[manford7]

Hi, in the past week or so my machine seems to have become infected with the tech-agent-direct.com popup which advises to call a tollfree number to get help and renders using IE unusable unless one end tasks it. I also seem to have some other malware pop up which periodically (about once a day) opens a new IE browser session imitating Adobe and request installation of new update/download however, the webpage is certainly not any adobe page. From memory the webpage address starts something like http://www.vpxdu..... or similar combination of letters, canot remember it exacty.

 

I have run Spybot with updates and Windows Defender, Spybot is only finding some minor class changes but does not seem to be pickup up on the above. Windows Defenders finds no infections.

 

I have Windows 8.1 and IE11.

 

I have run OTL and paste below.

 

I would appreciate if anyone can advise what I should do to remove the infections.

 

Thanks

Andy.

 

OTL logfile created on: 14/01/2015 17:11:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andrew\AppData\Local\Microsoft\Windows\INetCache\IE\LUINN34L
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17498)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
5.46 Gb Total Physical Memory | 2.98 Gb Available Physical Memory | 54.60% Memory free
10.96 Gb Paging File | 8.04 Gb Available in Paging File | 73.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.91 Gb Total Space | 851.61 Gb Free Space | 93.90% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 1276.25 Gb Free Space | 91.34% Space Free | Partition Type: NTFS
 
Computer Name: ANDY | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/14 17:11:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\AppData\Local\Microsoft\Windows\INetCache\IE\LUINN34L\OTL.exe
PRC - [2014/11/15 23:27:38 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/11/03 11:05:36 | 000,821,600 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
PRC - [2014/09/04 04:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/06/27 10:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/06/27 10:24:16 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
PRC - [2014/06/24 09:42:12 | 004,101,576 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2014/06/24 09:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014/04/25 13:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/10/17 15:27:02 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/09/14 04:55:58 | 002,791,544 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
PRC - [2012/09/14 02:35:56 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012/09/05 07:50:26 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
PRC - [2012/09/05 07:50:24 | 000,085,112 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
PRC - [2012/09/05 07:50:16 | 002,623,096 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe
PRC - [2012/08/15 11:41:26 | 000,097,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012/06/08 03:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/03 11:05:36 | 000,821,600 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
MOD - [2014/05/13 11:04:48 | 000,167,768 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2014/05/13 11:04:46 | 000,109,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2014/05/13 11:04:42 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/09/05 07:50:28 | 000,110,712 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
MOD - [2012/09/05 07:50:22 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
MOD - [2012/09/05 07:50:16 | 000,060,536 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
MOD - [2012/09/05 07:50:10 | 000,103,544 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
MOD - [2012/09/05 07:50:10 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
MOD - [2012/06/08 03:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012/06/08 02:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/12/01 23:28:33 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/12/01 23:26:46 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/12/01 23:26:46 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/12/01 23:25:45 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/09/24 17:22:09 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/09/24 16:56:08 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/09/24 16:56:07 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/09/24 16:39:09 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/09/24 16:30:04 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/09/24 16:30:03 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/09/24 16:29:57 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/09/24 16:29:55 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/09/24 16:29:54 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/09/24 16:29:51 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/08/16 03:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/08/16 00:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/08/16 00:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/07/21 22:04:24 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2014/07/04 21:33:34 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/08/22 11:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 11:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 11:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 11:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 11:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 10:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 10:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 09:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 09:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 09:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 09:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 09:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 09:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 09:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 09:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2014/09/24 17:22:08 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/09/04 04:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/16 03:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/06/27 10:24:16 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2013/10/17 15:27:02 | 000,166,912 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2013/08/22 03:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 02:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012/09/14 03:42:06 | 000,216,192 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/09/14 02:35:56 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2012/09/05 07:50:26 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/19 20:44:24 | 000,048,792 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{db4225e9-90b8-4ca5-99da-da423e504d3d}Gw64.sys -- ({db4225e9-90b8-4ca5-99da-da423e504d3d}Gw64)
DRV:64bit: - [2014/12/01 23:27:40 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/12/01 23:27:40 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/12/01 23:27:40 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/12/01 23:26:46 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/12/01 23:26:46 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/12/01 23:26:46 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/12/01 23:26:24 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/09/24 17:52:43 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/09/24 16:56:15 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/09/24 16:56:09 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/09/24 16:56:08 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/09/24 16:38:59 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/09/24 16:38:56 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/09/24 16:38:56 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/09/24 16:29:56 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/09/24 16:29:52 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/09/24 16:29:38 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/09/24 16:29:37 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/09/24 16:29:37 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2014/09/24 16:29:37 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/09/24 16:29:37 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/09/24 16:29:37 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/09/24 16:29:37 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/09/24 15:57:21 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2014/08/15 00:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/07/21 22:04:28 | 013,209,088 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2014/07/21 22:04:28 | 000,626,688 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2014/04/28 06:33:30 | 000,599,240 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013/10/17 15:27:02 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2013/09/20 00:05:02 | 000,059,648 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2.0)
DRV:64bit: - [2013/08/22 13:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 13:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 12:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 12:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 12:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 12:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 12:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 12:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 12:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 12:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 12:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 12:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 12:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 12:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 12:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 12:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 12:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 12:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 12:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 12:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 12:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 12:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 12:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 12:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 12:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 12:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 12:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 12:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 12:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 11:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 11:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 11:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 11:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 11:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 11:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 11:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 11:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 11:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 11:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 11:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 11:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 11:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 11:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 11:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 11:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 11:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 11:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 11:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 11:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 11:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 08:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 23:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 00:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 18:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 19:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 14:46:17 | 000,591,360 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/06/18 14:45:02 | 003,680,256 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athw8x.sys -- (athr)
DRV:64bit: - [2013/04/18 06:04:28 | 000,219,360 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\appexDrv.sys -- (APXACC)
DRV:64bit: - [2012/09/14 03:21:52 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/09/14 03:21:50 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/09/14 03:21:48 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/09/14 03:21:48 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/09/14 03:21:46 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/09/14 03:21:46 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/09/14 03:21:44 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/08/24 11:57:36 | 000,450,872 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/27 12:00:03 | 000,023,408 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RadioHIDMini.sys -- (RadioHIDMini)
DRV:64bit: - [2012/07/23 05:35:12 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/07/23 05:35:12 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/07/17 00:59:12 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/07/09 12:19:26 | 000,035,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:64bit: - [2012/06/25 01:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/18 10:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/06/15 05:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {EF878356-A90F-4751-9908-9086B52C0B5C}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{EF878356-A90F-4751-9908-9086B52C0B5C}: "URL" = http://www.bing.com/...E10TR&pc=MASMJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {EF878356-A90F-4751-9908-9086B52C0B5C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EF878356-A90F-4751-9908-9086B52C0B5C}: "URL" = http://www.bing.com/...E10TR&pc=MASMJS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.zavvi.com/blu-ray/elysi [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://signin.ebay....1&pageType=3984
IE - HKCU\..\SearchScopes,DefaultScope = {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
IE - HKCU\..\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}: "URL" = http://www.google.co...{outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Andrew\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
 
 
 
O1 HOSTS File: ([2015/01/07 21:23:26 | 000,450,892 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15473 more lines...
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Qualcomm Atheros Commnucations)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AmazonMP3DownloaderHelper] C:\Users\Andrew\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
O4 - HKCU..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe (AppEx Networks Corporation)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58FE4501-52FE-47DF-B17F-2375240D7896}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAF9B6AD-E34B-4882-971C-9F24D5304320}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20 - AppInit_DLLs: (c:/progra~3/{96e27~1/fito.dll) -  File not found
O20 - AppInit_DLLs: (c:\progra~3\183730~1\bit4039.tmp) - c:\ProgramData\1837308050\BIT4039.tmp ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/25 11:31:27 | 000,000,000 | ---D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 02:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/02/06 23:04:45 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Apple
[2015/01/13 21:48:09 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Anchorman 2 The Legend Continues - Limited Edition Steelbook Blu-ray  Zavvi_com_files
[2015/01/12 23:09:47 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Basic Instinct - Zavvi Exclusive Limited Edition Steelbook (2000 Copies Only) Blu-ray  Zavvi_com_files
[2015/01/10 23:34:10 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Into the Woods - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com_files
[2015/01/09 23:36:26 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Adobe
[2015/01/09 18:45:15 | 000,000,000 | R--D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2015/01/05 23:50:21 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Cyberlink
[2015/01/03 18:44:03 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\The Crow - Zavvi Exclusive Limited Edition Steelbook (Ultra Limited Print Run) Blu-ray  Zavvi_com_files
[2015/01/03 17:40:48 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\BMExplorer
[2015/01/03 17:40:13 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\AppEx Networks
[2015/01/03 17:40:08 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Apple Computer
[2015/01/02 16:25:55 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\AppData\Local\EmieUserList
[2015/01/02 16:25:55 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\AppData\Local\EmieSiteList
[2015/01/02 16:25:55 | 000,000,000 | -HSD | C] -- C:\Users\Andrew\AppData\Local\EmieBrowserModeList
[2014/12/26 23:10:01 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\V For Vendetta - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com_files
[2014/12/26 23:09:25 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\King Kong (2005) - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com_files
[2014/12/21 13:39:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2014/12/20 13:13:23 | 000,048,792 | ---- | C] (StdLib) -- C:\WINDOWS\SysNative\drivers\{db4225e9-90b8-4ca5-99da-da423e504d3d}Gw64.sys
[2014/12/20 13:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\1837308050
[2014/12/20 13:07:50 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\DigitalSites
[2014/12/20 13:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro 3.13
[2012/09/19 02:58:02 | 002,258,432 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/14 17:07:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Digital Sites.job
[2015/01/14 17:00:00 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\Xerox PhotoCafe Communicator.job
[2015/01/14 16:32:00 | 000,000,916 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/14 15:40:03 | 000,867,660 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015/01/14 15:40:03 | 000,738,836 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015/01/14 15:40:03 | 000,140,660 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015/01/14 15:35:44 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/01/14 13:53:22 | 000,000,096 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\WB.CFG
[2015/01/13 21:48:11 | 000,123,327 | ---- | M] () -- C:\Users\Andrew\Desktop\Anchorman 2 The Legend Continues - Limited Edition Steelbook Blu-ray  Zavvi_com.htm
[2015/01/12 23:09:48 | 000,123,104 | ---- | M] () -- C:\Users\Andrew\Desktop\Basic Instinct - Zavvi Exclusive Limited Edition Steelbook (2000 Copies Only) Blu-ray  Zavvi_com.htm
[2015/01/10 23:34:11 | 000,120,377 | ---- | M] () -- C:\Users\Andrew\Desktop\Into the Woods - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com.htm
[2015/01/10 23:32:00 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/09 22:34:36 | 000,000,210 | ---- | M] () -- C:\Users\Andrew\Desktop\Amazon.com Dark Shadows The Complete Original Series (Deluxe Edition).url
[2015/01/09 18:42:47 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/01/09 18:42:46 | 398,528,511 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/07 21:23:26 | 000,450,892 | R--- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
[2015/01/03 18:44:04 | 000,112,814 | ---- | M] () -- C:\Users\Andrew\Desktop\The Crow - Zavvi Exclusive Limited Edition Steelbook (Ultra Limited Print Run) Blu-ray  Zavvi_com.htm
[2015/01/01 13:20:53 | 000,450,892 | R--- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts.20150107-212326.backup
[2014/12/31 21:33:06 | 696,637,830 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2014/12/26 23:10:01 | 000,125,650 | ---- | M] () -- C:\Users\Andrew\Desktop\V For Vendetta - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com.htm
[2014/12/26 23:09:26 | 000,123,183 | ---- | M] () -- C:\Users\Andrew\Desktop\King Kong (2005) - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com.htm
[2014/12/24 22:33:46 | 000,450,892 | R--- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts.20150101-132053.backup
[2014/12/19 20:44:24 | 000,048,792 | ---- | M] (StdLib) -- C:\WINDOWS\SysNative\drivers\{db4225e9-90b8-4ca5-99da-da423e504d3d}Gw64.sys
[2014/12/17 22:26:44 | 000,000,284 | ---- | M] () -- C:\Users\Andrew\Desktop\Amazon.co.uk Customer Discussions Disney Blu-Ray With Numbered Spines.url
 
========== Files Created - No Company Name ==========
 
[2015/01/13 21:48:08 | 000,123,327 | ---- | C] () -- C:\Users\Andrew\Desktop\Anchorman 2 The Legend Continues - Limited Edition Steelbook Blu-ray  Zavvi_com.htm
[2015/01/12 23:09:46 | 000,123,104 | ---- | C] () -- C:\Users\Andrew\Desktop\Basic Instinct - Zavvi Exclusive Limited Edition Steelbook (2000 Copies Only) Blu-ray  Zavvi_com.htm
[2015/01/10 23:34:10 | 000,120,377 | ---- | C] () -- C:\Users\Andrew\Desktop\Into the Woods - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com.htm
[2015/01/09 22:34:36 | 000,000,210 | ---- | C] () -- C:\Users\Andrew\Desktop\Amazon.com Dark Shadows The Complete Original Series (Deluxe Edition).url
[2015/01/03 18:44:02 | 000,112,814 | ---- | C] () -- C:\Users\Andrew\Desktop\The Crow - Zavvi Exclusive Limited Edition Steelbook (Ultra Limited Print Run) Blu-ray  Zavvi_com.htm
[2014/12/26 23:10:00 | 000,125,650 | ---- | C] () -- C:\Users\Andrew\Desktop\V For Vendetta - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com.htm
[2014/12/26 23:09:23 | 000,123,183 | ---- | C] () -- C:\Users\Andrew\Desktop\King Kong (2005) - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com.htm
[2014/12/20 14:07:03 | 000,000,096 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\WB.CFG
[2014/12/20 13:07:51 | 000,000,306 | ---- | C] () -- C:\WINDOWS\tasks\Digital Sites.job
[2014/12/17 22:26:43 | 000,000,284 | ---- | C] () -- C:\Users\Andrew\Desktop\Amazon.co.uk Customer Discussions Disney Blu-Ray With Numbered Spines.url
[2014/12/01 23:35:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2014/10/01 18:59:29 | 000,000,177 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2014/09/24 16:30:09 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/09/24 16:29:39 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/07/21 22:04:58 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2014/07/21 22:04:58 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2014/07/21 22:04:46 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2014/07/21 22:04:04 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2014/07/21 22:04:04 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2014/07/21 22:03:42 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2014/04/10 18:29:19 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2013/08/22 15:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 15:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 14:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 07:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 03:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 23:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 23:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012/09/19 02:58:02 | 000,003,196 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/12/01 23:22:49 | 021,197,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/12/01 23:22:49 | 018,723,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 09:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 02:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 09:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/09/29 13:04:35 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Amazon
[2014/05/21 19:03:12 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\BBCiPlayerDownloads
[2013/03/17 00:39:15 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2014/12/20 13:07:50 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\DigitalSites
[2014/07/05 11:56:26 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\DriverCure
[2012/12/03 21:29:41 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Firetrust
[2014/11/13 21:19:33 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\HTC
[2014/07/05 11:56:26 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ParetoLogic
[2012/12/01 21:23:10 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Synaptics
[2012/12/25 13:10:59 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\WebApp
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\Andrew\OneDrive:ms-properties

< End of report >

[Advertisements]

Hey,

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here

• Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
• Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
• When the disclaimer appears, click Yes.
• Click Scan to start FRST.
• When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
• Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

[Machiavelli]

Hey,

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here

• Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
• Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
• When the disclaimer appears, click Yes.
• Click Scan to start FRST.
• When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
• Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

[manford7]

Hey,

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here

• Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
• Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
• When the disclaimer appears, click Yes.
• Click Scan to start FRST.
• When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
• Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

 

Hi, done as requested, copy both logs pasted below. I await your next advice please. Thanks.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Andrew (administrator) on ANDY on 15-01-2015 21:19:46
Running from C:\Users\Andrew\AppData\Local\Microsoft\Windows\INetCache\IE\LUINN34L
Loaded Profiles: Andrew (Available profiles: Andrew)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-14] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation)
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Andrew\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
AppInit_DLLs-x32: c:/progra~3/{96e27~1/fito.dll => "c:/progra~3/{96e27~1/fito.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~3\183730~1\bit4039.tmp => c:\ProgramData\1837308050\BIT4039.tmp [4125696 2014-05-22] ()
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://signin.ebay....1&pageType=3984
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.zavvi.com...mJsdVwtcmF5IQ==
http://www.steelbookbluray.com/
http://www.play.com/...&searchtype=BLU
http://www.avforums....rt-eight-2.html
http://news.thedocto...ory/doctor-who/
http://www.amazon.co...s=5030305517861
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {EF878356-A90F-4751-9908-9086B52C0B5C} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-515815168-1746495529-2309485121-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Andrew\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-12-01] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-12-01] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-12-01] (Microsoft Corporation)
R1 {db4225e9-90b8-4ca5-99da-da423e504d3d}Gw64; C:\Windows\System32\drivers\{db4225e9-90b8-4ca5-99da-da423e504d3d}Gw64.sys [48792 2014-12-19] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 23:04 - 2015-02-06 23:04 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Apple
2015-01-15 21:19 - 2015-01-15 21:19 - 00000000 ____D () C:\FRST
2015-01-14 17:25 - 2015-01-14 17:25 - 00110540 _____ () C:\Users\Andrew\Desktop\OTL.Txt
2015-01-14 12:41 - 2014-12-12 02:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 21:48 - 2015-01-13 21:48 - 00123327 _____ () C:\Users\Andrew\Desktop\Anchorman 2 The Legend Continues - Limited Edition Steelbook Blu-ray  Zavvi_com.htm
2015-01-13 21:48 - 2015-01-13 21:48 - 00000000 ____D () C:\Users\Andrew\Desktop\Anchorman 2 The Legend Continues - Limited Edition Steelbook Blu-ray  Zavvi_com_files
2015-01-12 23:09 - 2015-01-12 23:09 - 00123104 _____ () C:\Users\Andrew\Desktop\Basic Instinct - Zavvi Exclusive Limited Edition Steelbook (2000 Copies Only) Blu-ray  Zavvi_com.htm
2015-01-12 23:09 - 2015-01-12 23:09 - 00000000 ____D () C:\Users\Andrew\Desktop\Basic Instinct - Zavvi Exclusive Limited Edition Steelbook (2000 Copies Only) Blu-ray  Zavvi_com_files
2015-01-10 23:34 - 2015-01-10 23:34 - 00120377 _____ () C:\Users\Andrew\Desktop\Into the Woods - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com.htm
2015-01-10 23:34 - 2015-01-10 23:34 - 00000000 ____D () C:\Users\Andrew\Desktop\Into the Woods - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com_files
2015-01-09 23:36 - 2015-01-09 23:36 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Adobe
2015-01-09 22:34 - 2015-01-09 22:34 - 00000210 _____ () C:\Users\Andrew\Desktop\Amazon.com Dark Shadows The Complete Original Series (Deluxe Edition).url
2015-01-09 18:45 - 2015-01-09 18:45 - 00000000 ___RD () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-01-07 21:23 - 2015-01-01 13:20 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150107-212326.backup
2015-01-05 23:50 - 2015-01-05 23:50 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Cyberlink
2015-01-03 18:44 - 2015-01-03 18:44 - 00112814 _____ () C:\Users\Andrew\Desktop\The Crow - Zavvi Exclusive Limited Edition Steelbook (Ultra Limited Print Run) Blu-ray  Zavvi_com.htm
2015-01-03 18:44 - 2015-01-03 18:44 - 00000000 ____D () C:\Users\Andrew\Desktop\The Crow - Zavvi Exclusive Limited Edition Steelbook (Ultra Limited Print Run) Blu-ray  Zavvi_com_files
2015-01-03 17:40 - 2015-01-03 17:40 - 00000000 ____D () C:\Users\Andrew\AppData\Local\BMExplorer
2015-01-03 17:40 - 2015-01-03 17:40 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Apple Computer
2015-01-03 17:40 - 2015-01-03 17:40 - 00000000 ____D () C:\Users\Andrew\AppData\Local\AppEx Networks
2015-01-02 16:25 - 2015-01-02 16:32 - 00000000 __SHD () C:\Users\Andrew\AppData\Local\EmieUserList
2015-01-02 16:25 - 2015-01-02 16:32 - 00000000 __SHD () C:\Users\Andrew\AppData\Local\EmieSiteList
2015-01-02 16:25 - 2015-01-02 16:32 - 00000000 __SHD () C:\Users\Andrew\AppData\Local\EmieBrowserModeList
2015-01-01 13:20 - 2014-12-24 22:33 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150101-132053.backup
2014-12-31 21:33 - 2014-12-31 21:33 - 00281160 _____ () C:\WINDOWS\Minidump\123114-49453-01.dmp
2014-12-26 23:10 - 2014-12-26 23:10 - 00125650 _____ () C:\Users\Andrew\Desktop\V For Vendetta - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com.htm
2014-12-26 23:10 - 2014-12-26 23:10 - 00000000 ____D () C:\Users\Andrew\Desktop\V For Vendetta - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com_files
2014-12-26 23:09 - 2014-12-26 23:09 - 00123183 _____ () C:\Users\Andrew\Desktop\King Kong (2005) - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com.htm
2014-12-26 23:09 - 2014-12-26 23:09 - 00000000 ____D () C:\Users\Andrew\Desktop\King Kong (2005) - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com_files
2014-12-25 12:33 - 2014-12-25 12:33 - 00281160 _____ () C:\WINDOWS\Minidump\122514-50671-01.dmp
2014-12-24 22:33 - 2014-12-14 12:13 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141224-223346.backup
2014-12-21 13:39 - 2014-12-31 21:33 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-21 13:39 - 2014-12-21 13:39 - 00281160 _____ () C:\WINDOWS\Minidump\122114-46546-01.dmp
2014-12-20 14:07 - 2015-01-15 08:07 - 00000094 _____ () C:\Users\Andrew\AppData\Roaming\WB.CFG
2014-12-20 13:13 - 2014-12-19 20:44 - 00048792 _____ (StdLib) C:\WINDOWS\system32\Drivers\{db4225e9-90b8-4ca5-99da-da423e504d3d}Gw64.sys
2014-12-20 13:12 - 2014-12-20 13:12 - 00000000 ____D () C:\ProgramData\1837308050
2014-12-20 13:07 - 2015-01-15 21:07 - 00000306 _____ () C:\WINDOWS\Tasks\Digital Sites.job
2014-12-20 13:07 - 2014-12-20 13:07 - 00002644 _____ () C:\WINDOWS\System32\Tasks\Digital Sites
2014-12-20 13:07 - 2014-12-20 13:07 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\DigitalSites
2014-12-20 13:06 - 2015-01-09 20:20 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.13
2014-12-19 20:18 - 2014-10-30 22:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-19 20:18 - 2014-10-30 22:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-17 22:26 - 2014-12-17 22:26 - 00000284 _____ () C:\Users\Andrew\Desktop\Amazon.co.uk Customer Discussions Disney Blu-Ray With Numbered Spines.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 19:23 - 2014-12-02 17:50 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0E5C251E-F216-4AAB-A7F0-F405C6EA5124}
2015-01-15 21:08 - 2012-12-02 17:07 - 00000000 ____D () C:\Users\Andrew\Documents\Outlook Files
2015-01-15 21:00 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-15 21:00 - 2012-09-19 02:58 - 00000360 _____ () C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job
2015-01-15 20:41 - 2014-12-01 23:35 - 01548428 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-15 20:35 - 2014-10-20 18:22 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 18:29 - 2014-09-24 16:21 - 00867660 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-14 12:57 - 2012-07-26 07:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-14 12:56 - 2013-02-20 10:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 12:53 - 2012-12-17 20:34 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-11 13:47 - 2012-12-01 21:32 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-515815168-1746495529-2309485121-1001
2015-01-11 13:13 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-10 23:32 - 2014-10-20 18:21 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-09 18:48 - 2012-09-19 02:50 - 00000000 ____D () C:\ProgramData\WinClon
2015-01-09 18:45 - 2014-12-02 17:41 - 00000000 ____D () C:\Users\Andrew\OneDrive
2015-01-09 18:43 - 2014-12-01 23:44 - 00000000 ____D () C:\Users\Andrew
2015-01-09 18:43 - 2014-11-13 21:18 - 00000000 ____D () C:\Users\Andrew\AppData\Local\HTC MediaHub
2015-01-09 18:43 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-06 22:59 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-06 00:08 - 2014-12-10 19:07 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-06 00:08 - 2014-12-10 19:07 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-04 22:56 - 2013-08-22 14:46 - 00292914 _____ () C:\WINDOWS\setupact.log
2014-12-31 21:33 - 2014-08-19 17:17 - 696637830 _____ () C:\WINDOWS\MEMORY.DMP
2014-12-31 11:14 - 2012-12-03 08:01 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-21 11:23 - 2014-09-24 08:08 - 00015304 _____ () C:\WINDOWS\PFRO.log
2014-12-20 13:13 - 2012-07-26 05:26 - 00000269 _____ () C:\WINDOWS\win.ini

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-09 20:27

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by Andrew at 2015-01-15 21:21:24
Running from C:\Users\Andrew\AppData\Local\Microsoft\Windows\INetCache\IE\LUINN34L
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{8C6A4815-2E50-7B6E-9159-6608871EB5BF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.0 - AppEx Networks)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BBC iPlayer Downloads (HKLM-x32\...\{3DD343EA-B76B-4886-87FC-E5B127A8E035}) (Version: 1.7.4 - BBC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Help Desk (HKLM\...\{D93F0B49-12AA-4AE6-8349-0ECB13B9532F}) (Version: 1.0.5 - Samsung Electronics CO., LTD.)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.33.0 - HTC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Rats! 3.1 (HKLM-x32\...\Rats!_is1) (Version:  - Sean O'Connor's Windows Games)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.5 - Samsung Electronics CO., LTD.)
Roll (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version:  - )
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Slay 5.0 (HKLM-x32\...\Slay_is1) (Version:  - Sean O'Connor's Windows Games)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Support Center (HKLM\...\{AC0273F1-68A3-42CF-B487-C594B0A92F8D}) (Version: 2.0.12 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.3 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{391A07F0-748F-474F-986C-F03934F98F6E}) (Version: 2.0.19 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.3 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)
Zoosk Messenger (HKLM-x32\...\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1) (Version: 4.149.1 - Zoosk, Inc.)
Zoosk Messenger (x32 Version: 4.149.1 - Zoosk, Inc.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

28-12-2014 23:20:52 Scheduled Checkpoint
08-01-2015 22:16:25 Scheduled Checkpoint
14-01-2015 12:51:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 05:26 - 2015-01-07 21:23 - 00450892 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07736EE8-2192-4E15-A52B-5C7F16BCC854} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-09-17] (SEC)
Task: {136B747D-E273-44A7-B884-43549BDABE9A} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {2AA17891-BAC0-491F-9269-913D94E05CD2} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-09-14] (Samsung Electronics CO., LTD.)
Task: {33A96DFC-85F1-4C83-817E-A2D16B1AF582} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {3937CFCF-EECD-4C0F-97ED-1282DA2C8671} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {46D1E85E-F096-4898-8E43-EE38F8AC3823} - System32\Tasks\{9D8CC1F7-790D-44AC-9BDB-5D276FAF4538} => pcalua.exe -a C:\Windows\UniFish3.exe -d C:\windows\system32 -c C:\Program Files (x86)\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Task: {5239A14B-AD4B-4D78-8A44-B3151FBFAAA4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6B5BD7BB-0798-4C9B-82D8-3FF990D17394} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {84519659-0E6A-4C20-AC3E-902EEA032291} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {9156DACE-469B-48C9-B8BC-4472E1B779D0} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {91919546-A4FC-4123-A741-D64B6DE869DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-05] (Google Inc.)
Task: {932EDCF2-71DC-4F32-B457-A2F3349C2390} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {B8DFA1EA-8260-41F2-8276-C7D4E2C68213} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {D96ABC18-1BBF-4036-BF4C-1B4323239978} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {DA295EC8-EA03-4956-9181-033514654EBB} - System32\Tasks\Digital Sites => C:\Users\Andrew\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2014-12-20] () <==== ATTENTION
Task: {E8E0B982-C9DB-49D3-866B-917596A8C708} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F9469DEE-F7E3-45BD-BB1F-4FDF8BA0A0CC} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe
Task: {FB262141-FF46-40E4-8DDC-34AF4C1670E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-05] (Google Inc.)
Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\Andrew\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-09-05 07:50 - 2012-09-05 07:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-11-03 11:05 - 2014-11-03 11:05 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2012-09-14 03:42 - 2012-09-14 03:42 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2014-07-04 21:33 - 2014-07-04 21:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-09-14 10:18 - 2012-09-14 10:18 - 04238968 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-05 07:50 - 2012-09-05 07:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-09-05 07:50 - 2012-09-05 07:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-09-05 07:50 - 2012-09-05 07:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-09-05 07:50 - 2012-09-05 07:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-09-05 07:50 - 2012-09-05 07:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2014-11-03 11:04 - 2014-11-03 11:04 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-11-03 11:06 - 2014-11-03 11:06 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-11-03 11:07 - 2014-11-03 11:07 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2014-08-25 10:21 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-25 10:21 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-25 10:21 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-25 10:21 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-25 10:21 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-09-05 07:50 - 2012-09-05 07:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-09-05 07:50 - 2012-09-05 07:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-09-05 07:50 - 2012-09-05 07:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-09-05 07:50 - 2012-09-05 07:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2012-09-19 02:55 - 2012-06-08 03:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 02:34 - 2012-06-08 02:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Andrew\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "MailWasher.lnk"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\StartupApproved\StartupFolder: => "ZooskMessenger.lnk"
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\StartupApproved\Run: => "AmazonMP3DownloaderHelper"

========================= Accounts: ==========================

Administrator (S-1-5-21-515815168-1746495529-2309485121-500 - Administrator - Disabled)
Andrew (S-1-5-21-515815168-1746495529-2309485121-1001 - Administrator - Enabled) => C:\Users\Andrew
Guest (S-1-5-21-515815168-1746495529-2309485121-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2015 06:24:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 694141

Error: (01/15/2015 06:24:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 694141

Error: (01/15/2015 06:24:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/15/2015 00:50:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13718

Error: (01/15/2015 00:50:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13718

Error: (01/15/2015 00:50:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/14/2015 09:27:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 824141

Error: (01/14/2015 09:27:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 824141

Error: (01/14/2015 09:27:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/14/2015 08:12:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1176750

System errors:
=============
Error: (01/15/2015 09:06:21 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR26.

Error: (01/15/2015 05:52:04 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (01/14/2015 08:35:42 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR22.

Error: (01/14/2015 08:18:20 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR22.

Error: (01/14/2015 02:22:43 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (01/14/2015 02:22:43 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (01/14/2015 02:22:43 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (01/12/2015 05:44:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (01/12/2015 05:44:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (01/12/2015 05:44:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Microsoft Office Sessions:
=========================
Error: (01/15/2015 06:24:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 694141

Error: (01/15/2015 06:24:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 694141

Error: (01/15/2015 06:24:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/15/2015 00:50:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13718

Error: (01/15/2015 00:50:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13718

Error: (01/15/2015 00:50:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/14/2015 09:27:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 824141

Error: (01/14/2015 09:27:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 824141

Error: (01/14/2015 09:27:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/14/2015 08:12:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1176750

CodeIntegrity Errors:
===================================
  Date: 2015-01-15 19:25:55.680
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-15 19:25:55.446
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-14 20:47:05.106
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-14 20:47:04.855
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-14 18:26:45.254
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-14 18:26:44.988
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-14 17:12:10.217
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-14 17:12:10.014
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-14 16:20:02.712
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-14 16:20:02.445
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD A8-4500M APU with Radeon™ HD Graphics
Percentage of memory in use: 57%
Total physical RAM: 5595.09 MB
Available physical RAM: 2372.28 MB
Total Pagefile: 11227.09 MB
Available Pagefile: 7469.23 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.91 GB) (Free:850.95 GB) NTFS
Drive e: (DRIVE 1 MASTER) (Fixed) (Total:1397.26 GB) (Free:1276.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 002C0EB1)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[Machiavelli]

Hey,
Please move FRST to your Desktop.

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1

• Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
• Click Scan and let the scan run.
• When it finishes, click Clean, following the on screen prompts
• After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits



Go back to the Dashboard and select Scan Now



If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.





On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

 Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 4: FRST Scan

• Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
• Click Scan to start FRST.
• When FRST finishes scanning, a log, FRST.txt, will open.
• Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

[manford7]

Hi, I have now run and completed all 4 steps above. Adware deleted items and Malware was found and removed by Malwarebutes (4 instances). I have posted the 4 logs below in the following sequence:

AdwareCleaner log

Malwarebytes log

Junkware log

FRST log

 

I await your next advice and thanks for your help so far.

 

# AdwCleaner v4.108 - Report created 17/01/2015 at 14:33:36
# Updated 17/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Andrew - ANDY
# Running from : C:\Users\Andrew\AppData\Local\Microsoft\Windows\INetCache\IE\LUINN34L\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : {db4225e9-90b8-4ca5-99da-da423e504d3d}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files (x86)\Optimizer Pro 3.13
Folder Deleted : C:\Users\Andrew\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Andrew\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Andrew\AppData\Roaming\ParetoLogic
File Deleted : C:\WINDOWS\System32\drivers\{db4225e9-90b8-4ca5-99da-da423e504d3d}Gw64.sys

***** [ Scheduled Tasks ] *****

Task Deleted : Digital Sites

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Trymedia Systems
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

*************************

AdwCleaner[R0].txt - [2724 octets] - [17/01/2015 14:20:13]
AdwCleaner[S0].txt - [2470 octets] - [17/01/2015 14:33:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2530 octets] ##########

=========================================================================================================================================

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 17/01/2015
Scan Time: 14:55:25
Logfile: MBAM Export Log.txt
Administrator: No

Version: 2.00.4.1028
Malware Database: v2015.01.17.02
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Andrew

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349117
Time Elapsed: 22 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, Quarantined, [1a5c9761a1e8f442118c6d8950b449b7]

Registry Data: 1
Rogue.Multiple, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, c:/progra~3/{96e27~1/fito.dll c:\progra~3\183730~1\bit4039.tmp, Good: (), Bad: (c:\progra~3\183730~1\bit4039.tmp),Replaced,[f284d523701938fec57f85a4bd467c84]

Folders: 1
Rogue.Multiple, C:\ProgramData\1837308050, Quarantined, [f284d523701938fec57f85a4bd467c84],

Files: 1
Rogue.Multiple, C:\ProgramData\1837308050\BIT4039.tmp, Quarantined, [f284d523701938fec57f85a4bd467c84],

Physical Sectors: 0
(No malicious items detected)

(end)

====================================================================================================================================================================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Andrew on 17/01/2015 at 15:32:56.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/01/2015 at 15:38:25.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

=====================================================================================================================================================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by Andrew (administrator) on ANDY on 17-01-2015 15:43:19
Running from C:\Users\Andrew\AppData\Local\Microsoft\Windows\INetCache\IE\PQ24G66T
Loaded Profiles: Andrew (Available profiles: Andrew)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-14] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation)
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Andrew\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
AppInit_DLLs-x32: c:/progra~3/{96e27~1/fito.dll => "c:/progra~3/{96e27~1/fito.dll" File Not Found
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://signin.ebay....1&pageType=3984
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.zavvi.com...mJsdVwtcmF5IQ==
http://www.steelbookbluray.com/
http://www.play.com/...&searchtype=BLU
http://www.avforums....rt-eight-2.html
http://news.thedocto...ory/doctor-who/
http://www.amazon.co...s=5030305517861
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {EF878356-A90F-4751-9908-9086B52C0B5C} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-515815168-1746495529-2309485121-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Andrew\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-12-01] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-12-01] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-12-01] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 23:04 - 2015-02-06 23:04 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Apple
2015-01-17 15:38 - 2015-01-17 15:38 - 00000672 _____ () C:\Users\Andrew\Desktop\JRT.txt
2015-01-17 15:32 - 2015-01-17 15:32 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-17 15:25 - 2015-01-17 15:25 - 00000000 ___RD () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-01-17 14:54 - 2015-01-17 15:24 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 14:53 - 2015-01-17 14:53 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-17 14:53 - 2015-01-17 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-17 14:53 - 2015-01-17 14:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-17 14:53 - 2015-01-17 14:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-17 14:53 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-17 14:53 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-17 14:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-17 14:45 - 2015-01-17 14:45 - 00002622 _____ () C:\Users\Andrew\Desktop\AdwCleaner[S0].txt
2015-01-17 14:20 - 2015-01-17 14:33 - 00000000 ____D () C:\AdwCleaner
2015-01-15 21:19 - 2015-01-17 15:43 - 00000000 ____D () C:\FRST
2015-01-14 17:25 - 2015-01-14 17:25 - 00110540 _____ () C:\Users\Andrew\Desktop\OTL.Txt
2015-01-14 12:41 - 2014-12-19 06:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 12:41 - 2014-12-12 02:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 12:41 - 2014-12-12 00:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 12:41 - 2014-12-09 01:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 12:41 - 2014-12-08 19:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 12:41 - 2014-12-08 19:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 12:41 - 2014-12-08 19:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 12:41 - 2014-12-08 19:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 12:41 - 2014-12-08 19:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 12:41 - 2014-12-08 19:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 12:41 - 2014-12-08 19:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 12:41 - 2014-12-08 19:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 12:41 - 2014-12-06 03:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 12:41 - 2014-12-06 01:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 12:41 - 2014-12-06 01:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 12:41 - 2014-10-29 04:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 12:41 - 2014-10-29 04:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 12:41 - 2014-10-29 03:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 12:41 - 2014-10-29 03:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 12:41 - 2014-10-29 03:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 12:41 - 2014-10-29 03:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 12:41 - 2014-10-29 03:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 12:41 - 2014-10-29 03:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 12:41 - 2014-10-29 03:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 12:41 - 2014-10-29 03:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 12:41 - 2014-10-29 03:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 12:41 - 2014-10-29 02:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 12:41 - 2014-10-29 01:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 12:41 - 2014-10-29 01:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 12:41 - 2014-10-29 01:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 12:41 - 2014-10-29 01:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 21:48 - 2015-01-13 21:48 - 00123327 _____ () C:\Users\Andrew\Desktop\Anchorman 2 The Legend Continues - Limited Edition Steelbook Blu-ray  Zavvi_com.htm
2015-01-13 21:48 - 2015-01-13 21:48 - 00000000 ____D () C:\Users\Andrew\Desktop\Anchorman 2 The Legend Continues - Limited Edition Steelbook Blu-ray  Zavvi_com_files
2015-01-12 23:09 - 2015-01-12 23:09 - 00123104 _____ () C:\Users\Andrew\Desktop\Basic Instinct - Zavvi Exclusive Limited Edition Steelbook (2000 Copies Only) Blu-ray  Zavvi_com.htm
2015-01-12 23:09 - 2015-01-12 23:09 - 00000000 ____D () C:\Users\Andrew\Desktop\Basic Instinct - Zavvi Exclusive Limited Edition Steelbook (2000 Copies Only) Blu-ray  Zavvi_com_files
2015-01-10 23:34 - 2015-01-10 23:34 - 00120377 _____ () C:\Users\Andrew\Desktop\Into the Woods - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com.htm
2015-01-10 23:34 - 2015-01-10 23:34 - 00000000 ____D () C:\Users\Andrew\Desktop\Into the Woods - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com_files
2015-01-09 23:36 - 2015-01-09 23:36 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Adobe
2015-01-09 22:34 - 2015-01-09 22:34 - 00000210 _____ () C:\Users\Andrew\Desktop\Amazon.com Dark Shadows The Complete Original Series (Deluxe Edition).url
2015-01-07 21:23 - 2015-01-01 13:20 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150107-212326.backup
2015-01-05 23:50 - 2015-01-05 23:50 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Cyberlink
2015-01-03 18:44 - 2015-01-03 18:44 - 00112814 _____ () C:\Users\Andrew\Desktop\The Crow - Zavvi Exclusive Limited Edition Steelbook (Ultra Limited Print Run) Blu-ray  Zavvi_com.htm
2015-01-03 18:44 - 2015-01-03 18:44 - 00000000 ____D () C:\Users\Andrew\Desktop\The Crow - Zavvi Exclusive Limited Edition Steelbook (Ultra Limited Print Run) Blu-ray  Zavvi_com_files
2015-01-03 17:40 - 2015-01-03 17:40 - 00000000 ____D () C:\Users\Andrew\AppData\Local\BMExplorer
2015-01-03 17:40 - 2015-01-03 17:40 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Apple Computer
2015-01-03 17:40 - 2015-01-03 17:40 - 00000000 ____D () C:\Users\Andrew\AppData\Local\AppEx Networks
2015-01-02 16:25 - 2015-01-02 16:32 - 00000000 __SHD () C:\Users\Andrew\AppData\Local\EmieUserList
2015-01-02 16:25 - 2015-01-02 16:32 - 00000000 __SHD () C:\Users\Andrew\AppData\Local\EmieSiteList
2015-01-02 16:25 - 2015-01-02 16:32 - 00000000 __SHD () C:\Users\Andrew\AppData\Local\EmieBrowserModeList
2015-01-01 13:20 - 2014-12-24 22:33 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150101-132053.backup
2014-12-31 21:33 - 2014-12-31 21:33 - 00281160 _____ () C:\WINDOWS\Minidump\123114-49453-01.dmp
2014-12-26 23:10 - 2014-12-26 23:10 - 00125650 _____ () C:\Users\Andrew\Desktop\V For Vendetta - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com.htm
2014-12-26 23:10 - 2014-12-26 23:10 - 00000000 ____D () C:\Users\Andrew\Desktop\V For Vendetta - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com_files
2014-12-26 23:09 - 2014-12-26 23:09 - 00123183 _____ () C:\Users\Andrew\Desktop\King Kong (2005) - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com.htm
2014-12-26 23:09 - 2014-12-26 23:09 - 00000000 ____D () C:\Users\Andrew\Desktop\King Kong (2005) - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com_files
2014-12-25 12:33 - 2014-12-25 12:33 - 00281160 _____ () C:\WINDOWS\Minidump\122514-50671-01.dmp
2014-12-24 22:33 - 2014-12-14 12:13 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141224-223346.backup
2014-12-21 13:39 - 2014-12-31 21:33 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-21 13:39 - 2014-12-21 13:39 - 00281160 _____ () C:\WINDOWS\Minidump\122114-46546-01.dmp
2014-12-20 14:07 - 2015-01-16 08:07 - 00000087 _____ () C:\Users\Andrew\AppData\Roaming\WB.CFG
2014-12-19 20:18 - 2014-10-30 22:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-19 20:18 - 2014-10-30 22:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 19:23 - 2014-12-02 17:50 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0E5C251E-F216-4AAB-A7F0-F405C6EA5124}
2015-01-17 15:40 - 2012-12-01 21:32 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-515815168-1746495529-2309485121-1001
2015-01-17 15:32 - 2014-10-20 18:22 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-17 15:30 - 2012-12-02 17:07 - 00000000 ____D () C:\Users\Andrew\Documents\Outlook Files
2015-01-17 15:26 - 2012-09-19 02:50 - 00000000 ____D () C:\ProgramData\WinClon
2015-01-17 15:24 - 2014-12-02 17:41 - 00000000 ____D () C:\Users\Andrew\OneDrive
2015-01-17 15:24 - 2014-11-13 21:18 - 00000000 ____D () C:\Users\Andrew\AppData\Local\HTC MediaHub
2015-01-17 15:24 - 2014-10-20 18:21 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-17 15:23 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-17 15:22 - 2014-09-24 08:08 - 00016402 _____ () C:\WINDOWS\PFRO.log
2015-01-17 15:22 - 2013-08-22 14:46 - 00293302 _____ () C:\WINDOWS\setupact.log
2015-01-17 15:21 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-17 15:14 - 2014-12-01 23:35 - 01907336 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-17 15:00 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-17 15:00 - 2012-09-19 02:58 - 00000360 _____ () C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job
2015-01-17 14:34 - 2014-12-01 23:44 - 00000000 ____D () C:\Users\Andrew
2015-01-17 14:27 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-17 13:44 - 2014-09-24 16:21 - 00867660 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-14 12:57 - 2012-07-26 07:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-14 12:56 - 2013-02-20 10:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 12:53 - 2012-12-17 20:34 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-06 00:08 - 2014-12-10 19:07 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-06 00:08 - 2014-12-10 19:07 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-31 21:33 - 2014-08-19 17:17 - 696637830 _____ () C:\WINDOWS\MEMORY.DMP
2014-12-31 11:14 - 2012-12-03 08:01 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-20 13:13 - 2012-07-26 05:26 - 00000269 _____ () C:\WINDOWS\win.ini

==================== Files in the root of some directories =======
2014-12-20 14:07 - 2015-01-16 08:07 - 0000087 _____ () C:\Users\Andrew\AppData\Roaming\WB.CFG
2012-09-19 02:58 - 2012-08-08 04:07 - 2258432 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-09-19 02:58 - 2012-08-07 10:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe

Some content of TEMP:
====================
C:\Users\Andrew\AppData\Local\Temp\Quarantine.exe
C:\Users\Andrew\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-09 20:27

==================== End Of Log ============================

[Machiavelli]

Hey,

Step 1: FRST Fix

• Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
• Copy and Paste the content of the codebox below into the empty textfile:
  
  

  Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
  SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {EF878356-A90F-4751-9908-9086B52C0B5C} URL =
  Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
  C:\ProgramData\MakeMarkerFile.exe
  C:\Users\EasySurvey\EasySurvey.exe
  EmptyTemp:

• Then click on File >> Save as
  • File Name: Fixlist.txt
  • From the Save as type drop down list, choose All Files
• It is very important that you save this textfile on your Desktop!

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system​

• Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
• If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
• When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

Step 2: FRST Scan

• Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
• Click Scan to start FRST.
• When FRST finishes scanning, a log, FRST.txt, will open.
• Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!

• Visit the ESET Online Scanner Web Page
• Select the blue Run ESET Online Scanner button:
  
• Tick the box next to YES, I accept the Terms of Use and click Start
  
• When asked, allow the ActiveX control to install.
• Select Enable detection of potentially unwanted applications and select Advanced Settings:
  
• Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
  
• Click Start. (This scan can take several hours, so please be patient):
  
• Once the scan is completed, select List of found threats:
  
• Select Export to text file... and save the file as ESETlog.txt on your Desktop:
  
• Click the Back button.
• Click the Finish button:
  
• Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
• Copy and paste that log as a reply to this topic.

Step 4: Question

How is your PC running?

[manford7]

Hi, completed steps except for ESET Scanner which I have a problem with. Below are the fixlog.txt, FRST.txt and Additions.txt logs (which also appeared after FRST restarted PC).

 

After I complete "Select Enable detection of potentially unwanted applications and select Advanced Settings:" for ESET step, I cannot view a START button. I am only seeing part of the window even though I can expand to full screen.

I attach image showing this. Thus not able to proceed with ESET scan.

Please advise.

Re question "How is PC running". It is running pretty fine, not been experiencing the original pop up infections.

Thanks.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Andrew at 2015-01-19 18:30:47 Run:1
Running from C:\Users\Andrew\Desktop
Loaded Profiles: Andrew (Available profiles: Andrew)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {EF878356-A90F-4751-9908-9086B52C0B5C} URL =
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
EmptyTemp:
*****************

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-515815168-1746495529-2309485121-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EF878356-A90F-4751-9908-9086B52C0B5C}" => Key deleted successfully.
HKCR\CLSID\{EF878356-A90F-4751-9908-9086B52C0B5C} => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
C:\ProgramData\MakeMarkerFile.exe => Moved successfully.
C:\Users\EasySurvey\EasySurvey.exe => Moved successfully.
EmptyTemp: => Removed 261.2 MB temporary data.

The system needed a reboot.

==== End of Fixlog 18:31:40 ====

============================================================================================================================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Andrew (administrator) on ANDY on 19-01-2015 18:37:26
Running from C:\Users\Andrew\Desktop
Loaded Profiles: Andrew (Available profiles: Andrew)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(SEC) C:\Program Files\Samsung\Recovery\WCScheduler.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-14] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation)
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Andrew\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
AppInit_DLLs-x32: c:/progra~3/{96e27~1/fito.dll => "c:/progra~3/{96e27~1/fito.dll" File Not Found
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://signin.ebay....1&pageType=3984
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.zavvi.com...mJsdVwtcmF5IQ==
http://www.steelbookbluray.com/
http://www.play.com/...&searchtype=BLU
http://www.avforums....rt-eight-2.html
http://news.thedocto...ory/doctor-who/
http://www.amazon.co...s=5030305517861
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-515815168-1746495529-2309485121-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Andrew\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-12-01] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-12-01] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-12-01] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 23:04 - 2015-02-06 23:04 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Apple
2015-01-19 18:35 - 2015-01-19 18:35 - 00000000 ___RD () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-01-19 18:29 - 2015-01-19 18:29 - 02126848 _____ (Farbar) C:\Users\Andrew\Desktop\FRST64.exe
2015-01-18 14:54 - 2015-01-18 14:54 - 00143406 _____ () C:\Users\Andrew\Desktop\Pirates of the Caribbean Dead Man's Chest - Zavvi Exclusive Limited Edition Steelbook (3000 Only) Blu-ray  Zavvi_com.htm
2015-01-18 14:54 - 2015-01-18 14:54 - 00000000 ____D () C:\Users\Andrew\Desktop\Pirates of the Caribbean Dead Man's Chest - Zavvi Exclusive Limited Edition Steelbook (3000 Only) Blu-ray  Zavvi_com_files
2015-01-17 22:38 - 2015-01-17 22:38 - 00145933 _____ () C:\Users\Andrew\Desktop\Pirates of the Caribbean The Curse of the Black Pearl - Zavvi Exclusive Limited Edition Steelbook (3000 Only) Blu-ray  Zavvi_com.htm
2015-01-17 22:38 - 2015-01-17 22:38 - 00000000 ____D () C:\Users\Andrew\Desktop\Pirates of the Caribbean The Curse of the Black Pearl - Zavvi Exclusive Limited Edition Steelbook (3000 Only) Blu-ray  Zavvi_com_files
2015-01-17 15:46 - 2015-01-19 18:39 - 00014123 _____ () C:\Users\Andrew\Desktop\FRST.txt
2015-01-17 15:38 - 2015-01-17 15:38 - 00000672 _____ () C:\Users\Andrew\Desktop\JRT.txt
2015-01-17 15:32 - 2015-01-17 15:32 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-17 14:54 - 2015-01-19 18:34 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 14:53 - 2015-01-17 14:53 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-17 14:53 - 2015-01-17 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-17 14:53 - 2015-01-17 14:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-17 14:53 - 2015-01-17 14:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-17 14:53 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-17 14:53 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-17 14:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-17 14:45 - 2015-01-17 14:45 - 00002622 _____ () C:\Users\Andrew\Desktop\AdwCleaner[S0].txt
2015-01-17 14:20 - 2015-01-17 14:33 - 00000000 ____D () C:\AdwCleaner
2015-01-15 21:19 - 2015-01-19 18:37 - 00000000 ____D () C:\FRST
2015-01-14 17:25 - 2015-01-14 17:25 - 00110540 _____ () C:\Users\Andrew\Desktop\OTL.Txt
2015-01-14 12:41 - 2014-12-19 06:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 12:41 - 2014-12-12 02:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 12:41 - 2014-12-12 00:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 12:41 - 2014-12-09 01:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 12:41 - 2014-12-08 19:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 12:41 - 2014-12-08 19:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 12:41 - 2014-12-08 19:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 12:41 - 2014-12-08 19:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 12:41 - 2014-12-08 19:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 12:41 - 2014-12-08 19:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 12:41 - 2014-12-08 19:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 12:41 - 2014-12-08 19:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 12:41 - 2014-12-06 03:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 12:41 - 2014-12-06 01:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 12:41 - 2014-12-06 01:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 12:41 - 2014-10-29 04:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 12:41 - 2014-10-29 04:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 12:41 - 2014-10-29 03:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 12:41 - 2014-10-29 03:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 12:41 - 2014-10-29 03:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 12:41 - 2014-10-29 03:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 12:41 - 2014-10-29 03:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 12:41 - 2014-10-29 03:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 12:41 - 2014-10-29 03:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 12:41 - 2014-10-29 03:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 12:41 - 2014-10-29 03:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 12:41 - 2014-10-29 02:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 12:41 - 2014-10-29 01:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 12:41 - 2014-10-29 01:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 12:41 - 2014-10-29 01:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 12:41 - 2014-10-29 01:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 21:48 - 2015-01-13 21:48 - 00123327 _____ () C:\Users\Andrew\Desktop\Anchorman 2 The Legend Continues - Limited Edition Steelbook Blu-ray  Zavvi_com.htm
2015-01-13 21:48 - 2015-01-13 21:48 - 00000000 ____D () C:\Users\Andrew\Desktop\Anchorman 2 The Legend Continues - Limited Edition Steelbook Blu-ray  Zavvi_com_files
2015-01-12 23:09 - 2015-01-12 23:09 - 00123104 _____ () C:\Users\Andrew\Desktop\Basic Instinct - Zavvi Exclusive Limited Edition Steelbook (2000 Copies Only) Blu-ray  Zavvi_com.htm
2015-01-12 23:09 - 2015-01-12 23:09 - 00000000 ____D () C:\Users\Andrew\Desktop\Basic Instinct - Zavvi Exclusive Limited Edition Steelbook (2000 Copies Only) Blu-ray  Zavvi_com_files
2015-01-10 23:34 - 2015-01-10 23:34 - 00120377 _____ () C:\Users\Andrew\Desktop\Into the Woods - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com.htm
2015-01-10 23:34 - 2015-01-10 23:34 - 00000000 ____D () C:\Users\Andrew\Desktop\Into the Woods - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com_files
2015-01-09 23:36 - 2015-01-09 23:36 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Adobe
2015-01-09 22:34 - 2015-01-09 22:34 - 00000210 _____ () C:\Users\Andrew\Desktop\Amazon.com Dark Shadows The Complete Original Series (Deluxe Edition).url
2015-01-07 21:23 - 2015-01-01 13:20 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150107-212326.backup
2015-01-05 23:50 - 2015-01-05 23:50 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Cyberlink
2015-01-03 18:44 - 2015-01-03 18:44 - 00112814 _____ () C:\Users\Andrew\Desktop\The Crow - Zavvi Exclusive Limited Edition Steelbook (Ultra Limited Print Run) Blu-ray  Zavvi_com.htm
2015-01-03 18:44 - 2015-01-03 18:44 - 00000000 ____D () C:\Users\Andrew\Desktop\The Crow - Zavvi Exclusive Limited Edition Steelbook (Ultra Limited Print Run) Blu-ray  Zavvi_com_files
2015-01-03 17:40 - 2015-01-03 17:40 - 00000000 ____D () C:\Users\Andrew\AppData\Local\BMExplorer
2015-01-03 17:40 - 2015-01-03 17:40 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Apple Computer
2015-01-03 17:40 - 2015-01-03 17:40 - 00000000 ____D () C:\Users\Andrew\AppData\Local\AppEx Networks
2015-01-02 16:25 - 2015-01-02 16:32 - 00000000 __SHD () C:\Users\Andrew\AppData\Local\EmieUserList
2015-01-02 16:25 - 2015-01-02 16:32 - 00000000 __SHD () C:\Users\Andrew\AppData\Local\EmieSiteList
2015-01-02 16:25 - 2015-01-02 16:32 - 00000000 __SHD () C:\Users\Andrew\AppData\Local\EmieBrowserModeList
2015-01-01 13:20 - 2014-12-24 22:33 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150101-132053.backup
2014-12-31 21:33 - 2014-12-31 21:33 - 00281160 _____ () C:\WINDOWS\Minidump\123114-49453-01.dmp
2014-12-26 23:10 - 2014-12-26 23:10 - 00125650 _____ () C:\Users\Andrew\Desktop\V For Vendetta - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com.htm
2014-12-26 23:10 - 2014-12-26 23:10 - 00000000 ____D () C:\Users\Andrew\Desktop\V For Vendetta - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com_files
2014-12-26 23:09 - 2014-12-26 23:09 - 00123183 _____ () C:\Users\Andrew\Desktop\King Kong (2005) - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com.htm
2014-12-26 23:09 - 2014-12-26 23:09 - 00000000 ____D () C:\Users\Andrew\Desktop\King Kong (2005) - Zavvi Exclusive Limited Edition Steelbook Blu-ray  Zavvi_com_files
2014-12-25 12:33 - 2014-12-25 12:33 - 00281160 _____ () C:\WINDOWS\Minidump\122514-50671-01.dmp
2014-12-24 22:33 - 2014-12-14 12:13 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141224-223346.backup
2014-12-21 13:39 - 2014-12-31 21:33 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-21 13:39 - 2014-12-21 13:39 - 00281160 _____ () C:\WINDOWS\Minidump\122114-46546-01.dmp
2014-12-20 14:07 - 2015-01-16 08:07 - 00000087 _____ () C:\Users\Andrew\AppData\Roaming\WB.CFG

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 19:23 - 2014-12-02 17:50 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0E5C251E-F216-4AAB-A7F0-F405C6EA5124}
2015-01-19 18:36 - 2012-12-02 17:07 - 00000000 ____D () C:\Users\Andrew\Documents\Outlook Files
2015-01-19 18:35 - 2014-12-02 17:41 - 00000000 ___RD () C:\Users\Andrew\OneDrive
2015-01-19 18:35 - 2014-11-13 21:18 - 00000000 ____D () C:\Users\Andrew\AppData\Local\HTC MediaHub
2015-01-19 18:34 - 2014-10-20 18:22 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 18:34 - 2014-10-20 18:21 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 18:34 - 2013-08-22 14:46 - 00293379 _____ () C:\WINDOWS\setupact.log
2015-01-19 18:34 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-19 18:33 - 2014-09-24 08:08 - 00018874 _____ () C:\WINDOWS\PFRO.log
2015-01-19 18:33 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-19 18:32 - 2014-12-01 23:35 - 01261227 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-19 18:30 - 2012-09-19 02:46 - 00000000 ____D () C:\Users\EasySurvey
2015-01-19 18:07 - 2014-09-24 16:21 - 00867660 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-19 01:54 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-18 22:00 - 2012-09-19 02:58 - 00000360 _____ () C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job
2015-01-17 17:40 - 2012-12-01 21:32 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-515815168-1746495529-2309485121-1001
2015-01-17 15:26 - 2012-09-19 02:50 - 00000000 ____D () C:\ProgramData\WinClon
2015-01-17 14:34 - 2014-12-01 23:44 - 00000000 ____D () C:\Users\Andrew
2015-01-17 14:27 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-14 12:57 - 2012-07-26 07:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-14 12:56 - 2013-02-20 10:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 12:53 - 2012-12-17 20:34 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-06 00:08 - 2014-12-10 19:07 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-06 00:08 - 2014-12-10 19:07 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-31 21:33 - 2014-08-19 17:17 - 696637830 _____ () C:\WINDOWS\MEMORY.DMP
2014-12-31 11:14 - 2012-12-03 08:01 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-20 13:13 - 2012-07-26 05:26 - 00000269 _____ () C:\WINDOWS\win.ini

==================== Files in the root of some directories =======
2014-12-20 14:07 - 2015-01-16 08:07 - 0000087 _____ () C:\Users\Andrew\AppData\Roaming\WB.CFG
2012-09-19 02:58 - 2012-08-07 10:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-17 17:44

==================== End Of Log ============================

============================================================================================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Andrew at 2015-01-19 18:39:18
Running from C:\Users\Andrew\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{8C6A4815-2E50-7B6E-9159-6608871EB5BF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.0 - AppEx Networks)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BBC iPlayer Downloads (HKLM-x32\...\{3DD343EA-B76B-4886-87FC-E5B127A8E035}) (Version: 1.7.4 - BBC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Help Desk (HKLM\...\{D93F0B49-12AA-4AE6-8349-0ECB13B9532F}) (Version: 1.0.5 - Samsung Electronics CO., LTD.)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.33.0 - HTC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Rats! 3.1 (HKLM-x32\...\Rats!_is1) (Version:  - Sean O'Connor's Windows Games)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.5 - Samsung Electronics CO., LTD.)
Roll (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version:  - )
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Slay 5.0 (HKLM-x32\...\Slay_is1) (Version:  - Sean O'Connor's Windows Games)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Support Center (HKLM\...\{AC0273F1-68A3-42CF-B487-C594B0A92F8D}) (Version: 2.0.12 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.3 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{391A07F0-748F-474F-986C-F03934F98F6E}) (Version: 2.0.19 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.3 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)
Zoosk Messenger (HKLM-x32\...\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1) (Version: 4.149.1 - Zoosk, Inc.)
Zoosk Messenger (x32 Version: 4.149.1 - Zoosk, Inc.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

28-12-2014 23:20:52 Scheduled Checkpoint
08-01-2015 22:16:25 Scheduled Checkpoint
14-01-2015 12:51:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 05:26 - 2015-01-19 18:30 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07736EE8-2192-4E15-A52B-5C7F16BCC854} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-09-17] (SEC)
Task: {136B747D-E273-44A7-B884-43549BDABE9A} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {2AA17891-BAC0-491F-9269-913D94E05CD2} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-09-14] (Samsung Electronics CO., LTD.)
Task: {3937CFCF-EECD-4C0F-97ED-1282DA2C8671} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {46D1E85E-F096-4898-8E43-EE38F8AC3823} - System32\Tasks\{9D8CC1F7-790D-44AC-9BDB-5D276FAF4538} => pcalua.exe -a C:\Windows\UniFish3.exe -d C:\windows\system32 -c C:\Program Files (x86)\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Task: {5239A14B-AD4B-4D78-8A44-B3151FBFAAA4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6B5BD7BB-0798-4C9B-82D8-3FF990D17394} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {84519659-0E6A-4C20-AC3E-902EEA032291} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {9156DACE-469B-48C9-B8BC-4472E1B779D0} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {91919546-A4FC-4123-A741-D64B6DE869DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-05] (Google Inc.)
Task: {932EDCF2-71DC-4F32-B457-A2F3349C2390} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {9D80CDFA-7282-408E-903C-0BB15ED1E91A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {B8DFA1EA-8260-41F2-8276-C7D4E2C68213} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {D96ABC18-1BBF-4036-BF4C-1B4323239978} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {E8E0B982-C9DB-49D3-866B-917596A8C708} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F9469DEE-F7E3-45BD-BB1F-4FDF8BA0A0CC} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe
Task: {FB262141-FF46-40E4-8DDC-34AF4C1670E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-05] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2012-09-05 07:50 - 2012-09-05 07:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-11-03 11:05 - 2014-11-03 11:05 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2012-09-14 03:42 - 2012-09-14 03:42 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2014-07-04 21:33 - 2014-07-04 21:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-09-14 10:18 - 2012-09-14 10:18 - 04238968 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2012-09-19 02:50 - 2012-09-17 01:18 - 00673280 _____ () C:\Program Files\Samsung\Recovery\Clonix.UC.dll
2012-09-19 02:50 - 2012-09-17 01:18 - 00892416 _____ () C:\Program Files\Samsung\Recovery\Clonix.UC.Res.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-03 11:04 - 2014-11-03 11:04 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-11-03 11:06 - 2014-11-03 11:06 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-11-03 11:07 - 2014-11-03 11:07 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2014-08-25 10:21 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-25 10:21 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-25 10:21 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-25 10:21 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-25 10:21 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-09-05 07:50 - 2012-09-05 07:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-09-05 07:50 - 2012-09-05 07:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-09-05 07:50 - 2012-09-05 07:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-09-05 07:50 - 2012-09-05 07:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-09-05 07:50 - 2012-09-05 07:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-09-05 07:50 - 2012-09-05 07:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-09-05 07:50 - 2012-09-05 07:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-09-05 07:50 - 2012-09-05 07:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-09-05 07:50 - 2012-09-05 07:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2012-09-19 02:55 - 2012-06-08 03:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 02:34 - 2012-06-08 02:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Andrew\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "MailWasher.lnk"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\StartupApproved\StartupFolder: => "ZooskMessenger.lnk"
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\StartupApproved\Run: => "AmazonMP3DownloaderHelper"

========================= Accounts: ==========================

Administrator (S-1-5-21-515815168-1746495529-2309485121-500 - Administrator - Disabled)
Andrew (S-1-5-21-515815168-1746495529-2309485121-1001 - Administrator - Enabled) => C:\Users\Andrew
Guest (S-1-5-21-515815168-1746495529-2309485121-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2015 06:06:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 58339515

Error: (01/19/2015 06:06:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 58339515

Error: (01/19/2015 06:06:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/18/2015 06:57:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 170406

Error: (01/18/2015 06:57:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 170406

Error: (01/18/2015 06:57:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/18/2015 02:44:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 595500

Error: (01/18/2015 02:44:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 595500

Error: (01/18/2015 02:44:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/18/2015 01:50:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15062

System errors:
=============
Error: (01/19/2015 06:32:32 PM) (Source: DCOM) (EventID: 10010) (User: ANDY)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/19/2015 06:32:32 PM) (Source: DCOM) (EventID: 10010) (User: ANDY)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/19/2015 06:32:32 PM) (Source: DCOM) (EventID: 10010) (User: ANDY)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/19/2015 06:32:32 PM) (Source: DCOM) (EventID: 10010) (User: ANDY)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/19/2015 06:32:01 PM) (Source: DCOM) (EventID: 10010) (User: ANDY)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/19/2015 06:31:31 PM) (Source: DCOM) (EventID: 10010) (User: ANDY)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/19/2015 06:31:01 PM) (Source: DCOM) (EventID: 10010) (User: ANDY)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/19/2015 06:30:30 PM) (Source: DCOM) (EventID: 10010) (User: ANDY)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/19/2015 06:30:00 PM) (Source: DCOM) (EventID: 10010) (User: ANDY)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/19/2015 06:23:01 PM) (Source: DCOM) (EventID: 10010) (User: ANDY)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Microsoft Office Sessions:
=========================
Error: (01/19/2015 06:06:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 58339515

Error: (01/19/2015 06:06:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 58339515

Error: (01/19/2015 06:06:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/18/2015 06:57:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 170406

Error: (01/18/2015 06:57:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 170406

Error: (01/18/2015 06:57:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/18/2015 02:44:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 595500

Error: (01/18/2015 02:44:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 595500

Error: (01/18/2015 02:44:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/18/2015 01:50:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15062

CodeIntegrity Errors:
===================================
  Date: 2015-01-18 22:31:59.178
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-18 22:31:58.944
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-18 17:37:06.192
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-18 17:37:05.958
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-18 15:08:34.480
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-18 15:08:34.246
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-18 13:26:00.502
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-18 13:26:00.267
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-17 21:03:24.836
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-17 21:03:24.617
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD A8-4500M APU with Radeon™ HD Graphics
Percentage of memory in use: 24%
Total physical RAM: 5595.09 MB
Available physical RAM: 4220.36 MB
Total Pagefile: 11227.09 MB
Available Pagefile: 9524.28 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.91 GB) (Free:850.78 GB) NTFS
Drive e: (DRIVE 1 MASTER) (Fixed) (Total:1397.26 GB) (Free:1276.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 002C0EB1)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Thumbnails

• 

Edited by manford7, 19 January 2015 - 01:02 PM.

[Machiavelli]

Then use another browser.

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on this link to open ESET OnlineScan in a new window.
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the
    icon on your desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under scan settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

[manford7]

Hi, ESET scan completed, log below. Both files deleted on exit. Regards.

 

C:\AdwCleaner\Quarantine\C\Users\Andrew\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.Z potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\{db4225e9-90b8-4ca5-99da-da423e504d3d}Gw64.sys.vir a variant of Win64/BrowseFox.CG potentially unwanted application deleted - quarantined
 

[Machiavelli]

Hello,
in my opinion your PC is clean. My help is of course completely free of charge but if you would like to donate some money to me that I can buy some beer, then click on the button . I'd really appreciate it, my friend.


We need to remove the tools we've used during cleaning your machine.

• Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
• Ensure Remove disinfection tools is ticked
  Also tick:
  • Create registry backup
  • Purge system restore
  
• Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe!

[Machiavelli]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.