Infected and in trouble

[unluckychick]

Hi!

Today when I turned my computer on, I detected that when I turned Chrome on, all of my add-ons and settings had been deleted and suddenly I had a bunch of new add-ons which I had not added myself.

 

I immediately deleted the add-ons ran a check on Malwarebytes which came up empty. 

 

I decided to ask you guys for help since I had heard great things about the forum.

 

I started by trying to do the first step and run DDS, but when I downloaded the program and tried to run it, I got the following message: DDS is not meant to run in 'Compability Mode'. The program shall now exit.

 

After this it shuts down.

 

So, now I'm completely lost as to what to do.

I'm running a Samsung laptop with Windows 8.1.

Help?

 

 

 

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

• Double click on AdwCleaner.exe to run the tool.
  
• Vista/Windows 7/8 users right-click and select Run As Administrator
  
• Click on the Scan button.
  
• AdwCleaner will begin...be patient as the scan may take some time to complete.
  
• When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  
• Look over the log especially under Files/Folders for any program you want to save.
  
• If there's a program you want to save, just uncheck it from AdwCleaner.
  
• If you're not sure, post the log for review.
  
• If you're ready to clean it all up.....click the Clean button.
  
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  
• Copy and paste the contents of that logfile in your next reply.
  
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  
• To restore an item that has been deleted (if necessary):
  
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
  

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

Post those logs..

 

Kevin

[unluckychick]

Hello kevinf80 and thank you so much for helping!

 

# AdwCleaner v3.016 - Report created 30/12/2013 at 00:40:58

# Updated 23/12/2013 by Xplode

# Operating System : Windows 8.1  (64 bits)

# Username : Mari - SAMSUNG

# Running from : C:\Users\Mari\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

Service Deleted : Application Updater

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\Program Files (x86)\Application Updater

Folder Deleted : C:\Program Files (x86)\IObit Apps Toolbar

Folder Deleted : C:\Program Files (x86)\Common Files\Spigot

Folder Deleted : C:\Users\Mari\AppData\LocalLow\Search Settings

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings]

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]

Key Deleted : HKCU\Software\Search Settings

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

Key Deleted : HKLM\Software\Application Updater

Key Deleted : HKLM\Software\Search Settings

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16384

 

 

-\\ Mozilla Firefox v24.0 (fi)

 

[ File : C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\i4q717sh.default\prefs.js ]

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [2619 octets] - [11/09/2013 22:01:03]

AdwCleaner[R1].txt - [2719 octets] - [30/12/2013 00:37:43]

AdwCleaner[s0].txt - [2647 octets] - [30/12/2013 00:40:58]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2707 octets] ##########

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01

Ran by Mari (administrator) on SAMSUNG on 30-12-2013 00:49:53

Running from C:\Users\Mari\Desktop

Windows 8.1 (X64) OS Language: 040B

Internet Explorer Version 11

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

() C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\BecHelperService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\LoggerServer.exe

(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe

() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe

(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Birdstep) C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\Wilog.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE

(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-09-06] (ELAN Microelectronics Corp.)

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-09-26] (Realtek Semiconductor)

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [bitcasa] - C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [500208 2010-03-06] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)

HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)

HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-07] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-29] (AVAST Software)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\abf5d97d-16c9-47bd-a9aa-d8a0ffd822f2.exe [180184 2013-11-23] (AVAST Software)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer\Run: [btvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))

MountPoints2: {d0928262-4207-11e3-bebb-001e101ff69a} - "D:\AutoRun.exe" 

MountPoints2: {dfbf43e5-37f3-11e3-8250-f8a4f7d96fd1} - "D:\Autorun.exe" 

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com

SearchScopes: HKLM - DefaultScope {5387967B-EEB6-4153-9D59-0F3C7606A394} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS

SearchScopes: HKLM - {5387967B-EEB6-4153-9D59-0F3C7606A394} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS

SearchScopes: HKLM-x32 - {5387967B-EEB6-4153-9D59-0F3C7606A394} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS

SearchScopes: HKCU - {5387967B-EEB6-4153-9D59-0F3C7606A394} URL = 

SearchScopes: HKCU - {6F6FA199-9824-4C68-9F27-C1E311749F98} URL = http://fi.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\..\Interfaces\{BB849D9B-7821-4069-9513-6AD572D67D84}: [NameServer]195.197.54.100 195.74.0.47

 

FireFox:

========

FF ProfilePath: C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\i4q717sh.default

FF Homepage: about:home

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bookplus-fi.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-fi.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-fi.xml

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

 

Chrome: 

=======

CHR Extension: (Google Docs) - C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1

CHR Extension: (Google Drive) - C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1

CHR Extension: (YouTube) - C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1

CHR Extension: (Adblock Plus) - C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0

CHR Extension: (Google Search) - C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1

CHR Extension: (XKit) - C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd\7.3.6_0

CHR Extension: (avast! Online Security) - C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0

CHR Extension: (Reddit Enhancement Suite) - C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.2_0

CHR Extension: (Google Wallet) - C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1

CHR Extension: (Gmail) - C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

 

==================== Services (Whitelisted) =================

 

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-29] (AVAST Software)

R2 BecHelperService; C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\BecHelperService.exe [1286144 2013-05-27] ()

R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1594416 2013-02-01] (Samsung Electronics CO., LTD.)

R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-06] (ELAN Microelectronics Corp.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)

R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-11-02] (Microsoft Corporation)

R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros)

 

==================== Drivers (Whitelisted) ====================

 

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)

R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2013-12-29] (AVAST Software)

R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-10-16] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-16] ()

R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1034464 2013-12-29] (AVAST Software)

R1 aswSP; C:\windows\system32\drivers\aswSP.sys [422216 2013-12-29] (AVAST Software)

R3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [79672 2013-12-29] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-29] ()

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)

S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)

R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2013-09-25] (Qualcomm Atheros)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)

R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)

R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2013-10-16] ()

S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)

S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)

S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)

R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)

S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)

R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)

S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)

R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)

S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)

S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)

S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)

S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-12-30 00:49 - 2013-12-30 00:50 - 00020093 _____ C:\Users\Mari\Desktop\FRST.txt

2013-12-30 00:49 - 2013-12-30 00:49 - 00000000 ____D C:\FRST

2013-12-30 00:47 - 2013-12-30 00:48 - 01931302 _____ (Farbar) C:\Users\Mari\Desktop\FRST64.exe

2013-12-30 00:43 - 2013-12-30 00:43 - 00000000 ___RD C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2013-12-30 00:43 - 2013-12-30 00:43 - 00000000 ____D C:\ProgramData\boost_interprocess

2013-12-30 00:35 - 2013-12-30 00:37 - 01233962 _____ C:\Users\Mari\Desktop\AdwCleaner.exe

2013-12-29 20:38 - 2013-12-29 20:39 - 00079672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys

2013-12-28 23:45 - 2013-12-28 23:45 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf

2013-12-14 01:48 - 2013-11-26 13:54 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2013-12-14 01:48 - 2013-11-26 12:11 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2013-12-14 01:48 - 2013-11-26 11:41 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2013-12-14 01:48 - 2013-11-26 10:38 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2013-12-14 01:48 - 2013-11-26 10:35 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2013-12-14 01:48 - 2013-11-26 10:16 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2013-12-14 01:48 - 2013-11-26 10:02 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2013-12-14 01:48 - 2013-11-26 09:48 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2013-12-14 01:48 - 2013-11-26 09:32 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2013-12-14 01:48 - 2013-11-26 09:26 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2013-12-14 01:48 - 2013-11-26 09:07 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2013-12-14 01:48 - 2013-11-26 08:40 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2013-12-14 01:48 - 2013-11-26 08:34 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2013-12-14 01:48 - 2013-11-26 08:33 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2013-12-14 01:48 - 2013-11-26 08:27 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2013-12-14 01:48 - 2013-11-12 01:41 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2013-12-14 01:48 - 2013-11-12 01:40 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2013-12-14 01:48 - 2013-11-12 01:27 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2013-12-14 01:48 - 2013-11-12 01:24 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2013-12-14 01:48 - 2013-11-11 04:48 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys

2013-12-14 01:48 - 2013-11-09 13:55 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS

2013-12-14 01:48 - 2013-11-09 08:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe

2013-12-14 01:48 - 2013-11-09 07:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe

2013-12-14 01:48 - 2013-11-08 12:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll

2013-12-14 01:48 - 2013-11-08 06:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll

2013-12-14 01:48 - 2013-11-08 06:28 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2013-12-14 01:48 - 2013-11-08 06:26 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2013-12-14 01:48 - 2013-11-08 06:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll

2013-12-14 01:48 - 2013-11-08 06:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll

2013-12-14 01:48 - 2013-11-08 06:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll

2013-12-14 01:48 - 2013-11-08 05:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2013-12-14 01:48 - 2013-11-08 05:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll

2013-12-14 01:48 - 2013-11-05 16:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll

2013-12-14 01:48 - 2013-11-05 16:03 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe

2013-12-14 01:48 - 2013-11-05 15:57 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe

2013-12-14 01:48 - 2013-11-05 15:33 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll

2013-12-14 01:48 - 2013-11-05 15:32 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll

2013-12-14 01:48 - 2013-11-04 19:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2013-12-14 01:48 - 2013-11-04 19:13 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2013-12-14 01:48 - 2013-11-04 15:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll

2013-12-14 01:48 - 2013-11-04 13:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2013-12-14 01:48 - 2013-11-04 12:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll

2013-12-14 01:48 - 2013-11-04 04:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll

2013-12-14 01:48 - 2013-11-04 03:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2013-12-14 01:48 - 2013-11-01 13:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys

2013-12-14 01:48 - 2013-11-01 08:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll

2013-12-14 01:48 - 2013-11-01 07:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll

2013-12-14 01:48 - 2013-10-31 02:58 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys

2013-12-14 01:48 - 2013-10-31 02:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2013-12-14 01:48 - 2013-10-31 02:33 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2013-12-14 01:48 - 2013-10-31 02:33 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2013-12-14 01:48 - 2013-10-31 02:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2013-12-14 01:48 - 2013-10-31 02:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2013-12-14 01:48 - 2013-10-26 03:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys

2013-12-14 01:48 - 2013-10-24 11:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll

2013-12-14 01:48 - 2013-10-24 11:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll

2013-12-14 01:48 - 2013-10-17 13:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll

2013-12-14 01:48 - 2013-10-17 12:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll

2013-12-14 01:48 - 2013-10-05 16:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll

2013-12-14 01:48 - 2013-10-05 16:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll

2013-12-14 01:48 - 2013-10-05 14:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll

2013-12-14 01:48 - 2013-10-05 14:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll

2013-12-14 01:47 - 2013-11-26 10:57 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2013-12-14 01:47 - 2013-11-26 08:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2013-12-14 01:47 - 2013-11-23 06:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll

2013-12-14 01:47 - 2013-11-23 06:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll

2013-12-14 01:47 - 2013-11-23 05:32 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

2013-12-14 01:47 - 2013-11-23 05:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

2013-12-14 01:47 - 2013-11-09 08:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe

2013-12-14 01:47 - 2013-11-09 08:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll

2013-12-14 01:47 - 2013-11-09 07:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll

2013-12-14 01:47 - 2013-10-19 10:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll

2013-12-14 01:47 - 2013-10-19 09:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll

2013-12-14 01:47 - 2013-10-15 10:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll

2013-12-14 01:47 - 2013-10-15 10:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll

2013-12-14 01:42 - 2013-11-08 09:21 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2013-12-07 17:20 - 2013-12-07 17:31 - 00000000 ___SD C:\Users\Mari\Documents\Omat tietolähteet

2013-12-07 16:55 - 2013-12-30 00:44 - 00005040 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for SAMSUNG-Mari Samsung

2013-12-01 22:13 - 2013-12-01 22:13 - 00000132 _____ C:\Users\Mari\AppData\Roaming\Adobe PNG Format CS5 Prefs

 

==================== One Month Modified Files and Folders =======

 

2013-12-30 00:50 - 2013-12-30 00:49 - 00020093 _____ C:\Users\Mari\Desktop\FRST.txt

2013-12-30 00:49 - 2013-12-30 00:49 - 00000000 ____D C:\FRST

2013-12-30 00:48 - 2013-12-30 00:47 - 01931302 _____ (Farbar) C:\Users\Mari\Desktop\FRST64.exe

2013-12-30 00:47 - 2013-08-28 12:28 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1389066822-2107305290-2761972221-1001

2013-12-30 00:45 - 2013-10-18 15:26 - 01417669 _____ C:\WINDOWS\WindowsUpdate.log

2013-12-30 00:45 - 2013-03-11 11:48 - 00000000 ____D C:\ProgramData\WinClon

2013-12-30 00:44 - 2013-12-07 16:55 - 00005040 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for SAMSUNG-Mari Samsung

2013-12-30 00:44 - 2013-10-18 15:34 - 00000000 __RDO C:\Users\Mari\SkyDrive

2013-12-30 00:44 - 2013-08-28 18:46 - 00002197 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-12-30 00:43 - 2013-12-30 00:43 - 00000000 ___RD C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2013-12-30 00:43 - 2013-12-30 00:43 - 00000000 ____D C:\ProgramData\boost_interprocess

2013-12-30 00:43 - 2013-08-28 18:44 - 00001016 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-30 00:42 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-12-30 00:41 - 2013-09-11 22:00 - 00000000 ____D C:\AdwCleaner

2013-12-30 00:41 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI

2013-12-30 00:37 - 2013-12-30 00:35 - 01233962 _____ C:\Users\Mari\Desktop\AdwCleaner.exe

2013-12-30 00:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru

2013-12-29 23:59 - 2013-08-28 18:44 - 00001020 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-29 21:44 - 2013-10-19 10:38 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5FE57C4E-6A43-4F29-97D6-564B70C043AD}

2013-12-29 21:30 - 2013-09-06 16:41 - 00000000 ____D C:\Users\Mari\AppData\Roaming\uTorrent

2013-12-29 20:40 - 2013-09-29 20:07 - 00004122 _____ C:\WINDOWS\PFRO.log

2013-12-29 20:39 - 2013-12-29 20:38 - 00079672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys

2013-12-29 20:39 - 2013-10-16 21:02 - 00001982 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2013-12-29 20:38 - 2013-10-16 21:02 - 01034464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2013-12-29 20:38 - 2013-10-16 21:02 - 00422216 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys

2013-12-29 20:38 - 2013-10-16 21:02 - 00334136 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2013-12-29 20:38 - 2013-10-16 21:02 - 00207904 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys

2013-12-29 20:38 - 2013-10-16 21:02 - 00078648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2013-12-29 20:38 - 2013-10-16 21:02 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

2013-12-29 20:38 - 2013-08-29 23:51 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update

2013-12-28 23:50 - 2013-09-05 17:54 - 00000000 ____D C:\Users\Mari\AppData\Local\Last.fm

2013-12-28 23:45 - 2013-12-28 23:45 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf

2013-12-28 23:45 - 2013-08-22 16:46 - 00291612 _____ C:\WINDOWS\setupact.log

2013-12-27 00:05 - 2013-08-30 00:31 - 00000000 ____D C:\Users\Mari\AppData\Roaming\vlc

2013-12-22 02:14 - 2013-08-29 22:42 - 00000000 ____D C:\Users\Mari\Documents\Ficit

2013-12-21 16:05 - 2013-11-28 15:09 - 00001456 _____ C:\Users\Mari\AppData\Local\Adobe Save for Web 12.0 Prefs

2013-12-18 18:03 - 2013-09-10 20:00 - 00000000 ____D C:\Users\Mari\Documents\Koulu

2013-12-18 00:52 - 2013-08-28 12:20 - 00000000 ____D C:\Users\Mari\AppData\Local\Packages

2013-12-18 00:32 - 2013-09-30 06:17 - 01371388 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2013-12-18 00:32 - 2013-09-30 05:59 - 00436568 _____ C:\WINDOWS\system32\perfh00B.dat

2013-12-18 00:32 - 2013-09-30 05:59 - 00082128 _____ C:\WINDOWS\system32\perfc00B.dat

2013-12-16 14:34 - 2013-08-28 19:11 - 00000000 ____D C:\Program Files\Microsoft Office 15

2013-12-14 20:22 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache

2013-12-14 13:08 - 2013-08-22 16:44 - 06959920 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2013-12-14 02:28 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData

2013-12-14 02:28 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\WinStore

2013-12-14 02:28 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\MediaViewer

2013-12-14 02:28 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\FileManager

2013-12-14 02:28 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Camera

2013-12-14 01:52 - 2013-08-28 13:38 - 00000000 ____D C:\WINDOWS\system32\MRT

2013-12-14 01:50 - 2013-08-28 13:38 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2013-12-07 17:31 - 2013-12-07 17:20 - 00000000 ___SD C:\Users\Mari\Documents\Omat tietolähteet

2013-12-06 12:54 - 2013-08-28 18:44 - 00003992 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2013-12-06 12:54 - 2013-08-28 18:44 - 00003756 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2013-12-04 02:05 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2013-12-04 02:05 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2013-12-03 17:43 - 2013-09-30 17:14 - 00000000 ____D C:\Users\Mari\AppData\Roaming\Skype

2013-12-01 22:13 - 2013-12-01 22:13 - 00000132 _____ C:\Users\Mari\AppData\Roaming\Adobe PNG Format CS5 Prefs

2013-11-30 22:34 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports

 

Files to move or delete:

====================

C:\ProgramData\MakeMarkerFile.exe

C:\Users\EasySurvey\EasySurvey.exe

 

 

Some content of TEMP:

====================

C:\Users\Mari\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-12-29 13:11

 

==================== End Of Log ============================

 

Sorry, for some reason I didn't get the Addition.txt or closed it or something.

I bought this laptop used so could that somehow be the reason?

Lol sorry I'm completely computer illiterate.

[unluckychick]

Oh this is nice, I just contacted the friend I bought the laptop from. He only used it a few months until he got a new laptop as a present.

Apparently he had a virus on the laptop that he had someone to remove. 

Apparently the virus he had changed the homepage to a different page, he's saying he thinks it was yahoo, and he also had random toolbars appear. Could this virus be linked to the one I have now?

[kevinf80]

Addition.txt will be saved the same place FRST was saved to and ran from, your Desktop. Even if the log isclosed it will still be on the desktop, if it was deleted check in the Recycle bin. I need to see that log

[unluckychick]

dditional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2013 01

Ran by Mari at 2013-12-30 00:51:06

Running from C:\Users\Mari\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

 

==================== Installed Programs ======================

 

 HUAWEI 4.25.10.00 (x32 Version:  - )

Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated)

Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated)

Adobe Community Help (x32 Version: 3.0.0.400 - Adobe Systems Incorporated)

Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated)

Adobe Photoshop CS5 (x32 Version: 12.0 - Adobe Systems Incorporated)

Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8 - Adobe Systems Incorporated)

AllSharePlayLink (x32 Version: 1.0.0 - Samsung Electronics Co., Ltd.)

Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)

Applen ohjelmatuki (x32 Version: 2.3.6 - Apple Inc.)

avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)

Bitcasa version 0.9.20.4135 (Version: 0.9.20.4135 - Bitcasa Inc.)

Bonjour (Version: 3.0.0.10 - Apple Inc.)

CCleaner (Version: 4.06 - Piriform)

CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.)

CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft)

Easy File Share (x32 Version: 1.3.6 - Samsung Electronics CO.,LTD.)

E-POP (x32 Version: 1.0.1 - Samsung Electronics CO., LTD.)

ETDWare X64 11.7.17.3_WHQL (Version: 11.7.17.3 - ELAN Microelectronic Corp.)

Fotogalleri (x32 Version: 16.4.3503.0728 - Microsoft Corporation)

Fotogalleriet (x32 Version: 16.4.3503.0728 - Microsoft Corporation)

Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)

Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.)

Help Desk (Version: 1.0.96 - Samsung Electronics CO., LTD.)

HomeSync Lite (x32 Version: 1.1.0.32 - Samsung Electronics CO., LTD.)

Huawei modem (x32 Version:  - )

Intel AppUp(SM) center (x32 Version: 3.6.1.33070.11 - Intel)

Intel® Manageability Engine Firmware Recovery Agent (x32 Version: 1.1.0.36960 - Intel Corporation)

Intel® Management Engine Components (x32 Version: 9.5.15.1730 - Intel Corporation)

Intel® Processor Graphics (x32 Version: 9.17.10.2932 - Intel Corporation)

Intel® Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation)

IObit Apps Toolbar v7.6 (x32 Version: 7.6 - Spigot, Inc.) <==== ATTENTION

iTunes (Version: 11.1.3.8 - Apple Inc.)

Last.fm Scrobbler 2.1.36 (x32 Version:  - Last.fm)

Malwarebytes Anti-Malware versio 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation)

Microsoft Office 365 Home Premium - fi-fi (Version: 15.0.4551.1011 - Microsoft Corporation)

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft SkyDrive (HKCU Version: 17.0.2003.1112 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)

Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe)

Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe)

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe)

Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe)

Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe)

Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe)

Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe)

Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe)

Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe)

Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe)

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe)

Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe)

Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe)

Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe)

Mobiililaajakaista-ohjelma (x32 Version: 4.0 - Elisa)

Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation)

Mozilla Firefox 24.0 (x86 fi) (x32 Version: 24.0 - Mozilla)

Mozilla Maintenance Service (x32 Version: 24.0 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft)

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft)

MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft)

Norton Online Backup (x32 Version: 2.2.3.51 - Symantec Corporation)

Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1011 - Microsoft Corporation)

Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1011 - Microsoft Corporation)

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1011 - Microsoft Corporation)

PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated)

Phone Screen Sharing (x32 Version: 2.0.0.18 - RSUPPORT)

Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation)

Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation)

Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.1.306 - Qualcomm Atheros Communications)

Qualcomm Atheros Client Installation Program (x32 Version: 10.0 - Qualcomm Atheros)

QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)

Realtek Ethernet Controller Driver (x32 Version: 8.19.726.2013 - Realtek)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.7055 - Realtek Semiconductor Corp.)

Recovery (x32 Version: 6.0.10.0 - Samsung Electronics CO., LTD.)

S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.)

Samsung Kies (x32 Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.)

SAMSUNG USB Driver for Mobile Phones (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.)

Settings (x32 Version: 2.0.1 - Samsung Electronics CO., LTD.)

SideSync (x32 Version: 2.0.0 - Samsung Electronics CO., LTD.)

Skype™ 6.10 (x32 Version: 6.10.104 - Skype Technologies S.A.)

Support Center (Version: 2.1.1201 - Samsung Electronics CO., LTD.)

Support Center FAQ (x32 Version: 1.0.11 - Samsung Electronics CO., LTD.)

SW Update (x32 Version: 2.1.21 - Samsung Electronics CO., LTD.)

User Guide (x32 Version: 1.0.00 - Samsung Electronics CO., LTD.)

Valokuvavalikoima (x32 Version: 16.4.3503.0728 - Microsoft Corporation)

Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation)

Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation)

Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation)

Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation)

Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation)

Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation)

Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation)

Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation)

Windows Liven peruspaketti (x32 Version: 16.4.3503.0728 - Microsoft Corporation)

VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)

 

==================== Restore Points  =========================

 

13-12-2013 16:40:49 Ajoitettu tarkistuspiste

21-12-2013 17:30:51 Ajoitettu tarkistuspiste

29-12-2013 11:34:09 Ajoitettu tarkistuspiste

 

==================== Hosts content: ==========================

 

2012-07-26 07:26 - 2013-09-06 23:20 - 00004207 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       activate.adobe.com

127.0.0.1       activate-sjc0.adobe.com

127.0.0.1       adobeereg.com

127.0.0.1       practivate.adobe.com

127.0.0.1       ereg.adobe.com

127.0.0.1       www.adobeereg.com

127.0.0.1       activate.wip3.adobe.com

127.0.0.1       wip3.adobe.com

127.0.0.1       3dns-3.adobe.com

127.0.0.1       3dns-2.adobe.com

127.0.0.1       adobe-dns.adobe.com

127.0.0.1       adobe-dns-2.adobe.com

127.0.0.1       adobe-dns-3.adobe.com

127.0.0.1       ereg.wip3.adobe.com

127.0.0.1       activate-sea.adobe.com

127.0.0.1       wwis-dubc1-vip60.adobe.com

127.0.0.1       activate-sjc0.adobe.com

127.0.0.1       wwis-dubc1-vip60.adobe.com

127.0.0.1       activate.adobe.com

127.0.0.1       activate-sjc0.adobe.com

127.0.0.1       adobeereg.com

127.0.0.1       practivate.adobe.com

127.0.0.1       ereg.adobe.com

127.0.0.1       www.adobeereg.com

127.0.0.1       activate.wip3.adobe.com

127.0.0.1       wip3.adobe.com

127.0.0.1       3dns-3.adobe.com

127.0.0.1       3dns-2.adobe.com

127.0.0.1       adobe-dns.adobe.com

 

There are 60 more lines.

 

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

Task: {0ADE7482-4863-4830-AD1D-D51F0B0B0257} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {149AAD4D-C6A9-4E79-ADA6-844FC3A7718E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)

Task: {15E033FF-F6B4-4311-A723-50C1F37A1BB1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-11-02] (Microsoft Corporation)

Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)

Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\System32\tzsync.exe [2013-08-22] (Microsoft Corporation)

Task: {3EE2A1C1-2180-438E-8F0F-E2379A00D962} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-noobsession@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-03-06] (Adobe Systems Incorporated)

Task: {424C684A-7B7D-49FB-8CF0-75FE30375EEE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\System32\MRT.exe [2013-12-14] (Microsoft Corporation)

Task: {4336FCAC-D91D-4BF2-8F8C-D33F69CD6956} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-28] (Google Inc.)

Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance

Task: {4F547001-6589-4124-B6BF-087110679B72} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-12-16] (Microsoft Corporation)

Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup

Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task

Task: {732A29FE-857D-4741-B0D3-F3650C277D3D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)

Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {7C593329-4849-4F62-8C77-F8E48CF732E1} - System32\Tasks\SamsungHomeSyncPC => C:\Program Files (x86)\Samsung\HomeSync Lite\RefreshToken.exe [2013-11-06] ()

Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task

Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

Task: {9DBD80A7-846F-4CA2-BB55-DB33716E41EB} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)

Task: {9EE987E6-95FB-48C9-9E7A-4C7E8AAC009E} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2013-02-01] (Samsung Electronics CO., LTD.)

Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work

Task: {ADF85AD0-0BDC-4B38-A70E-B027BD3777E7} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-08-23] (SEC)

Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask

Task: {D6EA8EB1-0399-41C8-BC2B-340F6EEC5543} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-28] (Google Inc.)

Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization

Task: {E218F8F5-0A60-460C-BCFB-2A3D2BA5126A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SAMSUNG-Mari Samsung => C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE [2013-12-16] (Microsoft Corporation)

Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE

Task: {EB052B2F-779B-4EBE-B630-E40AFF891847} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)

Task: {ECCCB047-480A-4885-B25F-870FA9777F2D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-29] (AVAST Software)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-09-25 03:04 - 2013-09-25 03:04 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll

2013-09-25 03:01 - 2013-09-25 03:01 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll

2012-12-14 01:42 - 2012-12-14 01:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-10-16 19:15 - 2013-10-16 19:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll

2013-12-29 16:25 - 2013-12-29 14:54 - 02153984 _____ () C:\Program Files\AVAST Software\Avast\defs\13122900\algo.dll

2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-02-01 03:52 - 2013-02-01 03:52 - 00029232 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll

2013-02-01 03:52 - 2013-02-01 03:52 - 01106480 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll

2013-02-01 03:52 - 2013-02-01 03:52 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll

2013-02-01 03:52 - 2013-02-01 03:52 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll

2013-02-01 03:52 - 2013-02-01 03:52 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll

2013-02-01 03:52 - 2013-02-01 03:52 - 00027184 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll

2013-02-01 03:52 - 2013-02-01 03:52 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll

2013-02-01 03:52 - 2013-02-01 03:52 - 00060976 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll

2013-02-01 03:52 - 2013-02-01 03:52 - 00103472 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll

2013-03-11 11:42 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2012-06-08 04:34 - 2012-06-08 04:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2013-10-16 11:40 - 2013-10-16 11:40 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2013-05-27 09:23 - 2013-05-27 09:23 - 02337792 _____ () C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\QtCore4.dll

2013-05-27 09:23 - 2013-05-27 09:23 - 08442368 _____ () C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\QtGui4.dll

2013-05-27 09:23 - 2013-05-27 09:23 - 11158528 _____ () C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\QtWebKit4.dll

2013-05-27 09:23 - 2013-05-27 09:23 - 00270336 _____ () C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\phonon4.dll

2013-05-27 09:23 - 2013-05-27 09:23 - 00804352 _____ () C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\QtNetwork4.dll

2013-05-27 09:23 - 2013-05-27 09:23 - 00025600 _____ () C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\imageformats\qgif4.dll

2013-05-27 09:23 - 2013-05-27 09:23 - 00027648 _____ () C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\imageformats\qico4.dll

2013-05-27 09:23 - 2013-05-27 09:23 - 00119808 _____ () C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\imageformats\qjpeg4.dll

2013-05-27 09:23 - 2013-05-27 09:23 - 00220672 _____ () C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\imageformats\qmng4.dll

2013-05-27 08:46 - 2013-05-27 08:46 - 00195072 _____ () C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\LoginHandler.dll

2013-05-27 09:23 - 2013-05-27 09:23 - 01114112 _____ () C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\NDISAPI.dll

2013-05-27 09:29 - 2013-05-27 09:29 - 00110592 _____ () C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\MbnPinManager.dll

2013-10-10 13:32 - 2013-11-17 13:35 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

2013-12-16 14:27 - 2013-12-16 14:27 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll

2013-12-05 23:01 - 2013-12-04 04:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

2013-12-05 23:01 - 2013-12-04 04:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll

2013-12-05 23:01 - 2013-12-04 04:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

2013-12-05 23:01 - 2013-12-04 04:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

2013-12-05 23:01 - 2013-12-04 04:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

2013-11-21 14:18 - 2013-09-16 12:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2011-06-16 14:54 - 2011-06-16 14:54 - 00009504 _____ () C:\Program Files (x86)\Apple Software Update\SoftwareUpdateFiles.Resources\fi.lproj\SoftwareUpdateFilesLocalized.dll

2011-06-16 14:54 - 2011-06-16 14:54 - 00029984 _____ () C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.Resources\fi.lproj\SoftwareUpdateLocalized.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\Users\Mari\SkyDrive:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/30/2013 00:41:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: SAMSUNG)

Description: Sovelluksen microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail aktivointi epäonnistui, virhe: -2147023170. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa.

 

Error: (12/29/2013 11:16:28 PM) (Source: Customer Experience Improvement Program) (User: )

Description: 80070005

 

Error: (12/29/2013 09:47:54 PM) (Source: Customer Experience Improvement Program) (User: )

Description: 80070005

 

Error: (12/29/2013 02:18:09 PM) (Source: Customer Experience Improvement Program) (User: )

Description: 80070005

 

Error: (12/29/2013 00:50:40 PM) (Source: Customer Experience Improvement Program) (User: )

Description: 80070005

 

Error: (12/28/2013 11:06:35 PM) (Source: Customer Experience Improvement Program) (User: )

Description: 80070005

 

Error: (12/27/2013 00:48:36 PM) (Source: Customer Experience Improvement Program) (User: )

Description: 80070005

 

Error: (12/27/2013 00:12:56 AM) (Source: Application Error) (User: )

Description: Viallisen sovelluksen nimi: EasyLauncher.exe, versio: 2.0.0.10, aikaleima: 0x510b1e29

Viallisen moduulin nimi: unknown, versio: 0.0.0.0, aikaleima: 0x00000000

Poikkeuskoodi: 0xc0000005

Virhepoikkeama: 0x00000000

Viallisen prosessin tunnus: 0x828

Viallisen sovelluksen käynnistysaika: 0xEasyLauncher.exe0

Viallisen sovelluksen polku: EasyLauncher.exe1

Viallisen moduulin polku: EasyLauncher.exe2

Raportin tunnus: EasyLauncher.exe3

Viallisen paketin koko nimi: EasyLauncher.exe4

Viallisen paketin suhteellinen sovellustunnus: EasyLauncher.exe5

 

Error: (12/27/2013 00:12:13 AM) (Source: Application Error) (User: )

Description: Viallisen sovelluksen nimi: iTunes.exe, versio: 11.1.3.8, aikaleima: 0x5274a87d

Viallisen moduulin nimi: itw_scrobbler.dll_unloaded, versio: 6.0.5.4, aikaleima: 0x511d100e

Poikkeuskoodi: 0xc00001a5

Virhepoikkeama: 0x000b3a9c

Viallisen prosessin tunnus: 0x1090

Viallisen sovelluksen käynnistysaika: 0xiTunes.exe0

Viallisen sovelluksen polku: iTunes.exe1

Viallisen moduulin polku: iTunes.exe2

Raportin tunnus: iTunes.exe3

Viallisen paketin koko nimi: iTunes.exe4

Viallisen paketin suhteellinen sovellustunnus: iTunes.exe5

 

Error: (12/26/2013 03:05:20 PM) (Source: Customer Experience Improvement Program) (User: )

Description: 80070005

 

 

System errors:

=============

Error: (12/30/2013 00:51:20 AM) (Source: DCOM) (User: NT-hallinta)

Description: tietokoneen oletusarvoPaikallinenAktivointi{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-hallintaPaikallinen palveluS-1-5-19LocalHost (LRPC käytössä)Ei käytettävissäEi käytettävissä

 

Error: (12/29/2013 10:45:26 PM) (Source: DCOM) (User: NT-hallinta)

Description: tietokoneen oletusarvoPaikallinenAktivointi{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-hallintaPaikallinen palveluS-1-5-19LocalHost (LRPC käytössä)Ei käytettävissäEi käytettävissä

 

Error: (12/29/2013 09:28:38 PM) (Source: DCOM) (User: NT-hallinta)

Description: tietokoneen oletusarvoPaikallinenAktivointi{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-hallintaPaikallinen palveluS-1-5-19LocalHost (LRPC käytössä)Ei käytettävissäEi käytettävissä

 

Error: (12/29/2013 09:24:53 PM) (Source: DCOM) (User: SAMSUNG)

Description: 1084ShellHWDetectionEi käytettävissä{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (12/29/2013 09:24:31 PM) (Source: DCOM) (User: SAMSUNG)

Description: 1084ShellHWDetectionEi käytettävissä{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (12/29/2013 09:19:49 PM) (Source: DCOM) (User: SAMSUNG)

Description: 1084ShellHWDetectionEi käytettävissä{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (12/29/2013 09:09:49 PM) (Source: DCOM) (User: SAMSUNG)

Description: 1084ShellHWDetectionEi käytettävissä{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (12/29/2013 09:08:23 PM) (Source: Service Control Manager) (User: )

Description: Palvelu WinHTTP WWW -välityspalvelimen automaattinen etsintäpalvelu on riippuvainen palvelusta DHCP-asiakas, jonka käynnistyminen epäonnistui virheen vuoksi: 

%%1068

 

Error: (12/29/2013 09:08:22 PM) (Source: DCOM) (User: SAMSUNG)

Description: 1084ShellHWDetectionEi käytettävissä{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (12/29/2013 09:08:09 PM) (Source: DCOM) (User: SAMSUNG)

Description: 1084ShellHWDetectionEi käytettävissä{DD522ACC-F821-461A-A407-50B198B896DC}

 

 

Microsoft Office Sessions:

=========================

Error: (12/30/2013 00:41:03 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: SAMSUNG)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170

 

Error: (12/29/2013 11:16:28 PM) (Source: Customer Experience Improvement Program)(User: )

Description: 80070005

 

Error: (12/29/2013 09:47:54 PM) (Source: Customer Experience Improvement Program)(User: )

Description: 80070005

 

Error: (12/29/2013 02:18:09 PM) (Source: Customer Experience Improvement Program)(User: )

Description: 80070005

 

Error: (12/29/2013 00:50:40 PM) (Source: Customer Experience Improvement Program)(User: )

Description: 80070005

 

Error: (12/28/2013 11:06:35 PM) (Source: Customer Experience Improvement Program)(User: )

Description: 80070005

 

Error: (12/27/2013 00:48:36 PM) (Source: Customer Experience Improvement Program)(User: )

Description: 80070005

 

Error: (12/27/2013 00:12:56 AM) (Source: Application Error)(User: )

Description: EasyLauncher.exe2.0.0.10510b1e29unknown0.0.0.000000000c00000050000000082801cf02336cde6113C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exeunknowndeda0ad8-6e7a-11e3-bf04-001e101f8e1c

 

Error: (12/27/2013 00:12:13 AM) (Source: Application Error)(User: )

Description: iTunes.exe11.1.3.85274a87ditw_scrobbler.dll_unloaded6.0.5.4511d100ec00001a5000b3a9c109001cf026f7746550cC:\Program Files (x86)\iTunes\iTunes.exeitw_scrobbler.dllc506deb6-6e7a-11e3-bf04-001e101f8e1c

 

Error: (12/26/2013 03:05:20 PM) (Source: Customer Experience Improvement Program)(User: )

Description: 80070005

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 40%

Total physical RAM: 3965.43 MB

Available physical RAM: 2348.94 MB

Total Pagefile: 4797.44 MB

Available Pagefile: 3126.91 MB

Total Virtual: 131072 MB

Available Virtual: 131071.83 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:441.38 GB) (Free:347.78 GB) NTFS

Drive d: (Mobiililaajakais) (CDROM) (Total:0.07 GB) (Free:0 GB) CDFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: CA263C05)

 

Partition: GPT Partition Type

==================== End Of Log ============================

[kevinf80]

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs, let me know if any remaining issues or concerns...

 

 

 

fixlist.txt

[unluckychick]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-12-2013 01

Ran by Mari at 2013-12-30 01:34:45 Run:1

Running from C:\Users\Mari\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

C:\ProgramData\MakeMarkerFile.exe

C:\Users\EasySurvey\EasySurvey.exe

C:\Users\Mari\AppData\Local\Temp\Quarantine.exe

2012-07-26 07:26 - 2013-09-06 23:20 - 00004207 ____A C:\WINDOWS\system32\Drivers\etc\hosts

AlternateDataStreams: C:\Users\Mari\SkyDrive:ms-properties

End

 

 

 

*****************

 

C:\ProgramData\MakeMarkerFile.exe => Moved successfully.

C:\Users\EasySurvey\EasySurvey.exe => Moved successfully.

C:\Users\Mari\AppData\Local\Temp\Quarantine.exe => Moved successfully.

C:\WINDOWS\system32\Drivers\etc\hosts => Moved successfully.

"C:\Users\Mari\SkyDrive" => ":ms-properties" ADS not found.

 

==== End of Fixlog ====

 

Did I do that correctly?

 

Here's the malwarebytes log, it's in Finnish, sorry:

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Tietokantaversio: v2013.12.29.06

 

Windows 8 x64 NTFS

Internet Explorer 11.0.9600.16476

Mari :: SAMSUNG [järjestelmänvalvoja]

 

30.12.2013 1:37:18

mbam-log-2013-12-30 (01-37-18).txt

 

Tarkistustyyppi: Pikatarkistus

Tarkistussuodattimia valittu: Muisti | Käynnistys | Rekisteri | Tietojärjestelmä | Heuristinen/Ylimäärinen | Heuristinen/Shuriken | Mahdollisesti haitallinen ohjelma | Mahdollisesti haitallinen muutos

Käytöstä poistetut tarkistusvalinnat: Vertaisverkko (Peer-to-Peer)

Tarkistettuja kohteita: 218928

Kulunut aika: 7 minuutti(a), 34 sekunti(a)

 

Epäilyttäviä muistiprosesseja: 0

(Ei haitallisia kohteita)

 

Epäilyttäviä muistimoduuleja: 0

(Ei haitallisia kohteita)

 

Epäilyttäviä rekisteriavaimia: 0

(Ei haitallisia kohteita)

 

Epäilyttäviä rekisteriarvoja: 0

(Ei haitallisia kohteita)

 

Epäilyttäviä rekisterikohteita: 0

(Ei haitallisia kohteita)

 

Epäilyttäviä kansioita: 0

(Ei haitallisia kohteita)

 

Epäilyttäviä tiedostoja: 0

(Ei haitallisia kohteita)

 

(loppu)

 

 

My only concern is that some googling told me that that yahoo thing could be caused by IObit Apps Toolbar v7.6 which I seem to have listed in my programs still even after the fixes (and it looks like it's been there since before I bought this laptop from my friend). Should something be done to that?

Thank you so much for all the help, you're just amazing dude!

[kevinf80]

Yes see if you can UNinstall IObit Apps Toolbar v7.6 (x32 Version: 7.6 - Spigot, Inc.)

 

If successful or not run the following:

 

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop.

 

Double click zip file and extract to your  Desktop:

 

 

 

 

you will now have 3 versions of the tool on the Desktop:

 

 

 

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:

 

 

 

 

Copy and paste the following script from the code box and paste into the field.

 

 

standardsearch;autoruns;autoclean;emptyclsid;emptyalltemp;installedprogs;  

 

 

Select the "Run Script" tab. The following window will open:

 

 

 

 

 

 

Please be patient and do not use the PC when the scan is in progress.

 

When complete you maybe asked to re-boot your PC, if so please do

 

 

Post the produced log in your next reply…..

[unluckychick]

Hey I'm really really not sure if I did that correctly, I'm pretty sure I didn't...

This is the result I got:

 

Zoek.exe v5.0.0.0 Updated 23-December-2013

Tool run by Mari on ma 30.12.2013 at  2:31:29,22.

Microsoft Windows 8.1 6.3.9600  x64

Running in: Normal Mode No Internet Access Detected

Launched: C:\Users\Mari\Desktop\zoek.scr [scan all users] [script inserted] 

 

===== Runcheck  2:31:45,02 =====

 

--- Create Environment Variables  2:31:45,97 

--- Create System Restore Point  2:31:56,47 

--- Checking Input  2:31:58,55 

--- AU AppData Check  2:32:02,85 

--- Remove From Windows Installer  2:32:11,01 

--- IE Startpage Check  2:34:10,50 

--- Program Files DB Check  2:34:47,03 

[unluckychick]

Oh crap, it wasn't finished was it, it stopped doing anything. As soon as I noticed I turned chrome off and disabled avast again, did ai totally screw this up? It still seems to be checking. How will I know when it's finishes? On mu phone online now.

[kevinf80]

Before you run Zoek you should make sure security is turned off, also close all browsers.. The log you post is not correct

[unluckychick]

It was apparently still runnning when I thought it was over. I turned my internet back on, turned avast on and used chrome to post that. As soon as i posted it i noticed that there was new text in the box and I immediately turned chrome off and disabled avast again. It continued to run the check while I did this. It is stilö working on the test but seems to have been on the same sppt for a while now.

[kevinf80]

Wait until it finishes, if you stop midway you can cause issues for your system.....

[unluckychick]

Oh crap! It's been on the System specs part for a long while now. Any idea how long the check usually takes? I think it's been running for over 35 min now.

[kevinf80]

Zoek appears to be stuck, try a hard reset (reboot) let me know if system responds OK....

[unluckychick]

Ok now I'm scared.

I was able to turn my laptop back on but sometjing weird definitely happened. The metro view lookes totally wrong at first but now looks ok. Did i cause my laptop serious damage by being a twat? Everything else seems fine.

What should i do next? Thank you so much for all of this man.

[kevinf80]

Do not worry, Windows 8 is very good at fixing itself, Before Zoek made any changes whatsoever it does create a system restore point, if we have any issues system restore can be used to put the system back the way it was previously.

 

What about running Zoek again, please make sure all security is OFF and browsers are closed. Run exactly as you did previously with the same script pasted into the text field.

 

Did you manage to UNinstall the 1OBit Toolbar? anything related to 1OBit is bad news....

 

Its nearly 2 am local time for me, sleepy time approaches.......

[unluckychick]

I wasn't able to remove it, no, it gave me an error that I think meant something about a corrupted path?

I shall do that first thing tomorrow, it's nearly 4am here! Sleep well and let's kick this things ass tomorrow!

[kevinf80]

Ok, thanks for the update, we continue later.....

[unluckychick]

Hello again!

 

I was able to succesfully run the check this time, this is the log:

 

 

Zoek.exe v5.0.0.0 Updated 23-December-2013

Tool run by Mari on ma 30.12.2013 at 13:39:16,76.

Microsoft Windows 8.1 6.3.9600  x64

Running in: Normal Mode No Internet Access Detected

Launched: C:\Users\Mari\Desktop\zoek.scr [scan all users] [script inserted] 

 

==== Older Logs ======================

 

C:\zoek-results2013-12-30-004747.log 7793 bytes

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== Installed Programs ======================

 

 HUAWEI 4.25.10.00  

Adobe AIR  

Adobe Community Help  

Adobe Media Player  

Adobe Photoshop CS5  

Adobe Reader X (10.1.8) MUI  

AllSharePlayLink  

Apple Mobile Device Support  

Apple Software Update  

Applen ohjelmatuki  

avast Free Antivirus  

Bitcasa version 0.9.20.4135  

Bonjour  

CCleaner  

CyberLink Power2Go 8  

CyberLink PowerDVD 10  

D3DX10  

E-POP  

Easy File Share  

ETDWare X64 11.7.17.3_WHQL  

Fotogalleri  

Fotogalleriet  

Google Chrome  

Google Update Helper  

Help Desk  

HomeSync Lite  

Huawei modem  

Intel AppUp(SM) center  

Intel® Manageability Engine Firmware Recovery Agent  

Intel® Management Engine Components  

Intel® Processor Graphics  

Intel® Rapid Storage Technology  

Intel® SDK for OpenCL - CPU Only Runtime Package  

Intel© Trusted Connect Service Client  

IObit Apps Toolbar v7.6  

iTunes  

Last.fm Scrobbler 2.1.36  

Malwarebytes Anti-Malware versio 1.75.0.1300  

Microsoft Application Error Reporting  

Microsoft Office 365 Home Premium - fi-fi  

Microsoft Silverlight  

Microsoft SkyDrive  

Microsoft SQL Server 2005 Compact Edition [ENU]  

Microsoft Visual C++ 2005 Redistributable  

Microsoft Visual C++ 2005 Redistributable (x64)  

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148  

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  

Microsoft_VC80_ATL_x86  

Microsoft_VC80_ATL_x86_x64  

Microsoft_VC80_CRT_x86  

Microsoft_VC80_CRT_x86_x64  

Microsoft_VC80_MFC_x86  

Microsoft_VC80_MFC_x86_x64  

Microsoft_VC80_MFCLOC_x86  

Microsoft_VC80_MFCLOC_x86_x64  

Microsoft_VC90_ATL_x86  

Microsoft_VC90_ATL_x86_x64  

Microsoft_VC90_CRT_x86  

Microsoft_VC90_CRT_x86_x64  

Microsoft_VC90_MFC_x86  

Microsoft_VC90_MFC_x86_x64  

Mobiililaajakaista-ohjelma  

Movie Maker  

Mozilla Firefox 24.0 (x86 fi)  

Mozilla Maintenance Service  

MSVCRT  

MSVCRT110  

MSVCRT110_amd64  

Norton Online Backup  

Norton Online Backup ARA  

Office 15 Click-to-Run Extensibility Component  

Office 15 Click-to-Run Licensing Component  

Office 15 Click-to-Run Localization Component  

PDF Settings CS5  

Phone Screen Sharing  

Photo Common  

Photo Gallery  

Qualcomm Atheros Bluetooth Suite (64)  

Qualcomm Atheros Client Installation Program  

QuickTime  

Realtek Ethernet Controller Driver  

Realtek High Definition Audio Driver  

Recovery  

S Agent  

Samsung Kies  

SAMSUNG USB Driver for Mobile Phones  

Settings  

SideSync  

SkypeT 6.10  

Support Center  

Support Center FAQ  

SW Update  

User Guide  

Valokuvavalikoima  

Windows Live Communications Platform  

Windows Live Essentials  

Windows Live Installer  

Windows Live Photo Common  

Windows Live PIMT Platform  

Windows Live SOXE  

Windows Live SOXE Definitions  

Windows Live UX Platform  

Windows Live UX Platform Language Pack  

Windows Liven peruspaketti  

VLC media player 2.1.2  

 

==== Running Processes ======================

 

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\BecHelperService.exe

C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe

C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

C:\Program Files (x86)\Samsung\Settings\sSettings.exe

C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe

C:\WINDOWS\SysWOW64\ctfmon.exe

C:\WINDOWS\SysWOW64\cmd.exe

C:\WINDOWS\SysWOW64\cmd.exe

C:\WINDOWS\SysWOW64\cmd.exe

 

==== Deleting Services ======================

 

 

==== Deleting Files \ Folders ======================

 

"C:\windows\Installer\2cd0b1d7.msi" not found

"C:\ProgramData\boost_interprocess\Nobu64AgentService" deleted

"C:\ProgramData\boost_interprocess\Nobu64TrayIcon" deleted

"C:\ProgramData\boost_interprocess" not deleted

 

==== System Specs ======================

 

Operating System: Microsoft Windows 8.1 6.3.9600  64-bittinen

Manufacturer: SAMSUNG ELECTRONICS CO., LTD. - Model: 300E5EV/300E4EV/270E5EV/270E4EV/2470EV

Install Date: 18.10.2013 16:30:51

Last Boot: 30.12.2013 12:01:40

Processor: Intel® Celeron® CPU 847 @ 1.10GHz

Number of Processors: 2

Work Station

Bootmode: Normal boot

Total RAM: 3965 MB (free 2896 MB - 73)

Computername: SAMSUNG

Domain: WORKGROUP

User: Mari (Administrator account)

Local Disk:        C:\ - NTFS - 441 GB (free 346 GB)

CD \ DVD Drive:    D:\ 

CD \ DVD Drive:    E:\ 

Removable Disk:    F:\ -  -  GB (free  GB)

Bootdevice: \Device\HarddiskVolume2

Windows update: 

Country: Suomi 

Language: FIN 

 

==== System Specs (Software) ======================

 

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Anti-Spyware: avast! Antivirus disabled (Outdated)

Internet Explorer Version: 11.0.9600.16476 

Mozilla Firefox version: 24.0 (x86 fi)

Google Chrome version: 31.0.1650.63

Adobe Reader version: 10.1.8.24

 

==== Files Recently Created / Modified ======================

 

====== C:\WINDOWS ====

====== C:\Users\Mari\AppData\Local\Temp ====

====== C:\WINDOWS\SysWOW64 =====

====== C:\WINDOWS\SysWOW64\drivers =====

====== C:\WINDOWS\Sysnative =====

====== C:\WINDOWS\Sysnative\drivers =====

2013-12-29 18:38:55 AAB5F5336EDBB5D99CC7E1A9F4D8F63F 79672 ----a-w- C:\WINDOWS\Sysnative\drivers\aswstm.sys

2013-12-28 21:45:38 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_Kernel_netaapl64_01009.Wdf

2013-12-13 23:48:42 A3D1CB64DF885ACE126543E6D7067348 1530200 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys

2013-12-13 23:48:34 F6EBE514D13ECE7EDC23440039CDF9AB 372568 -c--a-w- C:\WINDOWS\Sysnative\drivers\spaceport.sys

2013-12-13 23:48:24 B9D968D8E2B0F9C6301CEB39CFC9B9E4 86872 ----a-w- C:\WINDOWS\Sysnative\drivers\pdc.sys

2013-12-13 23:48:24 3B44CB989757428208CCFCC028C13110 325464 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS

2013-12-13 23:48:24 139CFCDCD36B1B1782FD8C0014AC9B0E 39768 -c--a-w- C:\WINDOWS\Sysnative\drivers\intelpep.sys

2013-12-13 23:48:24 0044B31F93946D5D41982314381FE431 146776 ----a-w- C:\WINDOWS\Sysnative\drivers\SerCx2.sys

2013-12-13 23:48:23 9E167CDB2AEEF7994434543D0543AEEB 382808 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys

====== C:\WINDOWS\Tasks ======

2013-12-07 14:55:30 6737DC0EB12ABFB6D7ED943582885A54 5040 ----a-w- C:\WINDOWS\Sysnative\Tasks\Microsoft Office 15 Sync Maintenance for SAMSUNG-Mari Samsung

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

======= C:\PROGRA~2 =====

======= C: =====

2013-12-30 00:30:06 86C4B94C47C90B2CEAA54624FF271CA4 2851 ----a-w- C:\runcheck.txt

====== C:\Users\Mari\AppData\Roaming ======

2013-12-30 10:03:04 -------- d-----r- C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2013-12-06 10:54:50 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Google

2013-12-01 20:13:11 447C7C1522F10F9F092CE7C0F1DB0949 132 ----a-w- C:\Users\Mari\AppData\Roaming\Adobe PNG Format CS5 Prefs

====== C:\Users\Mari ======

2013-12-30 01:33:40 -------- d-----w- C:\ProgramData\boost_interprocess

2013-12-29 22:47:39 97831BA9FD20942AE302D7366AEFCEAC 1931302 ----a-w- C:\Users\Mari\Desktop\FRST64.exe

2013-12-29 22:35:54 AF5C84446657B48C9B9B870C46438261 1233962 ----a-w- C:\Users\Mari\Desktop\AdwCleaner.exe

 

====== C: exe-files ==

2013-12-29 22:48:50 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Mari\AppData\Local\Microsoft\Windows\INetCache\IE\EE6FR0RR\FRST64[1].exe

2013-12-29 22:47:39 97831BA9FD20942AE302D7366AEFCEAC 1931302 ----a-w- C:\Users\Mari\Desktop\FRST64.exe

2013-12-29 22:35:54 AF5C84446657B48C9B9B870C46438261 1233962 ----a-w- C:\Users\Mari\Desktop\AdwCleaner.exe

=== C: other files ==

2013-12-29 19:29:58 96E8A6FEE5FB43632765B5987D4877DC 100 ----a-w- C:\Users\Mari\AppData\Local\Temp\utt73E5.tmp.bat

2013-12-29 18:38:55 AAB5F5336EDBB5D99CC7E1A9F4D8F63F 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys

 

==== Startup Registry Enabled ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

"CLMLServer_For_P2G8"="C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"

"CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R"

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

"Intel AppUp(SM) center"="C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4"

"Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"

"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"

"AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin"

"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"20131121"="C:\Program Files\AVAST Software\Avast\setup\emupdate\abf5d97d-16c9-47bd-a9aa-d8a0ffd822f2.exe /check"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

"BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

 

==== Startup Registry Enabled x64 ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /S3HpProtect "

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"

"Persistence"="C:\WINDOWS\system32\igfxpers.exe"

"Bitcasa"="C:\Program Files\Bitcasa\Bitcasa.exe /startup"

"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

"BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

 

==== Task Scheduler Jobs ======================

 

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28.08.2013 18:44]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28.08.2013 18:44]

 

==== Other Scheduled Tasks ======================

 

"C:\WINDOWS\SysNative\tasks\advRecovery" ["C:\Program Files\Samsung\Recovery\WCScheduler.exe"]

"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe]

"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\WINDOWS\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" ["C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe"]

"C:\WINDOWS\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" ["C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe"]

"C:\WINDOWS\SysNative\tasks\SAgent" ["%ProgramFiles%\Samsung\S Agent\CommonAgent.exe"]

"C:\WINDOWS\SysNative\tasks\SamsungHomeSyncPC" ["%ProgramFiles(X86)%\Samsung\HomeSync Lite\RefreshToken.exe"]

"C:\WINDOWS\SysNative\tasks\Settings" ["C:\Program Files (x86)\Samsung\Settings\sSettings.exe"]

"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{5FE57C4E-6A43-4F29-97D6-564B70C043AD}" [C:\WINDOWS\system32\msfeedssync.exe]

"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [29.12.2013 20:38]

 

==== Firefox Extensions ======================

 

ProfilePath: C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\i4q717sh.default

- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

 

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

==== Firefox Plugins ======================

 

Profilepath: C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\i4q717sh.default

18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013

 

 

==== Chrome Look ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[29.12.2013 20:38]

 

Google Docs - Mari - Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Mari - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Mari - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Last updated at time on date - Mari - Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb

Google Search - Mari - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

XKit - Mari - Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd

avast Online Security - Mari - Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

Reddit Enhancement Suite - Mari - Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb

Google Wallet - Mari - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Mari - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://samsung13.msn.com/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://samsung13.msn.com/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

{5387967B-EEB6-4153-9D59-0F3C7606A394} Unknown  Url="Not_Found"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-1389066822-2107305290-2761972221-1001\Software\Microsoft\Internet Explorer\SearchScopes\{5387967B-EEB6-4153-9D59-0F3C7606A394} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\191089AC088C2B64788B2A7C6165DAF3 deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CA980191-C880-46B2-87B8-A2C71656AD3F} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\191089AC088C2B64788B2A7C6165DAF3 deleted successfully

 

==== HijackThis Entries ======================

 

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL

O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"

O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4

O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\abf5d97d-16c9-47bd-a9aa-d8a0ffd822f2.exe /check

O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{BB849D9B-7821-4069-9513-6AD572D67D84}: NameServer = 195.197.54.100 195.74.0.47

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll

O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: @%SystemRoot%\System32\AppReadiness.dll,-1000 (AppReadiness) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\appxdeploymentserver.dll,-1 (AppXSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

O23 - Service: @%SystemRoot%\system32\AudioEndpointBuilder.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: BEC Helper Service (BecHelperService) - Unknown owner - C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\BecHelperService.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%windir%\system32\bisrv.dll,-100 (BrokerInfrastructure) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @combase.dll,-5012 (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\das.dll,-100 (DeviceAssociationService) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (DeviceInstall) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\DeviceSetupManager.dll,-1000 (DsmSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (Eaphost) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (EventLog) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fhsvc.dll,-101 (fhsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: Google Päivitä-palvelu (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Päivitä-palvelu (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe

O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\GeofenceMonitorService.dll,-1 (lfsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @%windir%\system32\lsm.dll,-1001 (LSM) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\WINDOWS\system32\msiexec.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ncasvc.dll,-3009 (NcaSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ncbservice.dll,-500 (NcbService) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\NcdAutoSetup.dll,-100 (NcdAutoSetup) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprofmsvc.dll,-202 (netprofm) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\WINDOWS\SysWow64\perfhost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-200 (PlugPlay) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll,-1 (PrintNotify) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)

O23 - Service: @combase.dll,-5010 (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\System32\ScDeviceEnum.dll,-100 (ScDeviceEnum) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\System32\smphost.dll,-102 (smphost) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\svsvc.dll,-101 (svsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%windir%\system32\SystemEventsBrokerServer.dll,-1001 (SystemEventsBroker) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%windir%\system32\TimeBrokerServer.dll,-1001 (TimeBroker) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\WINDOWS\servicing\TrustedInstaller.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vmicres.dll,-801 (vmicguestinterface) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\vmicres.dll,-101 (vmicheartbeat) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\vmicres.dll,-201 (vmickvpexchange) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\vmicres.dll,-601 (vmicrdv) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\vmicres.dll,-301 (vmicshutdown) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\vmicres.dll,-401 (vmictimesync) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\vmicres.dll,-501 (vmicvss) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)

O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wcmsvc.dll,-4097 (Wcmsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wephostsvc.dll,-100 (WEPHOSTSVC) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wiarpc.dll,-2 (WiaRpc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (WlanSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wlidsvc.dll,-100 (wlidsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: @%systemroot%\system32\workfolderssvc.dll,-102 (workfolderssvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe

O23 - Service: @%SystemRoot%\system32\WSService.dll,-103 (WSService) - Unknown owner - C:\WINDOWS\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe

O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

 

==== Empty IE Cache ======================

 

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Mari\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\Mari\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

C:\Users\Mari\AppData\Local\Mozilla\Firefox\Profiles\i4q717sh.default\Cache emptied successfully

 

==== Empty Chrome Cache ======================

 

C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

No Java Cache Found

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=8 folders=12 59576 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Users\Mari\AppData\Local\Temp  will be emptied at reboot

C:\WINDOWS\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\WINDOWS\Temp successfully emptied

C:\Users\Mari\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== Deleting Files / Folders ======================

 

"C:\ProgramData\boost_interprocess"  not found

"C:\ProgramData\boost_interprocess"  not found

 

==== EOF on ma 30.12.2013 at 14:08:18,34 ======================

[kevinf80]

What is the status of your system now, any remaining issues or concerns?

 

See if you can Uninstall IObit Apps Toolbar with Revo Uninstaller:

 

Please download and install Revo Uninstaller Free

 

• Double click Revo Uninstaller to run it.
  
• From the list of programs double click on The Program to remove
  
• When prompted if you want to uninstall click Yes.
  
• Be sure the Moderate option is selected then click Next.
  
• The program will run, If prompted again click Yes
  
• When the built-in uninstaller is finished click on Next.
  
• Once the program has searched for leftovers click Next.
  
• Check/tick the bolded items only on the list then click Delete
  
• When prompted click on Yes and then on next.
  
• Put a check on any folders that are found and select delete
  
• When prompted select yes then on next
  
• Once done click Finish.
  

 

Kevin

[unluckychick]

Everything seems pretty fine at the moment.

 

I downloaded and installed Revo, but can't find iobit toolbar in it. I no longer see it in my programs either.

 

Is it gone or has it gone in hiding or something?

[kevinf80]

Run the following, see if it shows anything;

 

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  

  :filefindIObitIObit*:folderfindIObitIObit*:RegfindIObitIObit*

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Kevin

[unluckychick]

Heey sorry I'm not seeing a link for the download?