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [7943 octets] - [19/11/2014 16:01:48]
AdwCleaner[S0].txt - [7832 octets] - [19/11/2014 16:06:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7892 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Samsung on 19/11/2014 at 16:11:40.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] iepluginservices
Successfully deleted: [Service] iepluginservices



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/11/2014 at 16:18:27.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 03
Ran by Samsung (administrator) on SAMSUNG-PC on 19-11-2014 16:19:39
Running from C:\Users\Samsung\Desktop
Loaded Profiles: Samsung & UpdatusUser (Available profiles: Samsung & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Flux Software LLC) C:\Users\Samsung\AppData\Local\FluxSoftware\Flux\flux.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\...\Run: [f.lux] => C:\Users\Samsung\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5E886DA294B0CF01
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "https://www.google.co.uk/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-05]
CHR Extension: (Google Drive) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-05]
CHR Extension: (YouTube) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-05]
CHR Extension: (Adblock Plus) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-08]
CHR Extension: (Google Search) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-21]
CHR Extension: (Google Wallet) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-05]
CHR Extension: (Gmail) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-10-28] (Intel Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-19] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [206336 2011-03-02] (SMI)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 16:18 - 2014-11-19 16:18 - 00000731 _____ () C:\Users\Samsung\Desktop\JRT.txt
2014-11-19 16:10 - 2014-11-19 16:10 - 01707532 _____ (Thisisu) C:\Users\Samsung\Desktop\JRT.exe
2014-11-19 16:01 - 2014-11-19 16:06 - 00000000 ____D () C:\AdwCleaner
2014-11-19 16:01 - 2014-11-19 16:01 - 02140160 _____ () C:\Users\Samsung\Desktop\AdwCleaner.exe
2014-11-19 08:22 - 2014-11-19 08:22 - 00854414 _____ () C:\Users\Samsung\Desktop\SecurityCheck (1).exe
2014-11-19 07:56 - 2014-11-11 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 07:56 - 2014-11-11 03:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 07:56 - 2014-11-11 02:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 07:56 - 2014-11-11 02:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 07:53 - 2014-11-19 07:53 - 00854414 _____ () C:\Users\Samsung\Desktop\SecurityCheck.exe
2014-11-17 18:41 - 2014-11-17 18:41 - 00002948 _____ () C:\Users\Samsung\Desktop\aswMBR.txt
2014-11-17 18:02 - 2014-11-17 18:03 - 05198336 _____ (AVAST Software) C:\Users\Samsung\Desktop\aswMBR.exe
2014-11-17 17:56 - 2014-11-17 17:58 - 00020688 _____ () C:\Users\Samsung\Desktop\Addition.txt
2014-11-17 17:55 - 2014-11-19 16:19 - 00009632 _____ () C:\Users\Samsung\Desktop\FRST.txt
2014-11-17 17:54 - 2014-11-19 16:19 - 00000000 ____D () C:\FRST
2014-11-17 17:53 - 2014-11-17 17:53 - 02117120 _____ (Farbar) C:\Users\Samsung\Desktop\FRST64.exe
2014-11-17 17:16 - 2014-11-17 17:16 - 00003162 _____ () C:\Windows\System32\Tasks\{80298132-AA8A-4F0E-86FD-04D68B5B6ECC}
2014-11-17 17:00 - 2014-11-17 17:00 - 00003188 _____ () C:\Windows\System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC
2014-11-14 10:50 - 2014-11-14 10:50 - 00511623 _____ () C:\Users\Samsung\Desktop\Outlook.com.zip
2014-11-11 19:06 - 2014-11-07 19:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 19:06 - 2014-11-07 19:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 19:06 - 2014-11-06 04:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 19:06 - 2014-11-06 04:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 19:06 - 2014-11-06 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 19:06 - 2014-11-06 03:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 19:06 - 2014-11-06 03:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 19:06 - 2014-11-06 03:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 19:06 - 2014-11-06 03:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 19:06 - 2014-11-06 03:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 19:06 - 2014-11-06 03:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 19:06 - 2014-11-06 03:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 19:06 - 2014-11-06 03:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 19:06 - 2014-11-06 03:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 19:06 - 2014-11-06 03:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 19:06 - 2014-11-06 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 19:06 - 2014-11-06 02:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 19:06 - 2014-11-06 02:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 19:06 - 2014-11-06 02:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 19:06 - 2014-11-06 02:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 19:06 - 2014-11-06 02:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 19:06 - 2014-11-06 02:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 19:06 - 2014-11-06 02:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 19:06 - 2014-11-06 02:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 19:06 - 2014-11-06 02:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 19:06 - 2014-11-06 02:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 19:06 - 2014-11-06 02:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 19:06 - 2014-11-06 01:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 19:06 - 2014-11-06 01:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 19:06 - 2014-11-05 17:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 19:06 - 2014-11-05 17:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 19:06 - 2014-11-05 17:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 19:06 - 2014-10-14 02:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 19:06 - 2014-10-14 02:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 19:06 - 2014-10-14 02:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 19:06 - 2014-10-14 02:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 19:06 - 2014-10-14 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 19:06 - 2014-10-14 01:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 19:06 - 2014-10-14 01:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 19:06 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 19:06 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 19:05 - 2014-11-06 04:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 19:05 - 2014-11-06 03:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 19:05 - 2014-11-06 03:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 19:05 - 2014-11-06 03:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 19:05 - 2014-11-06 03:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 19:05 - 2014-11-06 03:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 19:05 - 2014-11-06 03:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 19:05 - 2014-11-06 03:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 19:05 - 2014-11-06 03:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 19:05 - 2014-11-06 03:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 19:05 - 2014-11-06 03:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 19:05 - 2014-11-06 03:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 19:05 - 2014-11-06 03:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 19:05 - 2014-11-06 03:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 19:05 - 2014-11-06 03:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 19:05 - 2014-11-06 03:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 19:05 - 2014-11-06 02:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 19:05 - 2014-11-06 02:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 19:05 - 2014-11-06 02:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 19:05 - 2014-11-06 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 19:05 - 2014-11-06 02:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 19:05 - 2014-11-06 02:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 19:05 - 2014-11-06 02:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 19:05 - 2014-11-06 02:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 19:05 - 2014-11-06 02:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 19:05 - 2014-11-06 01:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 19:05 - 2014-11-06 01:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 19:04 - 2014-10-25 01:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 19:04 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 19:04 - 2014-10-03 02:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 19:04 - 2014-10-03 02:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 19:04 - 2014-10-03 02:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 19:04 - 2014-10-03 02:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 19:04 - 2014-10-03 02:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 19:04 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 19:04 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 19:04 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 19:04 - 2014-09-19 09:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 19:04 - 2014-09-19 09:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 19:04 - 2014-09-19 09:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 19:04 - 2014-09-19 09:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 19:04 - 2014-09-19 09:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 19:04 - 2014-09-19 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 19:04 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 19:04 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 19:04 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 19:04 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 19:04 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 19:04 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 19:04 - 2014-08-21 06:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 19:04 - 2014-08-21 06:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 19:04 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 19:04 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 19:04 - 2014-08-12 02:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 19:04 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 19:03 - 2014-10-18 02:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 19:03 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 19:03 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 19:03 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 19:03 - 2014-10-10 00:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-31 17:15 - 2014-10-31 17:15 - 00002340 _____ () C:\Users\Samsung\Desktop\P1030137 - Shortcut.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 16:15 - 2009-07-14 04:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-19 16:15 - 2009-07-14 04:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-19 16:14 - 2014-08-05 10:09 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-19 16:07 - 2014-08-05 10:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-19 16:07 - 2014-08-04 12:45 - 01759556 _____ () C:\Windows\WindowsUpdate.log
2014-11-19 16:07 - 2010-11-21 03:47 - 00041462 _____ () C:\Windows\PFRO.log
2014-11-19 16:07 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-19 16:07 - 2009-07-14 04:51 - 00050131 _____ () C:\Windows\setupact.log
2014-11-19 15:41 - 2014-08-06 19:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-19 15:40 - 2014-08-08 13:50 - 00001417 _____ () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-19 15:40 - 2014-08-05 10:11 - 00002198 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-19 15:05 - 2014-08-05 20:31 - 00000176 _____ () C:\Users\Samsung\Desktop\BETS.txt
2014-11-19 12:42 - 2014-08-07 23:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-17 17:16 - 2014-08-14 16:20 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-11-15 08:51 - 2011-04-12 08:28 - 00000000 ____D () C:\Windows\ShellNew
2014-11-15 08:09 - 2014-08-05 10:09 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 08:09 - 2014-08-05 10:09 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 18:17 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 08:14 - 2009-07-14 04:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 08:13 - 2014-08-05 11:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 07:52 - 2013-12-12 10:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 07:40 - 2013-12-12 10:45 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 18:49 - 2014-08-04 12:47 - 00000000 ____D () C:\Users\Samsung
2014-11-11 18:48 - 2014-08-05 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-11 18:48 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2014-11-08 20:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-11-01 21:00 - 2009-07-14 05:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-31 08:46 - 2009-07-14 05:08 - 00032528 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-30 11:25 - 2010-11-21 03:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Samsung\AppData\Local\Temp\Quarantine.exe
C:\Users\Samsung\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 19:36

==================== End Of Log ============================

Hi jackwil,

Your logs are looking good :bigthumb:

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) (save it to your desktop).


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Select Scan tab.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)
Select type of scan to perform:
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMScanTab_zps2c5e74bd.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMScanTab_zps2c5e74bd.gif.html)

Threat Scan < --- Select this type of scan
Custom Scan
Hyper Scan

Next click the Scan button.
When the scan is complete, if no malicious items are found you can close the program.
If malicious items are found be sure that everything is checked, and click Quarantine .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ESET Online Scanner

*Note:

It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner (http://www.eset.eu/online-scanner)

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)


Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply

Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.

=========================

In your next post please provide the following:


MBAM log
ESET's log.txt
How's the computer running, any symptoms?

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 19/11/2014
Scan Time: 17:10:04
Logfile: mb.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.19.06
Rootkit Database: v2014.11.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Samsung

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349611
Time Elapsed: 13 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.Deeal.A, HKLM\SOFTWARE\CLASSES\WinServices.ScriptHostObject, Quarantined, [b3ef1e1f87f5b77f5012dbdec73b629e],
PUP.Optional.Deeal.A, HKLM\SOFTWARE\CLASSES\WinServices.ScriptHostObject.1, Quarantined, [475bea531369de5863ffdcdd0101be42],
PUP.Optional.Deeal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WinServices.ScriptHostObject, Quarantined, [475bea531369de5863ffdcdd0101be42],
PUP.Optional.Deeal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WinServices.ScriptHostObject.1, Quarantined, [475bea531369de5863ffdcdd0101be42],
PUP.Optional.WinServices.A, HKLM\SOFTWARE\WOW6432NODE\WINSERVICES, Quarantined, [d1d1be7f92ea7db91395f7bcb4502cd4],

Registry Values: 1
PUP.Optional.WinServices.A, HKLM\SOFTWARE\WOW6432NODE\WINSERVICES|Installed, True, Quarantined, [d1d1be7f92ea7db91395f7bcb4502cd4]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],

Files: 13
PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\background.html, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\bg.js, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\ci.bg.pack.js, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\ci.browser.helper.js, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\ci.content.pack.js, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\jquery-1.7.1.min.js, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\jquery-1.9.1.min.js, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\jquery.min.map, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\jquery.uuid.js, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\manifest.json, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\popup.js, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\settings.json, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\tool.js, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],

Physical Sectors: 0
(No malicious items detected)


(end)

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir Win32/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir Win64/Thinknice.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir a variant of Win32/Thinknice.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir Win32/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir Win64/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir a variant of Win32/Thinknice.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir a variant of Win32/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir Win64/Thinknice.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir a variant of Win32/ELEX.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir Win32/Thinknice.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir Win32/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir a variant of Win32/Thinknice.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll.vir a variant of Win32/Thinknice.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\winservices\AddonsFramework.dll.vir Win32/Toolbar.Besttoolbars.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\winservices\BackgroundHost.exe.vir a variant of Win32/Toolbar.Besttoolbars.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\winservices\ScriptHost.dll.vir a variant of Win32/Toolbar.Besttoolbars.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir a variant of Win32/ELEX.AV potentially unwanted application
C:\Users\Samsung\AppData\Local\nsz7F39.tmp Win32/AnyProtect.F potentially unwanted application
C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application
C:\Users\Samsung\AppData\Local\Microsoft\WinU\~gzsbogc.exe a variant of Win32/AdWare.WinuSecu.A application
C:\Users\Samsung\AppData\Local\Microsoft\WinU\~tflnaet.exe Win32/AdWare.WinuSecu.A application


No symptoms :)

Hi jackwil,

Your log appears to be clean. :bigthumb:
We have a few items to take care of before we get to the All Clean Speech.

= = = = = = = = = = = = = = = = = = = =

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Remove Disinfection Tools


Download Delfix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Tick the following boxes:

Remove disinfection tools
Create registry backup
Purge system restore


http://i1269.photobucket.com/albums/jj590/OCD-WTT/Delfix_zpsbce6c60b.gif (http://s1269.photobucket.com/user/OCD-WTT/media/Delfix_zpsbce6c60b.gif.html)


Click Run
Any other tools and files found can simply be deleted or uninstall via the Control Panel.

= = = = = = = = = = = = = = = = = = = =


With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate windows and frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:


NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

Avast Free Antivirus (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html)
Avira Free Antivirus 2013 (http://download.cnet.com/Avira-Free-Antivirus-2013/3000-2239_4-10322935.html)
PC Tools AntiVirus Free (http://download.cnet.com/PC-Tools-AntiVirus-Free/3000-2239_4-10625067.html)
Ad-Aware Free Antivirus + (http://download.cnet.com/Ad-Aware-Free-Antivirus/3000-8022_4-10045910.html)

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/).

Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
Comodo Firewall (http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html)

= = = = = = = = = = = = = = = = = = = =

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)
CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)

to help protect your computer in the future I recommend that you get the following free program:

CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this program to lock down and prevent crypto-ransomeware

http://i1269.photobucket.com/albums/jj590/OCD-WTT/CryptoPrevent_zps7ddc3ebd.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/CryptoPrevent_zps7ddc3ebd.jpg.html)

= = = = = = = = = = = = = = = = = = = =

COMPUTER SECURITY (http://www.malwareremoval.com/forum/viewtopic.php?p=557960#p557960) - a short guide to staying safer online

= = = = = = = = = = = = = = = = = = = =

WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Green should be good to go
Yellow for caution
Red to stop

= = = = = = = = = = = = = = = = = = = =

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)


= = = = = = = = = = = = = = = = = = = =

Make sure you keep your Windows OS current.

Windows XP:
Microsoft will no longer offer support for Windows XP beginning on April 8, 2014
If you are running Windows XP, please take the time to read the information provided at these links.

Windows XP - The Elephant In The Room (http://www.malwareremoval.com/forum/viewtopic.php?p=630064#p630064)
Windows XP - The end of the road (http://techpageone.dell.com/technology/windows-xp-end-road/?dgc=BA&cid=272099&lid=5049884&acd=12309189674467600#.UxUoP4W9Is3)

Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.
Window 8 Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.

Without these you are leaving the back door open.

= = = = = = = = = = = = = = = = = = = =

Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

= = = = = = = = = = = = = = = = = = = =

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

I've downloaded Crypto, Avast free, and Online Armour. I also have Malwarebytes (free version) and Microsoft Security Essentials. Will the latter 2 interfere with my new arsenal or is it ok as it is?

Thanks,

Jack

Hi jackwil,


I've downloaded Crypto, Avast free, and Online Armour. I also have Malwarebytes (free version) and Microsoft Security Essentials. Will the latter 2 interfere with my new arsenal or is it ok as it is?

You only need one Anti-Virus and one Firewall installed and running. Having more than one AV & FW will actually degrade your protection, as the two programs may interfere with each other. If you intend to use Avast (AV) and Online Armour(FW) you should disable the Windows Firewall and Microsoft Security Essentials. It is OK to keep both CryptoLocker and Malwarebytes' Anti-Malware as these will not interfere with the other programs.

Ok I've disabled real time protections on MSE and turned off Windows firewall. Hopefully this will prevent another infection. Thanks again for your help.

You're very welcome. Glad I was able to help. :bigthumb:

Since this issue appears to be resolved ... this Topic has been closed.

If you still require help, please start a new topic and include fresh FRST and aswMBR logs, along with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.