Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows 7 netbook runs slow. [Solved]

Started by peter plus , May 24 2015 11:45 AM

  • This topic is locked This topic is locked

#1
peter plus
Posted 24 May 2015 - 11:45 AM

peter plus

    Member

  • Member
  • PipPipPip
  • 278 posts

Samsung N145plus

This is an old PC but running painfully slow. Suspect malware.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-05-2015 01
Ran by Pauline (administrator) on PAULINE-PC on 24-05-2015 18:27:57
Running from C:\Users\Pauline\Desktop
Loaded Profiles: Pauline (Available Profiles: Pauline)
Platform: Microsoft Windows 7 Starter  (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(TomTom) C:\Program Files\MyTomTom 3\MyTomTomSA.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(AVG Secure Search) C:\Program Files\AVG Web TuneUp\avgcefrend.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics) C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9734760 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1807240 2010-08-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2004360 2015-04-28] (APN)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [3033112 2015-04-01] ()
HKU\S-1-5-21-4159039374-4143841151-2063890905-1000\...\Run: [Facebook Update] => C:\Users\Pauline\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-12-14] (Facebook Inc.)
HKU\S-1-5-21-4159039374-4143841151-2063890905-1000\...\Run: [MyTomTomSA.exe] => C:\Program Files\MyTomTom 3\MyTomTomSA.exe [451656 2013-01-07] (TomTom)
HKU\S-1-5-21-4159039374-4143841151-2063890905-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4159039374-4143841151-2063890905-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\WLXPGSS.SCR [302448 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2015-05-13] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4159039374-4143841151-2063890905-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKU\S-1-5-21-4159039374-4143841151-2063890905-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-12-15 12:09:48&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-12-15 12:09:48&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-11-08] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-04-01] (AVG)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-08-23] ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-11-08] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll [2014-12-15] (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-11-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin HKU\S-1-5-21-4159039374-4143841151-2063890905-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Pauline\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

Chrome:
=======
CHR Profile: C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-26]
CHR Extension: (AdBlock) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-26]
CHR Extension: (Bookmark Manager) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-05]
CHR Extension: (Google Wallet) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-28] (APN LLC.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2057560 2010-06-01] (Symantec Corporation)
S3 Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [131888 2010-08-09] (Samsung Electronics CO., LTD.)
R2 vToolbarUpdater18.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-04-01] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-04-01] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\windows\System32\DRIVERS\avgidsdriverx.sys [224736 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [107488 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\windows\System32\DRIVERS\avgtdix.sys [210912 2015-02-25] (AVG Technologies CZ, s.r.o.)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [94208 2010-08-10] (ELAN Microelectronics Corp.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 18:27 - 2015-05-24 18:29 - 00015655 _____ () C:\Users\Pauline\Desktop\FRST.txt
2015-05-24 18:25 - 2015-05-24 18:25 - 01146880 _____ (Farbar) C:\Users\Pauline\Desktop\FRST.exe
2015-05-24 17:59 - 2015-05-24 17:59 - 00001417 _____ () C:\Users\Pauline\Desktop\Internet Explorer.lnk
2015-05-24 17:42 - 2015-05-24 18:28 - 00000000 ____D () C:\FRST
2015-05-24 12:24 - 2015-05-24 12:24 - 06420480 _____ () C:\Program Files\GUTAF82.tmp
2015-05-24 12:24 - 2015-05-24 12:24 - 00000000 ____D () C:\Program Files\GUMAF52.tmp
2015-05-24 11:46 - 2015-05-24 18:20 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-24 11:36 - 2015-05-24 11:36 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-24 11:35 - 2015-05-24 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-24 11:35 - 2015-05-24 11:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-24 11:35 - 2015-05-24 11:35 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-24 11:35 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-05-24 11:35 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-05-24 11:35 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-05-24 11:30 - 2015-05-24 11:31 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Pauline\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-13 14:35 - 2015-03-19 03:57 - 03963320 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-05-13 14:35 - 2015-03-19 03:57 - 03908024 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-13 14:32 - 2015-05-13 14:32 - 00000000 ____D () C:\windows\system32\SPReview
2015-05-12 13:37 - 2015-05-12 13:42 - 00000348 _____ () C:\windows\Tasks\0415tbUpdateInfo.job
2015-05-12 13:37 - 2015-05-12 13:42 - 00000000 ____D () C:\ProgramData\Avg_Update_0415tb
2015-05-12 13:35 - 2015-05-24 18:14 - 00000448 _____ () C:\windows\setupact.log
2015-05-12 13:35 - 2015-05-12 13:35 - 00000000 _____ () C:\windows\setuperr.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 18:25 - 2010-09-01 10:41 - 01676960 _____ () C:\windows\WindowsUpdate.log
2015-05-24 18:17 - 2011-10-27 17:07 - 00000000 ____D () C:\Users\Pauline\AppData\Roaming\Skype
2015-05-24 18:16 - 2011-09-24 11:49 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 18:14 - 2011-09-24 11:49 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 18:14 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-24 18:12 - 2011-08-23 08:49 - 00000000 ____D () C:\Users\Pauline\AppData\Roaming\SoftGrid Client
2015-05-24 17:57 - 2012-04-14 12:25 - 00000000 ____D () C:\Users\Pauline\AppData\Local\CrashDumps
2015-05-24 17:49 - 2012-08-04 22:09 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-24 17:36 - 2009-07-26 21:06 - 00005372 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-24 17:21 - 2009-07-14 05:34 - 00014400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-24 17:21 - 2009-07-14 05:34 - 00014400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-24 15:50 - 2012-12-14 10:45 - 00000936 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4159039374-4143841151-2063890905-1000UA.job
2015-05-24 13:16 - 2011-06-01 11:25 - 00232668 _____ () C:\windows\PFRO.log
2015-05-24 13:16 - 2010-09-01 10:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-24 11:34 - 2013-08-26 13:05 - 00000000 ____D () C:\windows\system32\MRT
2015-05-24 11:26 - 2012-04-01 14:52 - 137310008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-24 11:24 - 2011-10-29 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-24 11:11 - 2014-12-15 10:22 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-12 13:56 - 2014-12-26 15:00 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-27 11:01 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\AppCompat
2015-04-27 09:50 - 2012-12-14 10:45 - 00000914 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4159039374-4143841151-2063890905-1000Core.job
2015-04-27 09:22 - 2014-12-15 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-04-27 08:49 - 2012-08-04 22:09 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-04-27 08:49 - 2011-06-29 18:51 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-27 08:33 - 2014-12-11 19:14 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-27 08:33 - 2014-07-14 03:01 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-27 08:32 - 2014-09-27 07:58 - 00000000 ___RD () C:\Program Files\Skype
2015-04-27 08:32 - 2011-05-20 12:22 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2015-05-24 12:24 - 2015-05-24 12:24 - 6420480 _____ () C:\Program Files\GUTAF82.tmp
2011-10-30 18:24 - 2011-10-30 18:24 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-05-20 12:24 - 2010-01-16 07:18 - 0131368 _____ () C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-12 14:20

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-05-2015 01
Ran by Pauline at 2015-05-24 18:30:36
Running from C:\Users\Pauline\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4159039374-4143841151-2063890905-500 - Administrator - Disabled)
Guest (S-1-5-21-4159039374-4143841151-2063890905-501 - Limited - Disabled)
Pauline (S-1-5-21-4159039374-4143841151-2063890905-1000 - Administrator - Enabled) => C:\Users\Pauline

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.5.0621 - Atheros)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4347 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
BatteryLifeExtender (HKLM\...\{E308B555-8434-4AF8-B66F-729897C75F93}) (Version: 1.0.6 - Samsung)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.44 - Broadcom Corporation)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Easy Content Share (HKLM\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{559D1FDB-6D5C-4EF3-8F63-5E1E93A0A244}) (Version: 4.4.1 - Samsung)
Easy Resolution Manager (HKLM\...\{18AA278D-E0B9-4F99-ACCC-070978A38453}) (Version: 1.0.9 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.15 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM\...\{C4582EED-A3FB-4358-8F3F-8C994460DF28}) (Version: 1.0.3 - Samsung)
ETDWare PS/2-X86 8.0.7.0_WHQL (HKLM\...\Elantech) (Version: 8.0.7.0 - ELAN Microelectronic Corp.)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fast Start (HKLM\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.0 - SAMSUNG)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2567 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.24.27.3 - Marvell)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Color Enhancer (HKLM\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyTomTom 3.2.0.906 (HKLM\...\MyTomTom) (Version: 3.2.0.906 - TomTom)
Norton Online Backup (HKLM\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6210 - Realtek Semiconductor Corp.)
REALTEK PCIE Wireless LAN Software (HKLM\...\{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}) (Version: 0136.10.0325 - REALTEK Semiconductor Corp.)
Samsung AnyWeb Print (HKLM\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.19.0 - Samsung Electronics Co., Ltd.)
Samsung AnyWeb Print (Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 5 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.7 - Samsung)
Samsung Support Center 1.0 (HKLM\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung)
Samsung Universal Print Driver (HKLM\...\Samsung Universal Print Driver) (Version: 2.01.06.00:16 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM\...\Samsung Universal Scan Driver) (Version: 1.2.1.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
SamsungMovie (HKLM\...\{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}) (Version: 1.0.0 - Samsung)
Search App by Ask (HKLM\...\{4F524A2D-5350-4500-76A7-A758B70C1C01}) (Version: 12.28.1.169 - APN, LLC) <==== ATTENTION
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SRS Premium Sound Control Panel (HKLM\...\{2998191E-A35E-47E2-BE38-7702C731D722}) (Version: 1.09.0800 - SRS Labs, Inc.)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Pauline\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Pauline\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Pauline\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Pauline\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

==================== Restore Points =========================

13-05-2015 14:30:44 Windows 7 Service Pack 1
24-05-2015 11:11:11 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F7C6557-9534-4387-9BFD-8B0EACD83A83} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-08-12] (Samsung Electronics. Co. Ltd.)
Task: {15113DEC-561A-4661-BAC5-55254FA6CB85} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {21FC7199-52C8-4978-8FF4-9DCFBD8AB1B4} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: {2CFAA9E4-A2C0-49BD-8FB3-0460E1FFB35F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-27] (Adobe Systems Incorporated)
Task: {41D7A7DB-203A-48FF-9A25-55DB1396E9FF} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-08-04] (Samsung Electronics Co., Ltd.)
Task: {4EE15C26-57BC-488B-8829-CB292841A678} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4159039374-4143841151-2063890905-1000Core => C:\Users\Pauline\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-14] (Facebook Inc.)
Task: {4F53B153-2367-4521-A63E-45F66E7E0FD6} - System32\Tasks\IdlePowerSave => C:\windows\Idle\DetectIdleTask.exe [2010-07-31] (TODO: <회사 이름>)
Task: {5261843A-7BA8-4F8D-9225-E46A40C3F5D4} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {5B32473F-4906-41FF-AA6C-97437641FD31} - System32\Tasks\0215tbUpdateInfo => C:\ProgramData\Avg_Update_0215tb\0215tb_{A48942D0-D6DA-4791-96C4-F3E60DC64F89}.exe [2015-02-25] ()
Task: {68F74B5D-E2E3-4E68-9918-FBA6E97269F7} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel.exe [2010-10-20] (SRS Labs, Inc.)
Task: {7F9563F4-4216-4493-82BA-904FC0E41DFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)
Task: {8759126A-AA8F-4660-965B-71AD14C84AEA} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {9D43B69A-DD6F-4138-BDD2-A5115ADDF4B7} - System32\Tasks\EasySpeedUpManager => C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-08-05] (Samsung Electronics)
Task: {9E48B76C-7B8E-44B4-B32E-2C356113F5EC} - System32\Tasks\0415tbUpdateInfo => C:\ProgramData\Avg_Update_0415tb\0415tb_{4AE92852-BFE2-4BC1-B969-2AE82AE0F6BC}.exe [2015-05-12] ()
Task: {A6BB62DF-2A30-4F2B-B50D-5087CBF6DB12} - System32\Tasks\MovieColorEnhancer => C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-08-19] (Samsung Electronics Co., Ltd.)
Task: {ACB33BFB-B6B3-4650-BBB5-48B193AE237E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)
Task: {B038BB4E-0A54-43F3-979E-88B51D3E6DC5} - System32\Tasks\advSRS5 => C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-08-11] (SEC)
Task: {EE0F492B-35BD-4869-86B9-796C0C5E4570} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4159039374-4143841151-2063890905-1000UA => C:\Users\Pauline\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-14] (Facebook Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\0215tbUpdateInfo.job => C:\ProgramData\Avg_Update_0215tb\0215tb_{A48942D0-D6DA-4791-96C4-F3E60DC64F89}.exe
Task: C:\windows\Tasks\0415tbUpdateInfo.job => C:\ProgramData\Avg_Update_0415tb\0415tb_{4AE92852-BFE2-4BC1-B969-2AE82AE0F6BC}.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4159039374-4143841151-2063890905-1000Core.job => C:\Users\Pauline\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4159039374-4143841151-2063890905-1000UA.job => C:\Users\Pauline\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-01 14:19 - 2015-04-01 14:19 - 00620056 _____ () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
2011-05-20 12:20 - 2008-06-05 00:53 - 00026624 _____ () C:\windows\System32\spd__l.dll
2011-05-20 12:21 - 2010-04-21 00:45 - 00552960 _____ () C:\windows\system32\SnMinDrv.dll
2015-04-01 14:20 - 2015-04-01 14:19 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
2015-04-01 14:20 - 2015-04-01 14:19 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\log4cplusU.dll
2010-09-01 10:58 - 2010-07-05 11:42 - 00203776 _____ () C:\Program Files\Samsung\Movie Color Enhancer\WinCRT.dll
2014-12-15 13:07 - 2014-12-15 13:04 - 01686552 _____ () C:\Program Files\AVG Web TuneUp\TBAPI.dll
2014-12-15 13:08 - 2015-04-01 14:19 - 03033112 _____ () C:\Program Files\AVG Web TuneUp\vprot.exe
2014-12-15 13:07 - 2015-04-01 14:19 - 40630296 _____ () C:\Program Files\AVG Web TuneUp\libcef.dll
2013-01-07 13:42 - 2013-01-07 13:42 - 00026184 _____ () C:\Program Files\MyTomTom 3\DeviceDetection.dll
2013-01-07 13:42 - 2013-01-07 13:42 - 00074312 _____ () C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
2013-01-07 13:42 - 2013-01-07 13:42 - 00268360 _____ () C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
2010-09-01 11:00 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2010-09-01 11:03 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files\Samsung\Samsung Recovery Solution 5\Resdll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4159039374-4143841151-2063890905-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3C3FA724-429F-42B7-B5D6-340F78FD1621}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{7037BD4B-5A7B-4ECD-94EB-BC40FA8782FF}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{3C6EBC82-7526-4F04-840F-1D016CC690F5}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{0BA2CBFF-7A81-4583-A2F4-C95536986380}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{162D79BC-5379-4044-AA2E-CB4146EAE6C9}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{E6E7E1B7-84E8-4B8C-B86C-71EA2F7EE6CA}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{DB8391A1-498B-4C89-AC1C-B1AC42868EF2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D1D8A16A-EC34-4984-9EC6-4BAD6D543EB4}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5845B66B-9485-4F94-97C8-F936FDF57B8C}] => (Allow) svchost.exe
FirewallRules: [{86ADB87E-D9A4-43AC-92F7-D5ECDF50941E}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{63805108-E718-4265-81E8-5603691EEA36}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{60A2FF9D-97D2-477C-BC5B-ADFB6EBC7F5F}] => (Allow) LPort=2869
FirewallRules: [{53E1FBD5-238A-40DB-97A9-5BF37C77B2A1}] => (Allow) LPort=1900
FirewallRules: [{F0DB8A50-E24A-4B9E-9CFF-A07CB027B539}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{420913B4-4D39-4EA8-92E2-CB8C7BCD0DFA}] => (Allow) C:\Users\Pauline\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{EAF1BCAD-D582-4149-BF2F-63AB1EEFC75F}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{DA371F58-EC5D-45C3-A66D-CABE3D642B60}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{4457B692-9709-423F-BC9F-19F69B9598C7}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{CE531FF1-15E7-461B-A2F3-02806C206C3C}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{7645670D-9C26-44AF-9A89-77E203A29C7F}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{336AC597-3986-4EDD-B68B-7F60B3632EC0}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{D6CA1D86-D441-4B98-884B-426A10F6377A}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{5B31BCAD-1ED8-4436-8DD5-FD710CC6A71E}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{29A5B00C-B15E-4C98-A958-1E1BC91DF054}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2015 05:57:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 42.0.2311.135, time stamp: 0x553ea9d4
Faulting module name: YCWebCameraSource.ax, version: 2.0.10175.3910, time stamp: 0x4b9715b8
Exception code: 0xc0000005
Fault offset: 0x0000c9d8
Faulting process id: 0x19c8
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (05/24/2015 05:37:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d68

Start Time: 01d09636504dcf2c

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 0970ea4c-0233-11e5-8587-002454eb069d

Error: (05/24/2015 05:36:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/24/2015 05:36:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/24/2015 04:27:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 42.0.2311.135, time stamp: 0x553ea9d4
Faulting module name: YCWebCameraSource.ax, version: 2.0.10175.3910, time stamp: 0x4b9715b8
Exception code: 0xc0000005
Fault offset: 0x0000c9d8
Faulting process id: 0x11b4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (05/24/2015 03:01:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 42.0.2311.135, time stamp: 0x553ea9d4
Faulting module name: YCWebCameraSource.ax, version: 2.0.10175.3910, time stamp: 0x4b9715b8
Exception code: 0xc0000005
Fault offset: 0x0000c9d8
Faulting process id: 0xf80
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (05/24/2015 02:38:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 42.0.2311.135, time stamp: 0x553ea9d4
Faulting module name: YCWebCameraSource.ax, version: 2.0.10175.3910, time stamp: 0x4b9715b8
Exception code: 0xc0000005
Fault offset: 0x0000c9d8
Faulting process id: 0x10a8
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (05/24/2015 01:28:35 PM) (Source: Google Update) (EventID: 20) (User: Pauline-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (05/24/2015 01:26:57 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/24/2015 01:20:46 PM) (Source: Google Update) (EventID: 20) (User: Pauline-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

System errors:
=============
Error: (05/24/2015 06:15:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (05/24/2015 05:23:11 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (05/24/2015 05:23:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Installer service failed to start due to the following error:
%%1053

Error: (05/24/2015 05:23:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.

Error: (05/24/2015 02:58:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {CA3A5461-96B5-46DD-9341-5350D3C94615}

Error: (05/24/2015 02:57:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/24/2015 02:55:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (05/24/2015 01:21:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

Error: (05/24/2015 01:16:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (05/24/2015 01:13:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.

Microsoft Office:
=========================
Error: (05/24/2015 05:57:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe42.0.2311.135553ea9d4YCWebCameraSource.ax2.0.10175.39104b9715b8c00000050000c9d819c801d0964293fb5455C:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\CyberLink\YouCam\YCWebCameraSource.axf8184754-0235-11e5-8587-002454eb069d

Error: (05/24/2015 05:37:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16476d6801d09636504dcf2c0C:\Program Files\Internet Explorer\iexplore.exe0970ea4c-0233-11e5-8587-002454eb069d

Error: (05/24/2015 05:36:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/24/2015 05:36:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (05/24/2015 04:27:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe42.0.2311.135553ea9d4YCWebCameraSource.ax2.0.10175.39104b9715b8c00000050000c9d811b401d09635fe496e1cC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax62de51fd-0229-11e5-8587-002454eb069d

Error: (05/24/2015 03:01:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe42.0.2311.135553ea9d4YCWebCameraSource.ax2.0.10175.39104b9715b8c00000050000c9d8f8001d09629428f6c4fC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax6140b6fe-021d-11e5-8587-002454eb069d

Error: (05/24/2015 02:38:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe42.0.2311.135553ea9d4YCWebCameraSource.ax2.0.10175.39104b9715b8c00000050000c9d810a801d09626ba56f49cC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax233fd986-021a-11e5-85b4-002454eb069d

Error: (05/24/2015 01:28:35 PM) (Source: Google Update) (EventID: 20) (User: Pauline-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (05/24/2015 01:26:57 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (05/24/2015 01:20:46 PM) (Source: Google Update) (EventID: 20) (User: Pauline-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

==================== Memory info ===========================

Processor: Intel® Atom™ CPU N450 @ 1.66GHz
Percentage of memory in use: 81%
Total physical RAM: 1013.3 MB
Available physical RAM: 185.7 MB
Total Pagefile: 2037.3 MB
Available Pagefile: 516.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.97 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:88 GB) (Free:57.81 GB) NTFS
Drive d: () (Fixed) (Total:130.35 GB) (Free:130.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: A0697792)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=88 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=130.4 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.4 GB) - (Type=27)

==================== End of log ============================


  • 0

Advertisements

#2
peter plus
Posted 28 May 2015 - 02:19 PM

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 278 posts

bump


  • 0

#3
BrianDrab
Posted 30 May 2015 - 08:34 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi and welcome to Geeks To Go. Sorry for the delay. Looking through your logs it doesn't appear you have malware. I believe you have more demand than resources available. You only have 1GB of memory which is the bare minimum. Getting some more RAM to put in your computer may be the best option. If that's not an option then I suggest you follow these steps to get your machine slimmed down and then you should notice a performance improvement.

 

Step#1 - Uninstalls

I see that you are using AVG 2015. I recommend that we remove this and use Microsoft Security Essentials which should allow your machine to perform better.

1. Please uninstall AVG 2015. If you need them instructions for doing so are here.

2. After the uninstall, please run the AVG 2015 manual removal tool from here.

3. Then please download and install Microsoft Security Essentials.

 

Step#2 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Cleaning"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#3 - Fresh Set of Logs
1. Right click on FRST.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post

1. Adwcleaner log
2. FRST and Addition logs

 


  • 0

#4
peter plus
Posted 30 May 2015 - 01:45 PM

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 278 posts

Thanks for the advice. Does seem a bit better but probably needs more RAM.

Would you suggest uninstalling Windows7 and maybe install linux as some forums suggest?

 

# AdwCleaner v4.205 - Logfile created 30/05/2015 at 20:09:30
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 7 Starter  (x86)
# Username : Pauline - PAULINE-PC
# Running from : C:\Users\Pauline\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
Service Deleted : APNMCP
[#] Service Deleted : vToolbarUpdater18.4.0
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Avg_Update_0215tb
Folder Deleted : C:\ProgramData\Avg_Update_0415tb
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Pauline\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Pauline\AppData\Local\AskPartnerNetwork
File Deleted : C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : 0215tbUpdateInfo
Task Deleted : 0415tbUpdateInfo
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
 
-\\ Google Chrome v43.0.2357.65
 
[C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [3686 bytes] - [30/05/2015 20:02:33]
AdwCleaner[S0].txt - [3635 bytes] - [30/05/2015 20:09:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3694  bytes] ##########
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by Pauline (administrator) on PAULINE-PC on 30-05-2015 20:25:06
Running from C:\Users\Pauline\Desktop
Loaded Profiles: Pauline (Available Profiles: Pauline)
Platform: Microsoft Windows 7 Starter  (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics) C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9734760 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1807240 2010-08-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKU\S-1-5-21-4159039374-4143841151-2063890905-1000\...\Run: [Facebook Update] => C:\Users\Pauline\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-12-14] (Facebook Inc.)
HKU\S-1-5-21-4159039374-4143841151-2063890905-1000\...\Run: [MyTomTomSA.exe] => C:\Program Files\MyTomTom 3\MyTomTomSA.exe [451656 2013-01-07] (TomTom)
HKU\S-1-5-21-4159039374-4143841151-2063890905-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4159039374-4143841151-2063890905-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\WLXPGSS.SCR [302448 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2015-05-25] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-4159039374-4143841151-2063890905-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKU\S-1-5-21-4159039374-4143841151-2063890905-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-12-1512:09:48&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-11-08] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-08-23] ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-11-08] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-11-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin HKU\S-1-5-21-4159039374-4143841151-2063890905-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Pauline\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
 
Chrome: 
=======
CHR Profile: C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-26]
CHR Extension: (AdBlock) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-26]
CHR Extension: (Bookmark Manager) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-05]
CHR Extension: (Google Wallet) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-26]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2057560 2010-06-01] (Symantec Corporation)
S3 Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [131888 2010-08-09] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [94208 2010-08-10] (ELAN Microelectronics Corp.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-30 20:25 - 2015-05-30 20:27 - 00012411 _____ () C:\Users\Pauline\Desktop\FRST.txt
2015-05-30 20:24 - 2015-05-30 20:24 - 00000000 ____D () C:\Users\Pauline\Desktop\FRST-OlderVersion
2015-05-30 20:02 - 2015-05-30 20:09 - 00000000 ____D () C:\AdwCleaner
2015-05-30 19:59 - 2015-05-30 19:59 - 02223104 _____ () C:\Users\Pauline\Desktop\AdwCleaner.exe
2015-05-30 19:49 - 2015-05-30 19:49 - 00002117 _____ () C:\Users\Pauline\Desktop\Microsoft Security Essentials.lnk
2015-05-30 19:41 - 2015-05-30 19:41 - 00002154 _____ () C:\windows\epplauncher.mif
2015-05-30 19:39 - 2015-05-30 19:39 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-30 19:37 - 2015-05-30 19:39 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-30 19:36 - 2010-04-09 08:24 - 00240008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2015-05-30 19:24 - 2015-05-30 19:24 - 11588952 _____ (Microsoft Corporation) C:\Users\Pauline\Downloads\mseinstall (2).exe
2015-05-30 19:23 - 2015-05-30 19:23 - 11588952 _____ (Microsoft Corporation) C:\Users\Pauline\Downloads\mseinstall (1).exe
2015-05-30 19:22 - 2015-05-30 19:22 - 11588952 _____ (Microsoft Corporation) C:\Users\Pauline\Downloads\mseinstall.exe
2015-05-30 19:03 - 2015-05-30 19:03 - 00000000 _____ () C:\Users\Pauline\AppData\Local\{F19B960E-230B-43A9-A4B7-07D5DACA94B5}
2015-05-30 18:59 - 2015-05-30 19:01 - 00255198 _____ () C:\Users\Pauline\Downloads\avgremover.log
2015-05-30 18:58 - 2015-05-30 18:58 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Pauline\Downloads\avg_remover_stf_x86_2015_5501 (1).exe
2015-05-30 18:57 - 2015-05-30 18:58 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Pauline\Downloads\avg_remover_stf_x86_2015_5501.exe
2015-05-25 20:19 - 2015-05-25 20:19 - 00000000 ____D () C:\windows\system32\SPReview
2015-05-24 18:25 - 2015-05-30 20:24 - 01147392 _____ (Farbar) C:\Users\Pauline\Desktop\FRST.exe
2015-05-24 17:59 - 2015-05-24 17:59 - 00001417 _____ () C:\Users\Pauline\Desktop\Internet Explorer.lnk
2015-05-24 17:42 - 2015-05-30 20:25 - 00000000 ____D () C:\FRST
2015-05-24 12:24 - 2015-05-24 12:24 - 06420480 _____ () C:\Program Files\GUTAF82.tmp
2015-05-24 12:24 - 2015-05-24 12:24 - 00000000 ____D () C:\Program Files\GUMAF52.tmp
2015-05-24 11:46 - 2015-05-30 20:16 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-24 11:36 - 2015-05-24 11:36 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-24 11:35 - 2015-05-24 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-24 11:35 - 2015-05-24 11:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-24 11:35 - 2015-05-24 11:35 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-24 11:35 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-05-24 11:35 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-05-24 11:35 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-05-24 11:30 - 2015-05-24 11:31 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Pauline\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-13 14:35 - 2015-03-19 03:57 - 03963320 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-05-13 14:35 - 2015-03-19 03:57 - 03908024 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-12 13:35 - 2015-05-30 20:11 - 00000896 _____ () C:\windows\setupact.log
2015-05-12 13:35 - 2015-05-12 13:35 - 00000000 _____ () C:\windows\setuperr.log
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-30 20:26 - 2010-09-01 10:41 - 01694614 _____ () C:\windows\WindowsUpdate.log
2015-05-30 20:24 - 2011-10-27 17:07 - 00000000 ____D () C:\Users\Pauline\AppData\Roaming\Skype
2015-05-30 20:13 - 2011-09-24 11:49 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-30 20:11 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-30 20:09 - 2009-07-14 05:34 - 00014400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-30 20:09 - 2009-07-14 05:34 - 00014400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-30 19:57 - 2011-05-20 12:19 - 00000000 ____D () C:\Users\Pauline\AppData\Local\VirtualStore
2015-05-30 19:54 - 2012-04-14 12:25 - 00000000 ____D () C:\Users\Pauline\AppData\Local\CrashDumps
2015-05-30 19:50 - 2012-08-04 22:09 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-30 19:45 - 2011-09-24 11:49 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-30 19:05 - 2014-12-15 13:06 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2015-05-30 19:05 - 2011-06-01 11:25 - 00322832 _____ () C:\windows\PFRO.log
2015-05-30 18:50 - 2012-12-14 10:45 - 00000936 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4159039374-4143841151-2063890905-1000UA.job
2015-05-30 18:22 - 2009-07-14 05:53 - 00032608 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-05-25 13:26 - 2011-08-23 08:49 - 00000000 ____D () C:\Users\Pauline\AppData\Roaming\SoftGrid Client
2015-05-25 09:50 - 2012-12-14 10:45 - 00000914 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4159039374-4143841151-2063890905-1000Core.job
2015-05-24 22:51 - 2014-12-26 15:00 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-24 17:36 - 2009-07-26 21:06 - 00005372 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-24 13:16 - 2010-09-01 10:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-24 11:34 - 2013-08-26 13:05 - 00000000 ____D () C:\windows\system32\MRT
2015-05-24 11:26 - 2012-04-01 14:52 - 137310008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-24 11:24 - 2011-10-29 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2015-05-24 12:24 - 2015-05-24 12:24 - 6420480 _____ () C:\Program Files\GUTAF82.tmp
2015-05-30 19:03 - 2015-05-30 19:03 - 0000000 _____ () C:\Users\Pauline\AppData\Local\{F19B960E-230B-43A9-A4B7-07D5DACA94B5}
2011-10-30 18:24 - 2011-10-30 18:24 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-05-20 12:24 - 2010-01-16 07:18 - 0131368 _____ () C:\ProgramData\FullRemove.exe
 
Some files in TEMP:
====================
C:\Users\Pauline\AppData\Local\Temp\Quarantine.exe
C:\Users\Pauline\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-25 14:52
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by Pauline at 2015-05-30 20:29:18
Running from C:\Users\Pauline\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4159039374-4143841151-2063890905-500 - Administrator - Disabled)
Guest (S-1-5-21-4159039374-4143841151-2063890905-501 - Limited - Disabled)
Pauline (S-1-5-21-4159039374-4143841151-2063890905-1000 - Administrator - Enabled) => C:\Users\Pauline
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.5.0621 - Atheros)
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
BatteryLifeExtender (HKLM\...\{E308B555-8434-4AF8-B66F-729897C75F93}) (Version: 1.0.6 - Samsung)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.44 - Broadcom Corporation)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Easy Content Share (HKLM\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{559D1FDB-6D5C-4EF3-8F63-5E1E93A0A244}) (Version: 4.4.1 - Samsung)
Easy Resolution Manager (HKLM\...\{18AA278D-E0B9-4F99-ACCC-070978A38453}) (Version: 1.0.9 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.15 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM\...\{C4582EED-A3FB-4358-8F3F-8C994460DF28}) (Version: 1.0.3 - Samsung)
ETDWare PS/2-X86 8.0.7.0_WHQL (HKLM\...\Elantech) (Version: 8.0.7.0 - ELAN Microelectronic Corp.)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fast Start (HKLM\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.0 - SAMSUNG)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2567 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.24.27.3 - Marvell)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Color Enhancer (HKLM\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyTomTom 3.2.0.906 (HKLM\...\MyTomTom) (Version: 3.2.0.906 - TomTom)
Norton Online Backup (HKLM\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6210 - Realtek Semiconductor Corp.)
REALTEK PCIE Wireless LAN Software (HKLM\...\{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}) (Version: 0136.10.0325 - REALTEK Semiconductor Corp.)
Samsung AnyWeb Print (HKLM\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.19.0 - Samsung Electronics Co., Ltd.)
Samsung AnyWeb Print (Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 5 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.7 - Samsung)
Samsung Support Center 1.0 (HKLM\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung)
Samsung Universal Print Driver (HKLM\...\Samsung Universal Print Driver) (Version: 2.01.06.00:16 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM\...\Samsung Universal Scan Driver) (Version: 1.2.1.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
SamsungMovie (HKLM\...\{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}) (Version: 1.0.0 - Samsung)
Search App by Ask (HKLM\...\{4F524A2D-5350-4500-76A7-A758B70C1C01}) (Version: 12.28.1.169 - APN, LLC) <==== ATTENTION
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SRS Premium Sound Control Panel (HKLM\...\{2998191E-A35E-47E2-BE38-7702C731D722}) (Version: 1.09.0800 - SRS Labs, Inc.)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Pauline\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Pauline\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Pauline\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Pauline\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-4159039374-4143841151-2063890905-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
 
==================== Restore Points =========================
 
25-05-2015 20:19:19 Windows 7 Service Pack 1
30-05-2015 18:36:24 Removed AVG 2015
30-05-2015 18:48:26 Removed AVG 2015
30-05-2015 19:34:59 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0F7C6557-9534-4387-9BFD-8B0EACD83A83} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-08-12] (Samsung Electronics. Co. Ltd.)
Task: {15113DEC-561A-4661-BAC5-55254FA6CB85} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {21FC7199-52C8-4978-8FF4-9DCFBD8AB1B4} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: {2CFAA9E4-A2C0-49BD-8FB3-0460E1FFB35F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-27] (Adobe Systems Incorporated)
Task: {41D7A7DB-203A-48FF-9A25-55DB1396E9FF} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-08-04] (Samsung Electronics Co., Ltd.)
Task: {4EE15C26-57BC-488B-8829-CB292841A678} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4159039374-4143841151-2063890905-1000Core => C:\Users\Pauline\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-14] (Facebook Inc.)
Task: {4F53B153-2367-4521-A63E-45F66E7E0FD6} - System32\Tasks\IdlePowerSave => C:\windows\Idle\DetectIdleTask.exe [2010-07-31] (TODO: <회사 이름>)
Task: {5261843A-7BA8-4F8D-9225-E46A40C3F5D4} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {68F74B5D-E2E3-4E68-9918-FBA6E97269F7} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel.exe [2010-10-20] (SRS Labs, Inc.)
Task: {7F9563F4-4216-4493-82BA-904FC0E41DFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)
Task: {8759126A-AA8F-4660-965B-71AD14C84AEA} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {9D43B69A-DD6F-4138-BDD2-A5115ADDF4B7} - System32\Tasks\EasySpeedUpManager => C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-08-05] (Samsung Electronics)
Task: {A6BB62DF-2A30-4F2B-B50D-5087CBF6DB12} - System32\Tasks\MovieColorEnhancer => C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-08-19] (Samsung Electronics Co., Ltd.)
Task: {ACB33BFB-B6B3-4650-BBB5-48B193AE237E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)
Task: {B038BB4E-0A54-43F3-979E-88B51D3E6DC5} - System32\Tasks\advSRS5 => C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-08-11] (SEC)
Task: {EE0F492B-35BD-4869-86B9-796C0C5E4570} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4159039374-4143841151-2063890905-1000UA => C:\Users\Pauline\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-14] (Facebook Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4159039374-4143841151-2063890905-1000Core.job => C:\Users\Pauline\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4159039374-4143841151-2063890905-1000UA.job => C:\Users\Pauline\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-05-20 12:20 - 2008-06-05 00:53 - 00026624 _____ () C:\windows\System32\spd__l.dll
2010-09-01 10:58 - 2010-07-05 11:42 - 00203776 _____ () C:\Program Files\Samsung\Movie Color Enhancer\WinCRT.dll
2011-05-20 12:21 - 2010-04-21 00:45 - 00552960 _____ () C:\windows\system32\SnMinDrv.dll
2010-09-01 11:00 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2010-09-01 11:03 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files\Samsung\Samsung Recovery Solution 5\Resdll.dll
2015-01-09 16:19 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-01-09 16:19 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4159039374-4143841151-2063890905-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3C3FA724-429F-42B7-B5D6-340F78FD1621}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{7037BD4B-5A7B-4ECD-94EB-BC40FA8782FF}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{3C6EBC82-7526-4F04-840F-1D016CC690F5}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{0BA2CBFF-7A81-4583-A2F4-C95536986380}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{162D79BC-5379-4044-AA2E-CB4146EAE6C9}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{E6E7E1B7-84E8-4B8C-B86C-71EA2F7EE6CA}] => (Allow) C:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{DB8391A1-498B-4C89-AC1C-B1AC42868EF2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D1D8A16A-EC34-4984-9EC6-4BAD6D543EB4}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5845B66B-9485-4F94-97C8-F936FDF57B8C}] => (Allow) svchost.exe
FirewallRules: [{86ADB87E-D9A4-43AC-92F7-D5ECDF50941E}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{63805108-E718-4265-81E8-5603691EEA36}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{60A2FF9D-97D2-477C-BC5B-ADFB6EBC7F5F}] => (Allow) LPort=2869
FirewallRules: [{53E1FBD5-238A-40DB-97A9-5BF37C77B2A1}] => (Allow) LPort=1900
FirewallRules: [{F0DB8A50-E24A-4B9E-9CFF-A07CB027B539}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{420913B4-4D39-4EA8-92E2-CB8C7BCD0DFA}] => (Allow) C:\Users\Pauline\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{B5A8D581-6F6A-4DEB-AD4C-4BF1A9A07776}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/30/2015 07:54:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 43.0.2357.65, time stamp: 0x5552c066
Faulting module name: YCWebCameraSource.ax, version: 2.0.10175.3910, time stamp: 0x4b9715b8
Exception code: 0xc0000005
Fault offset: 0x0000c9d8
Faulting process id: 0xe8c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (05/30/2015 07:01:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avg_remover_stf_x86_2015_5501.exe, version: 15.0.0.5501, time stamp: 0x540cb94a
Faulting module name: avg_remover_stf_x86_2015_5501.exe, version: 15.0.0.5501, time stamp: 0x540cb94a
Exception code: 0x40000015
Fault offset: 0x001d0c5e
Faulting process id: 0x14fc
Faulting application start time: 0xavg_remover_stf_x86_2015_5501.exe0
Faulting application path: avg_remover_stf_x86_2015_5501.exe1
Faulting module path: avg_remover_stf_x86_2015_5501.exe2
Report Id: avg_remover_stf_x86_2015_5501.exe3
 
Error: (05/30/2015 06:48:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.
 
System Error:
The system cannot find the file specified.
.
 
Error: (05/25/2015 05:09:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 43.0.2357.65, time stamp: 0x5552c066
Faulting module name: YCWebCameraSource.ax, version: 2.0.10175.3910, time stamp: 0x4b9715b8
Exception code: 0xc0000005
Fault offset: 0x0000c9d8
Faulting process id: 0x520
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (05/25/2015 02:56:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/25/2015 02:56:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/25/2015 02:55:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/25/2015 02:53:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/25/2015 10:08:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/25/2015 10:07:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (05/30/2015 08:22:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (05/30/2015 08:19:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (05/30/2015 08:16:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
 
Error: (05/30/2015 08:15:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (05/30/2015 08:13:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (05/30/2015 08:11:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WtuSystemSupport service failed to start due to the following error: 
%%2
 
Error: (05/30/2015 08:10:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error: 
%%1069
 
Error: (05/30/2015 08:10:27 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (05/30/2015 08:10:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (05/30/2015 08:09:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
Microsoft Office:
=========================
Error: (05/30/2015 07:54:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe43.0.2357.655552c066YCWebCameraSource.ax2.0.10175.39104b9715b8c00000050000c9d8e8c01d09b0965c3ca20C:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax43e6c0a4-06fd-11e5-923a-002454eb069d
 
Error: (05/30/2015 07:01:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avg_remover_stf_x86_2015_5501.exe15.0.0.5501540cb94aavg_remover_stf_x86_2015_5501.exe15.0.0.5501540cb94a40000015001d0c5e14fc01d09b025e91f375C:\Users\Pauline\Downloads\avg_remover_stf_x86_2015_5501.exeC:\Users\Pauline\Downloads\avg_remover_stf_x86_2015_5501.exedc6311f8-06f5-11e5-91b6-002454eb069d
 
Error: (05/30/2015 06:48:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.
 
System Error:
The system cannot find the file specified.
 
Error: (05/25/2015 05:09:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe43.0.2357.655552c066YCWebCameraSource.ax2.0.10175.39104b9715b8c00000050000c9d852001d09702e6377571C:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax6c427674-02f8-11e5-85ce-002454eb069d
 
Error: (05/25/2015 02:56:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest
 
Error: (05/25/2015 02:56:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest
 
Error: (05/25/2015 02:55:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest
 
Error: (05/25/2015 02:53:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\easy display manager\RunGfxUI64.exe
 
Error: (05/25/2015 10:08:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\samsung\easy display manager\RunGfxUI64.exe
 
Error: (05/25/2015 10:07:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest
 
 
==================== Memory info =========================== 
 
Processor: Intel® Atom™ CPU N450 @ 1.66GHz
Percentage of memory in use: 74%
Total physical RAM: 1013.3 MB
Available physical RAM: 254.7 MB
Total Pagefile: 2037.3 MB
Available Pagefile: 377.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.16 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:88 GB) (Free:57.7 GB) NTFS
Drive d: () (Fixed) (Total:130.35 GB) (Free:130.22 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End of log ============================

 


  • 0

#5
BrianDrab
Posted 30 May 2015 - 01:54 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

As far as installing Linux vs. Windows I can't really comment as I'm not too familiar with Linux. Sorry about that.

 

Let's do a few more things.

 

Step#1 - JRT
1. Download Junkware Removal Tool to your desktop.
1. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
2. The tool will open and start scanning your system.
3. Please be patient as this can take a while to complete depending on your system's specifications.
4. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
5. Close the text file and reboot your machine.
6. Post the contents of JRT.txt into your next message.

 

Step#2 - Malwarebytes Scan

  • Open up Malwarebytes. Were going to do a scan a little different than you likely normally do.
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • ScanForRootkits.JPG
     
  • Click the Scan button at the top of the form and then click Start Scan button and let complete.
  • If malware was detected you can now click the Remove Selected Button. If no malware was detected you can skip the rest of these bullet items and go to the next step which is to retrieve the Malwarebytes log.
  • RemoveSelected.JPG
  • Once the malware is removed you may get a prompt asking you to reboot. Note: Please answer Yes.
  • Restart.JPG.

 
Step#3 - Retrieve Malwarebytes Log
1. Open up the Malwarebytes program again if it's not already. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Click on the most recent Scan Log as shown in the picture below.
ApplicationLog.JPG
 
5. The Scanning History Log screen will open. Click the Export button in the lower left and choose Copy to Clipboard. Paste the info into your next post (Right-click your mouse in the post and select Paste).
ScanningHistory.JPG

 

 

Step#4 - Security Check
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

 

Items for your next post

1. Junkware log

2. Malwarebytes log

3. Security Check log

 


  • 0

#6
peter plus
Posted 30 May 2015 - 04:34 PM

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 278 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.5 (05.30.2015:1)
OS: Windows 7 Starter x86
Ran by Pauline on 30/05/2015 at 22:01:22.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\windows\System32\tasks\EasySpeedUpManager
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81FA428925F22ACB3A965
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09F45BAFAAE1D7546ED4
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050B2E46B9C4B67A8F59577
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606D43BB064BD63CBD87E
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28C944FBC7579CF4949414
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3DC1468548785DC856EDA
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8D249B526503432F99D4
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4BA46856BF57969F6A36
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56C49B56F6B83E293C15
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927C4E9B7BC1D3FD1E49F
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327DC64C9A8B641A9E89646
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\windows\System32\shoCCAB.tmp
Successfully deleted: [File] C:\windows\System32\shoCF75.tmp
Successfully deleted: [File] C:\Users\Pauline\appdata\local\google\chrome\user data\default\local storage\http_st.chatango.com_0.localstorage
Successfully deleted: [File] C:\Users\Pauline\appdata\local\google\chrome\user data\default\local storage\http_st.chatango.com_0.localstorage-journal
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{062AF536-FB89-4A75-ACCB-44519012BFF5}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{0714EC56-C697-41AC-B030-814AE6C566DE}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{071C5C53-0B42-401F-9ADF-2F67FC8657A7}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{08B9F46B-234E-453C-A661-18B113F9514A}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{09BACC44-1BF1-4849-86D4-F522F1B67D00}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{0B5F6F40-05F2-447C-8D85-CFE6DB30C454}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{0DF9E91F-058D-4DB5-9590-E5BCD1B72F4D}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{0E358835-044A-4A42-8041-B68896599BB1}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{0E6116E5-E37F-4B80-80B2-4D058955A714}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{0E77D465-EC64-4FD0-8429-9C18625C9AA1}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{1126F99E-3FFF-4644-A9F8-029C7E69BC5E}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{1189C127-B5A9-4B0F-98A9-432E0390D0C3}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{120832DE-AA8B-45C8-9458-578AB2B90652}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{124995CE-50A3-4C7D-AB38-23B5F0658054}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{15B43504-7F33-4431-A64B-6C3445A1C867}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{179A746E-FE0F-4CDC-BBD2-96EC10965386}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{17B1C44D-5BF3-4FBB-82C3-6F1AA60BBC86}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{18407B58-38FC-49D7-AA07-2151D0109DE3}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{1866FDF9-5540-4CED-82B8-7C0CFC880B8B}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{18FBABE1-EDF3-467C-BF4B-541B52EFFFAC}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{1A569D65-EDEA-4D5B-87E7-20242FB194D9}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{1AF3A1AA-FE4E-440B-89BB-26764EFE95A9}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{1DA9EA6F-1B2B-4414-8A0B-B5EB48D88BBC}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{1DE9D3D8-3949-415A-9A43-10D20F2AB09D}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{1EDBE048-9EC5-44AF-BA91-623F49B291F9}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{216EFA4F-6D19-4E36-A75F-988D647355E6}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{236C5429-D830-40C0-9C8B-5A69C0AF25E8}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{240F6581-857C-4D69-B2D7-0C1FCC4F2A04}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{266B18DD-D209-4C00-A396-3173B1A6876F}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{26C0254E-A1F9-4B7B-82BF-D807A5959527}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{2713CB4B-E2D0-4F34-822F-F6C7A1AC9DA8}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{275358D0-2C39-42DB-BFE9-8784D24C996B}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{291D9699-5D8E-4156-A41E-30B1457B2424}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{2A95368B-9A8C-4D5C-B9A3-551D0DBEA9FC}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{2C8D0696-D890-4E59-AA3B-3AA32FF3F698}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{2CF20C3D-1762-42E1-A42D-8721F42FAFBF}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{2D5200E5-F153-4655-84C5-90B08A36476F}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{2D8C7363-ED6B-48CE-99CD-9E00D8E1A626}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{2E246769-1B38-49DA-8D18-A67622236F3D}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{2EE2147C-675B-468D-B84D-074A2565CC47}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{30148D4F-E386-4186-910C-1E9F536AE047}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{326F8C77-E4F5-4444-A426-DED39711402F}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{3336FAAD-B1A8-4DC8-A88B-5C40E60EECF0}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{36F83F98-8F9B-45A6-8CC9-99660BF85D5F}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{3768CC42-0A6C-4D89-8FB2-6F3BE6D5D0F1}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{380952B3-DBD3-46CD-BA7C-4EC1412E27B8}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{385E1573-2E15-4975-8E8B-0C33A4FC5059}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{38F7496C-7D90-4CF7-A859-862E9BCD1329}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{3921CA25-C0CA-464E-81FB-1C0D3E4B83ED}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{3A05E2AF-5171-43B1-983B-F10C7A9FE17B}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{3BC736F8-FE22-4D05-9A1D-2D14F356A979}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{3D121F8C-8EF6-43B4-922E-A98955830B36}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{3D6EDB13-C11A-4128-89EB-8CCD8F887662}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{3E0655D6-95E3-426D-B83E-4F85AD185FE2}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{41061780-16AC-46DB-8EA4-F95AD515054A}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{41DAF4BE-7BF3-4A2F-89C4-536731DCB751}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{42368281-C294-4C03-B8F5-47FB6F65D526}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{43CBE396-68B4-4F80-A432-7C3DE5CE1205}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{43E8486F-A707-4D13-A080-071CA085BD40}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{44B7A2D9-4C69-4E49-B82D-D168D9BD5EC1}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{456C9C09-383E-4164-8B1B-9DEF1C3E9BB6}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{4683A5F7-3B1C-4300-911A-75E24780D052}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{46AC8E6E-34E1-4CCA-BBC9-5A8DD3B4F0B0}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{46D49FAC-0CB4-432E-B130-BAEAAEA8419C}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{47B210BA-7F60-4D08-8862-8991A1A74EAC}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{492CED24-6DDE-4C40-B081-F7998D957BF9}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{497052B6-5037-4F70-8951-7D4AC73AF6CC}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{49BC9F11-DEAB-49A8-B8D8-18D9FB256D22}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{4A23417A-DE71-42FE-AEE0-AF30D6FC4EE4}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{4BB9B0B6-00F7-456C-A2C3-375677645A05}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{4C75D17C-275C-4EA2-A03A-F9A3DECAC19E}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{4D5F4066-90D1-4DDF-9B65-10F0628DCBB8}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{4E8EEA2B-0DB3-46A7-91BB-75FBA6BFD9F7}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{4F2B12CB-A8C8-4E42-8F3C-9C2A427C0ED5}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{4F3B9EE3-359F-46A1-A639-5CE077A5A148}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{51145684-1CE6-47F9-8347-B9C1394957DA}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{51E98AB2-9B9C-41EC-9C80-2C1A40E360BF}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{52B696F9-E36F-4456-8B0E-694801A196C4}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{530CBE92-07CD-4EF9-A8E5-5AC2427FC843}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{539D6E6F-2EF6-43FF-A942-B0AF2621D788}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{544AE3AA-FA0E-443A-AF06-79799E4994C4}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{55B85FBD-FDDB-4194-82C8-30AC8090805F}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{55F55D32-A465-462D-8162-A11A8DE5516E}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{56FFCB2E-F637-40AC-882D-55E83A2E59BA}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{57980E04-3667-44EA-8331-B39A4507C6E4}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{582CCE98-97FE-483A-A9DD-A66D3E8CC54A}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{59487C02-E8BF-4A2B-A341-144E779026E6}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{59DFA009-C56E-4DF3-8635-4169B9F6EB90}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{59FD251E-75E9-4F7F-9587-B36E1D75A940}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{5A1D68B9-A896-4F07-8386-F181E1512E96}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{5AE6B449-4D78-4F79-BA7A-FF303E9FB7DB}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{5D91EC91-EBCC-4E46-A603-B3437A2915FF}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{5DDE78ED-ED66-48A7-85FB-F9196C945DD6}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{5EBB4694-432B-4F62-AE6C-F446BB6D2851}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{5F3D09AF-057C-47B3-9EB4-4A3D745D69E6}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{61865D65-9E54-4BC3-B1D9-47016C0726B3}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{638A2DDE-41E4-4E8C-9867-4BA9000297E4}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{63943671-F748-4535-8A8B-63301E5D05DF}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{65D4E54F-5213-450D-88B1-AFBAD3B9D256}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{67A5530B-9198-48F2-9ABE-622EB23C57B2}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{6AD05565-2CB2-4B86-91EB-049F41B983C3}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{6B5D35FC-91A4-40DD-AC37-3BDC8103C7E5}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{6B942448-A67B-4F7D-BC6A-B3C7F0BBC956}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{6CEF986A-7985-4B4B-AE73-B8BA8FD5AF55}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{6E13B936-701F-4D6D-8ED6-B48E9C5B9F61}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{6EA5267B-9E56-42B7-939A-0DFD446F4A8E}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{6EAB9BDA-61D0-410A-97C1-4E027499B153}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{6F359062-A584-40EF-AF72-C37304D3C4D5}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{6F600865-EEF4-4485-9961-DF0F8047D7FC}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{6FEADBCF-46C4-4591-ADEE-FEF4212C55EB}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{7019FEBF-D6E9-42C8-B4CA-9A348B93AF69}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{705C5675-705F-4DA9-A2DB-8126A948F447}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{70B4CBFC-E1A1-4E78-A0DE-8C8977127FD5}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{72276477-45DC-4B3B-A5B1-3BC263A3DC88}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{72281B7A-EB6A-45B8-A650-2849B3E9CEC7}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{72D7BB66-004A-43CF-9765-B8C9EAAB8622}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{7383B1F2-ED03-4818-9C72-C51A62738001}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{73AF8EC3-CE5A-4FDC-8501-17EEC92AB713}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{741F7147-71AD-4663-A51F-1B964FA0773E}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{74DA0AC2-7CAC-4D7D-B2A1-1AB25C840595}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{752DE2E6-62D3-4C83-8BBB-1ABB5DE22906}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{7552BB08-958B-4C06-9249-D796AAB468C1}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{777DAC8B-D5B7-4ABE-8DC3-766F7B6673EB}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{77E0407C-22F7-4632-A8A6-42D2FF40C879}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{79FC85E8-AB73-42E0-967E-9590D1C59A2E}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{7A8FA0C1-4B40-4C59-AFD4-7B5BBADB9012}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{7B67058C-35BF-4FC5-96DB-F67DFB5040B8}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{7B68BB71-BAAC-4084-BFE1-63002E6E9984}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{7E83ED82-3E3F-4227-A0B2-B204C785AD65}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{7FB2214C-D84D-4628-B6C5-EEE7E016C56A}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{85F4E018-8F12-40EA-A451-88A1BAF857FE}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{8A42F3E6-0FFA-4472-A4C1-97CE3B62FC7E}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{8AB20275-FDD7-4787-B81D-241E1DC1B224}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{8D32D019-6730-40EF-BFC2-044AAF3DC6C3}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{8D8C2E81-5817-4D01-9F1D-18C162A3CACE}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{8EBB90C1-94C0-4368-825A-1EF7F5C29E1E}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{90AC68B1-468A-4BF5-ABD9-A5F97F037B1D}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{90DE5F7B-1CE9-4F17-9690-759C15BDA350}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{91EBC009-A8A9-4438-B47D-7100BB4E215A}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{939811EC-83D3-4D8D-A270-775B03C515BF}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{93DC05BB-4088-4D43-BFF8-51DC18B4F16C}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{96BB1F60-19C5-488F-AFC8-D61312352DED}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{9A31C2FE-C229-42FA-BF43-2B5880729143}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{9C309BFE-42B0-4479-9C66-0309CCD95B6F}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{9D201EDA-F120-41DC-A201-CD2D6B104D69}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{9F982651-F730-445B-8512-A88DF4712414}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{9FD38A0E-31ED-4EB7-AFA6-EA0CDB29D7A6}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{A0803167-B4EB-4596-9F09-95F0F58D9810}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{A094C255-3D66-4875-A087-A5F1A2C85DD1}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{A33059CA-A55A-4514-8D37-486429E47A21}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{A374D4DE-36AA-449C-96C3-DC5C32FD716F}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{A4B59E69-0763-4030-9439-777991791CAF}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{A7081331-0A55-4FC2-893E-48E7973D8AB7}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{A7D54B29-D163-4DD5-B748-DC4DD255782C}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{A7F6B0E7-8F70-4D99-A254-7E10A69E7541}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{AA1A3595-EE61-4F49-81FD-E1A160A68203}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{ADDE1EA4-94A4-4867-811B-EB6570DA7B59}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{B146002D-5F80-48BE-9160-7E100148BA4E}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{B29D4BB8-B2FC-4D9F-A3D5-1E981CAA7449}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{B37E40C4-ECD5-4782-9F63-F760BA39DCBB}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{B44F9338-FA4C-4524-8BB6-A801C48C2BC2}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{B4B0BC8A-97FB-4915-8DA7-2F4D368DCFFD}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{B4EA0A8F-1524-4B52-8EB3-40CA68A2C87B}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{B652BAC5-38CD-4787-97BB-998A8D47225D}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{B8613162-4B4D-4748-AD38-B18B5284B38C}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{BAFAC34D-0CF5-45D0-9E09-715591385C75}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{BC1C501B-F2DF-482D-BD10-D1A29DDD8413}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{BD04FCAC-7E6D-4A1F-B125-7884D3A4E8A9}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{BD7F1890-1621-497F-920B-36C5083AACB8}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{C008A48C-2D8A-4059-A85C-7261081719F7}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{C02F8655-37B9-4002-8E3D-A15AC5716E36}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{C05B722A-9860-4278-8C5F-89497B70DE24}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{C073E0D6-2D49-45D2-A6D8-99A4223FB258}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{C2355AB2-99A1-4023-A4D4-6E3CFB253B59}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{C6E5A0BB-5134-4AD7-A769-022C9CB2D5BA}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{C78C2DB4-E6D2-4DC5-A3D5-7F13FDC5494C}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{C82C64C5-F44B-43EA-AA70-EB381FB823A4}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{CCC0DA69-8445-43A7-AC65-B227858DD40D}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{CEE08FB2-779F-49BF-B876-687E21E118A9}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{D05E8636-6C25-40E2-B938-FEDC15366229}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{D17446E8-39B4-4166-A7F6-CC8993615BDE}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{D1DA9F03-6473-4346-9524-5195B0D8E883}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{D31EC2FB-3023-4E95-84F6-662AFE259BF3}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{D4AC0433-A6F8-4909-90F5-3CD3B1F0C0C4}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{D5C976E8-6E9D-428F-896F-F8C6E0DCEDAB}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{D6DAF1CE-0812-4103-BDC9-78C1FFDA3D9B}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{D77F610B-073E-4993-A93C-C3FDEF1B6725}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{D796D9BC-8B1F-4899-ABEA-EF9FAC01D6D9}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{D7C158FD-F677-45BF-87D6-4AA21911AD06}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{D891DC31-62F3-43BC-A2A6-D5A12DDD36A8}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{DB48A200-C73C-4513-94F2-D1AE383E3AA8}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{DB9348AD-C306-4088-A2C0-70C90B13B28F}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{DBBBB1CC-556B-4E8C-BDAC-EDA79510AD0F}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{E1173CAF-C94E-420A-B120-CAA84B4CA525}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{E24471D9-5B66-43DF-8426-24391739B361}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{E277B3E5-FA71-4929-9F8F-233802653DB0}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{E45FF1D5-A3BB-4C5D-923C-930DA3DAEAF9}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{E495EE39-242F-4749-BA33-E037E67BF1C0}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{E49F8CFF-A6ED-419B-B193-409E9B7A91D0}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{E500C7C6-B3BC-4DE6-BF8D-B65716AF3023}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{E53B969E-9010-4337-A63D-EB47C7355586}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{E80135A9-D839-4C24-8364-B3FEAC8CAABD}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{E9368FD2-A424-40D6-A07D-B12073B37B2A}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{E989DC6C-E3A4-4C86-AAD8-3DD2F9D9C8B4}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{EEA4D47E-C06F-4DD3-AFDD-50433F78DCD8}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{EF777D1F-8E32-4183-97A4-F0B1717C6BE0}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{EFB8AD63-5965-4482-B252-F71896F56927}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{EFE41AE8-8362-44AC-A01F-3EC5ACE0F1BC}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{F0493A5F-D228-4476-BDE8-06CFEE2343CD}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{F0FDC088-5EA1-4DF4-87C5-2DC2BEFCF597}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{F183864B-17D9-4AD8-8DD5-46A7EBFED9CE}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{F40626E9-709B-4AC9-9224-CD73EC4E8AEF}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{F42B482B-D2FE-4669-85CB-A10CA12FF331}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{F4AB099C-8015-4472-ADBD-EF3DE9926BF6}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{F50823AE-22EB-4200-B67B-27DF2AC81649}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{F5F87097-8C73-46FC-B151-020F4BE0822E}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{F6D427FF-DCED-44A3-BFA7-AEB02A46234B}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{F89E81A3-AD0D-482E-8317-E604C7AD3D8D}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{F9FDD3A3-B83E-4DFF-B958-877C29A084BA}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{FA59935A-8D89-48FE-BB26-19AE0E34D325}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{FAF659C7-F41D-4B36-A1EC-C2BFE2A9DC79}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{FB4400FC-8B38-4193-8AD0-41E772432989}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{FBF0A643-3FAD-4F71-A8F5-CBB058F80392}
Successfully deleted: [Empty Folder] C:\Users\Pauline\appdata\local\{FEFA42D6-B4B0-4B79-9A0E-FE2AE5F9ECB9}
Successfully deleted: [Folder] C:\Program Files\avg web tuneup
Successfully deleted: [Folder] C:\ProgramData\avg web tuneup
Successfully deleted: [Folder] C:\Users\Pauline\appdata\locallow\avg web tuneup
Successfully deleted: [Folder] C:\Users\Pauline\local settings\application data\avg web tuneup
 
 
 
~~~ Chrome
 
 
[C:\Users\Pauline\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Pauline\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Pauline\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Pauline\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/05/2015 at 22:08:51.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 30/05/2015
Scan Time: 22:23:42
Logfile: 
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.30.05
Rootkit Database: v2015.05.24.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x86
File System: NTFS
User: Pauline
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 301444
Time Elapsed: 40 min, 58 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
Trojan.Zekos.Patched732SP0, C:\Windows\System32\rpcss.dll, Replace-on-Reboot, [b82cd39e336973359d7c9bf911e8e84f], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 Results of screen317's Security Check version 1.002  
 Windows 7  x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 AVG Web TuneUp   
 Java 7 Update 71  
 Java version 32-bit out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome (42.0.2311.135) 
 Google Chrome (43.0.2357.65) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 

  • 0

#7
BrianDrab
Posted 30 May 2015 - 04:44 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

You were right to suspect malware. You had a Trojan on your machine.

 

As a result we should do a few more things.

 

Is there a reason that you don't have Service Pack 1 for Window 7 installed?

 

Please do the following.

 

Step#1 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here. This scan can take hours to run but is necessary to ensure we don't miss anything. Plan accordingly.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 

Step#2 - File Identification
1. Run FRST by Right-Clicking on the file and choosing Run as administrator.
2. Type rpcss.dll into the Search box of the FRST window.
3. Click the Search Files button.
4. When the search is done it will open a notepad window with the results. Can you copy/paste the contents of this window into your next post? 
 

 

Items for your next post

1. Let me know about Windows 7 SP1
2. Contents of the ESET log file

3. FRST File Search results

 


  • 0

#8
peter plus
Posted 31 May 2015 - 06:44 AM

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 278 posts
Windows tries to install Service Pack but gets to about 30% and then says Failed to install.  
 
 
 
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe.vir a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\VNT\vntldr.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Pauline\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Pauline\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Pauline\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
 
 
Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by Pauline at 2015-05-31 13:37:19
Running from C:\Users\Pauline\Desktop
Boot Mode: Normal
 
================== Search Files: "rpcss.dll" =============
 
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[2011-07-09 12:47][2010-11-20 13:21] 0376832 ____A (Microsoft Corporation) 7660F01D3B38ACA1747E397D21D790AF [File is signed]
 
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
[2009-07-14 00:45][2009-07-14 02:16] 0376832 ____A (Microsoft Corporation) 7660F01D3B38ACA1747E397D21D790AF [File is signed]
 
C:\Windows\System32\rpcss.dll
[2009-07-14 00:45][2009-07-14 02:16] 0376832 ____A (Microsoft Corporation) 7660F01D3B38ACA1747E397D21D790AF [File is signed]
 
====== End of Search ======

  • 0

#9
BrianDrab
Posted 31 May 2015 - 07:21 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Let's get a couple of your programs updated that are vulnerable and then let's fix your Windows Update issues.

 

Step#1 - Keep Adobe Reader Updated
1. Uninstall Adobe Reader. Click here for instructions on how to uninstall a program.
2. Install the newest version from this website.
Note: Make sure to uncheck the Optional Offer (i.e. Google Chrome, Google Toolbar) unless you really want it.
NOTE: You should disable JavaScript in the program as this is a highly exploitable method for the bad guys to get in your machine. Follow these instructions to disable it in Adobe Reader.
1. Open Adobe Reader
2. Select Edit from the menu and select Preferences
3. Click on JavaScript in the left column and uncheck Enable Acrobat JavaScript.
4. Click OK and close the program.
NOTE: Many installers, including Adobe Reader, offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

 

Step#2 - Keeping Java Updated
WARNING: Java is one of the most exploited programs at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to disable Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.
 
1. Go to this page to download the latest version of Java SE Runtime Environment JRE 8 Update 45.
2. When you click this link you will need to click the "Accept License Agreement" radio button and then click on the "Windows x86 Offline" installer link. You will notice that there is also a Windows x64 link option, however even if you are using a 64-bit operating system, it's very likely you aren't running a 64-bit browser and should only download the "Windows x86 Offline" installer. To determine if you are using a 64-bit browser you can follow these instructions. If you find that you ARE using a 64-bit browser then you can download the "Windows x64" one.
8u45.JPG
 
3. Once you click on the appropriate link, please download this to your Desktop like we have with all of our tools.
4. Close any programs you may have running - especially your web browser.
5. Now we need to uninstall all versions of Java that are currently on your machine before we install the newest version. Go to Add/Remove programs (instructions are here) and uninstall any item that appears in the list that has the following as part of the name: Java 7 Update 71
6. Reboot your computer once all Java components are removed.
7. Then from your desktop, right click on the file that was downloaded (jre-8u45-windows-i586.exe or jre-8u45-windows-x64.exe) and select Run as an Administrator to install the latest version. Accept all the defaults and you're good to go.
Note: Java has been notorious for installing foistware (software downloaded without the users knowledge). If you follow the instructions I provided no foistware will be installed but that doesn't mean it won't in the future. While performing the install of this software or any software for that matter, pay attention to each screen and ensure you uncheck any extra software that you don't want installed (i.e. Ask Toolbar, Chrome Browser, etc.).

 

Step#3 - Provide Logs

Please provide the following two logs. You should copy these files to your desktop and then zip/attach them.

C:\Windows\Logs\CBS\CBS.log

C:\windows\inf\setupapi.dev.log

 


  • 0

#10
peter plus
Posted 31 May 2015 - 08:55 AM

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 278 posts

CBS Log attached

setupapi log is too large.

Not sure how to zip it up

Attached Files

  • Attached File  CBS.log   90.61KB   244 downloads

  • 0

Advertisements

#11
BrianDrab
Posted 31 May 2015 - 08:59 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

After you copy the setupapi.dev.log file to your desktop you can right-click on the file and choose Send To...Compressed (zipped) folder. It will create a file named setupapi.dev.zip. If the file is still too large to attach here you can upload to SendSpace and then just provide the link.


  • 0

#12
peter plus
Posted 31 May 2015 - 09:25 AM

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 278 posts

Other log attached

Attached Files


  • 0

#13
BrianDrab
Posted 31 May 2015 - 09:33 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Perfect, thanks. Please do the following.
 
Step#1 - SFCFix Script
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  • Download SFCFix.exe (by niemiro) and save this to your Desktop. If you still have this on your desktop from downloading previously, you don't need to re-download.
  • Download the file below, SFCFix.zip, and save this to your Desktop. Ensure that this file is named SFCFix.zip - do not rename it.
  • Save any open documents and close all open windows.
  • On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
  • Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
  • SFCFix will now process the script.
  • Upon completion, a file should be created on your Desktop: SFCFix.txt.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please

Attached Files


  • 0

#14
peter plus
Posted 31 May 2015 - 09:56 AM

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 278 posts
SFCFix version 2.4.3.0 by niemiro.
Start time: 2015-05-31 16:45:45.025
Microsoft Windows 7  - x86
Using .zip script file at C:\Users\Pauline\Desktop\SFCFix.zip [0]
 
 
 
 
PowerCopy::
Successfully took permissions for file or folder C:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
Successfully took permissions for file or folder C:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
 
Successfully copied file C:\Users\Pauline\AppData\Local\niemiro\Archive\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll to C:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll.
The file \\?\C:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll is in use and must be replaced over a reboot.
 
Successfully pended file for replace over reboot: \\?\C:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
 
Successfully restored ownership for C:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
Successfully restored permissions on C:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
PowerCopy:: directive completed successfully.
 
 
 
 
Reboot:: directive completed successfully.
 
 
 
 
PostRebootCorruptionDetection::
No hash verification failures detected.
PostRebootCorruptionDetection:: directive completed successfully.
 
 
 
 
PostRebootRestorePermissions::
Successfully restored ownership for C:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
Successfully restored permissions on C:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
PostRebootRestorePermissions:: directive completed successfully.
 
 
 
 
Successfully processed all directives.
SFCFix version 2.4.3.0 by niemiro has completed.
Currently storing 2 datablocks.
Finish time: 2015-05-31 16:52:38.174
----------------------EOF-----------------------

  • 0

#15
BrianDrab
Posted 31 May 2015 - 10:06 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

That worked. Now let's do the following.
 
SFC Scan

  • Click on the Start Start%20Orb.jpg button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • When command prompt opens, copy and paste the following commands into it, press enter after each

    sfc /scannow

    Wait for this to finish before you continue

    copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt
  • This will create a file, cbs.txt on your Desktop. Please attach this to your next post.

Please Note:: if the file is too big to upload to your next post please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP