Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: istart.webssearches.com browser hijack

  1. #1
    Junior Member
    Join Date
    Nov 2014
    Posts
    19

    Default istart.webssearches.com browser hijack

    Hi. webssearches browser hijacked. Here's my files. Thanks in advance.

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 03
    Ran by Samsung (administrator) on SAMSUNG-PC on 17-11-2014 17:55:09
    Running from C:\Users\Samsung\Desktop
    Loaded Profiles: Samsung & UpdatusUser (Available profiles: Samsung & UpdatusUser)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Flux Software LLC) C:\Users\Samsung\AppData\Local\FluxSoftware\Flux\flux.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe
    (Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
    (Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
    () C:\Program Files (x86)\SupTab\HpUI.exe
    () C:\Program Files (x86)\SupTab\Loader64.exe
    () C:\Program Files (x86)\SupTab\Loader32.exe
    (Microsoft) C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
    HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bincom <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Binpif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Binexe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *** <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Binscr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lastpass\lastpassbroker.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lastpass\wlandecrypt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lastpass\lastpassbroker.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\lastpass\wlandecrypt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lastpass\wlandecrypt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lastpass\lastpassbroker.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lastpass\wlandecrypt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\lastpass\lastpassbroker.exe <====== ATTENTION
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\...\Run: [f.lux] => C:\Users\Samsung\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
    ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type...S2RSJ9AC130059
    HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
    HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5E886DA294B0CF01
    HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type...S2RSJ9AC130059
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type...S2RSJ9AC130059
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type...S2RSJ9AC130059
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type...S2RSJ9AC130059
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type...S2RSJ9AC130059
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type...S2RSJ9AC130059
    SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
    BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
    BHO-x32: WinServices -> {70C53538-9F82-42BC-A327-74F7A46E700C} -> C:\Program Files (x86)\WinServices\ScriptHost.dll (WinServices)
    BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
    Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
    Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://google.com/
    CHR StartupUrls: Default -> "https://www.google.co.uk/"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-05]
    CHR Extension: (Google Drive) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-05]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-05]
    CHR Extension: (YouTube) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-05]
    CHR Extension: (Adblock Plus) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-08]
    CHR Extension: (Google Search) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-05]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-21]
    CHR Extension: (Google Wallet) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-05]
    CHR Extension: (Gmail) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-05]
    CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type...S2RSJ9AC130059

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-17] (globalUpdate) [File not signed]
    S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-11-17] (globalUpdate) [File not signed]
    R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-11-17] (Cherished Technololgy LIMITED)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [490640 2014-11-17] (Fuyu LIMITED)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-10-28] (Intel Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-17] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
    R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [206336 2011-03-02] (SMI)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-17 17:55 - 2014-11-17 17:55 - 00028723 _____ () C:\Users\Samsung\Desktop\FRST.txt
    2014-11-17 17:54 - 2014-11-17 17:55 - 00000000 ____D () C:\FRST
    2014-11-17 17:53 - 2014-11-17 17:53 - 02117120 _____ (Farbar) C:\Users\Samsung\Desktop\FRST64.exe
    2014-11-17 17:16 - 2014-11-17 17:16 - 00003162 _____ () C:\Windows\System32\Tasks\{80298132-AA8A-4F0E-86FD-04D68B5B6ECC}
    2014-11-17 17:09 - 2014-11-17 17:09 - 00000000 ____D () C:\ProgramData\IePluginServices
    2014-11-17 17:08 - 2014-11-17 17:09 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
    2014-11-17 17:08 - 2014-11-17 17:09 - 00000000 ____D () C:\Program Files (x86)\SupTab
    2014-11-17 17:07 - 2014-11-17 17:07 - 00004034 _____ () C:\Windows\System32\Tasks\LaunchSignup
    2014-11-17 17:07 - 2014-11-17 17:07 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\VOPackage
    2014-11-17 17:07 - 2014-11-17 17:07 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
    2014-11-17 17:05 - 2014-11-17 17:10 - 00000954 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
    2014-11-17 17:05 - 2014-11-17 17:10 - 00000950 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
    2014-11-17 17:05 - 2014-11-17 17:05 - 00003952 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
    2014-11-17 17:05 - 2014-11-17 17:05 - 00003698 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
    2014-11-17 17:03 - 2014-11-17 17:03 - 00000000 ____D () C:\Program Files (x86)\WinServices
    2014-11-17 17:00 - 2014-11-17 17:00 - 00667648 _____ () C:\Users\Samsung\AppData\Roaming\~vsgqcnp.exe
    2014-11-17 17:00 - 2014-11-17 17:00 - 00003188 _____ () C:\Windows\System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC
    2014-11-14 10:50 - 2014-11-14 10:50 - 00511623 _____ () C:\Users\Samsung\Desktop\Outlook.com.zip
    2014-11-11 19:06 - 2014-11-07 19:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-11-11 19:06 - 2014-11-07 19:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-11-11 19:06 - 2014-11-06 04:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-11-11 19:06 - 2014-11-06 04:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-11-11 19:06 - 2014-11-06 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-11-11 19:06 - 2014-11-06 03:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-11-11 19:06 - 2014-11-06 03:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-11-11 19:06 - 2014-11-06 03:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-11-11 19:06 - 2014-11-06 03:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-11-11 19:06 - 2014-11-06 03:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-11-11 19:06 - 2014-11-06 03:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-11-11 19:06 - 2014-11-06 03:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-11-11 19:06 - 2014-11-06 03:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-11-11 19:06 - 2014-11-06 03:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-11-11 19:06 - 2014-11-06 03:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-11-11 19:06 - 2014-11-06 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-11-11 19:06 - 2014-11-06 02:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-11-11 19:06 - 2014-11-06 02:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-11-11 19:06 - 2014-11-06 02:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-11-11 19:06 - 2014-11-06 02:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-11-11 19:06 - 2014-11-06 02:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-11 19:06 - 2014-11-06 02:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-11-11 19:06 - 2014-11-06 02:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-11-11 19:06 - 2014-11-06 02:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-11-11 19:06 - 2014-11-06 02:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-11-11 19:06 - 2014-11-06 02:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-11-11 19:06 - 2014-11-06 02:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-11-11 19:06 - 2014-11-06 01:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-11-11 19:06 - 2014-11-06 01:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-11-11 19:06 - 2014-11-05 17:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-11-11 19:06 - 2014-11-05 17:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-11-11 19:06 - 2014-11-05 17:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-11-11 19:06 - 2014-10-14 02:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-11-11 19:06 - 2014-10-14 02:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-11-11 19:06 - 2014-10-14 02:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-11-11 19:06 - 2014-10-14 02:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2014-11-11 19:06 - 2014-10-14 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2014-11-11 19:06 - 2014-10-14 01:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-11-11 19:06 - 2014-10-14 01:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-11-11 19:06 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2014-11-11 19:06 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2014-11-11 19:05 - 2014-11-06 04:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-11-11 19:05 - 2014-11-06 03:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-11-11 19:05 - 2014-11-06 03:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-11-11 19:05 - 2014-11-06 03:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-11-11 19:05 - 2014-11-06 03:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-11-11 19:05 - 2014-11-06 03:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-11-11 19:05 - 2014-11-06 03:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-11-11 19:05 - 2014-11-06 03:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-11-11 19:05 - 2014-11-06 03:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-11-11 19:05 - 2014-11-06 03:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-11-11 19:05 - 2014-11-06 03:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-11-11 19:05 - 2014-11-06 03:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-11-11 19:05 - 2014-11-06 03:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-11-11 19:05 - 2014-11-06 03:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-11-11 19:05 - 2014-11-06 03:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-11-11 19:05 - 2014-11-06 03:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-11-11 19:05 - 2014-11-06 02:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-11-11 19:05 - 2014-11-06 02:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-11-11 19:05 - 2014-11-06 02:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-11-11 19:05 - 2014-11-06 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-11-11 19:05 - 2014-11-06 02:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-11-11 19:05 - 2014-11-06 02:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-11-11 19:05 - 2014-11-06 02:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-11-11 19:05 - 2014-11-06 02:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-11-11 19:05 - 2014-11-06 02:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-11-11 19:05 - 2014-11-06 01:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-11-11 19:05 - 2014-11-06 01:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-11-11 19:04 - 2014-10-25 01:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-11-11 19:04 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-11-11 19:04 - 2014-10-03 02:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-11-11 19:04 - 2014-10-03 02:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-11-11 19:04 - 2014-10-03 02:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-11-11 19:04 - 2014-10-03 02:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2014-11-11 19:04 - 2014-10-03 02:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2014-11-11 19:04 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2014-11-11 19:04 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2014-11-11 19:04 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2014-11-11 19:04 - 2014-09-19 09:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-11-11 19:04 - 2014-09-19 09:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-11-11 19:04 - 2014-09-19 09:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-11-11 19:04 - 2014-09-19 09:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-11-11 19:04 - 2014-09-19 09:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-11-11 19:04 - 2014-09-19 09:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-11-11 19:04 - 2014-09-19 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-11-11 19:04 - 2014-09-19 09:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-11-11 19:04 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-11-11 19:04 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-11-11 19:04 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-11-11 19:04 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-11-11 19:04 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-11-11 19:04 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-11-11 19:04 - 2014-08-21 06:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-11-11 19:04 - 2014-08-21 06:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-11-11 19:04 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-11-11 19:04 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-11-11 19:04 - 2014-08-12 02:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2014-11-11 19:04 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
    2014-11-11 19:03 - 2014-10-18 02:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2014-11-11 19:03 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2014-11-11 19:03 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-11-11 19:03 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-11-11 19:03 - 2014-10-10 00:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-11-11 17:02 - 2014-11-17 17:05 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
    2014-11-11 17:02 - 2014-11-11 17:02 - 00000000 ____D () C:\Users\Samsung\AppData\Local\globalUpdate
    2014-10-31 17:15 - 2014-10-31 17:15 - 00002340 _____ () C:\Users\Samsung\Desktop\P1030137 - Shortcut.lnk

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-17 17:48 - 2014-08-05 20:31 - 00000189 _____ () C:\Users\Samsung\Desktop\BETS.txt
    2014-11-17 17:41 - 2014-08-06 19:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-11-17 17:30 - 2014-08-04 12:45 - 01952517 _____ () C:\Windows\WindowsUpdate.log
    2014-11-17 17:16 - 2014-08-14 16:20 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2014-11-17 17:14 - 2014-08-05 10:09 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-17 17:09 - 2014-08-06 17:48 - 00003320 _____ () C:\Windows\System32\Tasks\WIN-statsAdmin
    2014-11-17 17:08 - 2014-08-08 13:50 - 00001637 _____ () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-11-17 17:08 - 2014-08-05 10:11 - 00002406 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-11-17 16:37 - 2014-08-07 23:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-17 11:23 - 2014-08-05 10:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-17 06:48 - 2009-07-14 04:51 - 00049683 _____ () C:\Windows\setupact.log
    2014-11-15 09:00 - 2009-07-14 04:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-15 09:00 - 2009-07-14 04:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-15 08:52 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-15 08:51 - 2011-04-12 08:28 - 00000000 ____D () C:\Windows\ShellNew
    2014-11-15 08:51 - 2010-11-21 03:47 - 00037734 _____ () C:\Windows\PFRO.log
    2014-11-15 08:09 - 2014-08-05 10:09 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-11-15 08:09 - 2014-08-05 10:09 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-11-13 18:17 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
    2014-11-12 08:14 - 2009-07-14 04:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-11-12 08:13 - 2014-08-05 11:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-11-12 07:52 - 2013-12-12 10:45 - 00000000 ____D () C:\Windows\system32\MRT
    2014-11-12 07:40 - 2013-12-12 10:45 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-11-11 18:49 - 2014-08-04 12:47 - 00000000 ____D () C:\Users\Samsung
    2014-11-11 18:48 - 2014-08-05 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-11-11 18:48 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
    2014-11-08 20:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\LiveKernelReports
    2014-11-01 21:00 - 2009-07-14 05:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-10-31 08:46 - 2009-07-14 05:08 - 00032528 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-10-30 11:25 - 2010-11-21 03:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

    Files to move or delete:
    ====================
    C:\ProgramData\uninstall_Winservices.exe


    Some content of TEMP:
    ====================
    C:\Users\Samsung\AppData\Local\Temp\OnlineBackup.exe
    C:\Users\Samsung\AppData\Local\Temp\unzip.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-11-15 19:36

    ==================== End Of Log ============================
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2014 03
    Ran by Samsung at 2014-11-17 17:56:36
    Running from C:\Users\Samsung\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\...\uTorrent) (Version: 3.4.2.33080 - BitTorrent Inc.)
    Adobe Flash Player 11 ActiveX (HKLM-x32\...\{41042E28-CCA1-4147-869F-9E928B38F04C}) (Version: 11.9.900.170 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CryptoPrevent v6.1.5 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    f.lux (HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\...\Flux) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Installer (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
    iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
    LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{7E59919F-564E-3FB5-B1FC-884251B18B06}) (Version: 4.5.51078 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
    NVIDIA Graphics Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
    qBittorrent 3.1.10 (HKLM-x32\...\qBittorrent) (Version: 3.1.10 - The qBittorrent project)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
    SopCast 3.9.2 (HKLM-x32\...\SopCast) (Version: 3.9.2 - www.sopcast.com)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WebCam SC-0311139N (HKLM\...\{FD7041D8-C40A-47fb-97FF-ABA9AD0FEB81}) (Version: 5.66.1.0 - Silicon Motion)
    webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version: - webssearches) <==== ATTENTION
    WindowsMangerProtect20.0.0.1270 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1270 - WindowsProtect LIMITED) <==== ATTENTION
    Winservices (HKLM-x32\...\WinServices) (Version: 1.0.0.0 - Kreapixel inc.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    26-10-2014 12:57:10 Windows Update
    30-10-2014 08:01:03 Windows Update
    02-11-2014 08:34:32 Windows Update
    05-11-2014 20:37:37 Windows Update
    09-11-2014 19:15:04 Windows Update
    11-11-2014 18:45:56 Restore Operation
    11-11-2014 19:06:35 Windows Update
    12-11-2014 07:36:22 Windows Modules Installer
    14-11-2014 19:42:32 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {2BA6ECE8-569B-4E78-9D5D-C50C369ED6FF} - System32\Tasks\WIN-statsAdmin => C:\Users\Samsung\AppData\Local\Microsoft\WinU\~gzsbogc.exe [2014-08-06] () <==== ATTENTION
    Task: {395242E7-CA44-45E3-ADDD-DEA94CB630EF} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    Task: {406AFAE0-2B4D-4383-B461-1C7FBD44A325} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-05] (Google Inc.)
    Task: {558D95E1-0AF5-46EB-BB3A-F72AFCED6972} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {6A72BFB3-659D-46FD-9B7C-1B4E68A0D80D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-05] (Google Inc.)
    Task: {738263A6-2377-4E34-8B3A-3D594ED649F2} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-11-17] (globalUpdate) <==== ATTENTION
    Task: {75B127CC-F3FA-44B1-BE4C-5C76E86C1275} - System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC => C:\Users\Samsung\AppData\Roaming\~vsgqcnp.exe [2014-11-17] ()
    Task: {7D98A246-9FEF-450A-9791-2AB055E92229} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-11-17] (globalUpdate) <==== ATTENTION
    Task: {8C2A2370-619C-4B26-99A8-2D37B3C1C2E9} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {A0E9C08F-D486-4332-B33D-4E85C2B09DD5} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
    Task: {DD7CDC09-80F3-4109-95B4-1D447719A7EE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: {E27999E8-82C2-4BBD-A33A-DF6F8E1325A9} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {E9BA53DC-7457-4B1F-84CC-AA8D523080AE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {ED691586-E838-46AE-AD91-B65BA97B8282} - System32\Tasks\WIN-statsSystem => C:\Users\Samsung\AppData\Local\Microsoft\WinU\~eodpahy.exe
    Task: {EFE6006B-F585-4858-823A-EC177681F73C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {FE1D3C38-3772-4C27-9127-370580E31D39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-06] (Adobe Systems Incorporated)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-08-21 12:33 - 2014-11-17 17:09 - 00106376 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll
    2014-08-04 12:55 - 2013-11-11 15:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-08-04 12:52 - 2013-10-31 18:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2014-08-21 12:32 - 2014-11-17 17:09 - 00733576 _____ () C:\Program Files (x86)\SupTab\HpUI.exe
    2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe
    2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe
    2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-08-21 12:33 - 2014-11-17 17:09 - 00023944 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
    2014-08-04 12:57 - 2010-05-05 11:46 - 00317440 _____ () C:\Windows\system32\370prop.ax
    2014-10-29 12:21 - 2014-10-22 04:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
    2014-10-29 12:21 - 2014-10-22 04:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
    2014-10-29 12:21 - 2014-10-22 04:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
    2014-10-29 12:21 - 2014-10-22 04:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1893469449-2281273183-1111418718-500 - Administrator - Disabled)
    Guest (S-1-5-21-1893469449-2281273183-1111418718-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1893469449-2281273183-1111418718-1003 - Limited - Enabled)
    Samsung (S-1-5-21-1893469449-2281273183-1111418718-1000 - Administrator - Enabled) => C:\Users\Samsung
    UpdatusUser (S-1-5-21-1893469449-2281273183-1111418718-1001 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Faulty Device Manager Devices =============

    Name: Toshiba RFBUS Driver
    Description: Toshiba RFBUS Driver
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Microsoft Teredo Tunneling Adapter
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/17/2014 05:05:15 PM) (Source: MsiInstaller) (EventID: 11309) (User: Samsung-PC)
    Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.

    Error: (11/15/2014 08:53:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (11/14/2014 07:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1997

    Error: (11/14/2014 07:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1997

    Error: (11/14/2014 07:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (11/14/2014 07:27:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (11/13/2014 07:14:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 4072

    Error: (11/13/2014 07:14:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 4072

    Error: (11/13/2014 07:14:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (11/13/2014 07:14:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3073


    System errors:
    =============
    Error: (11/17/2014 06:48:36 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

    Error: (11/13/2014 02:37:23 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 14:35:57 on ‎13/‎11/‎2014 was unexpected.

    Error: (11/11/2014 06:49:34 PM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
    Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

    Signatures Attempted: %24

    Error Code: 0x80070002

    Error description: The system cannot find the file specified.

    Signature version: 0.0.0.0;0.0.0.0

    Engine version: %600

    Error: (11/11/2014 08:12:39 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

    Error: (11/02/2014 08:24:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MBAMScheduler service failed to start due to the following error:
    %%1053

    Error: (11/02/2014 08:24:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

    Error: (10/28/2014 07:38:34 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 01:23:37 on ‎28/‎10/‎2014 was unexpected.

    Error: (10/24/2014 01:23:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (10/20/2014 07:26:47 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The NVIDIA Update Service Daemon service hung on starting.

    Error: (10/16/2014 07:40:07 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 20:38:54 on ‎16/‎10/‎2014 was unexpected.


    Microsoft Office Sessions:
    =========================
    Error: (11/17/2014 05:05:15 PM) (Source: MsiInstaller) (EventID: 11309) (User: Samsung-PC)
    Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (11/15/2014 08:53:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (11/14/2014 07:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1997

    Error: (11/14/2014 07:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1997

    Error: (11/14/2014 07:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (11/14/2014 07:27:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (11/13/2014 07:14:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 4072

    Error: (11/13/2014 07:14:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 4072

    Error: (11/13/2014 07:14:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (11/13/2014 07:14:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3073


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
    Percentage of memory in use: 34%
    Total physical RAM: 6057.55 MB
    Available physical RAM: 3953.93 MB
    Total Pagefile: 12113.27 MB
    Available Pagefile: 9662.19 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.42 GB) (Free:347.08 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 964863EB)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2014-11-17 18:03:11
    -----------------------------
    18:03:11.095 OS Version: Windows x64 6.1.7601 Service Pack 1
    18:03:11.095 Number of processors: 4 586 0x2A07
    18:03:11.095 ComputerName: SAMSUNG-PC UserName: Samsung
    18:03:12.135 Initialize success
    18:03:12.225 VM: initialized successfully
    18:03:12.235 VM: Intel CPU supported
    18:03:14.729 VM: disk I/O iaStorA.sys
    18:07:31.360 AVAST engine defs: 14111700
    18:07:37.936 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
    18:07:37.936 Disk 0 Vendor: ST500LM0 2AR1 Size: 476940MB BusType: 11
    18:07:38.170 Disk 0 MBR read successfully
    18:07:38.170 Disk 0 MBR scan
    18:07:38.264 Disk 0 Windows 7 default MBR code
    18:07:38.279 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 2048
    18:07:38.295 Disk 0 Boot: NTFS code=1
    18:07:38.373 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476588 MB offset 718848
    18:07:38.576 Disk 0 scanning C:\Windows\system32\drivers
    18:08:04.267 Service scanning
    18:08:57.210 Modules scanning
    18:08:57.225 Disk 0 trace - called modules:
    18:08:57.288 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
    18:08:57.288 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008aa9060]
    18:08:57.303 3 CLASSPNP.SYS[fffff88001da543f] -> nt!IofCallDriver -> [0xfffffa800891ac50]
    18:08:57.319 5 iaStorF.sys[fffff88001d41f84] -> nt!IofCallDriver -> \Device\00000063[0xfffffa80057729c0]
    18:08:58.910 AVAST engine scan C:\Windows
    18:09:03.391 AVAST engine scan C:\Windows\system32
    18:17:17.206 AVAST engine scan C:\Windows\system32\drivers
    18:17:47.081 AVAST engine scan C:\Users\Samsung
    18:20:24.624 File: C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 **INFECTED** Win32:Adware-gen [Adw]
    18:22:02.983 File: C:\Users\Samsung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7VTN9ZF\service[1].exe **INFECTED** Win32:Adware-gen [Adw]
    18:22:18.536 File: C:\Users\Samsung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YV8OV1TC\maj[1].exe **INFECTED** Win32:Adware-gen [Adw]
    18:22:24.441 File: C:\Users\Samsung\AppData\Local\Microsoft\WinU\~tflnaet.exe **INFECTED** Win32:Malware-gen
    18:24:03.370 File: C:\Users\Samsung\AppData\Roaming\~vsgqcnp.exe **INFECTED** Win32:Adware-gen [Adw]
    18:25:11.362 AVAST engine scan C:\ProgramData
    18:38:32.011 File: C:\ProgramData\uninstall_Winservices.exe **INFECTED** Win32:Malware-gen
    18:38:32.500 Disk 0 statistics 3759744/0/0 @ 3.82 MB/s
    18:38:32.510 Scan finished successfully
    18:41:06.081 Disk 0 MBR has been saved successfully to "C:\Users\Samsung\Desktop\MBR.dat"
    18:41:06.209 The log file has been saved successfully to "C:\Users\Samsung\Desktop\aswMBR.txt"

  2. #2
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi jackwil,

    My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.
    • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

    Please stay with this topic until I let you know that your system appears to be "All Clear"

    Important: All tools MUST be run from the Desktop.

    =========================

    P2P - (Peer to Peer)

    I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

    I would strongly recommend that you uninstall this now.

    Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
    • uTorrent
    If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

    =========================

    Security Check

    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    =========================

    FRST Fix Script

    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

    Code:
    Start
    CloseProcesses:
    HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bincom <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Binpif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Binexe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *** <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Binscr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lastpass\lastpassbroker.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lastpass\wlandecrypt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lastpass\lastpassbroker.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\lastpass\wlandecrypt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lastpass\wlandecrypt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lastpass\lastpassbroker.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lastpass\wlandecrypt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\lastpass\lastpassbroker.exe <====== ATTENTION
    HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type...S2RSJ9AC130059
    HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type...S2RSJ9AC130059
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type...S2RSJ9AC130059
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type...S2RSJ9AC130059
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type...S2RSJ9AC130059
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type...S2RSJ9AC130059
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type...S2RSJ9AC130059
    SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type...S2RSJ9AC130059
    Installer (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
    webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version: - webssearches) <==== ATTENTION
    WindowsMangerProtect20.0.0.1270 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1270 - WindowsProtect LIMITED) <==== ATTENTION
    Task: {2BA6ECE8-569B-4E78-9D5D-C50C369ED6FF} - System32\Tasks\WIN-statsAdmin => C:\Users\Samsung\AppData\Local\Microsoft\WinU\~gzsbogc.exe [2014-08-06] () <==== ATTENTION
    Task: {395242E7-CA44-45E3-ADDD-DEA94CB630EF} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    EmptyTemp:
    CMD: Hosts
    End
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST and press the Fix button just once and wait.
    The tool will make a log (Fixlog.txt) please post it to your reply.

    =========================

    Re-run Farbar Recovery Scan Tool it should be on your desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

    =========================

    In your next post please provide the following:
    • checkup.txt
    • Fixlog.txt
    • new FRST.txt
    • How is the computer running at the moment?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  3. #3
    Junior Member
    Join Date
    Nov 2014
    Posts
    19

    Default

    Results of screen317's Security Check version 0.99.90
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Google Chrome (38.0.2125.104)
    Google Chrome (38.0.2125.111)
    Google Chrome (38.0.2125.122)
    Google Chrome (chrome.exe..)
    Google Chrome (debug.log..)
    Google Chrome (Dictionaries...)
    Google Chrome (extensions...)
    Google Chrome (master_preferences...)
    Google Chrome (old_chrome.exe..)
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-11-2014 03
    Ran by Samsung at 2014-11-19 08:11:16 Run:1
    Running from C:\Users\Samsung\Desktop
    Loaded Profiles: Samsung & UpdatusUser (Available profiles: Samsung & UpdatusUser)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bincom <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Binpif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Binexe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *** <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Binscr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lastpass\lastpassbroker.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lastpass\wlandecrypt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lastpass\lastpassbroker.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\lastpass\wlandecrypt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lastpass\wlandecrypt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lastpass\lastpassbroker.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lastpass\wlandecrypt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\lastpass\lastpassbroker.exe <====== ATTENTION
    HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type...S2RSJ9AC130059
    HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type...S2RSJ9AC130059
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type...S2RSJ9AC130059
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type...S2RSJ9AC130059
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type...S2RSJ9AC130059
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type...S2RSJ9AC130059
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type...S2RSJ9AC130059
    SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1416244105&from=ill&uid=ST500LM012XHN-M500MBB_S2RSJ9AC130059&q={searchTerms}
    CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type...S2RSJ9AC130059
    Installer (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
    webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version: - webssearches) <==== ATTENTION
    WindowsMangerProtect20.0.0.1270 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1270 - WindowsProtect LIMITED) <==== ATTENTION
    Task: {2BA6ECE8-569B-4E78-9D5D-C50C369ED6FF} - System32\Tasks\WIN-statsAdmin => C:\Users\Samsung\AppData\Local\Microsoft\WinU\~gzsbogc.exe [2014-08-06] () <==== ATTENTION
    Task: {395242E7-CA44-45E3-ADDD-DEA94CB630EF} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    EmptyTemp:
    CMD: Hosts
    End
    *****************

    Processes closed successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
    "HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
    "HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
    HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
    Installer (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION => Error: No automatic fix found for this entry.
    webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version: - webssearches) <==== ATTENTION => Error: No automatic fix found for this entry.
    WindowsMangerProtect20.0.0.1270 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1270 - WindowsProtect LIMITED) <==== ATTENTION => Error: No automatic fix found for this entry.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2BA6ECE8-569B-4E78-9D5D-C50C369ED6FF}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BA6ECE8-569B-4E78-9D5D-C50C369ED6FF}" => Key deleted successfully.
    C:\Windows\System32\Tasks\WIN-statsAdmin => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WIN-statsAdmin" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{395242E7-CA44-45E3-ADDD-DEA94CB630EF}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{395242E7-CA44-45E3-ADDD-DEA94CB630EF}" => Key deleted successfully.
    C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
    C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job not found.
    C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job not found.

    ========= Hosts =========

    'Hosts' is not recognized as an internal or external command,
    operable program or batch file.

    ========= End of CMD: =========

    EmptyTemp: => Removed 1.6 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 03
    Ran by Samsung (administrator) on SAMSUNG-PC on 19-11-2014 08:28:35
    Running from C:\Users\Samsung\Desktop
    Loaded Profiles: Samsung & UpdatusUser (Available profiles: Samsung & UpdatusUser)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\Program Files (x86)\SupTab\HpUI.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Flux Software LLC) C:\Users\Samsung\AppData\Local\FluxSoftware\Flux\flux.exe
    () C:\Program Files (x86)\SupTab\Loader64.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    () C:\Program Files (x86)\SupTab\Loader32.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\...\Run: [f.lux] => C:\Users\Samsung\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
    ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
    HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5E886DA294B0CF01
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
    BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
    BHO-x32: WinServices -> {70C53538-9F82-42BC-A327-74F7A46E700C} -> C:\Program Files (x86)\WinServices\ScriptHost.dll (WinServices)
    BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
    Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
    Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://google.com/
    CHR StartupUrls: Default -> "https://www.google.co.uk/"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-05]
    CHR Extension: (Google Drive) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-05]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-05]
    CHR Extension: (YouTube) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-05]
    CHR Extension: (Adblock Plus) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-08]
    CHR Extension: (Google Search) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-05]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-21]
    CHR Extension: (Google Wallet) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-05]
    CHR Extension: (Gmail) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-05]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-11-17] (Cherished Technololgy LIMITED)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [490640 2014-11-17] (Fuyu LIMITED)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-10-28] (Intel Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-19] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
    R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [206336 2011-03-02] (SMI)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-19 08:23 - 2014-11-19 08:23 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\winservices
    2014-11-19 08:22 - 2014-11-19 08:22 - 00854414 _____ () C:\Users\Samsung\Desktop\SecurityCheck (1).exe
    2014-11-19 07:53 - 2014-11-19 07:53 - 00854414 _____ () C:\Users\Samsung\Desktop\SecurityCheck.exe
    2014-11-17 18:41 - 2014-11-17 18:41 - 00002948 _____ () C:\Users\Samsung\Desktop\aswMBR.txt
    2014-11-17 18:02 - 2014-11-17 18:03 - 05198336 _____ (AVAST Software) C:\Users\Samsung\Desktop\aswMBR.exe
    2014-11-17 17:56 - 2014-11-17 17:58 - 00020688 _____ () C:\Users\Samsung\Desktop\Addition.txt
    2014-11-17 17:55 - 2014-11-19 08:28 - 00010473 _____ () C:\Users\Samsung\Desktop\FRST.txt
    2014-11-17 17:54 - 2014-11-19 08:28 - 00000000 ____D () C:\FRST
    2014-11-17 17:53 - 2014-11-17 17:53 - 02117120 _____ (Farbar) C:\Users\Samsung\Desktop\FRST64.exe
    2014-11-17 17:16 - 2014-11-17 17:16 - 00003162 _____ () C:\Windows\System32\Tasks\{80298132-AA8A-4F0E-86FD-04D68B5B6ECC}
    2014-11-17 17:09 - 2014-11-17 17:09 - 00000000 ____D () C:\ProgramData\IePluginServices
    2014-11-17 17:08 - 2014-11-17 17:09 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
    2014-11-17 17:08 - 2014-11-17 17:09 - 00000000 ____D () C:\Program Files (x86)\SupTab
    2014-11-17 17:07 - 2014-11-17 17:07 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\VOPackage
    2014-11-17 17:07 - 2014-11-17 17:07 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
    2014-11-17 17:03 - 2014-11-17 17:03 - 00000000 ____D () C:\Program Files (x86)\WinServices
    2014-11-17 17:00 - 2014-11-17 17:00 - 00667648 _____ () C:\Users\Samsung\AppData\Roaming\~vsgqcnp.exe
    2014-11-17 17:00 - 2014-11-17 17:00 - 00003188 _____ () C:\Windows\System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC
    2014-11-14 10:50 - 2014-11-14 10:50 - 00511623 _____ () C:\Users\Samsung\Desktop\Outlook.com.zip
    2014-11-11 19:06 - 2014-11-07 19:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-11-11 19:06 - 2014-11-07 19:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-11-11 19:06 - 2014-11-06 04:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-11-11 19:06 - 2014-11-06 04:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-11-11 19:06 - 2014-11-06 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-11-11 19:06 - 2014-11-06 03:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-11-11 19:06 - 2014-11-06 03:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-11-11 19:06 - 2014-11-06 03:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-11-11 19:06 - 2014-11-06 03:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-11-11 19:06 - 2014-11-06 03:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-11-11 19:06 - 2014-11-06 03:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-11-11 19:06 - 2014-11-06 03:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-11-11 19:06 - 2014-11-06 03:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-11-11 19:06 - 2014-11-06 03:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-11-11 19:06 - 2014-11-06 03:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-11-11 19:06 - 2014-11-06 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-11-11 19:06 - 2014-11-06 02:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-11-11 19:06 - 2014-11-06 02:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-11-11 19:06 - 2014-11-06 02:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-11-11 19:06 - 2014-11-06 02:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-11-11 19:06 - 2014-11-06 02:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-11 19:06 - 2014-11-06 02:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-11-11 19:06 - 2014-11-06 02:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-11-11 19:06 - 2014-11-06 02:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-11-11 19:06 - 2014-11-06 02:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-11-11 19:06 - 2014-11-06 02:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-11-11 19:06 - 2014-11-06 02:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-11-11 19:06 - 2014-11-06 01:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-11-11 19:06 - 2014-11-06 01:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-11-11 19:06 - 2014-11-05 17:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-11-11 19:06 - 2014-11-05 17:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-11-11 19:06 - 2014-11-05 17:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-11-11 19:06 - 2014-10-14 02:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-11-11 19:06 - 2014-10-14 02:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-11-11 19:06 - 2014-10-14 02:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-11-11 19:06 - 2014-10-14 02:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2014-11-11 19:06 - 2014-10-14 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2014-11-11 19:06 - 2014-10-14 01:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-11-11 19:06 - 2014-10-14 01:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-11-11 19:06 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2014-11-11 19:06 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2014-11-11 19:05 - 2014-11-06 04:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-11-11 19:05 - 2014-11-06 03:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-11-11 19:05 - 2014-11-06 03:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-11-11 19:05 - 2014-11-06 03:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-11-11 19:05 - 2014-11-06 03:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-11-11 19:05 - 2014-11-06 03:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-11-11 19:05 - 2014-11-06 03:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-11-11 19:05 - 2014-11-06 03:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-11-11 19:05 - 2014-11-06 03:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-11-11 19:05 - 2014-11-06 03:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-11-11 19:05 - 2014-11-06 03:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-11-11 19:05 - 2014-11-06 03:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-11-11 19:05 - 2014-11-06 03:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-11-11 19:05 - 2014-11-06 03:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-11-11 19:05 - 2014-11-06 03:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-11-11 19:05 - 2014-11-06 03:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-11-11 19:05 - 2014-11-06 02:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-11-11 19:05 - 2014-11-06 02:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-11-11 19:05 - 2014-11-06 02:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-11-11 19:05 - 2014-11-06 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-11-11 19:05 - 2014-11-06 02:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-11-11 19:05 - 2014-11-06 02:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-11-11 19:05 - 2014-11-06 02:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-11-11 19:05 - 2014-11-06 02:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-11-11 19:05 - 2014-11-06 02:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-11-11 19:05 - 2014-11-06 01:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-11-11 19:05 - 2014-11-06 01:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-11-11 19:04 - 2014-10-25 01:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-11-11 19:04 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-11-11 19:04 - 2014-10-03 02:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-11-11 19:04 - 2014-10-03 02:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-11-11 19:04 - 2014-10-03 02:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-11-11 19:04 - 2014-10-03 02:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2014-11-11 19:04 - 2014-10-03 02:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2014-11-11 19:04 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2014-11-11 19:04 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2014-11-11 19:04 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2014-11-11 19:04 - 2014-09-19 09:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-11-11 19:04 - 2014-09-19 09:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-11-11 19:04 - 2014-09-19 09:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-11-11 19:04 - 2014-09-19 09:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-11-11 19:04 - 2014-09-19 09:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-11-11 19:04 - 2014-09-19 09:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-11-11 19:04 - 2014-09-19 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-11-11 19:04 - 2014-09-19 09:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-11-11 19:04 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-11-11 19:04 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-11-11 19:04 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-11-11 19:04 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-11-11 19:04 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-11-11 19:04 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-11-11 19:04 - 2014-08-21 06:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-11-11 19:04 - 2014-08-21 06:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-11-11 19:04 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-11-11 19:04 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-11-11 19:04 - 2014-08-12 02:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2014-11-11 19:04 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
    2014-11-11 19:03 - 2014-10-18 02:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2014-11-11 19:03 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2014-11-11 19:03 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-11-11 19:03 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-11-11 19:03 - 2014-10-10 00:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-11-11 17:02 - 2014-11-17 23:10 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
    2014-11-11 17:02 - 2014-11-11 17:02 - 00000000 ____D () C:\Users\Samsung\AppData\Local\globalUpdate
    2014-10-31 17:15 - 2014-10-31 17:15 - 00002340 _____ () C:\Users\Samsung\Desktop\P1030137 - Shortcut.lnk

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-19 08:28 - 2014-08-07 23:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-19 08:20 - 2009-07-14 04:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-19 08:20 - 2009-07-14 04:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-19 08:17 - 2014-08-04 12:45 - 02054954 _____ () C:\Windows\WindowsUpdate.log
    2014-11-19 08:14 - 2014-08-05 10:09 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-19 08:14 - 2014-08-05 10:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-19 08:13 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-19 08:13 - 2009-07-14 04:51 - 00049851 _____ () C:\Windows\setupact.log
    2014-11-18 07:41 - 2014-08-06 19:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-11-18 07:23 - 2010-11-21 03:47 - 00040080 _____ () C:\Windows\PFRO.log
    2014-11-17 17:48 - 2014-08-05 20:31 - 00000189 _____ () C:\Users\Samsung\Desktop\BETS.txt
    2014-11-17 17:16 - 2014-08-14 16:20 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2014-11-17 17:08 - 2014-08-08 13:50 - 00001637 _____ () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-11-17 17:08 - 2014-08-05 10:11 - 00002406 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-11-15 08:51 - 2011-04-12 08:28 - 00000000 ____D () C:\Windows\ShellNew
    2014-11-15 08:09 - 2014-08-05 10:09 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-11-15 08:09 - 2014-08-05 10:09 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-11-13 18:17 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
    2014-11-12 08:14 - 2009-07-14 04:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-11-12 08:13 - 2014-08-05 11:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-11-12 07:52 - 2013-12-12 10:45 - 00000000 ____D () C:\Windows\system32\MRT
    2014-11-12 07:40 - 2013-12-12 10:45 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-11-11 18:49 - 2014-08-04 12:47 - 00000000 ____D () C:\Users\Samsung
    2014-11-11 18:48 - 2014-08-05 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-11-11 18:48 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
    2014-11-08 20:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\LiveKernelReports
    2014-11-01 21:00 - 2009-07-14 05:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-10-31 08:46 - 2009-07-14 05:08 - 00032528 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-10-30 11:25 - 2010-11-21 03:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

    Files to move or delete:
    ====================
    C:\ProgramData\uninstall_Winservices.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-11-15 19:36

    ==================== End Of Log ============================

    Webssearches still opens when I open Google Chrome.

  4. #4
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi jackwil,

    Uninstall via Programs and Features

    Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
    • Installer
    • webssearches uninstall
    • WindowsMangerProtect20.0.0.1270

    =========================

    FRST Fix Script

    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

    Code:
    Start
    CloseProcesses:
    2014-11-17 17:08 - 2014-11-17 17:09 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
    C:\ProgramData\uninstall_Winservices.exe
    EmptyTemp:
    End
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST and press the Fix button just once and wait.
    The tool will make a log (Fixlog.txt) please post it to your reply.

    =========================

    Delete cache and other browser data in Chrome
    • Click the Chrome menu on the browser toolbar.
    • Select Tools.
    • Select Clear browsing data.
    • In the dialogue that appears, select the highlighted check-boxes for the types of information that you want to remove.
      • Clear browsing history
      • Clear download history
      • Empty the cache
      • Delete cookies and other site and plug-in data
      • Clear saved passwords
      • Clear saved Autofill form data
      • Clear data from hosted apps
      • Deauthorize content licenses
    • Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
    • Click Clear browsing data.

    =========================

    Re- run AdwCleaner

    It should be on your desktop
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished...
    • This time, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that log file in your next reply.
    • A copy of that log file will also be saved in the C:\AdwCleaner folder.

    =========================

    Junkware Removal Tool

    Download Junkware Removal Tool to your desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Shut down your protection software now to avoid potential conflicts.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    =========================

    Re-run Farbar Recovery Scan Tool it should be on your desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

    =========================

    In your next post please provide the following:
    • Fixlog.txt
    • AdwCleaner[S0].txt
    • JRT.txt
    • new FRST.txt
    • Update of performance
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  5. #5
    Junior Member
    Join Date
    Nov 2014
    Posts
    19

    Default

    webssearches has gone and it seems faster too, thanks.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-11-2014 03
    Ran by Samsung at 2014-11-19 15:44:33 Run:2
    Running from C:\Users\Samsung\Desktop
    Loaded Profiles: Samsung & UpdatusUser (Available profiles: Samsung & UpdatusUser)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    2014-11-17 17:08 - 2014-11-17 17:09 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
    C:\ProgramData\uninstall_Winservices.exe
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    C:\ProgramData\WindowsMangerProtect => Moved successfully.
    C:\ProgramData\uninstall_Winservices.exe => Moved successfully.
    EmptyTemp: => Removed 238.5 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====


    # AdwCleaner v4.101 - Report created 19/11/2014 at 16:06:36
    # Updated 09/11/2014 by Xplode
    # Database : 2014-11-16.1 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Samsung - SAMSUNG-PC
    # Running from : C:\Users\Samsung\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    [x] Not Deleted : IePluginServices

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\IePluginServices
    Folder Deleted : C:\Program Files (x86)\globalUpdate
    Folder Deleted : C:\Program Files (x86)\SupTab
    Folder Deleted : C:\Program Files (x86)\winservices
    Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\Samsung\AppData\Local\globalUpdate
    Folder Deleted : C:\Users\Samsung\AppData\Roaming\ap_logs
    Folder Deleted : C:\Users\Samsung\AppData\Roaming\rightbackup
    Folder Deleted : C:\Users\Samsung\AppData\Roaming\Store
    Folder Deleted : C:\Users\Samsung\AppData\Roaming\winservices
    File Deleted : C:\Users\Samsung\AppData\Roaming\WindApp.boostrap.log
    File Deleted : C:\Users\Samsung\AppData\Roaming\Bubble Dock.installation.log
    File Deleted : C:\Users\Samsung\AppData\Roaming\WindApp.installation.log
    File Deleted : C:\Users\Samsung\AppData\Roaming\~vsgqcnp.exe

    ***** [ Scheduled Tasks ] *****

    Task Deleted : System Speedup

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
    Key Deleted : HKCU\Software\Classes\keepmysearch
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70C53538-9F82-42BC-A327-74F7A46E700C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{861A4A3E-EC88-4BD1-B09E-C9DA95130969}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A74D0C30-5CE2-4E3E-9C35-99ABEC75BE51}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F91870ED-0B2A-4044-903F-19675DCF609D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{15471168-82D3-49F9-A16B-2F455C1AD4BF}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{85CD8584-3403-4489-B826-CA6FCE6E1694}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{97D91814-80A6-444F-AD27-551657E99C94}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A719A841-028A-427B-807E-667359D91C96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70C53538-9F82-42BC-A327-74F7A46E700C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
    Key Deleted : HKCU\Software\GlobalUpdate
    Key Deleted : HKCU\Software\Store
    Key Deleted : HKCU\Software\SupHpUISoft
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    Key Deleted : HKLM\SOFTWARE\SupDp
    Key Deleted : HKLM\SOFTWARE\SupTab
    Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
    Key Deleted : HKLM\SOFTWARE\supWPM
    Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
    Key Deleted : [x64] HKLM\SOFTWARE\AllDaySavings
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17420


    -\\ Google Chrome v38.0.2125.111


    *************************

    AdwCleaner[R0].txt - [7943 octets] - [19/11/2014 16:01:48]
    AdwCleaner[S0].txt - [7832 octets] - [19/11/2014 16:06:36]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7892 octets] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.9 (11.15.2014:2)
    OS: Windows 7 Home Premium x64
    Ran by Samsung on 19/11/2014 at 16:11:40.82
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services

    Successfully stopped: [Service] iepluginservices
    Successfully deleted: [Service] iepluginservices



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 19/11/2014 at 16:18:27.30
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 03
    Ran by Samsung (administrator) on SAMSUNG-PC on 19-11-2014 16:19:39
    Running from C:\Users\Samsung\Desktop
    Loaded Profiles: Samsung & UpdatusUser (Available profiles: Samsung & UpdatusUser)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Flux Software LLC) C:\Users\Samsung\AppData\Local\FluxSoftware\Flux\flux.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\...\Run: [f.lux] => C:\Users\Samsung\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
    ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
    HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    HKU\S-1-5-21-1893469449-2281273183-1111418718-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5E886DA294B0CF01
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
    BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
    Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
    Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://google.com/
    CHR StartupUrls: Default -> "https://www.google.co.uk/"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-05]
    CHR Extension: (Google Drive) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-05]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-05]
    CHR Extension: (YouTube) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-05]
    CHR Extension: (Adblock Plus) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-08]
    CHR Extension: (Google Search) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-05]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-21]
    CHR Extension: (Google Wallet) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-05]
    CHR Extension: (Gmail) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-05]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-10-28] (Intel Corporation)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-19] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
    R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [206336 2011-03-02] (SMI)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-19 16:18 - 2014-11-19 16:18 - 00000731 _____ () C:\Users\Samsung\Desktop\JRT.txt
    2014-11-19 16:10 - 2014-11-19 16:10 - 01707532 _____ (Thisisu) C:\Users\Samsung\Desktop\JRT.exe
    2014-11-19 16:01 - 2014-11-19 16:06 - 00000000 ____D () C:\AdwCleaner
    2014-11-19 16:01 - 2014-11-19 16:01 - 02140160 _____ () C:\Users\Samsung\Desktop\AdwCleaner.exe
    2014-11-19 08:22 - 2014-11-19 08:22 - 00854414 _____ () C:\Users\Samsung\Desktop\SecurityCheck (1).exe
    2014-11-19 07:56 - 2014-11-11 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-11-19 07:56 - 2014-11-11 03:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2014-11-19 07:56 - 2014-11-11 02:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-11-19 07:56 - 2014-11-11 02:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
    2014-11-19 07:53 - 2014-11-19 07:53 - 00854414 _____ () C:\Users\Samsung\Desktop\SecurityCheck.exe
    2014-11-17 18:41 - 2014-11-17 18:41 - 00002948 _____ () C:\Users\Samsung\Desktop\aswMBR.txt
    2014-11-17 18:02 - 2014-11-17 18:03 - 05198336 _____ (AVAST Software) C:\Users\Samsung\Desktop\aswMBR.exe
    2014-11-17 17:56 - 2014-11-17 17:58 - 00020688 _____ () C:\Users\Samsung\Desktop\Addition.txt
    2014-11-17 17:55 - 2014-11-19 16:19 - 00009632 _____ () C:\Users\Samsung\Desktop\FRST.txt
    2014-11-17 17:54 - 2014-11-19 16:19 - 00000000 ____D () C:\FRST
    2014-11-17 17:53 - 2014-11-17 17:53 - 02117120 _____ (Farbar) C:\Users\Samsung\Desktop\FRST64.exe
    2014-11-17 17:16 - 2014-11-17 17:16 - 00003162 _____ () C:\Windows\System32\Tasks\{80298132-AA8A-4F0E-86FD-04D68B5B6ECC}
    2014-11-17 17:00 - 2014-11-17 17:00 - 00003188 _____ () C:\Windows\System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC
    2014-11-14 10:50 - 2014-11-14 10:50 - 00511623 _____ () C:\Users\Samsung\Desktop\Outlook.com.zip
    2014-11-11 19:06 - 2014-11-07 19:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-11-11 19:06 - 2014-11-07 19:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-11-11 19:06 - 2014-11-06 04:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-11-11 19:06 - 2014-11-06 04:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-11-11 19:06 - 2014-11-06 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-11-11 19:06 - 2014-11-06 03:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-11-11 19:06 - 2014-11-06 03:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-11-11 19:06 - 2014-11-06 03:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-11-11 19:06 - 2014-11-06 03:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-11-11 19:06 - 2014-11-06 03:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-11-11 19:06 - 2014-11-06 03:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-11-11 19:06 - 2014-11-06 03:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-11-11 19:06 - 2014-11-06 03:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-11-11 19:06 - 2014-11-06 03:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-11-11 19:06 - 2014-11-06 03:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-11-11 19:06 - 2014-11-06 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-11-11 19:06 - 2014-11-06 02:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-11-11 19:06 - 2014-11-06 02:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-11-11 19:06 - 2014-11-06 02:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-11-11 19:06 - 2014-11-06 02:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-11-11 19:06 - 2014-11-06 02:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-11 19:06 - 2014-11-06 02:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-11-11 19:06 - 2014-11-06 02:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-11-11 19:06 - 2014-11-06 02:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-11-11 19:06 - 2014-11-06 02:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-11-11 19:06 - 2014-11-06 02:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-11-11 19:06 - 2014-11-06 02:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-11-11 19:06 - 2014-11-06 01:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-11-11 19:06 - 2014-11-06 01:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-11-11 19:06 - 2014-11-05 17:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-11-11 19:06 - 2014-11-05 17:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-11-11 19:06 - 2014-11-05 17:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-11-11 19:06 - 2014-10-14 02:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-11-11 19:06 - 2014-10-14 02:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-11-11 19:06 - 2014-10-14 02:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-11-11 19:06 - 2014-10-14 02:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2014-11-11 19:06 - 2014-10-14 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2014-11-11 19:06 - 2014-10-14 01:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-11-11 19:06 - 2014-10-14 01:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-11-11 19:06 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2014-11-11 19:06 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2014-11-11 19:05 - 2014-11-06 04:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-11-11 19:05 - 2014-11-06 03:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-11-11 19:05 - 2014-11-06 03:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-11-11 19:05 - 2014-11-06 03:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-11-11 19:05 - 2014-11-06 03:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-11-11 19:05 - 2014-11-06 03:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-11-11 19:05 - 2014-11-06 03:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-11-11 19:05 - 2014-11-06 03:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-11-11 19:05 - 2014-11-06 03:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-11-11 19:05 - 2014-11-06 03:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-11-11 19:05 - 2014-11-06 03:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-11-11 19:05 - 2014-11-06 03:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-11-11 19:05 - 2014-11-06 03:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-11-11 19:05 - 2014-11-06 03:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-11-11 19:05 - 2014-11-06 03:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-11-11 19:05 - 2014-11-06 03:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-11-11 19:05 - 2014-11-06 02:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-11-11 19:05 - 2014-11-06 02:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-11-11 19:05 - 2014-11-06 02:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-11-11 19:05 - 2014-11-06 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-11-11 19:05 - 2014-11-06 02:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-11-11 19:05 - 2014-11-06 02:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-11-11 19:05 - 2014-11-06 02:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-11-11 19:05 - 2014-11-06 02:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-11-11 19:05 - 2014-11-06 02:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-11-11 19:05 - 2014-11-06 01:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-11-11 19:05 - 2014-11-06 01:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-11-11 19:04 - 2014-10-25 01:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-11-11 19:04 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-11-11 19:04 - 2014-10-03 02:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-11-11 19:04 - 2014-10-03 02:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-11-11 19:04 - 2014-10-03 02:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-11-11 19:04 - 2014-10-03 02:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2014-11-11 19:04 - 2014-10-03 02:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2014-11-11 19:04 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2014-11-11 19:04 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2014-11-11 19:04 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2014-11-11 19:04 - 2014-09-19 09:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-11-11 19:04 - 2014-09-19 09:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-11-11 19:04 - 2014-09-19 09:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-11-11 19:04 - 2014-09-19 09:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-11-11 19:04 - 2014-09-19 09:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-11-11 19:04 - 2014-09-19 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-11-11 19:04 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-11-11 19:04 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-11-11 19:04 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-11-11 19:04 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-11-11 19:04 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-11-11 19:04 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-11-11 19:04 - 2014-08-21 06:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-11-11 19:04 - 2014-08-21 06:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-11-11 19:04 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-11-11 19:04 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-11-11 19:04 - 2014-08-12 02:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2014-11-11 19:04 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
    2014-11-11 19:03 - 2014-10-18 02:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2014-11-11 19:03 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2014-11-11 19:03 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-11-11 19:03 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-11-11 19:03 - 2014-10-10 00:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-10-31 17:15 - 2014-10-31 17:15 - 00002340 _____ () C:\Users\Samsung\Desktop\P1030137 - Shortcut.lnk

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-19 16:15 - 2009-07-14 04:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-19 16:15 - 2009-07-14 04:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-19 16:14 - 2014-08-05 10:09 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-19 16:07 - 2014-08-05 10:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-19 16:07 - 2014-08-04 12:45 - 01759556 _____ () C:\Windows\WindowsUpdate.log
    2014-11-19 16:07 - 2010-11-21 03:47 - 00041462 _____ () C:\Windows\PFRO.log
    2014-11-19 16:07 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-19 16:07 - 2009-07-14 04:51 - 00050131 _____ () C:\Windows\setupact.log
    2014-11-19 15:41 - 2014-08-06 19:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-11-19 15:40 - 2014-08-08 13:50 - 00001417 _____ () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-11-19 15:40 - 2014-08-05 10:11 - 00002198 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-11-19 15:05 - 2014-08-05 20:31 - 00000176 _____ () C:\Users\Samsung\Desktop\BETS.txt
    2014-11-19 12:42 - 2014-08-07 23:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-17 17:16 - 2014-08-14 16:20 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2014-11-15 08:51 - 2011-04-12 08:28 - 00000000 ____D () C:\Windows\ShellNew
    2014-11-15 08:09 - 2014-08-05 10:09 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-11-15 08:09 - 2014-08-05 10:09 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-11-13 18:17 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
    2014-11-12 08:14 - 2009-07-14 04:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-11-12 08:13 - 2014-08-05 11:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-11-12 07:52 - 2013-12-12 10:45 - 00000000 ____D () C:\Windows\system32\MRT
    2014-11-12 07:40 - 2013-12-12 10:45 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-11-11 18:49 - 2014-08-04 12:47 - 00000000 ____D () C:\Users\Samsung
    2014-11-11 18:48 - 2014-08-05 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-11-11 18:48 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
    2014-11-08 20:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\LiveKernelReports
    2014-11-01 21:00 - 2009-07-14 05:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-10-31 08:46 - 2009-07-14 05:08 - 00032528 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-10-30 11:25 - 2010-11-21 03:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

    Some content of TEMP:
    ====================
    C:\Users\Samsung\AppData\Local\Temp\Quarantine.exe
    C:\Users\Samsung\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-11-15 19:36

    ==================== End Of Log ============================

  6. #6
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi jackwil,

    Your logs are looking good

    Malwarebytes' Anti-Malware

    Download Malwarebytes' Anti-Malware (save it to your desktop).
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Select Scan tab.
    • Select type of scan to perform:

      • Threat Scan < --- Select this type of scan
      • Custom Scan
      • Hyper Scan
    • Next click the Scan button.
    • When the scan is complete, if no malicious items are found you can close the program.
    • If malicious items are found be sure that everything is checked, and click Quarantine .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

    =========================

    ESET Online Scanner

    *Note:
    • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
    • Please don't go surfing while your resident protection is disabled!
    • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

    ** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

    = = = = = = = = = = = = = = = = = = = =

    Go here to run ESET Online Scanner

    (Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
    • Click Start
    • Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
    • Click Scan.
    • Wait for the scan to finish.
    • When the scan completes, click List of found threats
    • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
    • Include the contents of this report in your next reply

      Note - when ESET doesn't find any threats, no report will be created.
    • Push the back button.
    • Push Finish
    • Re-enable your Antivirus software.

    =========================

    In your next post please provide the following:

    • MBAM log
    • ESET's log.txt
    • How's the computer running, any symptoms?

    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  7. #7
    Junior Member
    Join Date
    Nov 2014
    Posts
    19

    Default

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 19/11/2014
    Scan Time: 17:10:04
    Logfile: mb.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.19.06
    Rootkit Database: v2014.11.18.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Samsung

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 349611
    Time Elapsed: 13 min, 38 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 5
    PUP.Optional.Deeal.A, HKLM\SOFTWARE\CLASSES\WinServices.ScriptHostObject, Quarantined, [b3ef1e1f87f5b77f5012dbdec73b629e],
    PUP.Optional.Deeal.A, HKLM\SOFTWARE\CLASSES\WinServices.ScriptHostObject.1, Quarantined, [475bea531369de5863ffdcdd0101be42],
    PUP.Optional.Deeal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WinServices.ScriptHostObject, Quarantined, [475bea531369de5863ffdcdd0101be42],
    PUP.Optional.Deeal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\WinServices.ScriptHostObject.1, Quarantined, [475bea531369de5863ffdcdd0101be42],
    PUP.Optional.WinServices.A, HKLM\SOFTWARE\WOW6432NODE\WINSERVICES, Quarantined, [d1d1be7f92ea7db91395f7bcb4502cd4],

    Registry Values: 1
    PUP.Optional.WinServices.A, HKLM\SOFTWARE\WOW6432NODE\WINSERVICES|Installed, True, Quarantined, [d1d1be7f92ea7db91395f7bcb4502cd4]

    Registry Data: 0
    (No malicious items detected)

    Folders: 1
    PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],

    Files: 13
    PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\background.html, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
    PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\bg.js, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
    PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\ci.bg.pack.js, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
    PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\ci.browser.helper.js, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
    PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\ci.content.pack.js, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
    PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\jquery-1.7.1.min.js, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
    PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\jquery-1.9.1.min.js, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
    PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\jquery.min.map, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
    PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\jquery.uuid.js, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
    PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\manifest.json, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
    PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\popup.js, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
    PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\settings.json, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],
    PUP.Optional.WinServices.A, C:\Program Files (x86)\Google\Chrome\Application\extensions\Winservices\tool.js, Quarantined, [7929f5481b61a98d5b8dd65fde252bd5],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir Win32/Thinknice.E potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir Win64/Thinknice.F potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir a variant of Win32/Thinknice.F potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir Win32/Thinknice.E potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir Win64/Thinknice.E potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir a variant of Win32/Thinknice.F potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir a variant of Win32/Thinknice.E potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir Win64/Thinknice.F potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir a variant of Win32/ELEX.AV potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir Win32/Thinknice.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir Win32/Thinknice.E potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir a variant of Win32/Thinknice.F potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll.vir a variant of Win32/Thinknice.F potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\winservices\AddonsFramework.dll.vir Win32/Toolbar.Besttoolbars.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\winservices\BackgroundHost.exe.vir a variant of Win32/Toolbar.Besttoolbars.G potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\winservices\ScriptHost.dll.vir a variant of Win32/Toolbar.Besttoolbars.J potentially unwanted application
    C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir a variant of Win32/ELEX.AV potentially unwanted application
    C:\Users\Samsung\AppData\Local\nsz7F39.tmp Win32/AnyProtect.F potentially unwanted application
    C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application
    C:\Users\Samsung\AppData\Local\Microsoft\WinU\~gzsbogc.exe a variant of Win32/AdWare.WinuSecu.A application
    C:\Users\Samsung\AppData\Local\Microsoft\WinU\~tflnaet.exe Win32/AdWare.WinuSecu.A application


    No symptoms

  8. #8
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi jackwil,

    Your log appears to be clean.
    We have a few items to take care of before we get to the All Clean Speech.

    = = = = = = = = = = = = = = = = = = = =

    Remove Disinfection Tools

    • Download Delfix
    • Tick the following boxes:
      • Remove disinfection tools
      • Create registry backup
      • Purge system restore




    • Click Run
    • Any other tools and files found can simply be deleted or uninstall via the Control Panel.

    = = = = = = = = = = = = = = = = = = = =


    With the above items taken care of let's move on to the All Clean part of the process.

    The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

    This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

    Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

    Here are some tips to reduce the potential for spyware infection in the future:

    Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate windows and frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.

    Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

    Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

    Free Anti-Virus

    Free Firewall
    Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

    = = = = = = = = = = = = = = = = = = = =

    Be prepared for CryptoLocker:

    Cryptolocker Ransomware: What You Need To Know
    CryptoLocker Ransomware Information Guide and FAQ

    to help protect your computer in the future I recommend that you get the following free program:

    CryptoPrevent install this program to lock down and prevent crypto-ransomeware



    = = = = = = = = = = = = = = = = = = = =

    COMPUTER SECURITY - a short guide to staying safer online

    = = = = = = = = = = = = = = = = = = = =

    WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
    • Green should be good to go
    • Yellow for caution
    • Red to stop

    = = = = = = = = = = = = = = = = = = = =

    P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

    Please read these short reports on the dangers of peer-2-peer programs and file sharing.


    = = = = = = = = = = = = = = = = = = = =

    Make sure you keep your Windows OS current.
    • Windows XP:
      Microsoft will no longer offer support for Windows XP beginning on April 8, 2014
      If you are running Windows XP, please take the time to read the information provided at these links.
    • Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.
    • Window 8 Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.

    Without these you are leaving the back door open.

    = = = = = = = = = = = = = = = = = = = =

    Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
    Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

    = = = = = = = = = = = = = = = = = = = =

    Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

    Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  9. #9
    Junior Member
    Join Date
    Nov 2014
    Posts
    19

    Default

    I've downloaded Crypto, Avast free, and Online Armour. I also have Malwarebytes (free version) and Microsoft Security Essentials. Will the latter 2 interfere with my new arsenal or is it ok as it is?

    Thanks,

    Jack

  10. #10
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi jackwil,

    I've downloaded Crypto, Avast free, and Online Armour. I also have Malwarebytes (free version) and Microsoft Security Essentials. Will the latter 2 interfere with my new arsenal or is it ok as it is?
    You only need one Anti-Virus and one Firewall installed and running. Having more than one AV & FW will actually degrade your protection, as the two programs may interfere with each other. If you intend to use Avast (AV) and Online Armour(FW) you should disable the Windows Firewall and Microsoft Security Essentials. It is OK to keep both CryptoLocker and Malwarebytes' Anti-Malware as these will not interfere with the other programs.
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •