Samsung N145plus
This is an old PC but running painfully slow. Suspect malware.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-05-2015 01
Ran by Pauline (administrator) on PAULINE-PC on 24-05-2015 18:27:57
Running from C:\Users\Pauline\Desktop
Loaded Profiles: Pauline (Available Profiles: Pauline)
Platform: Microsoft Windows 7 Starter (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(TomTom) C:\Program Files\MyTomTom 3\MyTomTomSA.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(AVG Secure Search) C:\Program Files\AVG Web TuneUp\avgcefrend.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics) C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9734760 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1807240 2010-08-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2004360 2015-04-28] (APN)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [3033112 2015-04-01] ()
HKU\S-1-5-21-4159039374-4143841151-2063890905-1000\...\Run: [Facebook Update] => C:\Users\Pauline\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-12-14] (Facebook Inc.)
HKU\S-1-5-21-4159039374-4143841151-2063890905-1000\...\Run: [MyTomTomSA.exe] => C:\Program Files\MyTomTom 3\MyTomTomSA.exe [451656 2013-01-07] (TomTom)
HKU\S-1-5-21-4159039374-4143841151-2063890905-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4159039374-4143841151-2063890905-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\WLXPGSS.SCR [302448 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2015-05-13] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4159039374-4143841151-2063890905-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKU\S-1-5-21-4159039374-4143841151-2063890905-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-12-15 12:09:48&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-12-15 12:09:48&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-11-08] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-04-01] (AVG)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-08-23] ()
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-11-08] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll [2014-12-15] (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
FireFox:
========
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-11-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin HKU\S-1-5-21-4159039374-4143841151-2063890905-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Pauline\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
Chrome:
=======
CHR Profile: C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-26]
CHR Extension: (AdBlock) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-26]
CHR Extension: (Bookmark Manager) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-05]
CHR Extension: (Google Wallet) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-26]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-28] (APN LLC.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2057560 2010-06-01] (Symantec Corporation)
S3 Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [131888 2010-08-09] (Samsung Electronics CO., LTD.)
R2 vToolbarUpdater18.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-04-01] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-04-01] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiskx; C:\windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\windows\System32\DRIVERS\avgidsdriverx.sys [224736 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [107488 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\windows\System32\DRIVERS\avgtdix.sys [210912 2015-02-25] (AVG Technologies CZ, s.r.o.)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [94208 2010-08-10] (ELAN Microelectronics Corp.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-24 18:27 - 2015-05-24 18:29 - 00015655 _____ () C:\Users\Pauline\Desktop\FRST.txt
2015-05-24 18:25 - 2015-05-24 18:25 - 01146880 _____ (Farbar) C:\Users\Pauline\Desktop\FRST.exe
2015-05-24 17:59 - 2015-05-24 17:59 - 00001417 _____ () C:\Users\Pauline\Desktop\Internet Explorer.lnk
2015-05-24 17:42 - 2015-05-24 18:28 - 00000000 ____D () C:\FRST
2015-05-24 12:24 - 2015-05-24 12:24 - 06420480 _____ () C:\Program Files\GUTAF82.tmp
2015-05-24 12:24 - 2015-05-24 12:24 - 00000000 ____D () C:\Program Files\GUMAF52.tmp
2015-05-24 11:46 - 2015-05-24 18:20 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-24 11:36 - 2015-05-24 11:36 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-24 11:35 - 2015-05-24 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-24 11:35 - 2015-05-24 11:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-24 11:35 - 2015-05-24 11:35 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-24 11:35 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-05-24 11:35 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-05-24 11:35 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-05-24 11:30 - 2015-05-24 11:31 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Pauline\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-13 14:35 - 2015-03-19 03:57 - 03963320 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-05-13 14:35 - 2015-03-19 03:57 - 03908024 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-13 14:32 - 2015-05-13 14:32 - 00000000 ____D () C:\windows\system32\SPReview
2015-05-12 13:37 - 2015-05-12 13:42 - 00000348 _____ () C:\windows\Tasks\0415tbUpdateInfo.job
2015-05-12 13:37 - 2015-05-12 13:42 - 00000000 ____D () C:\ProgramData\Avg_Update_0415tb
2015-05-12 13:35 - 2015-05-24 18:14 - 00000448 _____ () C:\windows\setupact.log
2015-05-12 13:35 - 2015-05-12 13:35 - 00000000 _____ () C:\windows\setuperr.log
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-24 18:25 - 2010-09-01 10:41 - 01676960 _____ () C:\windows\WindowsUpdate.log
2015-05-24 18:17 - 2011-10-27 17:07 - 00000000 ____D () C:\Users\Pauline\AppData\Roaming\Skype
2015-05-24 18:16 - 2011-09-24 11:49 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 18:14 - 2011-09-24 11:49 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 18:14 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-24 18:12 - 2011-08-23 08:49 - 00000000 ____D () C:\Users\Pauline\AppData\Roaming\SoftGrid Client
2015-05-24 17:57 - 2012-04-14 12:25 - 00000000 ____D () C:\Users\Pauline\AppData\Local\CrashDumps
2015-05-24 17:49 - 2012-08-04 22:09 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-24 17:36 - 2009-07-26 21:06 - 00005372 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-24 17:21 - 2009-07-14 05:34 - 00014400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-24 17:21 - 2009-07-14 05:34 - 00014400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-24 15:50 - 2012-12-14 10:45 - 00000936 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4159039374-4143841151-2063890905-1000UA.job
2015-05-24 13:16 - 2011-06-01 11:25 - 00232668 _____ () C:\windows\PFRO.log
2015-05-24 13:16 - 2010-09-01 10:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-24 11:34 - 2013-08-26 13:05 - 00000000 ____D () C:\windows\system32\MRT
2015-05-24 11:26 - 2012-04-01 14:52 - 137310008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-24 11:24 - 2011-10-29 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-24 11:11 - 2014-12-15 10:22 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-12 13:56 - 2014-12-26 15:00 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-27 11:01 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\AppCompat
2015-04-27 09:50 - 2012-12-14 10:45 - 00000914 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4159039374-4143841151-2063890905-1000Core.job
2015-04-27 09:22 - 2014-12-15 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-04-27 08:49 - 2012-08-04 22:09 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-04-27 08:49 - 2011-06-29 18:51 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-27 08:33 - 2014-12-11 19:14 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-27 08:33 - 2014-07-14 03:01 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-27 08:32 - 2014-09-27 07:58 - 00000000 ___RD () C:\Program Files\Skype
2015-04-27 08:32 - 2011-05-20 12:22 - 00000000 ____D () C:\ProgramData\Skype
==================== Files in the root of some directories =======
2015-05-24 12:24 - 2015-05-24 12:24 - 6420480 _____ () C:\Program Files\GUTAF82.tmp
2011-10-30 18:24 - 2011-10-30 18:24 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-05-20 12:24 - 2010-01-16 07:18 - 0131368 _____ () C:\ProgramData\FullRemove.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-12 14:20
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-05-2015 01
Ran by Pauline at 2015-05-24 18:30:36
Running from C:\Users\Pauline\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4159039374-4143841151-2063890905-500 - Administrator - Disabled)
Guest (S-1-5-21-4159039374-4143841151-2063890905-501 - Limited - Disabled)
Pauline (S-1-5-21-4159039374-4143841151-2063890905-1000 - Administrator - Enabled) => C:\Users\Pauline
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.5.0621 - Atheros)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4347 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
BatteryLifeExtender (HKLM\...\{E308B555-8434-4AF8-B66F-729897C75F93}) (Version: 1.0.6 - Samsung)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.44 - Broadcom Corporation)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Easy Content Share (HKLM\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{559D1FDB-6D5C-4EF3-8F63-5E1E93A0A244}) (Version: 4.4.1 - Samsung)
Easy Resolution Manager (HKLM\...\{18AA278D-E0B9-4F99-ACCC-070978A38453}) (Version: 1.0.9 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.15 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM\...\{C4582EED-A3FB-4358-8F3F-8C994460DF28}) (Version: 1.0.3 - Samsung)
ETDWare PS/2-X86 8.0.7.0_WHQL (HKLM\...\Elantech) (Version: 8.0.7.0 - ELAN Microelectronic Corp.)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fast Start (HKLM\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.0 - SAMSUNG)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2567 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.24.27.3 - Marvell)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Color Enhancer (HKLM\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyTomTom 3.2.0.906 (HKLM\...\MyTomTom) (Version: 3.2.0.906 - TomTom)
Norton Online Backup (HKLM\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6210 - Realtek Semiconductor Corp.)
REALTEK PCIE Wireless LAN Software (HKLM\...\{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}) (Version: 0136.10.0325 - REALTEK Semiconductor Corp.)
Samsung AnyWeb Print (HKLM\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.19.0 - Samsung Electronics Co., Ltd.)
Samsung AnyWeb Print (Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 5 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.7 - Samsung)
Samsung Support Center 1.0 (HKLM\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung)
Samsung Universal Print Driver (HKLM\...\Samsung Universal Print Driver) (Version: 2.01.06.00:16 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM\...\Samsung Universal Scan Driver) (Version: 1.2.1.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
SamsungMovie (HKLM\...\{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}) (Version: 1.0.0 - Samsung)
Search App by Ask (HKLM\...\{4F524A2D-5350-4500-76A7-A758B70C1C01}) (Version: 12.28.1.169 - APN, LLC) <==== ATTENTION
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SRS Premium Sound Control Panel (HKLM\...\{2998191E-A35E-47E2-BE38-7702C731D722}) (Version: 1.09.0800 - SRS Labs, Inc.)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Pauline\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Pauline\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Pauline\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Pauline\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
==================== Restore Points =========================
13-05-2015 14:30:44 Windows 7 Service Pack 1
24-05-2015 11:11:11 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0F7C6557-9534-4387-9BFD-8B0EACD83A83} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-08-12] (Samsung Electronics. Co. Ltd.)
Task: {15113DEC-561A-4661-BAC5-55254FA6CB85} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {21FC7199-52C8-4978-8FF4-9DCFBD8AB1B4} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: {2CFAA9E4-A2C0-49BD-8FB3-0460E1FFB35F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-27] (Adobe Systems Incorporated)
Task: {41D7A7DB-203A-48FF-9A25-55DB1396E9FF} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-08-04] (Samsung Electronics Co., Ltd.)
Task: {4EE15C26-57BC-488B-8829-CB292841A678} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4159039374-4143841151-2063890905-1000Core => C:\Users\Pauline\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-14] (Facebook Inc.)
Task: {4F53B153-2367-4521-A63E-45F66E7E0FD6} - System32\Tasks\IdlePowerSave => C:\windows\Idle\DetectIdleTask.exe [2010-07-31] (TODO: <회사 이름>)
Task: {5261843A-7BA8-4F8D-9225-E46A40C3F5D4} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {5B32473F-4906-41FF-AA6C-97437641FD31} - System32\Tasks\0215tbUpdateInfo => C:\ProgramData\Avg_Update_0215tb\0215tb_{A48942D0-D6DA-4791-96C4-F3E60DC64F89}.exe [2015-02-25] ()
Task: {68F74B5D-E2E3-4E68-9918-FBA6E97269F7} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel.exe [2010-10-20] (SRS Labs, Inc.)
Task: {7F9563F4-4216-4493-82BA-904FC0E41DFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)
Task: {8759126A-AA8F-4660-965B-71AD14C84AEA} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {9D43B69A-DD6F-4138-BDD2-A5115ADDF4B7} - System32\Tasks\EasySpeedUpManager => C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-08-05] (Samsung Electronics)
Task: {9E48B76C-7B8E-44B4-B32E-2C356113F5EC} - System32\Tasks\0415tbUpdateInfo => C:\ProgramData\Avg_Update_0415tb\0415tb_{4AE92852-BFE2-4BC1-B969-2AE82AE0F6BC}.exe [2015-05-12] ()
Task: {A6BB62DF-2A30-4F2B-B50D-5087CBF6DB12} - System32\Tasks\MovieColorEnhancer => C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-08-19] (Samsung Electronics Co., Ltd.)
Task: {ACB33BFB-B6B3-4650-BBB5-48B193AE237E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)
Task: {B038BB4E-0A54-43F3-979E-88B51D3E6DC5} - System32\Tasks\advSRS5 => C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-08-11] (SEC)
Task: {EE0F492B-35BD-4869-86B9-796C0C5E4570} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4159039374-4143841151-2063890905-1000UA => C:\Users\Pauline\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-14] (Facebook Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\0215tbUpdateInfo.job => C:\ProgramData\Avg_Update_0215tb\0215tb_{A48942D0-D6DA-4791-96C4-F3E60DC64F89}.exe
Task: C:\windows\Tasks\0415tbUpdateInfo.job => C:\ProgramData\Avg_Update_0415tb\0415tb_{4AE92852-BFE2-4BC1-B969-2AE82AE0F6BC}.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4159039374-4143841151-2063890905-1000Core.job => C:\Users\Pauline\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4159039374-4143841151-2063890905-1000UA.job => C:\Users\Pauline\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-04-01 14:19 - 2015-04-01 14:19 - 00620056 _____ () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
2011-05-20 12:20 - 2008-06-05 00:53 - 00026624 _____ () C:\windows\System32\spd__l.dll
2011-05-20 12:21 - 2010-04-21 00:45 - 00552960 _____ () C:\windows\system32\SnMinDrv.dll
2015-04-01 14:20 - 2015-04-01 14:19 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
2015-04-01 14:20 - 2015-04-01 14:19 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\log4cplusU.dll
2010-09-01 10:58 - 2010-07-05 11:42 - 00203776 _____ () C:\Program Files\Samsung\Movie Color Enhancer\WinCRT.dll
2014-12-15 13:07 - 2014-12-15 13:04 - 01686552 _____ () C:\Program Files\AVG Web TuneUp\TBAPI.dll
2014-12-15 13:08 - 2015-04-01 14:19 - 03033112 _____ () C:\Program Files\AVG Web TuneUp\vprot.exe
2014-12-15 13:07 - 2015-04-01 14:19 - 40630296 _____ () C:\Program Files\AVG Web TuneUp\libcef.dll
2013-01-07 13:42 - 2013-01-07 13:42 - 00026184 _____ () C:\Program Files\MyTomTom 3\DeviceDetection.dll
2013-01-07 13:42 - 2013-01-07 13:42 - 00074312 _____ () C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
2013-01-07 13:42 - 2013-01-07 13:42 - 00268360 _____ () C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
2010-09-01 11:00 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2010-09-01 11:03 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files\Samsung\Samsung Recovery Solution 5\Resdll.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4159039374-4143841151-2063890905-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
==================== MSCONFIG/TASK MANAGER Error getting ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{3C3FA724-429F-42B7-B5D6-340F78FD1621}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{7037BD4B-5A7B-4ECD-94EB-BC40FA8782FF}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{3C6EBC82-7526-4F04-840F-1D016CC690F5}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{0BA2CBFF-7A81-4583-A2F4-C95536986380}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{162D79BC-5379-4044-AA2E-CB4146EAE6C9}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{E6E7E1B7-84E8-4B8C-B86C-71EA2F7EE6CA}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{DB8391A1-498B-4C89-AC1C-B1AC42868EF2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D1D8A16A-EC34-4984-9EC6-4BAD6D543EB4}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5845B66B-9485-4F94-97C8-F936FDF57B8C}] => (Allow) svchost.exe
FirewallRules: [{86ADB87E-D9A4-43AC-92F7-D5ECDF50941E}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{63805108-E718-4265-81E8-5603691EEA36}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{60A2FF9D-97D2-477C-BC5B-ADFB6EBC7F5F}] => (Allow) LPort=2869
FirewallRules: [{53E1FBD5-238A-40DB-97A9-5BF37C77B2A1}] => (Allow) LPort=1900
FirewallRules: [{F0DB8A50-E24A-4B9E-9CFF-A07CB027B539}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{420913B4-4D39-4EA8-92E2-CB8C7BCD0DFA}] => (Allow) C:\Users\Pauline\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{EAF1BCAD-D582-4149-BF2F-63AB1EEFC75F}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{DA371F58-EC5D-45C3-A66D-CABE3D642B60}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{4457B692-9709-423F-BC9F-19F69B9598C7}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{CE531FF1-15E7-461B-A2F3-02806C206C3C}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{7645670D-9C26-44AF-9A89-77E203A29C7F}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{336AC597-3986-4EDD-B68B-7F60B3632EC0}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{D6CA1D86-D441-4B98-884B-426A10F6377A}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{5B31BCAD-1ED8-4436-8DD5-FD710CC6A71E}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{29A5B00C-B15E-4C98-A958-1E1BC91DF054}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/24/2015 05:57:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 42.0.2311.135, time stamp: 0x553ea9d4
Faulting module name: YCWebCameraSource.ax, version: 2.0.10175.3910, time stamp: 0x4b9715b8
Exception code: 0xc0000005
Fault offset: 0x0000c9d8
Faulting process id: 0x19c8
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Error: (05/24/2015 05:37:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: d68
Start Time: 01d09636504dcf2c
Termination Time: 0
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id: 0970ea4c-0233-11e5-8587-002454eb069d
Error: (05/24/2015 05:36:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (05/24/2015 05:36:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (05/24/2015 04:27:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 42.0.2311.135, time stamp: 0x553ea9d4
Faulting module name: YCWebCameraSource.ax, version: 2.0.10175.3910, time stamp: 0x4b9715b8
Exception code: 0xc0000005
Fault offset: 0x0000c9d8
Faulting process id: 0x11b4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Error: (05/24/2015 03:01:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 42.0.2311.135, time stamp: 0x553ea9d4
Faulting module name: YCWebCameraSource.ax, version: 2.0.10175.3910, time stamp: 0x4b9715b8
Exception code: 0xc0000005
Fault offset: 0x0000c9d8
Faulting process id: 0xf80
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Error: (05/24/2015 02:38:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 42.0.2311.135, time stamp: 0x553ea9d4
Faulting module name: YCWebCameraSource.ax, version: 2.0.10175.3910, time stamp: 0x4b9715b8
Exception code: 0xc0000005
Fault offset: 0x0000c9d8
Faulting process id: 0x10a8
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Error: (05/24/2015 01:28:35 PM) (Source: Google Update) (EventID: 20) (User: Pauline-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
Error: (05/24/2015 01:26:57 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
Error: (05/24/2015 01:20:46 PM) (Source: Google Update) (EventID: 20) (User: Pauline-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
System errors:
=============
Error: (05/24/2015 06:15:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (05/24/2015 05:23:11 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053MSIServer{000C101C-0000-0000-C000-000000000046}
Error: (05/24/2015 05:23:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Installer service failed to start due to the following error:
%%1053
Error: (05/24/2015 05:23:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
Error: (05/24/2015 02:58:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {CA3A5461-96B5-46DD-9341-5350D3C94615}
Error: (05/24/2015 02:57:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (05/24/2015 02:55:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (05/24/2015 01:21:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
Error: (05/24/2015 01:16:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (05/24/2015 01:13:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
Microsoft Office:
=========================
Error: (05/24/2015 05:57:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe42.0.2311.135553ea9d4YCWebCameraSource.ax2.0.10175.39104b9715b8c00000050000c9d819c801d0964293fb5455C:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\CyberLink\YouCam\YCWebCameraSource.axf8184754-0235-11e5-8587-002454eb069d
Error: (05/24/2015 05:37:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16476d6801d09636504dcf2c0C:\Program Files\Internet Explorer\iexplore.exe0970ea4c-0233-11e5-8587-002454eb069d
Error: (05/24/2015 05:36:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (05/24/2015 05:36:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
Error: (05/24/2015 04:27:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe42.0.2311.135553ea9d4YCWebCameraSource.ax2.0.10175.39104b9715b8c00000050000c9d811b401d09635fe496e1cC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax62de51fd-0229-11e5-8587-002454eb069d
Error: (05/24/2015 03:01:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe42.0.2311.135553ea9d4YCWebCameraSource.ax2.0.10175.39104b9715b8c00000050000c9d8f8001d09629428f6c4fC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax6140b6fe-021d-11e5-8587-002454eb069d
Error: (05/24/2015 02:38:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe42.0.2311.135553ea9d4YCWebCameraSource.ax2.0.10175.39104b9715b8c00000050000c9d810a801d09626ba56f49cC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax233fd986-021a-11e5-85b4-002454eb069d
Error: (05/24/2015 01:28:35 PM) (Source: Google Update) (EventID: 20) (User: Pauline-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
Error: (05/24/2015 01:26:57 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
Error: (05/24/2015 01:20:46 PM) (Source: Google Update) (EventID: 20) (User: Pauline-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
==================== Memory info ===========================
Processor: Intel® Atom CPU N450 @ 1.66GHz
Percentage of memory in use: 81%
Total physical RAM: 1013.3 MB
Available physical RAM: 185.7 MB
Total Pagefile: 2037.3 MB
Available Pagefile: 516.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.97 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:88 GB) (Free:57.81 GB) NTFS
Drive d: () (Fixed) (Total:130.35 GB) (Free:130.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: A0697792)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=88 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=130.4 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.4 GB) - (Type=27)
==================== End of log ============================